Oracle Security Audit Advisory Q2

Similar Messages

• Security Audit Applications

  Hi all,
  having recently attended a very good presentation by Pete Finnegan on the subject of Oracle security audits I have been investigating what products are available and found threre is a lot of choice, the main two commercial ones being NGS SQuirrel and AppDetective.
  I was wondering what experiences and opinions anyone has regarding the products and their functionality and whether thay are much better than freeware utilities such as OScanner written by Patrik Karlsson or the CIS Oracle database security benchmark tool?
  Any feedback is much appreciated
  Cheers
  Phil

  Phil,
  My company has not released for the general public, an Oracle scanning tool which reports based on GRC mandates like SCAP, PCI, etc. Let me know if you would like some information. [email protected]

• Oracle Linux Security Audit

  Dear All,
  We have installed oracle Linux 6 in one of our server and we are running Oracle EBS R12.2 running on that server. last couple of days we are getting huge performance impact on that server. From the initial level of investigation the top command shows more than 300% CPU utilized by some unknown command which is initiate by super user. For this we have raised SR with oracle and they have said it seems to be a malware and ask us to do some security audit on the impacted server.
  can anyone please suggest us, is there any security audit tool available in oracle site to identify the malware and remove from the server?
  It would be very helpful for us...
  Regards,
  Venkatesh V

  here you go
  http://docs.oracle.com/cd/B19306_01/network.102/b14266/cfgaudit.htm#BABCFIHB
  http://docs.oracle.com/cd/B19306_01/network.102/b14266/auditing.htm#CHDJBDHJ
  http://docs.oracle.com/cd/B19306_01/network.102/b14266/cfgaudit.htm#BABCFIHB

• How to determine which of the Oracle security products have been installed

  Hello!
  I would like to determine whether or not the Oracle security products have been installed for an Oracle database.
  The Oracle security products are:
  * Oracle Database Vault
  * Oracle Audit Vault
  * Oracle Configuration Management
  * Oracle Total Recall
  * Oracle Advanced Security
  * Oracle Data Masking
  * Oracle Label Security
  * Oracle Secure Backup
  * Oracle Database Firewall
  So what I thought is to look at the "DBA_REGISTRY" table which displays information about the components loaded into the database.
  But on the other hand there also is the "V$OPTION" view which lists database options and features.
  Does anybody know, how I could correctly determine whether or not each of the product is installed?
  I guess for "Oracle Database Vault" I should query V$OPTION, but what should I do with the other ones? And in case DBA_REGISTRY would be the right table, how would the comp_ids look like for the products?
  SELECT 'Oracle Database Vault' , nvl( (SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault'),'FALSE') FROM sys.dual
  OR
  SELECT 'Oracle Database Vault' , nvl2( (SELECT 'valueFound' FROM DBA_REGISTRY WHERE comp_id = '??????' AND status NOT IN ('INVALID', 'REMOVING' , 'REMOVED')),'TRUE','FALSE') FROM sys.dual
  Thanks in advance
  Kai

  Hi kai;
  There are some script avaliable on net, first please check them and run it on test server first!
  http://www.google.com.tr/#hl=tr&biw=1259&bih=793&q=installed%2Bproducts%2Boracle&aq=f&aqi=&aql=&oq=&gs_rfai=&fp=71a534c4a5161590
  Secondly you can check oraInventory and also oratab file or you can run runInstaller and can check Installed product tab on installation screen
  Regard
  Helios

• Consultancy Services for RAC installation and  Internet Security Audit

  Dear All,
  "Warm greetings from Venkatesh"
  We are proud to announce that, we have started a leading Database, Networking and Internet security Consulting organization at PUNE with a global presence through which we offers a focused, Excellence Solutions for Database, Networking and internet security for vulnerabilities and ethical hacking to the organizations to achieve a sustainable performance and results, and to contribute to the delivery of Quality Product, Solutions and Services to transform the human lives every day.
  We offer a customized Consulting and Corporate Training Services at competitive sizes of organization in all major verticals for Performance Excellence as under with six months maintenance support after RAC installation
  Design and Implementation of Oracle RAC (Real Application Cluster)
  - Oracle solution for High Availability & Grid Computing
  - Versions: Oracle 10gR2, 11gR1 & 11gR2
  - Operating System: Linux, Windows, Solaris, AIX
  - Storage: ASM, OCFS2
  - ASM Cluster File System (ACFS) in Oracle 11gR2
  - Building RAC setup in VMware Environment
  - Feature: Load Balancing, Failover, Dynamic addition of Nodes to Grid
  Design and Implementation of Oracle Data Guard
  - Oracle solution for Disaster Management
  - Primary & Secondary Sites
  - Logical & Physical Standby Database
  Internet Security Audit for Vulnerabilities and Ethical Hacking
  - Penetration testing
  - Source code audit
  - Information security training
  - Website design and development
  - Data Centre audit
  - ISO 27701 consultancy
  We also offer Corporate Trainings for
  - Oracle RAC Administration
  - Automatic Storage Management (ASM)
  - Data Guard
  Please feel free to revert back for any queries.
  Regards
  Venkatesh
  mail: [email protected]
  Edited by: vjpune on Apr 17, 2010 4:44 AM

  Hi! keyur,
  Greetings from venkatesh
  Sorry for delay, i was busy with some assignments.
  Actually, we are consultancy service provider for those organization who needs to Install Oracle RAC server. We provide entire services i.e. from designing to implementation of RAC server, provide solution for load balancing, desaster management and so on.. what i had mention in the earlier post.
  Also we offer corporate training to the organization in RAC administration, ASM, Data Guard.
  I think this info will get you to understand our services..
  we welcome inquires if any from your end.
  Regards
  Venkatesh
  mail: [email protected]

• Security Auditing - NetWeaver 2004s Portal

  Hello - I am currently looking at the options for performing security auditing in the NetWeaver 2004s portal.
  I've used the NWA to enable security logging, as documented :
  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/a0/58db515b95b64181ef0552dc1f5c50/frameset.htm">HERE</a>
  And, have started to create a custom audit report.  However, it does appear that the information that can be reported on is rather cryptic.  Not overly useful.
  Our requirement is to be able to log ALL actions (specifically changes) that SUPER users can perform (we call these firefight users.)
  Has anybody tried to use the auditing capabilities within the portal (netweaver 2004s) to do this?  Any input, advice?
  Thank you.

  Hi Ken,
  check out http://service.sap.com/pam ==> Only Oracle 10.1 Enterprise Edition 64-bit is officially supported.
  Hope it helps
  Detlev

• Confused re Oracle Security Products - Help

  Right. I'm experienced with Oracle Discoverer, AS, CMSDK, OC4J, SSO, OID , I am very good on the database and good on RAC
  I did a lot of work on various sites enabling SSO /OID ..
  Now I go to look at new and improved security /IM products. I have to say I am completely lost.
  What goes where ? Is SSO still available, is OID still used. What is all this eSSO . I understand Kerberos and GSSAPI , LDAP and SSL what are all the authentication products.
  What is obsolete, what is current, what is coming. Is there any coherent document that lays out strategy in this area, because most of our customers are just as confused

  If you declared a fine-grained auditing policy on just the 5 or 6 tables you say you are interested in, why would you expect that to cause a performance issue?
  Why would you expect it to be more efficient to send an email when those tables are accessed rather than having FGA write a row to an audit table?
  That doesn't make sense. Connecting over the network to the SMTP server and exchanging dozens of packets with the SMTP server to send an email is going to be orders of magnitude less efficient than writing a row to an audit table. If you're writing so many rows to the audit table that this becomes a performance bottleneck, you'd be filling the inbox of whoever received these emails with far more messages than they could possibly handle.
  I haven't read the particular book you reference. Most books and papers that discuss auditing will discuss the performance implications. And they generally caution that you should be thoughtful about what you audit because if you make the mistake of trying to audit every action, you're going to end up spending most of your time writing audit records. And your audit trail is going to be so large that you won't be able to do anything with it because it's too annoying to query. That doesn't mean that Oracle's auditing is inherently problematic, it simply means that you need to be aware that auditing requires the database to do more work and that you should be judicious about auditing things that you actually care about.
  Justin

• Security Audit files (.AUD) for GRC Action usage

  Good Day
  I need some advise regarding the security audit files for GRC on the HR System.
  Our basis team is concerned that the security audit files are filling up the file system in the HR system. I assume these are for Action Usage.
  I would like to get a view of what other companies are doing to sort this out.
  Can these .AUD files be deleted or what?
  Your advise would highly be appreciated.
  Regards
  Mustafa

  your question has nothing to do with Oracle. Maybe that SAP on Linux is the better forum for it.

• 10G RAC security auditing

  Hi,
  I was asked to prepare a database security audit in my company. The target system is 10G RAC configuration with two nodes. What should my checklist contain? Which elements of the system must I verify?
  On Oracle's web pages I've found the following document:
  http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database.pdf
  Is it enough? Can you advice me? Any help will be appreciated.
  Regards,
  Tim

  Hi,
  What is the purpose of this audit? Do you have any criteria? Or are you allowed to make up your own list?
  My experience is databases hosting third party apps are usually completely unprotected because
  - the application owner has the connect, resource and dba roles (or even more)
  - the account has the password set to the user name.
  Also if an application is not using bind variables, the system is sensitive to 'SQL injection'.
  The document you posted outlines some basic measures, but it doesn't go into sufficient detail. It doesn't mention the password_verify function you can set up. It doesn't mention system privileges at all. It doesn't mention you should disallow telnet access, and disallow root to login remotely (ie one should su to root).
  Etc, etc.
  There is a whitepaper on OTN called 'Project Lockdown' written by Arup Nanda. It implements 3 or 4 times more measures.
  Sybrand Bakker
  Senior Oracle DBA

• ORA-28374: typed master key not found in wallet (no ORACLE.SECURITY.TS.ENCR

  Good afternoon! I have a problem with creating a wallet for TDE.
  Oracle Version 11.2.0.2.0.
  SQLNET.ORA is :
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  ADR_BASE = /app/oracle
  # TO SWITCH OFF ORACLE ADR FEATURE
  # DIAG_ADR_ENABLED=off
  DIAG_SIGHANDLER_ENABLED=FALSE
  DIAG_RESTRICTED=TRUE
  TRACE_LEVEL_SERVER=admin
  TRACE_LEVEL_CLIENT=admin
  TRACE_DIRECTORY_SERVER=/app/oracle/product/11.2.0/db_1/network/log
  TRACE_DIRECTORY_CLIENT=/app/oracle/product/11.2.0/db_1/network/log
  TRACE_FILE_CLIENT=cli
  TRACE_FILE_SERVER=srv
  TRACE_UNIQUE_CLIENT=off
  SQLNET.EXPIRE_TIME = 10
  SQLNET.INBOUND_CONNECT_TIMEOUT = 20
  SQLNET.ENCRYPTION_SERVER = REQUESTED
  SQLNET.ENCRYPTION_CLIENT = REQUESTED
  SQLNET.CRYPTO_SEED = 'KakdlkLAKMXM0000sdsdsadadeffdmsdmdkmdv'
  SQLNET.ENCRYPTION_TYPES_SERVER= (AES256,RC4_256,3DES112,DES)
  SQLNET.CRYPTO_CHECKSUM_SERVER = REQUESTED
  SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1,MD5)
  ENCRYPTION_WALLET_LOCATION =
  (SOURCE=
  (METHOD=file)
  (METHOD_DATA=
  (DIRECTORY=/app/oracle/admin/orcl/wallet)
  I've creted wallet by command :
  alter system set encryption key identified by "sdsdsdsds";
  After that i can close and reopen this wallet , it's ok. But i can't create crypted tablaspace :
  CREATE TABLESPACE RMD DATAFILE '/oradata/orcl/TDE.dbf' SIZE 600M
  AUTOEXTEND ON NEXT 100M MAXSIZE 2000M
  EXTENT MANAGEMENT LOCAL UNIFORM SIZE 64K ENCRYPTION USING 'AES256' DEFAULT STORAGE (ENCRYPT);
  i've got an error ORA-28374: typed master key not found in wallet
  My wallet looks like :
  Requested Certificates:
  Subject: CN=oracle
  User Certificates:
  Oracle Secret Store entries:
  ORACLE.SECURITY.DB.ENCRYPTION.ASSSDSeFDX08Evy6Mco2yhXsAsdsdsdsdsdefdfdfdfddfddfdfdfAAAA
  ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY
  Trusted Certificates:
  As i uderstood there should be also entry like ORACLE.SECURITY.TS.ENCRYPTION. But why this didn't created into wallet by command : alter system set encryption key identified by "sdsdsdsds" ?
  Thanks!
  Edited by: user5819915 on 13-Jan-2012 03:25

  Hi there,
  first, "SQLNET.CRYPTO_SEED = 'KakdlkLAKMXM0000sdsdsadadeffdmsdmdkmdv" is no longer needed, the DB creates a seed itself and ignores this string.
  Then, on to TDE ...: These things happen if you had a wallet before, and that wallet was deleted; now if you create a new wallet, the TS MK is missing. Looks like you didn't encrypt any data yet. You might see if you get https://updates.oracle.com/download/8682102.html for your DB version; apply the patch, decrypt all data, cycle through all log files and then create a new wallet. That might work, but I can't promise.
  Peter

• How to schedule a batch job to generate security audit log (SM20)

  May be this is a repeat question for this forum. Apologize, if it is. Is there a way to schedule a batch job to generate security audit log (SM20) automatically and possibly send a message to SAP Inbox or generate a spool request? Release is 4.6C.
  Regards
  Nirmal

  > May be this is a repeat question for this forum. Apologize, if it is.
  You don't need to apologize. You only need to do a very simple search...
  > Total Questions:  18 (16 unresolved) 
  Perhaps 16 of those 18 questions you have not followed up on could have been spared as well?
  Please do the needfull.
  Cheers,
  Julius

• Multiple security audit failures a second

  A client's SBS 2011 machine is experiencing multiple audit failures a second and we believe it is diminishing the performance of the machine. We can't seem to find the source or how to remedy the issue. It its happening way too fast to be a human trying
  to login. 
  Keywords Date and Time Source Event ID Task Category
  Audit Success 6/18/2014 1:50:32 PM Microsoft-Windows-Security-Auditing 4905 Audit Policy Change "An attempt was made to unregister a security event source.
  Subject
  Security ID: SYSTEM
  Account Name: SBS$
  Account Domain: <ommited from forum post>
  Logon ID: 0x3e7
  Process:
  Process ID: 0x10d4
  Process Name: C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
  Event Source:
  Source Name: ServiceModel 4.0.0.0
  Event Source ID: 0x262070f0"
  Audit Success 6/18/2014 1:50:32 PM Microsoft-Windows-Security-Auditing 4904 Audit Policy Change "An attempt was made to register a security event source.
  Subject :
  Security ID: SYSTEM
  Account Name: SBS$
  Account Domain: < ommited from forum post >
  Logon ID: 0x3e7
  Process:
  Process ID: 0x10d4
  Process Name: C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
  Event Source:
  Source Name: ServiceModel 4.0.0.0
  Event Source ID: 0x262070f0"
  Audit Failure 6/18/2014 1:50:32 PM Microsoft-Windows-Security-Auditing 4625 Logon "An account failed to log on.
  Subject:
  Security ID: SYSTEM
  Account Name: SBS$
  Account Domain: <ommited from forum post>
  Logon ID: 0x3e7
  Logon Type: 3
  Account For Which Logon Failed:
  Security ID: NULL SID
  Account Name:
  Account Domain:
  Failure Information:
  Failure Reason: Unknown user name or bad password.
  Status: 0xc000006d
  Sub Status: 0xc0000064
  Process Information:
  Caller Process ID: 0x24c
  Caller Process Name: C:\Windows\System32\lsass.exe
  Network Information:
  Workstation Name: SBS
  Source Network Address: -
  Source Port: -
  Detailed Authentication Information:
  Logon Process: Schannel
  Authentication Package: Kerberos
  Transited Services: -
  Package Name (NTLM only): -
  Key Length: 0
  Subject
  Security ID:
  SYSTEM
  Account Name:
  SBS$
  Account Domain:
  <ommited from forum post>
  Logon ID:
  0x3e7
  Process:
  Process ID:
  0x131c
  Process Name:
  C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
  Event Source:
  Source Name:
  ServiceModel 4.0.0.0
  Event Source ID:
  0x26206ef4"
  Audit Success 6/18/2014 1:50:32 PM
  Microsoft-Windows-Security-Auditing
  4904 Audit Policy Change
  "An attempt was made to register a security event source.
  Subject :
  Security ID:
  SYSTEM
  Account Name:
  SBS$
  Account Domain:
  <ommited from forum post>
  Logon ID:
  0x3e7
  Process:
  Process ID:
  0x131c
  Process Name:
  C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
  Event Source:
  Source Name:
  ServiceModel 4.0.0.0
  Event Source ID:
  0x26206ef4"
  Audit Failure 6/18/2014 1:50:32 PM
  Microsoft-Windows-Security-Auditing
  4625 Logon
  "An account failed to log on.
  Subject:
  Security ID:
  SYSTEM
  Account Name:
  SBS$
  Account Domain:
  <ommited from forum post>
  Logon ID:
  0x3e7
  Logon Type: 3
  Account For Which Logon Failed:
  Security ID:
  NULL SID
  Account Name:
  Account Domain:
  Failure Information:
  Failure Reason:
  Unknown user name or bad password.
  Status:
  0xc000006d
  Sub Status:
  0xc0000064
  Process Information:
  Caller Process ID:
  0x24c
  Caller Process Name:
  C:\Windows\System32\lsass.exe
  Network Information:
  Workstation Name:
  SBS
  Source Network Address:
  Source Port:
  Detailed Authentication Information:
  Logon Process:
  Schannel
  Authentication Package:
  Kerberos
  Transited Services:
  Package Name (NTLM only):
  Key Length:
  0
  Jerry T

  Hi Jerry,
  Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. This is usually
  related to share folders, printers, IIS and so on.
  Would you please let me confirm whether you had installed some third-party applications?
  Meanwhile, please refer to Robert’s suggestion in the following similar thread and check if can help you.
  Audit
  Failure - Event 4625
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• "logon time" between USR41 and security audit log

  Dear colleagues,
  I got a following question from customer for security audit reason.
  > 'Logon date' and 'Logon time' values stored in table  USR41 are exactly same as
  > logon history of Security Audit Log(Tr-cd:SM20)?
  Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
  And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
  at the time when user logged on, the security audit log is recorded .
  I tried to check SAP GUI logon program:SAPMSYST several ways, however,
  I could not check it because the program is protected even for read access.
  I want to know about specification of "logon time" between USR41 and security audit log,
  or about how to look into the program:SAPMSYST and debug it.
  Thank you.
  Best Regards.

  Hi,
  If you configure Security Audit you can achieve your goals...
  1-Audit the employees how access the screens, tables, data...etc
  Answer : Option 1 & 3
  2-Audit all changes by all users to the data
  Answer : Option 1 & 3
  3-Keep the data up to one month
  Answer: No such settings, but you can define maximum log size.
  4-Log retention period can be defined.
  Answer: No !.. but you can define maximum log size.
  SM19/SM20 Options:
  1-Dialog logon
  You can check how many users logged in and at what time
  2-RFC login/call
  Same as above you can check RFC logins
  3-Transaction/report start
  You can see which report or transaction are executed and at what time
  (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
  4-User master change
  (You can see user master changes log with this option)
  5-System/Other events
  (System error can be logged using this option)
  Hope, it clear the things...
  Regards.
  Rajesh Narkhede

• Oracle Security Patch Error while applying --The filename, directory name,

  Hello,
  I am running into strange error while applying Oracle Security Patch 68 by using Opatch.
  Supposedly, All the environment variables are set properly.
  ACTIVE_STATE_PERL=true
  DBMS_TYPE=ORA
  dbs_ora_tnsname=YBQ
  JAVA_HOME=C:\jdk1.3.1_10
  OPATCH_DEBUG=TRUE
  ORACLE_HOME=E:\oracle\ora92
  ORACLE_SID=YBQ
  Path=E:\oracle\OPatch;C:\jdk1.3.1_10\bin;E:\oracle\Perl\bin;E:\oracle\ora92\jre\1.4.2\bin\client;E:\oracle\ora92\jre\1.4.2\bin;E:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Common Files\VERITAS Shared;\NetBackup\bin;C:\Program Files\Windows Resource Kits\Tools\;C:\Program Files\Support Tools\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;E:\usr\sap\YBQ\SYS\exe\run
  Installed Active Perl. latest version
  downloaded Opatch 1.0.0.50
  and the patch number 3738339
  I went to that directory and run the command :
  perl opatch.pl apply
  It started of well.
  OPatch version is: 1.0.0.0.50
  Using ORACLE_HOME/oui to look up oui libs...
  Oracle Home = E:\oracle\ora92
  Location of Oracle Inventory = E:\oracle\ora92\inventory
  Oracle Universal Installer shared library = E:\oracle\ora92\oui\lib\win32\oraInstaller.dll
  Path to Java = "E:\oracle\ora92\jre\1.4.2\bin\java.exe"
  Location of Oracle Inventory Pointer = N/A
  Location of Oracle Universal Installer components = E:\oracle\ora92\oui
  Required Jar File under Oracle Universal Installer = jlib\OraInstaller.jar
  find under OH/oui/jlib
  found OraInstaller.jar
  Checking if this is a RAC system...
  Accessing inventory... This may take up to 300 seconds.
  (retry 10 times, delay 30 seconds each time)
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;.:E:\oracle\ora92\jlib\srvm.jar" opatch/O2O "e:\oracle\ora92" "E:\oracle\ora92\oui" opatch.pl 1.0.0.0.50"
  Result:
  ----- DEBUG is ON -------
  oracle.installer.startup_location will be set to E:\oracle\ora92\oui
  oracle.installer.oui_loc will be set to E:\oracle\ora92\oui
  oracle.installer.scratchPath will be set to /tmp
  opatch.local_node_only is OFF
  retryOption is ON: 10
  delayOption is ON: 30
  Few more stuff here .. not pasting the entire contents
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;." opatch/CheckConflict "E:\oracle\ora92\oui" "e:\oracle\ora92" opatch.pl 1.0.0.0.50 3738339 "3741539 3528282 3516951 3622875 3668572 3371796 3239873 3356103 3543125 3666502 2800494 2824035 2964252 3617042 3320622 3571233 3253770 3492040 3566469 3354470 3625370 3583686 3150750 3617519 3635177 3597640 3749394 3542588 3698501 2954891 2918138 3559212 3518909 3412818 3430832 3172282 3358490 3637624 3458446 3179637 2810394 3668224 3609791 3566813 3475932 2338704 3412136 3388633 3540576 3571226 3575743 2690205 3240280 3509265 3177513 3575747 3811906 3554319 3752406 3323435 " E:\3738339\etc\config\actions"
  Result:
  opatch.pl version: 1.0.0.0.50
  Copyright (c) 2001-2004 Oracle Corporation. All Rights Reserved.
  The filename, directory name, or volume label syntax is incorrect.
  Error in executing Java program to check conflict
  ERROR: OPatch failed during pre-reqs check.
  Now there is no problem with executing the last java program in the same prompt by removing the first and the last double quote "
  Please advise.
  Thanks in advance.

  hi somnath,
  this is the portal content management forum. for your database question please use the database forums:
  http://forums.oracle.com/forums/index.jsp?cat=18
  thanks,
  christian

• Windows domain authentication on Oracle Secure Global Desktop

  Hello,
  I made an upgrade of my oracle secure global desktop 4.62 version to 5.1 version.
  The problem is, I was using Windows Domain Authentication in 4.62 and this kind of authentication is not available in the 5.1 version.
  So now, my users cannot log in the application.
  Do you have a solution ?
  Thanks

  What are you authenticating to specifically?  An AD server?  Are you using any of the supported authentication mechanisms now supported?
  http://docs.oracle.com/cd/E41492_01/E41495/html/sgd-authentication.html#system-authentication-mechanisms-table