SQL firewall rule to restrict traffic from only one Azure PaaS website
Hi,
I have been asked to configure the firewall on the SQL PaaS instance to only allow traffic from a specified PaaS website that is within the same subscription. I can't see any way to set a static internal IP for the website, is there a way to identify it
for the purpose of the SQL Database firewall rule?
Thanks,
Karina
Hi Karina,
If you used Azure Vm, you could set ta static internal IP for your VM. And you can host your website on VM.https://msdn.microsoft.com/en-us/library/azure/dn630228.aspx
But for Azure Website service, I think you may not set the internal IP. But I think you can try to add the website server into your allow rule list if you used the basic or standard mode website.
BTW, I suggest you can post this issue on SQL Azure forum for more helps:
https://social.msdn.microsoft.com/forums/azure/en-US/home?forum=ssdsgetstarted
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.
Similar Messages
-
(This has also been posted on the websites forum)
Hi,
I have been asked to configure the firewall on the SQL PaaS instance to only allow traffic from a specified PaaS website that is within the same subscription. I can't see any way to set a static internal IP for the website, is there a way to identify it
for the purpose of the SQL Database firewall rule?
Thanks,
KarinaYou're right, KG! Sorry.
This article mentions a reserved-IP:
https://msdn.microsoft.com/en-us/library/azure/dn690120.aspx
It specifically mentions your scenario:
You want to ensure that outbound traffic from Azure uses a predictable IP address. You may have your firewall configured to allow only traffic from specific IP addresses. By reserving a VIP, you will know the source IP address and won’t
have to update your firewall rules due to a VIP change. This is especially helpful if you want to configure your firewall before you create your cloud service.
The only thing I'm not confident on would be if it works with Azure Websites - it does mention cloud services, though. If you have further questions, I can give a shot myself and see if I can get a working example. -
Why can I copy music to my iPad or iPod touch from multiple computers but from only one computer using my iPhone?
IPads and iPod Touches don't seem to have the same media copying restriction that my iPhone has. My main computer is at home. I have music at home and at work and sometimes I like to add it to my iPhone from work. I can do this no problem using my iPad or my iPod touch, but when it comes to my iPhone, I can only copy music to it from my main computer.
Why would the iPhone have this restriction but not the other two devices?
ps. Where's my "add currently playing song to playlist" button? I can't even find a third-party music app with this feature.Because...!
I've no idea why either.
Although it isn't normally possible to sync an iPod/iPad/iPhone with two computers (or manually manage an iPhone from more than one) it can be achieved if all computers have copies of the self same library. See Re: how do i sync on a second laptop without the data on my iPhone 5 being erased?
tt2 -
In my iPad mini if I use earphones I can hear from only one side
In my iPad mini if I use earphones I can hear from only one side but the earphones work fine with other devices
Have you tried different headphones in your iPad mini?
Check in Settings > General > Accessibility if little slider half way down isn't moved to either side towards "L" or "R".
If it isn't , try to reboot the device, but it's likely that your audio port isn't working correctly. If so, it should definitely be covered by warranty. -
Why does my iphone send all text from only one of my contacts to my email?
Why does my iphone send all text from only one of my contacts to my email? I'm curious to know if anyone else has had this issue with the Iphone 5s...
imessage has a new setting that shows all emails associated with your apple id. There are two sections, send and receive. Since you are using the same apple id, Im sure if you adjust one of those settings to your mobile number instead of your appleid, it wont send double.
You might also have to adjust your wifes settings too, so those emails dont overlap -
We have 2 iphones both synched to 1 ipad how do we reovw phone numbers from only one of the phones
We have 2 iphones and they are both synched to an ipad, how do we reomve phone numbers from only one of the phones without hte numbers being removed from the other phone
one can't sync iPhones with ipads
best you can do is to sync all with iclouds
if you do so and wish to stop syncing contacts with one of the iPhones you have set it not to sync contacts in the settings of the iPhone -
Ipod classic sound from only one channel
My 80GB Ipod classic has sound from only one headphone. Same problem when docked so it's not a headphone or socket problem. It's as if only one channel is working. Any ideas?
Did you check System Preferences>Sound to make certain that the balance scroll section was in the middle?
Clinton -
Access oracle forms from only one computer
Hi,
We have an ERP software which is created by using Oracle Forms 4.5. We want to give an access to user to use the specified screen of our ERP program from only one computer. Apart from that no one should access the screen from any computer.
Is it possible to do that?
thanksUpgrade all clients to Windows 7, and leave one with windows 2000 in place. The windows 7 clients most certainly won't be able to run a forms 4.5 application ;)
Why would you want to limit it to one computer? Isn't that what user accounts are for? Or are all users using the same account? You could of course check for the hostname of the client connected to the database:
CHE_TEST@tcp_asterix_impl> select sys_context('userenv', 'host') from dual;
SYS_CONTEXT('USERENV','HOST')
LINZ\CHE-WSBut this is not a very safe method, as I could boot a virtual machine with NAT so I don't get a name resolution conflict, name it like your machine and connect to the database. User accounts are protected by passwords, if I don't know the password I can't connect to the application (at least it's a little bit harder to hack a password then a hostname ;) )
cheers -
RV042 - direct browsing traffic to only one WAN port?
Hi, I have a RV042 (firmware 1.3.13.02-tm). Is it possible to configure so traffic from a specific domain (incl. its sub-domains) is directed exclusively to one WAN port? If so, how can I do this? Thanks.
Hi PAC, in a load balance environment it affects only outbound traffic which would use protocol bind to force traffic through a particular WAN port, meaning it won't affect inbound traffic.
The access rules page only supports source interface but you may try to create an access rule that looks something like this;
Action Allow
Service - (Whatever service you're using)
Source interface WAN 1
Source IP address - Range of public IP address from the domain/sub domains
Destination Ip address - The IP address of your subnet or specific nodes
Now, if you're using a load balance environment, you may want to bind traffic to WAN 1 that originate from the specific hosts that make the request to the domain/sub domains to ensure the source IP address leaving the router otherwise it would be possible to have a different source IP going over the 2nd WAN.
I'm not sure if it would work this way but to the best of my knowledge this would about be the only way to make it work since the router doesn't support telling inbound services to use a specific WAN.
-Tom
Please mark answered for helpful posts -
One computer at COMPANY-A is attempting to communicate with two
computers located at COMPANY-B, via an IPsec tunnel between the
two companies.
All communications are via TCP protocol.
All devices present public IP addresses to one another, although they
may have RFC 1918 addresses on other interfaces, and NAT may be in use
on the COMPANY-B side. (NAT is not being used on the COMPANY-A side.)
The players:(Note: first three octets have been changed for security reasons)
COMPANY-A computer 1.2.3.161
COMPANY-A router 1.2.3.8 (also IPsec peer)
COMPANY-A has 1.2.3.0/24 with no subnetting.
COMPANY-B router 4.5.6.228 (also IPsec peer)
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
COMPANY-B has 4.5.6.0/23 subnetted in various ways.
COMPANY-B also has 9.10.11.0/24, but it is not involved in the issue.
What works:
The COMPANY-A computer 1.2.3.161 can communicate via the single IPsec
tunnel to COMPANY-B computer #1 4.5.7.94 without problems.
The "show crypto session detail" command shows Inbound/Outbound packets
flowing in the dec'ed and enc'ed positions.
What doesn't:
When the COMPANY-A computer 1.2.3.161 attempts to communicate
via the single IPsec tunnel with the COMPANY-B computer #2 4.5.7.29,
the COMPANY-A router eventually reports five of these messages:
Oct 9 15:24:54.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:24:57.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:03.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:15.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:39.329: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:26:27.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
and the "show crypto session detail" shows inbound packets being dropped.
The COMPANY-A computer that opens the TCP connection never gets past the
SYN_SENT phase of the TCP connection whan trying to communicate with the
COMPANY-B computer #2, and the repeated error messages are the retries of
the SYN packet.
On the COMPANY-A side, this IPsec configuration has been set up on a 3745,
a 3725, and some 76xx routers were tried, all with similar behavior,
with packets from one far-end computer passing fine, and packets from
another far-end computer in the same netblock passing through the same
IPsec tunnel failing with the "failed SA identity" error.
The COMPANY-A computer directs all packets headed to COMPANY-B via the
COMPANY-A router at 1.2.3.8 with this set of route settings:
netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
4.5.7.0 1.2.3.8 255.255.255.0 UG 0 0 0 eth3
1.2.3.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.1.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
10.0.0.0 10.1.1.1 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth3
The first route line shown is selected for access to both COMPANY-B computers.
The COMPANY-A router (IPsec tunnel endpoint, 1.2.3.8) has this
configuration:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 4.5.6.228
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set COMPANY-B01 esp-3des esp-sha-hmac
crypto map COMPANY-BMAP1 10 ipsec-isakmp
description COMPANY-B VPN
set peer 4.5.6.228
set transform-set COMPANY-B01
set pfs group2
match address 190
interface FastEthernet0/0
ip address 1.2.3.8 255.255.255.0
no ip redirects
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map COMPANY-BMAP1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.2.3.1
ip route 10.0.0.0 255.0.0.0 10.1.1.1
ip route 1.2.3.8.0 255.255.255.0 FastEthernet0/0
access-list 190 permit ip host 1.2.3.161 4.5.7.0 0.0.0.255
access-list 190 permit ip host 1.2.3.161 9.10.11.0 0.0.0.255
bridge 1 protocol ieee
One of the routers tried had this IOS/hardware configuration:
Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(25c),
RELEASE SOFTWARE (fc2)
isco 3725 (R7000) processor (revision 0.1) with 115712K/15360K bytes of memory.
Processor board ID XXXXXXXXXXXXXXX
R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
2 FastEthernet interfaces
4 ATM interfaces
DRAM configuration is 64 bits wide with parity disabled.
55K bytes of NVRAM.
31296K bytes of ATA System CompactFlash (Read/Write)
250368K bytes of ATA Slot0 CompactFlash (Read/Write)
Configuration register is 0x2102
#show crypto sess
Crypto session current status
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:06:26:27
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 651 drop 16 life (KB/Sec) 4496182/23178
Outbound: #pkts enc'ed 574 drop 2 life (KB/Sec) 4496279/23178
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
The COMPANY-B device on their end of the IPsec VPN is a Juniper SSG1000
Version 6.1 (ScreenOS)
We only have a limited view into the Juniper device configuration.
What we were allowed to see was:
COMPANY-B-ROUTER(M)-> sh config | incl COMPANY-A
set address "Untrust" "oss-COMPANY-A-1.2.3.161" 1.2.3.161 255.255.255.255
set ike gateway "COMPANY-A-1-GW" address 1.2.3.8 Main outgoing-interface "ethernet2/1" preshare xxxxxxxxxxxxxxxxxxxxxx proposal "pre-g2-3des-sha"
set vpn "COMPANY-A-1-IKE" gateway "COMPANY-A-1-GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha-28800"
set policy id 2539 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "9.10.11.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2500
set policy id 2500 from "Trust" to "Untrust" "9.10.11.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2539
set policy id 2541 from "Trust" to "Untrust" "4.5.7.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2540
set policy id 2540 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "4.5.7.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2541
COMPANY-B-ROUTER(M)->
I suspect that this curious issue is due to a configuration setting on the
Juniper device, but neither party has seen this error before. COMPANY-B
operates thousands of IPsec VPNs and they report that this is a new error
for them too. The behavior that allows traffic from one IP address to
work and traffic from another to end up getting this error is also unique.
As only the Cisco side emits any error message at all, this is the only
clue we have as to what is going on, even if this isn't actually an IOS
problem.
What we are looking for is a description of exactly what the Cisco
IOS error message:
IPSEC(epa_des_crypt): decrypted packet failed SA identity check
is complaining about, and if there are any known causes of the behavior
described that occur when running IPsec between Cisco IOS and a Juniper
SSG device. Google reports many other incidents of the same error
message (but not the "I like that IP address but hate this one" behavior),
and not just with a Juniper device on the COMPANY-B end, but for those cases,
not one was found where the solution was described.
It is hoped that with a better explanation of the error message
and any known issues with Juniper configuration settings causing
this error, we can have COMPANY-B make adjustments to their device.
Or, if there is a setting change needed on the COMPANY-A router,
that can also be implemented.
Thanks in advance for your time in reading this, and any ideas.Hello Harish,
It is believed that:
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
both have at least two network interfaces, one with a public IP address
(which we are supposedly conversing with) and one with a RFC 1918 type
address. COMPANY-B is reluctant to disclose details of their network or
servers setup, so this is not 100% certain.
Because of that uncertainty, it occurred to me that perhaps COMPANY-B
computer #2 might be incorrectly routing via the RFC 1918 interface.
In theory, such packets should have been blocked by the access-list on both
COMPANY-A router, and should not have even made it into the IPsec VPN
if the Juniper access settings work as it appears they should. So I turned up
debugging on COMPANY-A router so that I could see the encrypted and
decrypted packet hex dumps.
I then hand-disassembled the decoded ACK packet IP header received just
prior to the "decrypted packet failed SA check" error being emitted and
found the expected source and destination IP addresses (4.5.7.29 and 1.2.3.161),
in the unecapsulated packet. I also found the expected port numbers of the TCP
conversation that was trying to be established in the TCP header. So, it
looks like COMPANY-B computer #2 is emitting the packets out the right
interface.
The IP packet header of the encrypted packet showed the IP addresses of the
two routers at each terminus of the IPsec VPN, but since I don't know what triggers
the "SA check" error message or what it is complaining about, I don't know what
other clues to look for in the packet dumps.
As to your second question, "can you check whether both encapsulation and
decapsulation happening in 'show crypto ipsec sa'", the enc'ed/dec'ed
counters were both going up by the correct quantities. When communicating
with the uncooperative COMPANY-B computer #2, you would also see the
received Drop increment for each packet decrypted. When communicating
with the working COMPANY-B computer #1, the Drop counters would not
increment, and the enc'ed/dec'ed would both increment.
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:54
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 5 life (KB/Sec) 4458308/28784
Outbound: #pkts enc'ed 401 drop 3 life (KB/Sec) 4458308/28784
Attempt a TCP communication to COMPANY-B computer #2...
show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:23
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 6 life (KB/Sec) 4458307/28753
Outbound: #pkts enc'ed 402 drop 3 life (KB/Sec) 4458307/28753
Note Inbound "drop" changed from 5 to 6. (I didn't let it sit for all
the retries.)
#show crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: COMPANY-BMAP1, local addr 1.2.3.8
protected vrf: (none)
local ident (addr/mask/prot/port): (1.2.3.161/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (4.5.7.0/255.255.255.0/0/0)
current_peer 4.5.6.228 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 402, #pkts encrypt: 402, #pkts digest: 402
#pkts decaps: 376, #pkts decrypt: 376, #pkts verify: 376
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 3, #recv errors 6
local crypto endpt.: 1.2.3.8, remote crypto endpt.: 4.5.6.228
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0xDF2CC59C(3744253340)
inbound esp sas:
spi: 0xD9D2EBBB(3654478779)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xDF2CC59C(3744253340)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
The "send" errors appear to be related to the tunnel reverting to a
DOWN state after periods of inactivity, and you appear to get one
each time the tunnel has to be re-negotiated and returned to
an ACTIVE state. There is no relationship between Send errors
incrementing and working/non-working TCP conversations to the
two COMPANY-B servers.
Thanks for pondering this very odd behavior. -
Send and receive e-mails to/from only one mailbox
Hello,
i wanted to know is it possible to allow one recipient to send to only one recipient and to receive only e-mails from same recipient ?
Thanks,
JohnHi John,
Great commands from Philip.
We can also create transport rules via EMC.
Found a similar thread for your reference:
Transport Rule allow user to send to only 10 user
http://social.technet.microsoft.com/Forums/en-US/06d88574-d67d-483d-9abe-fe5e3f8bc41b/transport-rule-allow-user-to-send-to-only-10-user
Hope it is helpful
Thanks
Mavis
Mavis Huang
TechNet Community Support -
SCAN LISTENER runs from only one node at a time from /etc/hosts !
Dear all ,
Recently I have to configure RAC in oracle 11g(r2) in AIX 6.1 . Since in this moment it is not possible to configure DNS, so I dont use SCAN ip into the DNS/GNS, I just add the SCAN ip into the host file like :
cat /etc/hosts
SCAN 172.17.0.22
Got the info from : http://www.freeoraclehelp.com/2011/12/scan-setup-for-oracle-11g-release211gr2.html#ORACLE11GR2RACINS
After configuring all the steps of RAC , Every services are ok except SCAN_LISTENER . This listener is up only one node at a time . First time when I chek it from node1 , it shows :
srvctl status scan_listener
SCAN listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node dcdbsvr1
now when I relocate it from node 2 using
"srvctl relocate scan -i 1-n DCDBSVR2" , then the output shows :
srvctl status scan_listener
SCAN listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node dcdbsvr2
Baring these , we have to try to relocate it from the node2 by the following way, then it shows the error :
srvctl relocate scan -i 2 -n DCDBSVR2
resource ora.scan2.vip does not exists
Now my question , How can I run the SCAN and SCAN_LISTENER both of the NODES ?
Here is my listener file (which is in the GRID home location) configuration :
Listener File OF NODE1 AND NODE 2:
==================================
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN1=ON
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON
LISTENER_SCAN1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC) (KEY = LISTENER_SCAN1)
ADR_BASE_LISTENER_SCAN1 = /U01/APP/ORACLE
2)
Another issue , when I give the command : " ifconfig -a " , then it shows the SCAN ip either node1 or node2 . suppose if the SCAN ip is in the node1 , and then if I run the "relocate" command from node2 , the ip goes to the Node 2 . is it a correct situation ? advice plz ... ...
thx in advance .. ...
Edited by: shipon_97 on Jan 10, 2012 7:22 AM
Edited by: shipon_97 on Jan 10, 2012 7:31 AMAfter configuring all the steps of RAC , Every services are ok except SCAN_LISTENER . This listener is up only one node at a time . First time when I chek it from node1 , it shows :If I am not wrong and after looking at the document you sent, you will be able to use only once scan in case you use /etc/host file and this will be up on only one node where you added this scan entry in /etc/hosts file.
Now my question , How can I run the SCAN and SCAN_LISTENER both of the NODES ?Probably you can't in your case, you might run only one i think and on one node only
srvctl status scan_listener
SCAN listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node dcdbsvr1
now when I relocate it from node 2 using
"srvctl relocate scan -i 1 -n DCDBSVR2" , then the output shows :
srvctl status scan_listener
SCAN listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node dcdbsvr2You moved scan listener from node 1 to node 2, OK
Baring these , we have to try to relocate it from the node2 by the following way, then it shows the error :
srvctl relocate scan -i 2 -n DCDBSVR2
resource ora.scan2.vip does not exists
--------------------------------------------------------------------------------Since you have only one scan, you can't relocate "2". So ise "1" instead here also
FYI
http://www.oracle.com/technetwork/database/clustering/overview/scan-129069.pdf
Salman -
Can't connect to SMB share on Windows server from only ONE mac
I have over 20 macs on my network. All are running the same version of the OS. (10.4.9) Almost all of the macs can connect, using SMB, to our Windows 2000 file servers...but only ONE of them can not. When I try from that mac, I get the following error:
"The finder cannot complete the operation because some data in "smb://myservername" could not be read or written. (Error code -36)"
This same mac that has this issue can connect to any of our other Win2K file servers and all my other macs can connect to the server that this mac can't...which is very confusing for me because that tells me that the mac is fine and the Win2K server is fine as well...
Any ideas?-36 is a bit generic, but usually means the Windows® machine is denying because of bad Password. Have you tried deleting that particular reference/share in Keychain Access and redoing it?
-
Load relationships from only one BP, from R/3 to CRM
Hello,
I have downloaded one BP from R/3 to CRM, but relationships (Employee responsible, Sales representative, Ship-to party, etc...) are not downloaded into this BP.
The individual employees, ship-to party, etc... already exist in CRM, but not appear as relationships into mentioned BP.
I created request with:
Adapter Object: CUSTOMER_REL
Objektklass: BUPA
Table Name KNVP
Field Name KUNNR
Incl/Excl I Inclusive defined set
Option EQ Equality (= Low)
Low 'The R/3 customer number'
But when I start request this is downloading all relationships for all customers.
What I need add to the request or what I need to do in order to download only the relationships for only one specific BP (customer) ?
Regards
JuanThis is the request we run:
Request Name REQ_CUST_REL
Table Name <b>KNA1</b>
Field Name KUNNR
Incl/Excl I Inclusive defined set/array
Option EQ Equality (= Low)
Low 0000144060
High -
Audio coming from only one field
Hello,
I just did a mic'ed interview with my little camera. I was wearing headphones and noticed audio coming from only the left side, but there was nothing I could do about it that I was aware of.
Anyway, now that this thing is in Final Cut Express, is there anything I can do to apply the left track to the right track? Or would this make it sound funky or how does it work?
Thanks very much,
JeremyAh, I see. I just used 'Pan' and set it from -1 to 0. Cool.
This can be deleted or left for reference, I don't care.
Maybe you are looking for
-
Default values in PNP Logical database selection screen
Hi All I want to default the BEGDA and ENDDA values in the selection screen with Previous month start date and end date. How can I do that. AJ
-
Web Galleries on Photo pages?
I think I already know the answer is no, but... I much prefer the .Mac Web Gallery and it's options to the older photos page you create from iPhoto. I have converted a couple of albums to Web Galleries. My questions is regarding putting those on a Ph
-
Previously uploaded photos now are gone and show up as blank events. Where did they go?
I uploaded pictures onto iPhoto from my Europe trip about a month ago, and spent a lot of time editing them and separating them into different photo albums. When I opened iphoto tonight, all of the photos are gone - the names of the events still exis
-
Please read the subject. In Safari its playing OK. QTVR is jerky in Firefox, Lion.
-
Hi , There is an Idoc , which has status 56 . A mail has been send to user informing to display the idoc . Can u plz suggest me how is this user connected to idoc . i am not authorized to use tcode we09 , Plz suggest some other tcodes to display idoc