OSB Patch TYBN and U37G - ws-security interoperability

Similar Messages

• How to install and configure oracle secure backup(osb-10.4.0.3.0_linux.x64) in linux

  Hello,
  We are planning to install and configure Oracle Secure Backup Version 10.4 in Linux server. I had searched documents and i have not find any relevant steps to install and configure in OEL 6.2.
  Can anyone please suggest me how to install and configure OSB.
  Regards,
  Anil

  Hi
  Installing OSB on Oracle Linux is just the same as installing on any other supported linux and is described in Installation and Configuration guide. Just stick with the directories and procedure described in install guide and you should be fine.
  For media server choose a physical host due to performance considerations. I think it is mentioned in docs somewhere.
  Regards,
  Mitja

• SecureSocketListener: Could not setup context and create a secure socket on 142.182.112.123:5555 : java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. java.security.cert.Certifica

  HI Team,
  while starting the node manager in wls 8.1 and java1.4
  we are facing this issue plz help on this immediately.
  + CLASSPATH=/srvrs/bdv/patches/CR210310_81sp4.jar:/usr/java14/lib/tools.jar:/srvrs/bdv/bea/weblogic81/server/lib/weblogic_sp.jar:/srvrs/bdv/bea/weblogic81/server/lib/weblogic.jar::/srvrs/bdv/bea
  + export CLASSPATH
  + export PATH
  + set -x
  + [ 5555 !=  ]
  + [ 142.182.112.123 !=  ]
  + /usr/java14/bin/java -Xms32m -Xmx32m -Dweblogic.security.SSL.enforceConstraints=off -Djava.security.policy=/srvrs/bdv/bea/weblogic81/server/lib/weblogic.policy -Dweblogic.nodemanager.javaHome=/usr/java14 -DListenAddress=142.182.112.123 -DListenPort=5555 weblogic.NodeManager
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <NodeManager: for information on command line options,  try "java weblogic.NodeManager -h">
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Starting NodeManager >
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting listenAddress to 142.182.112.123..>
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting listenPort to 5,555..>
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting java home to '/usr/java14'>
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Effective values of properties :
          ListenAddress=142.182.112.123
          ListenPort=5555
          ListenerType=secureSocket
          SavedLogsDirectory=NodeManagerLogs
          NativeVersionEnabled=true
          TrustedHosts=nodemanager.hosts
          StartTemplate=../../server/lib/unix/nodemanager.sh
          ReverseDnsEnabled=false
          ScavangerDelaySeconds=180
          PIDFileReadRetryCount=0
          WeblogicHome=null
          bea.home=null
          JavaHome=/usr/java14
          PropertiesVersion=8.1
  >
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Saving logs in'NodeManagerLogs'>
  <Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading private key and certificate chain from the keystore /srvrs/bdv/bea/weblogic81/server/lib/DemoIdentity.jks. KeyStore type = jks, Using keystore passphrase = true, Alias = DemoIdentity>
  <Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading trusted CAs from the keystore /srvrs/bdv/bea/weblogic81/server/lib/DemoTrust.jks. KeyStore type = jks, Using keystore passphrase = true>
  <Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading trusted CAs from the keystore /usr/java14/jre/lib/security/cacerts. KeyStore type = jks, Using keystore passphrase = false>
  SecureSocketListener: Could not setup context and create a secure socket on 142.182.112.123:5555 : java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.
  java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
          at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
          at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
          at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
          at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
          at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:52)
          at weblogic.nodemanager.internal.SecureSocketListener.run(SecureSocketListener.java:57)
          at weblogic.nodemanager.internal.GenericListener.startListener(GenericListener.java:16)
          at weblogic.nodemanager.NodeManager.startSecureSocketListener(NodeManager.java:461)
          at weblogic.nodemanager.NodeManager.init(NodeManager.java:305)
          at weblogic.nodemanager.NodeManager.run(NodeManager.java:511)
          at weblogic.NodeManager.main(NodeManager.java:31)
  Thanks,
  Eswar

  Hi,
  Did you find a solution to this? We are running into the same issue since upgrading to Weblogic 9.2.3 for WebCT Vista 8.0.4.
  Thanks,
  Ron

• Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

  does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
  ciscoISE/admin(config)# snmp-server ?
    community  Set community string
    contact    Text for mib object sysContact
    host       Specify hosts to receive SNMP notifications
    location   Text for mib object sysLocation
  ciscoISE/admin(config)# snmp-server
  Ciscoacs/admin(config)# snmp-server ?
    community  Set community string
    contact    Text for mib object sysContact
    host       Specify hosts to receive SNMP notifications
    location   Text for mib object sysLocation
  Ciscoacs/admin(config)# snmp-server

  No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
   http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

• Does Apple have a patch for my ipad for security?

  I read in the New York Times about a patch for my Ipad for security when using it at the coffee shop. Is there such a thing? How do I access it?

  YOu need to update your iPad's operating system.
  iPad 2, 3, 4 and air should be updated to iOS 7.0.6
  I don't think there is a patch for the first generation iPad. It's possible that it's not affected, but I'm not sure on that one.

• Patching Methodology and Configuration

  SCCM 2012 SP1
  We recently implemented monthly patching via SCCM and I’ve been asked to reevaluate the methodology I put into place as well as some configuration items. 
  My question revolves around methodology and configuration. 
  Sorry for long documentation but need to get point across and find out best methodologies and the way your organization is using SCCM to patch.
  CURRENT METHODOLOGY
  We roll out patches in a 3 wave approach to an organization that has 4 geographic sites.
  IT department and testers during the 3 days following Patch Tuesday – configuration of ADR below.
  Sub-Process
  Evaluate on Wed of Update patches to include/decline from deployment as not included in software Update classification to prevent unwanted optional updates from being applied
  Checklist review after patching by IT Dept. and testers
  Deployment to local geographic site which is local to the IT Department on the Tuesday following Patch Tuesday with a 10 day window for install. 
  Approximately 150 users.  Idea here was users are local to IT and we can respond faster to problems
  Deployment to Entire Company on the 2^nd day of following month (Approximately 400 Users (remote and local)
  ADR Settings
  Roll-Out 1
  Software Update Tab
  Date: Last month
  Product:  Lync, Office, Silverlight, Windows 7, Windows 8, Adobe patches
  Update Classification:  Critical Updates OR Security Updates OR Service Packs
  Note: Not including Updates
  Evaluation Schedule
  Second Wed of every one month @ 7am
  Deployment Schedule
  Software Available Time:  2 hours
  Installation Deadline:  46 hours
  User Experience
  Software Installation, System Restart Checked
  Suppress:  Only Servers checked (for configuration discussion)
  Roll-Out 2
  Same Software Update settings and User Experience settings
  Evaluation Schedule
  Third Monday of every 1 month
  Deployment Schedule
  Specific Time:  26 Hours
  Installation Deadline:  249 Hours (6pm on following Friday)
  Roll-Out 3
  Same Software Update settings and User Experience settings
  Evaluation Schedule
  Occurs day 1 of every 1 month
  Deployment Schedule
  Specific Time:  26 Hours
  Installation Deadline: 129 Hours (6 pm 5 days later)
  MANAGEMENT QUESTIONS METHODOLOGY AND SUGGEST ALTERNATIVE
  My management feels the above approach is not best practice for Patch Management. 
  They feel that we need a better approach to the testing phase and then an entire company rollout. 
  It is felt that the testing group should capture each type of machine type we have as well as User Profile (i.e. Marketing, Engineering, etc…)
  My issue is getting users that fit machine type usage and User Profile to participate in the testing procedures. 
  I estimate we have 20 different machine types.
  Thus under Management approach
  Deploy on to test group and allow to test for 2 weeks
  Deploy to entire organizaton
  An alternative may be as follows:
  ADR to the test group that consists of all machine types and identified user profiles
  Deploy on day after Patch Tuesday
  Run test period for a period of 8 days to following Friday
  ADR to remainder of organization based on no issues in testing
  Q:  Are you using ADR – Automatic Deployment Rules or are you reviewing the patch list and then selecting them and creating a new Deployment?
  Q:  What are your organizations doing with SCCM and do they follow are current methodology, proposed methodology or something different.
  CONFIGURATION
  Our current configuration, as noted, pushes to the patches to the machine and then the user is notified over time to perform the patching or be patched by the mandatory deadline. 
  It has been asked of me to change this concept to immediately install patches on machine and then allow user to reboot when they want, i.e. no mandatory which causes reboot. 
  Q:  How would this be configured and are their concerns that a user may wait a couple days after machine has patched to reboot and this causes ancillary issues? 
  The only way I know possibly how to do this is
  Leave System Restart if Necessary uncheck
  Check Suppress system restart on workstations
  My concern is if I remember correctly is by setting mandatory deadlines it overrides these behaviors and installs and reboots the system?

  Suggestion #1: Forget about them (management) dictating "who to target". If you want to be truly random, create a collection where the collection rule is... where smsguid like '%0' . See how many targets you get in that collection. Since the guid
  is random, selecting a random sample of machines will also be random. The only thing to be aware of is that random MEANS random. So if that means you end up with the CEO's laptop in the pilot, that's exactly what that means. It could happen. But that's the
  whole point.
  Suggestion #2: It has always bugged me that management wants machine patched... but don't force people to reboot.  It can easily happen (quite often) where that means a box is online and not rebooted for months.  For pilot #1, #2, and production--set
  the deadline for whatever means "likely to be online... but least likely to impact the end user", and enforce the reboot at deadline.  Set your Client Agent Setting for countdown to a reboot to be reasonable for your environment--if that means
  99 minutes, then so be it.  give people 99 minutes and a 15 minute (or 60 minute if you want to be really obnoxious) can't-close-this notification that a reboot is about to happen.  Forget about the 'allow a user to reboot when they want'. 
  Instead set it so that people get plenty of time to see that they will be rebooted... and they better save whatever it is they are working on prior to the reboot.
  No matter what you set, people will complain about it.  The people that want to work up to the last second prior to the reboot will complain about the notification they can't close, and the people that take a 70 minute lunch/coffee/siesta will complain
  that the notification is only 60 minutes long and they didn't see it.  Your job (management's job) will be to find the happy medium, or at least communication "this is what this means... basically... just save your work and reboot now, this is for
  your own good."
  Edit:  also... remember in CM12 you can set a service window that applies ONLY to patches.  So you could set that (for example) the machines that are always online (VDIs and servers) have their Software Update window on the weekends.  and
  laptops don't have a service window for Software updates... because who knows when they might be online; so you don't want to limit them.  etc. etc... whatever makes sense for you computers.
  Standardize. Simplify. Automate.

• I am having email problems with the new Lion.  stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely.  Help

  I am having email problems with the new Mountain Lion.  stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely.  Help
  Incoming Mail (IMAP) Server - requires SSL:
  imap.gmail.com
  Use SSL: Yes
  Port: 993
  Outgoing Mail (SMTP) Server - requires TLS:
  smtp.gmail.com (use authentication)
  Use Authentication: Yes
  Use STARTTLS: Yes (some clients call this SSL)
  Port: 465 or 587
  Account Name:
  your full email address (including @gmail.com) Google Apps users, please enter username@your_domain.com
  Email Address:
  your full Gmail email address ([email protected]) Google Apps users, please enter username@your_domain.com
  Password:
  your Gmail password
  The Quick Answer
  Follow the instructions below to set up IMAP1 access in most email clients.
  Google Apps users, please follow the default instructions unless otherwise noted, replacing 'your_domain.com' with your actual domain2 name.
  this is all greek to me. WHAT IS STARTTLS? On the first page of Apple set up there is a TLS certificate and it is marked NONE- should I change it to the long APPLE CERT option?  The next page under ADVANCED: THERE IS A BOX SSL MARKED.  Then IMAP Path Prefix - I put stmp.gmail.com.. is that right?  Port 993 can  use this one? as 456 doesn't work and 587 said it wasn't safe.  Under AUTHENTICATION I used PASSWORD.  Should I have used external client cert TLS?
  Please help me set this up securely. Thanks

  Apple - Support - Mail Setup Assistant

• My new iphone is asking for an old iCloud password I can't remember the password, don't have access to the old email and when I try and answer the security question it is telling me that my date of birth is wrong?? Arggghh help?

  My new iphone is asking for an old iCloud password I can't remember the password, don't have access to the old email and when I try and answer the security question it is telling me that my date of birth is wrong?? Arggghh help?

  Contact iTunes Customer support... it is not possible to bypass Activation Lock.

• Export/import login server and user grup security

  Hi,
  I followed the instructions to export Login server, user group
  security using the ssoexp.csh, secexp.csh. Then I imported the
  login server, and user group security using the ssoimp.csh,
  secimp.csh .
  I then logged into Portal and check the users, all the users are
  imported properly. However, I didn't see any group that are
  supposed to be imported. Do I missing anything?
  The syntax to run the secimp is as follows:
  secimp.csh -s portal30 -p portal30 -o portal30 -m reuse -d
  sec.dmp -c target_database
  The import finished w/o error. How can I see the groups in the
  new portal instance that I tried to import objects in?
  I noticed that the wwsec_group$ in the source area is over 3000,
  and in the target the count is only 10, which is the number of
  group I have before the import. But during the export, I don't
  see the wwsec_group$ table being exported, is that the problem?
  P.S. versions are: 9iAS 1.0.2, portal version 3.0.9.8 on solaris.
  Thanks;
  Kelly.

  This question is best suited to the Oracle9iAS SSO and Portal Security forum.
  Thanks

• I cannot connect to the iTunes Store.  I receive Error Code -1202.  This problem began yesterday.  I have been successfully connecting to the store for months on this PC.  I am running Windows 7 and the Windows Security Center.  Thanks for any help

  TS1368 I cannot connect to the iTunes Store.  I receive Error Code -1202.  This problem began yesterday.  I have been successfully connecting to the store for months on this PC.  I am running Windows 7 and the Windows Security Center.  Thanks for any help.

  Hello alankilner,
  And welcome to Apple Discussions!
  Using Proxy: Yes
  Try temporarily disabling this setting by following the steps outlined in this Apple support document.
  http://support.apple.com/kb/TS1490
  B-rock

• Can't seem to download any app despite entering the correct password and answering 3 security question but still in the end it comes up the message that my session has timed out no matter what! Please help, many thanks in adv!!

  Can't seem to download any app despite entering the correct password and answering 3 security question but still in the end it comes up the message that my session has timed out no matter what! Please help, many thanks in adv!!

  Try doing it on your computer with iTunes and then sync to your iPad to see if it clears the problem.

• I keep getting an unknown error when trying to connect to the store. I ran diagnostics and it says secure link to itunes store failed.

  I keep getting an unknown error when trying to connect to the store. I ran diagnostics and it says secure link to itunes store failed. I've tried all suggestions from apple and nothing will work.
  Please Help

  I received this email from Apple and this corrected the problem for me...  I only had to reset the iTunes cache
  1) Open iTunes
  2) At the top menu, click File > Preferences (iTunes > Preferences on a Mac)
  3) In the Preferences menu, click the Advanced tab
  4) In the Advanced menu, you should see a button that says "Reset Cache". Please click this button.

• HT201303 I never set up any security questions for my Apple ID and I was asked on the app store to sign in and answer my security questions. I never made security questions in the first case. I can't purchase anything without them. What should I do?

  I never set up any security questions for my apple ID and I was asked on the app store to sign in and answer my security questions, I never made any in the first place and it came up with questions that I didn't know. I've already been in support and tried to reset them, but I have to answer the security questions in order to change them. Is there any way to find out what they are?

  From a Kappy  post
  The Best Alternatives for Security Questions and Rescue Mail
  1.  Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
  2.  Call Apple Support in your country: Customer Service: Contact Apple support.
  3.  Rescue email address and how to reset Apple ID security questions.
  An alternative to using the security questions is to use 2-step verification:
  Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

• OSB is staless and how it achieves Asychnorous call back

  Hi All,
  I got to know OSB is statless and BPEL is stateful and hence it supports Asynchronous Call back reliably with Correletaion ID which is also
  supported in Oracle Enterprise Service bus and it is now knows as Mediator in 11g.
  The question I have is
  A) Since OSB is stateless which means we can't implement Asynchronous call back kind of integration pattern.
  B) If my proxy service has to call WebService Asynchronopusly and don't wait for the response continue with the rest of the
  execution once the response get's received from the web service it has to send the details to the source.
  I am indeed aware of one particular indirect approach is this kind of stuffs could be achieved in JMS queues by means of correlation IDs by
  means of using two queues one for request and another for response.
  If anyone had a better suggestion/thoughts please do provide the same at the earliest.
  Many Thanks,
  Dini

  You may also consider the approach discussed here -
  http://blogs.oracle.com/knutvatsendvik/entry/oracle_service_bus_asynchronous_message_processing
  http://biemond.blogspot.in/2011/02/building-asynchronous-web-service-with_27.html
  Regards,
  Anuj
  Edited by: Anuj Dwivedi on Feb 10, 2012 6:01 PM

• 11.2.0.3 Patch Bundle and opatch installation approach

  Hi,
  I have installed the below 11.2.0.3 (64 bit) products in my windows 2008 server
  1. Oracle Grid Infrastructure for standalone server
  2. Oracle database server software and created a standalone database with ASM in this home.
  Now i need to apply Update 5 patch bundle and some bug fix patches.
  Since there are 2 home in my server what is the right approach for applying the patch bundle and opatch ?
  When i went through the patch bundle installation document i could see these 2 options
  1. Patch Installation Instructions for Single Instance
  2. Patch Installation Instructions for RAC
  Since i have 2 homes (OraCrs11g_home1 & OracDb11g_home1 ) in my server i am not sure which patch installation option i should choose and proceed.
  Can someone assist me ?
  Thanks,
  Ashok Kumar.G

  no we have to prepare a test POC but we don't have Xterm so had to use silent mode.using VNC server is best option to install or upgrade databases/grid Infrastructure.
  VNC server runs on the server and no fear of loosing network connection as in case of connecting thorugh putty.
  also you can open GUI in VNC server without need of any xterm or xwindows .
  So ask your SA to install VNC on your server and use it.