Listener security
Hi
I setted the password for the listener and I tried to stop and restart the listener.
when I restarted the listener it is not asking me for the password.
It is directly connecting without asking the password.
Can any one please say what is the problem.
i am using oracle 10g.
Thanks in advance.
Sudhir,
One reason that comes to mind is that from 10g onwards, Listener by default uses the security of OS authentication.
[oracle@localhost ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 09-MAR-2009 07:08:35
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
Start Date 09-MAR-2009 07:07:59
Uptime 0 days 0 hr. 0 min. 36 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Log File /u01/app/oracle/product/10.2.0/db_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost.localdomain)(PORT=1521)))
Services Summary...
Service "orcl10" has 1 instance(s).
Instance "orcl10", status READY, has 1 handler(s) for this service...
Service "orcl10XDB" has 1 instance(s).
Instance "orcl10", status READY, has 1 handler(s) for this service...
Service "orcl10_XPT" has 1 instance(s).
Instance "orcl10", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@localhost ~]$ lsnrctlSo if the o/s authentication is set , this would not bother about the password tthat you have set for the listener. Remove this authentication and than retry.
HTH
Aman....
Similar Messages
-
Oracle 8 tns-listener security
Hi list,
premise that an upgrade to a newer Oracle version is recommended... I noticed setting a tns-listener password in Oracle 8.1.7* ("SECURITY=ON"), the SIDs are anyway enumerable (via "Command=status").
According to you, is firewall filtering the only possible solution?
As for "Oracle8 tns security" I did not find information on google. For Oracle 9 is different.
Thanks in advance,
Aluser8798619 wrote:
Using metasploit modules tnscmd and sid_enum (http://www.metasploit.com) or tnscmd (www.jammed.com/~jwa/hacks/security/tnscmd/tnscmd). The request to Oracle 8.1.7.0.0 tns-listener: (COMMAND=STATUS).
The result (* obscured):
(DESCRIPTION=(TMP=)(VSNNUM=*********)(ERR=0)(ALIAS=LISTENER)(SECURITY=ON)(VERSION=TNSLSNR for Solaris: Version 8.1.7.0.0 - Production)(START_DATE=********)(SIDNUM=1)(LOGFILE=***********)(PRMFILE=************)(TRACING=off)(UPTIME=321588456)(SNMP=OFF))(ENDPOINT=(HANDLER=(STA=ready)(HANDLER_MAXLOAD=0)(HANDLER_LOAD=0)(ESTABLISHED=0)(REFUSED=0)(HANDLER_ID=**************)(PRE=ttc)(SESSION=NS)(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=TEST123))))),,(ENDPOINT=(HANDLER=(STA=ready)(HANDLER_MAXLOAD=0)(HANDLER_LOAD=0)(ESTABLISHED=0)(REFUSED=0)(HANDLER_ID=**************)(PRE=ttc)(SESSION=NS)(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC))))),,(ENDPOINT=(HANDLER=(STA=ready)(HANDLER_MAXLOAD=0)(HANDLER_LOAD=0)(ESTABLISHED=0)(REFUSED=0)(HANDLER_ID=*********************)(PRE=ttc)(SESSION=NS)(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=testlab)(PORT=1521))))),,(SERVICE=(SERVICE_NAME=TEST123)(INSTANCE=(INSTANCE_NAME=TEST123)(NUM=1)(INSTANCE_CLASS=ORACLE)(NUMREL=1))),,
Without credentials but with "SECURITY=ON" are obtained:
Version: TNSLSNR for Solaris: Version 8.1.7.0.0 - Production
Logfile: *********
Sid: TEST123
Hostname: testlab
Uptime: 321588456
According to "documentation in internet", with "SECURITY=ON", the password is configured (for example http://www.integrigy.com/files/Integrigy_Oracle_Listener_TNS_Security.pdf).
I hope I am wrong :)Having no knowledge of how the cited tools work, I'll have to defer ... -
Listener security-Local OS Authentication-Win2k
Hi all,
On a Win2k server, the present setup of LISTENER shows that the "security" is "ON: Local OS Authentication". Note that there is no password authentication set for the listener.
I believe that because of this, a non-administrator user cannot make changes to the listener parameters or execute commands like "show rules" or "save_config" etc.
Is there a way to change this local OS authentication security for the listener? If yes, how?
Thanks for your help.this is a 10g only.
you can't disable it.
Metalink note 260986.1
why do you wish to do it? -
Is there information on configuring listeners and securing them with authentication as we used to do in OAS using basic or basic_oracle authentication in Oracle 9iAS. Thanks for the help.
Maruti,
Are you trying to use basic authentication for Portal? Portal does not currently support basic authentication - you have to use the supplied login server to handle authentication.
Regards,
Jerry -
Hi all,
Our E-Business Suite support is fully outsourced. We have 3 Administrators at the outsourced company who are the ONLY ones with root access,ORACLE_HOME owners and these 3 are the only ones in the DBA group. Because of this limited number admins (the 3 of them) they claim they dont need a TNS Listener password, tns listener admin restrictions switched on or tns listener logging enabled. Does this sound reasonable.If a password is not set on the listener, anyone who knows hostname and port number has full control over the listener. Hence, the Listener files can be compromised or corrupted or even a Denial of Service Attack can be launched against the system. In this type of attack, the attacker is able to stop the listener, set a listener password so that the listener cannot be started without a password, although the DBA simply has to edit the file and remove the password line.
My personal recommendation is, Continue to have adequate password controls for access to LISTNER. The DBA should ensure that the password is encrypted. -
Unable to securely request for a page
Question:
a) I'm unable to securely request for my webpage : https://127.0.0.1:8443/Blah , instead I get the following Error:
Firefox can't establish a connection to the server at localhost:8443.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
On Internet Explorer I simply get:
Internet Explorer cannot display the webpage
b) How do I know which SSL Implementation my tomcat is making use of: JSSE/APR
Details:
web.xml
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="Your_WebApp_ID"
version="2.5">
<description>The standard web descriptor for the email client</description>
<servlet>
<servlet-name>AuthenticateUser</servlet-name>
<servlet-class>MailBoxController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticateUser</servlet-name>
<url-pattern>/ControlPanel</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>401</error-code>
<location>/authenticationFailed.jsp</location>
</error-page>
<context-param>
<param-name>serverName</param-name>
<param-value>Gmail</param-value>
</context-param>
<context-param>
<param-name>port</param-name>
<param-value>993</param-value>
</context-param>
<context-param>
<param-name>ip</param-name>
<param-value>imap.gmail.com</param-value>
</context-param>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<listener>
<listener-class>Logger</listener-class>
</listener>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>administrator</role-name>
</security-role>
</web-app>
tomcat-users.xml :
<tomcat-users>
<role rolename="administrator"/>
<user username="admin" password="system123#" roles="administrator"/>
</tomcat-users>
Following tag was added in web.xml in conf of tomcat :
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Users/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Can anybody please help me with my problem. Am I going wrong with configuring SSL?
Thanks
KrutikaI did add these lines:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Users/Krutika Ravi/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
to the web.xml contained in conf folder of tomcat.
But didn't fiddle with server.xml -
After un-commenting
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
in server.xml contained in conf folder I get the following exceptions
Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4
.6.
Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
ndom [true].
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.AprLifecycleListener initializ
eSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8080"]
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-ap
r-8443"]
java.lang.Exception: Connector attribute SSLCertificateFile must be defined when
using SSL with APR
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
a:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
81)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService
.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
ava:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connecto
r[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService
.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
ava:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initializati
on failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
83)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be d
efined when using SSL with APR
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
a:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
81)
... 13 more
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2945 ms
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.29
Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive C:\Junkyard\apache-tomcat-7.0.29\webapps
\Blah.war
Jul 25, 2012 11:11:44 PM org.apache.catalina.loader.WebappClassLoader validateJa
rFile
INFO: validateJarFile(C:\Junkyard\apache-tomcat-7.0.29\webapps\Blah\WEB-INF\lib\
javax.servlet-5.1.12.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2.
Offending class: javax/servlet/Servlet.class
Logger Contructor
Servlet Context has been initialized
Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\docs
Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\examples
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\host-manager
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\manager
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\ROOT
Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-8080"]
Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2728 ms
Edited by: 948555 on Jul 25, 2012 10:42 AM -
How to set LSNRCTL security off?
Hi all, can some one tell me how to turn off the security for lsnrctl??
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Solaris: Version 10.2.0.3.0 - Production
Start Date 24-MAR-2008 12:01:07
Uptime 0 days 0 hr. 3 min. 21 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Thanks.The listener security has change from previous 9i versions to 10g
In Oracle 10g, the listener now uses local OS authentication. As long as one runs lsnrctl
as the same user as the running listener they will be able to fully administer
it without providing the password.
This security feature is enabled by default and can be identified at listener
startup, or when issuing a LSNRCTL STATUS command, by the following output:
Security ON: Local OS Authentication
If you set a listener password, lsnrctl status command show
Security ON: Password or Local OS Authentication
Message was edited by:
tarrio -
Can anyone tell me in straight talk, for a 9i listener, if theres no listener password set, and no admin restrictions, whats the main risks.
Availability of data, confidentiality of data, integrity of data? Or all 3? Or some more than others, C?.I?.A?user599292 wrote:
Can anyone tell me in straight talk, for a 9i listener, if theres no listener password set, and no admin restrictions, whats the main risks.
Availability of data, confidentiality of data, integrity of data? Or all 3? Or some more than others, C?.I?.A?There's a very nice doc
http://www.scribd.com/doc/22455/Oracle-Database-Listener-Security-Guide -
Help to interpret tracing of listener file
Hi,
how do i interpret the trace (support) output for listener, noticed stack error TNS-04315: any suggestions or help is appreciated.
trying to find any errors or problems in the listener or network.
* Trace Assistant *
---> Send 94 bytes - Data packet
Data Packet flags:
End of file
(DESCRIPTION=(TMP=)(VSNNUM=169870336)(ERR=0)(COMMAND=trc_level)(TRCLEVEL=support)),,
<--- Received 200 bytes - Connect packet
Current NS version number is: 313.
Lowest NS version number can accommodate is: 300.
Global options for the connection:
Don't care
Maximum SDU size: 2048
Maximum TDU size: 32767
NT protocol characteristics:
Test for more data
Test operation
Full duplex I/O
Generate SIGPIPE signal
Generate SIGIO signal
Handoff connection to another
Line turnaround value: 0
Connect data length: 142
Connect data offset: 58
Connect data maximum size: 2040
Disable NA services on this connection
No NA services are linked in
Disable NA services on this connection
No NA services are linked in
(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=db21)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870336)
---> Send 62 bytes - Redirect packet
Redirect data length: 52
Redirect Data:
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=#16567.2)))
<--- Received 200 bytes - Connect packet
Current NS version number is: 313.
Lowest NS version number can accommodate is: 300.
Global options for the connection:
Don't care
Maximum SDU size: 2048
Maximum TDU size: 32767
NT protocol characteristics:
Test for more data
Test operation
Full duplex I/O
Generate SIGPIPE signal
Generate SIGIO signal
Handoff connection to another
Line turnaround value: 0
Connect data length: 142
Connect data offset: 58
Connect data maximum size: 2040
Disable NA services on this connection
No NA services are linked in
Disable NA services on this connection
No NA services are linked in
(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=db21)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870336)
---> Send 77 bytes - Accept packet
Accepted NS version number is: 313.
Global options for the connection:
Don't care
Accepted maximum SDU size: 2048
Accepted maximum TDU size: 32767
Connect data length: 45
Connect data offset: 32
Connect data: (DESCRIPTION=(TMP=)(VSNNUM=169870336)(ERR=0))
Native Services wanted
Disable NA services on this connection
No NA services are linked in
Disable NA services on this connection
No NA services are linked in
<--- Received 11 bytes - Marker packet
One data byte.
Hex character sent over to the server: 76
---> Send 1324 bytes - Data packet
(DESCRIPTION=(TMP=)(VSNNUM=169870336)(ERR=0)(ALIAS=LISTENER)(SECURITY=
ON: Local OS Authentication)(VERSION=TNSLSNR for Linux: Version 10.2.0
.4.0 - Production)(START_DATE=02-DEC-2009 18:38:24)(SIDNUM=1)(LOGFILE=
/u01/app/oracle/OraHome_1/network/log/listener.log)(TRACEFILE=/u01/app
/oracle/OraHome_1/network/trace/listener.trc)(PRMFILE=/u01/app/oracle/
OraHome_1/network/admin/listener.ora)(TRACING=support)(UPTIME=13034131
5)(SNMP=ON)(PID=16567)(START_DATE_NUM=2009-12-02 18:38:24)),,(ENDPOINT
=(HANDLER=(HANDLER_MAXLOAD=0)(HANDLER_LOAD=0)(ESTABLISHED=0)(REFUSED=0
)(HANDLER_ID=79C357726978-4F8F-E040-820AA6E640B7)(PRE=any)(SESSION=NS)
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1))))),,(ENDPOINT=(HAN
DLER=(HANDLER_MAXLOAD=0)(HANDLER_LOAD=0)(ESTABLISHED=0)(REFUSED=0)(HAN
DLER_ID=79C357726979-4F8F-E040-820AA6E640B7)(PRE=any)(SESSION=NS)(DESC
RIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db21)(PORT=1521
))))),,(ENDPOINT=),,(SERVICE=(SERVICE_NAME=TEST)(INSTANCE=(INSTANC
E_NAME=test)(NUM=2)(NUMREL=1))),,(SERVICE=(SERVICE_NAME=TESTXDB)(INSTANCE=(INSTANCE_NAME=TEST)(NUM=2)(NUMREL=1))),,(SERVICE=(SER
VICE_NAME=TEST_XPT)(INSTANCE=(INSTANCE_NAME=TEST)(NUM=2)(NUMRE
L=1))),,(SERVICE=(SERVICE_NAME=PLSExtProc)(INSTANCE=(INSTANCE_NAME=PLS
ExtProc)(NUM=1)(INSTANCE_STATUS=UNKNOWN)(NUMREL=1))),,
---> Send 10 bytes - Data packet
Data Packet flags:
End of file
<--- Received 218 bytes - Connect packet
Current NS version number is: 313.
Lowest NS version number can accommodate is: 300.
Global options for the connection:
Can receive attention
No attention processing
Don't care
Maximum SDU size: 2048
Maximum TDU size: 32767
NT protocol characteristics:
Test for more data
Test operation
Full duplex I/O
Urgent data support
Generate SIGURG signal
Generate SIGPIPE signal
Generate SIGIO signal
Handoff connection to another
Line turnaround value: 0
Connect data length: 160
Connect data offset: 58
Connect data maximum size: 512
Native Services wanted
NAU doing O3LOGON - DH key foldedin
Native Services wanted
NAU doing O3LOGON - DH key foldedin
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db21)(PORT=1521))(CONN
ECT_DATA=(SERVICE_NAME=TEST)(CID=(PROGRAM=hmw)(HOST=vmm2)(USER=stest))))
Error found. Error Stack follows:
id:6
Operation code:72
NS Error 1:12586
NS Error 2:0
NT Generic Error:0
Protocol Error:0
OS Error:0
NS & NT Errors Translation
TNS-04315: Trace Assistant Internal error: Can't find resource for bundle oracle.net.trcasst.mesg.TnsError, key 12586
00000, 00000 "Not An Error"
// *Cause: Everything is working as it should.
// *Action: Dont worry: Be happy.
00000, 00000 "Not An Error"
// *Cause: Everything is working as it should.
// *Action: Dont worry: Be happy.
///////////////////////////////////////////////////////////////Hi,
Refer to below oracle doc to get info on trace assistant. As per your Issue might be related to time dependent on current system - some thing related to time out Issue. Not sure.
http://download.oracle.com/docs/cd/B14117_01/network.101/b10775/troublestng.htm#i459188
- Pavan Kumar N
Oracle 9i/10g - OCP
http://oracleinternals.blogspot.com/ -
Issue deploying rpd to cluster
Hi All,
When I try to deploy an RPD to our clustered OBIEE environment, i receive this error for one of the servers:
Message SEVERE: Element Type: JEE_SERVER, Element Id: unix02:bi_server3, Operation Result: UNEXPECTED_ERROR, Detail Message: Exception occured during setting configuration values.
Supplemental Detail Underlying cause of exception was:
java.lang.IllegalArgumentException
Root element domain does not match root of /JavaHost/Listener/Secure
Report on underlying changes made is:
INFO: Element Type: JEE_SERVER, Element Id: unix02:bi_server3, Operation Result: APPLYING_CONFIGURATION_CHANGES, Detail Message: null
FINE: Element Type: ORACLE_INSTANCE, Element Id: unix02:instance3, Operation Result: APPLYING_CONFIGURATION_CHANGES, Detail Message: null
FINE: Element Type: BI_INSTANCE_DEPLOYMENT, Element Id: unix02:instance3:coreapplication, Operation Result: APPLYING_CONFIGURATION_CHANGES, Detail Message: null
FINER: Element Type: SYSTEM_COMPONENT, Element Id: unix02:coreapplication_obis1, Operation Result: MODIFIED_ATTRIBUTE, Detail Message: Attribute: RepositoryName set to value: db_BI0008.rpd (was: db_BI0004.rpd)
Has anyone run across this issue before? I'm not even sure where to begin with this one!
Thanks
JonHi ,
Plz clarify :
How many servers u r clustering
does those servers hve any existing RPD's ?
paste the NQSConfig.INI files . -
Can you call external code from XE?
Hi,
I have an application that uses external code, called via extproc. During a standard Oracle installation, I need to modify the listener configuration to allow it to do so. This is done by modifying listener.ora like follows:
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\ora10_2)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ANY")
without the 'ENVS' entry, the listener security prohibits the loading of our code.
The touble I have on XE is that attempting to restart the listener after this change gives an error:
TNS-01155: Incorrectly specified SID_LIST_LISTENER parameter in LISTENER.ORA
NL-00303: syntax error in NV string
Does this mean that external code cannot be used? or does anyone know a workaround?
Thanks in advance,
JimOne obvious problem is the missing close paren, seen when you reformat as follows:
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\ora10_2)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ANY")
) <--- this is missing -
Dear Friends,
I have 881 series routers and i wanna to use SDM or something like this web based software, I tried CCP but it has lot's of bugs. Could you please advice me what i should to do ?
I just want to configure VPN using web interfaces.
Thank you in advance!Hi,
Please enable and http and https service in the router. After you can access the device through its GUI. Issue the below commands from the configuration mode:
ip http server
ip http authentication local
ip http secure-server
Make sure that you have a local user name and password configured.
Router(config)#ip http ?
access-class Restrict http server access by access-class
accounting Set http server accounting parameters
active-session-modules Set up active http server session modules
authentication Set http server authentication method
client Set http client parameters
digest Set http digest parameters
help-path HTML help root URL
max-connections Set maximum number of concurrent http server connections
path Set base path for HTML
port Set http port
secure-active-session-modules Set up active http secure server session modules
secure-ciphersuite Set http secure server ciphersuite
secure-client-auth Set http secure server with client authentication
secure-port Set http secure server port number for listening
secure-server Enable HTTP secure server
secure-trustpoint Set http secure server certificate trustpoint
server Enable http server
session-module-list Set up a http(s) server session module list
timeout-policy Set http server time-out policy parameters
If you want, you can even setup up access-list restricting the inbound http/https access from specific IPs only.
Krishna -
Java.util.MissingResourceException - A Bug?
Hi all,
I think there maybe an bug with the plugin /deploy.jar the JRE 1.5.0_06.
There is an exception at the end when my signed applet is trying to install an extension for the JRE, it seems to be caused by
java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key security.dialog.buttonYes.acceleratorKey
the resources are defined in com.sun.deploy.resources.Deployment.java and it does not contain that key.
Is this a bug?
This happens in both Internet explorer and mozilla/firefox.
Thanks for any help,
Ashley
Java Plug-in 1.5.0_06
Using JRE version 1.5.0_06 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\hayesac
network: Loading user-defined proxy configuration ...
network: Done.
network: Loading proxy configuration from Netscape Navigator ...
network: Reading user preference file from C:\DOCUMENTS AND SETTINGS\HAYESAC\APPLICATION DATA\Mozilla\Profiles\default\c8ovvpcr.slt\prefs.js
network: network.proxy.ftp=192.168.50.8
network: network.proxy.ftp_port=8080
network: network.proxy.gopher=192.168.50.8
network: network.proxy.gopher_port=8080
network: network.proxy.http=192.168.50.8
network: network.proxy.http_port=8080
network: network.proxy.socks=192.168.50.8
network: network.proxy.socks_port=8080
network: network.proxy.ssl=192.168.50.8
network: network.proxy.ssl_port=8080
network: Proxy enable: 1
network: Done.
network: Loading browser proxy configuration ...
network: Done.
network: Proxy Configuration: Browser Proxy Configuration
basic: Cache is enabled
basic: Location: C:\Documents and Settings\hayesac\Application Data\Sun\Java\Deployment\cache\javapi\v1.0
basic: Maximum size: unlimited
basic: Compression level: 0
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
basic: Registered modality listener
security: Accessing keys and certificate in Mozilla user profile: C:\DOCUMENTS AND SETTINGS\HAYESAC\APPLICATION DATA\Mozilla\Profiles\default\c8ovvpcr.slt
security: JSS package is not found
security: JSS is not configured
basic: Referencing classloader: sun.plugin.ClassLoaderInfo@480457, refcount=1
basic: Added progress listener: sun.plugin.util.GrayBoxPainter@6b97fd
basic: Loading applet ...
basic: Initializing applet ...
basic: Starting applet ...
network: Connecting [manually removed] with proxy=DIRECT
security: Loading Root CA certificates from C:\PROGRA~1\Java\JRE15~1.0_0\lib\security\cacerts
security: Loaded Root CA certificates from C:\PROGRA~1\Java\JRE15~1.0_0\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\PROGRA~1\Java\JRE15~1.0_0\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\PROGRA~1\Java\JRE15~1.0_0\lib\security\cacerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Check if certificate can be verified using certificates in Root CA certificate store
security: Certificate to be verified:
[certificate trace stuff manually removed]
liveconnect: JavaScript: UniversalJavaPermission enabled
basic: Stopping applet ...
basic: Removed progress listener: sun.plugin.util.GrayBoxPainter@6b97fd
basic: Finding information ...
basic: Releasing classloader: sun.plugin.ClassLoaderInfo@480457, refcount=0
basic: Caching classloader: sun.plugin.ClassLoaderInfo@480457
basic: Current classloader cache size: 1
basic: Done ...
basic: Joining applet thread ...
liveconnect: JavaScript: UniversalBrowserRead enabled
liveconnect: JavaScript: UniversalJavaPermission enabled
basic: Destroying applet ...
basic: Disposing applet ...
basic: Quiting applet ...
basic: Joined applet thread ...
basic: Unregistered modality listener
liveconnect: JavaScript: UniversalBrowserRead enabled
liveconnect: JavaScript: UniversalJavaPermission enabled
liveconnect: JavaScript: UniversalBrowserRead enabled
liveconnect: JavaScript: UniversalJavaPermission enabled
basic: Registered modality listener
basic: Referencing classloader: sun.plugin.ClassLoaderInfo@288051, refcount=1
basic: Added progress listener: sun.plugin.util.GrayBoxPainter@90cb03
basic: Loading applet ...
basic: Initializing applet ...
basic: Starting applet ...
basic: httpCompression = true
network: Connecting [manually removed]
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if certificate is in Deployment session certificate store
network: Connecting https://[manually removed]
basic: Downloading https://[manually removed]
basic: encoding = null for [manually removed]
basic: Cached file name: [manually removed]
extensions: Installing optional package Extension : title(null), name([manually removed]), spec vendor(Macalla Software), spec version(3.6.3), impl vendor(Macalla Software), impl vendor id(com.macalla), impl version(3.6.3), impl url([manually removed])
java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key security.dialog.buttonYes.acceleratorKey
at java.util.ResourceBundle.getObject(Unknown Source)
at com.sun.deploy.resources.ResourceManager.getAcceleratorKey(Unknown Source)
at com.sun.deploy.util.DialogFactory.showDownloadDialogImpl(Unknown Source)
at com.sun.deploy.util.DialogFactory.access$200(Unknown Source)
at com.sun.deploy.util.DialogFactory$4.execute(Unknown Source)
at sun.plugin.util.PluginSysUtil$SysExecutionThread.run(Unknown Source)
extensions: Optional package download not granted by user
sun.misc.ExtensionInstallationException: User denied installation of [manually removed]
at sun.plugin.extension.ExtensionInstallationImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.extension.ExtensionInstallationImpl.installExtension(Unknown Source)
at sun.misc.ExtensionDependency.installExtension(Unknown Source)
at sun.misc.ExtensionDependency.checkExtension(Unknown Source)
at sun.misc.ExtensionDependency.checkExtensions(Unknown Source)
at sun.misc.ExtensionDependency.checkExtensionsDependencies(Unknown Source)
at sun.misc.URLClassPath$JarLoader.parseExtensionsDependencies(Unknown Source)
at sun.misc.URLClassPath$JarLoader.getClassPath(Unknown Source)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
basic: Modality pushed
basic: Modality popped
extensions: Optional package installation failed.
security: Loading certificates from Deployment session certificate storeGuys,
i am having almost the same problem with my signed applet, it was working on all previous jres, now it crashes when trying to download imageio, giving the error: sun.misc.ExtensionInstallationException: User denied installation of...
Is this the same bug? is it really a bug?
besides, Rita, you mentioned filing it as a bug, but i cannot find it in the bug database
Thanks guys,
Best,
Mohammad -
Some applets fail to run after installing jre 1.5/5.0
Hi,
I have a big problem. After installing java runtime environment 5.0 / 1.5, some java applets from sites no longer work. I can view certain java applets, but strangely, some applets do not work. For example, when I try to log into the Hushmail account <www.hushmail.com>, the applet fails to load properly. I enabled tracing and logging and this is the output from the console:
basic: Registered modality listener
security: Accessing keys and certificate in Mozilla user profile: <Note: PATH removed for security reasons>
security: JSS package is not found
security: JSS is not configured
java.lang.ExceptionInInitializerError
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at java.net.URL.getURLStreamHandler(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at sun.plugin.AppletViewer.setDocumentBase(Unknown Source)
at sun.plugin.viewer.WNetscapePluginObject.setDocumentURL(Unknown Source)
Caused by: java.lang.NullPointerException
at java.security.SecureRandom.nextBytes(Unknown Source)
at java.security.SecureRandom.next(Unknown Source)
at java.util.Random.nextInt(Unknown Source)
at com.sun.deploy.net.protocol.https.Handler$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.net.protocol.https.Handler.<clinit>(Unknown Source)
... 8 more
basic: Registered modality listener
java.lang.NoClassDefFoundError
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at java.net.URL.getURLStreamHandler(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at sun.plugin.AppletViewer.setDocumentBase(Unknown Source)
at sun.plugin.viewer.WNetscapePluginObject.setDocumentURL(Unknown Source)
Strangely, there is a message "JSS package is not found" from the console output above. What is this error and how do I rectify the problem so that I can view all applets without any problems?
This is my system configuration:
Windows 2000 Professional Service Pack 4
Java Runtime Environment 1.5
Mozilla 1.7.3Probably due to Mozilla configuration, see this search:
http://www.google.com/search?num=100&hl=en&lr=lang_en&c2coff=1&q=jss+package+mozilla -
What's listening on port 454 and 455 in Azure? Warning flagged by security scan
We are about to go live with an Azure Website and, as a precaution, did a security scan on the IP address that has been allocated to us.
There were a number of low severity warnings listed which we're not too worried about, however the scan did flag that something appears to be listening on port 454 and 455, and supports TLS1.0.
RESULTS:
Available non CBC cipher Server's choice SSL version
RC4-SHA DES-CBC3-SHA TLSv1
Does anyone know what this is? I can't find it obviously listed anywhere. If it's not necessary, can I switch it off? And if it is necessary, can I set it to require a more secure protocol?
We're hosted in the "Australia East" datacentre, in case that's relevant.
Crossposted to Stack Overflow here:
http://stackoverflow.com/questions/27807505/whats-listening-on-port-454-and-455-in-azure-warning-flagged-by-security-scanHello Michael,
These ports are used for internal communication in Azure Websites infrastructure. They are not site specific and you cannot turn them off. It is safe to ignore them.
Thanks,
Petr
Maybe you are looking for
-
Error while upgrading 11.5.10.2 to R12.1.1
Hey Friends, Im trying to upgrade a 11.5.10.2-10gr2 DB on Solaris SPARC to R12.1.1. I am getting the following error in the log work. Table Name is POS_EXASN_LPNS Table exists in the target database Checking for differences Number of columns for the
-
Reversing the material document
Dear Friends, PO is created with account assignment category 'K' and subsequently GRN is done for the full quantity in March'2008. Some quantity is physically returned to storage location but not entered in SAP. Now they want to reverse that quantity
-
Function element value in ARTMAS IDoc
Hi, My scenario is IDoc->Xi->File, my mapping is based on Function element (if the IDoc contains changes or new data) but all time I got just 005 as Function witch mean new article. Is there any set up to do in order to get 004 for changes and 005 fo
-
Error RFC queue with BBP_EXTREQ_TRANSFER
Hi Experts, We are implementing SRM 7.02 with Classic scenario The Purchase requisitions are created in ERP and transfer to SRM with BBP_EXTREQ_TRANSFER When checking RFC queue with SMQ1 the status is SYSFAIL "Exception condition "OBJECT_ID_NOT_FOUND
-
Got error message after I exec quartz-wm in terminal.app
after I run this under command line: stellit:~ stellit$ /usr/X11R6/bin/quartz-wm --only-proxy I got this error, anybody knows why ? can't open default display How to solve this problem ? thank you.