Tcp.invited_nodes

I think I already know the answer, but ...
At my manager's request, I started playing around with TCP.INVITED_NODES. What we wanted to find out was if we could specify a range of client ip addresses rather than listing each one individually. My initial tests indicate "no". The documentation never specifically addresses the question, but the way things are worded seem to indicate "no".
But, since "you never know what you don't know" .... I thought I'd ask.
On a closely related item, are there any special considerations on the use of TCP.INVITED_NODES if some of your clients are coming through a VPN?

No, you can't specify range adresses.
Another way may be to use CMan (Connection Manager) which is a Database proxy and it allows range instead of listing each address.

Similar Messages

Multiple hosts in tcp.invited_nodes

Hello all!
Can I add multiple hosts in tcp.invited_nodes parameter in sqlnet.ora using network mask, i.e tcp.invited_nodes=(192.168.77.0/24)?
toms

i.e tcp.invited_nodes=(192.168.77.0/24)?i think u want to specify the range of following ip. but for that u have to put each and every ip on following parameter.
http://download-west.oracle.com/docs/cd/B14117_01/network.101/b10776/sqlnet.htm#sthref578
Kuljeet

Is tcp.invited_nodes supported in XE?

Hello,
I'm trying to setup a proof-of-concept to demonstrate basic ip-access security using tcp.validnode_checking=yes and tcp.invited_nodes=(list of ip's)
I would like to demonstrate in XE.
I've got a prototype established and can connect via sqlplus to XE but fails when I put the tcp. references into sqlnet.ora.
I have confirmed localhost is an invited node.
Thanks!
Doug

It is not possible, other than to install the two databases in two different homes.
Also a separate listener for each database is not required at all.
Also using hardcoded IPs in sqlnet is maintenance prone and should be avoided.
Sybrand Bakker
Senior Oracle DBA

Invited_nodes, discussion

Oracle 10.2.0.4 on HP-UX 11.23
I'm familiar with the techniques and limitations of tcp.invited_nodes, but now am seeking thoughts on things I haven't considered ..
We have received an edict from "on high" that we implement tcp.invited_nodes. All of our packaged apps can accommodate this, as they run either from one apps server or a small, well-defined set of clients. However, we also have a group of users who have need to run what are essentially ad-hoc queries from their DHCP desktops. (When I say "ad-hoc" I mean they have a fairly extensive library of report generating sql scripts that they run on-demand, using SQL*Plus)
At first we thought that while this was a typical ham-fisted pronouncement from security people who don't really understand the implications of their edicts. We also realized it would be a means of forcing the users to start using iSQL and eliminate the need for us to support oracle client on desktops, which has been something we've desired. However, I've also been aware that iSQL goes away with 11g, so it would appear that we could end up back where we started. I've not heard of any web-based replacement for iSQL, as all comments I've seen along that line say to use SQL Developer, which puts us back to supporting desktop installed clients, and dealing with the DHCP issue.
I've not looked into connection manager yet, so don't know what it might bring to the table, if indeed we'd be allowed to use it. The security people are increasingly managing by magazine article and specifying the exact method to be used rather than simply stating what must be achieved. However, it gave us what we need, I'd be willing to push back on it. Actually, invited_nodes would work if it would accept wild cards or (better) regular expressions in defining the allowed IP addresses.
Does anyone have any thoughts on what options I might have available?

EdStevens wrote:
Does anyone have any thoughts on what options I might have available?Yes, there is a "+well so stuff you too!+" option. Where you conform to idiotic security policies (that fails in providing safe and secure environments), and still do your thing (in a secure fashion) to provide your users/developers with the access needed.
Two flavours comes to mind.
NAT*
Create a NAT firewall on a server (easily done using iptables and Linux). This NAT server becomes an invited node server. It has a fixed/static IP and "conforms" to the wet and soggy expectations from the security luzers<i>^H^H^H^H^H</i> er.. people. Configure the NAT firewall to accept connections from an IP range or subnet - covering your DHCP clients. Open port 1521 on the NAT server and enable masquerading of the incoming traffic to port 1521 on the database server.
This works pretty well - as the db server will see that NAT server as client. But everything else in Oracle (like v$session details) will still enable you to correctly identify the DHCP client (those details are passed via the connection string from the client and not derived from the actual IP connection itself).
The con is of course the so-called security concern as any DHCP client within that IP range can make use of this NAT feature to get a "logon prompt" from the database.
SSH Tunnel*
This is a similar to the NAT option - but instead of a NAT server, uses a server that allows ssh tunneling via it. Basic explanation. All DHCP clients need to generate RSA keys and pass you their public keys. These public keys are added to the authorised key list of a tunnel o/s user on this ssh/tunnel server. I would also disable shell logon for this tunnel o/s user - this means that no client can gain shell access on this server via this user. And restricts this o/s user for only being used for tunneling by IPs who are trusted via their public RSA keys.
Like with the NAT server, this ssh/tunnel server is an invited node. DHCP clients create SQL*Net tunnels via this server to reach the database server. Simplistically, the client will create a tunnel -L 1521:dbserver:1521 and pass this to the tunnel user on the ssh server. With the tunnel established, the DHCP client uses localhost and port 1521 on his client to establish a (tunneled) connection to the database server.
Pros are that this is an encrypted session - so it is pretty secure. Trusted RSA keys are used - difficult to compromise and use as an attack vector. The con is the complexity of supporting this. It largely depends on the number of users, and their expertise level in using something like Putty to create the required tunnel on the Windoze clients. (when, oh when, will Microsoft add OpenSsh support to Windows!!?).
I am using both flavours to address different issues (and not all of them security ones either) - and it works pretty well.

TCP.VALIDNODE_CHECKING in RAC Database

Hello,
I would like to know what is the equivalent of using TCP.VALIDNODE_CHECKING (along with TCP.INVITED_NODES and/or TCP.EXCLUDED_NODES) in an Oracle RAC database (version 11.2.0.2) that uses a SCAN listener.
My understanding is these parameters are used to control which client machines are authorized to connect to a database instance. However, in a RAC cluster, as there will be more than one instance involved, how can I control the client nodes being able to connect to the database or not? Can the above parameters be still used by individual instances in the cluster? If yes, do they have to be same across all the nodes in a cluster? Or is there a centralised option, either provided by Clusterware in general or Scan Listener in particular to implement this feature?
I checked the documentation and forums but could not find any relevant information.
Would appreciate any help / pointers.
Thanks in advance.

IP address filtering is one of many network security aspects. SQL*Net only addresses the very bare basics - and it does not even do that well. It is not a proper firewall. And a proper firewall, like iptables, is exactly what should be used.
For example, if you check the IP address in the IP header, then you should also check the combination of tcp flags, do state matching, respond to only valid icmp, and so on.
Simply and just checking for a "valid" IP address is an extremely weak and somewhat silly approach to IP level security.
iptables for example can be run on each RAC node. Or the entire cluster can be protected by a heavy grade commercial firewall at network level (access via external firewall needed to access the RAC).
Using SQL*Net to do this.. well, that is a bit ridiculous IMO.

List of Manual Setup required for iSetup to work

Hi All,
This is Mugunthan from iSetup development. Based on my interaction with customers and Oracle functional experts, I had documented list of manual setups that are required for smooth loading of selection sets. I am sharing the same. Please let me know if I anyone had to enter some manual setup while using iSetup.
Understanding iSetup
iSetup is a tool to migrate and report on your configuration data. Various engineering teams from Oracle develop the APIs/Programs, which migrates the data across EBS instances. Hence all your data is validated for all business cases and data consistency is guarantied. It requires good amount of setup functional knowledge and bit of technical knowledge to use this tool.
Prerequisite setup for Instance Mapping to work
·     ATG patch set level should be same across all EBS instances.
·     Copy DBC files of each other EBS instances participating in migration under $FND_SECURE directory (refer note below for details).
·     Edit sqlnet.ora to allow connection between DB instacnes(tcp.invited_nodes=(<source>,<central>))
·     Make sure that same user name with iSetup responsibility exists in all EBS instances participating in migration.
Note:- iSetup tool is capable of connecting to multiple EBS instances. To do so, it uses dbc file information available under $FND_SECURE directory. Let us consider three instances A, B & C, where A is central instance, B is source instance and C is target instances. After copying the dbc file on all nodes, $FND_SECURE directory would look like this on each machine.
A => A.dbc, B.dbc, C.dbc
B => A.dbc, B.dbc
C => A.dbc, C.dbc
Prerequisite for registering Interface and creating Custom Selection Set
iSetup super role is mandatory to register and create custom selection set. It is not sufficient if you register API on central/source instance alone. You must register the API on all instances participating in migration/reporting.
Understanding how to access/share extracts across instances
Sharing iSetup artifacts
·     Only the exact same user can access extracts, transforms, or reports across different instances.
·     The “Download” capability offers a way to share extracts, transforms, and loads.
Implications for Extract/Load Management
·     Option 1: Same owner across all instances
·     Option 2: Same owner in Dev, Test, UAT, etc – but not Production
o     Extract/Load operations in non-Production instances
o     Once thoroughly tested and ready to load into Production, download to desktop and upload into Production
·     Option 3: Download and upload into each instance
Security Considerations
·     iSetup does not use SSH to connect between instances. It uses Concurrent Manager framework to lunch concurrent programs on source and target instances.
·     iSetup does not write password to any files or tables.
·     It uses JDBC connectivity obtained through standard AOL security layer
Common Incorrect Setups
·     Failure to complete/verify all of the steps in “Mapping instances”
·     DBC file should be copied again if EBS instance has been refreshed or autoconfig is run.
·     Custom interfaces should be registered in all EBS instances. Registering it on Central/Source is not sufficient.
·     Standard Concurrent Manager should up for picking up iSetup concurrent requests.
·     iSetup financial and SCM modules are supported from 12.0.4 onwards.
·     iSetup is not certified on RAC. However, you may still work with iSetup if you could copy the DBC file on all nodes with the same name as it had been registered through Instance Mapping screen.
Installed Languages
iSetup has limitations where it cannot Load or Report if the number and type of installed languages and DB Charset are different between Central, Source and Target instances. If your case is so, there is a workaround. Download the extract zip file to desktop and unzip it. Edit AZ_Prevalidator_1.xml to match your target instance language and DB Charset. Zip it back and upload to iSetup repository. Now, you would be able to load to target instance. You must ensure that this would not corrupt data in DB. This is considered as customization and any data issue coming out this modification is not supported.
Custom Applications
Application data is the prerequisite for the most of the Application Object Library setups such as Menus, Responsibility, and Concurrent programs. iSetup does not migrate Custom Applications as of now. So, if you have created any custom application on source instance, please manually create them on the target instance before moving Application Object Library (AOL) data.
General Foundation Selection Set
Setup objects in General foundation selection set supports filtering i.e. ability to extract specific setups. Since most of the AOL setup data such as Menus, Responsibilities and Request Groups are shipped by Oracle itself, it does not make sense to migrate all of them to target instance since they would be available on target instance. Hence, it is strongly recommended to extract only those setup objects, which are edited/added, by you to target instance. This improves the performance. iSetup uses FNDLOAD (seed data loader) to migrate most of the AOL Setups. The default behavior of FNDLOAD is given below.
Case 1 – Shipped by Oracle (Seed Data)
FNDLOAD checks last_update_date and last_updated_by columns to update a record. If it is shipped by Oracle, the default owner of the record would be Oracle and it would skip these records, which are identical. So, it won’t change last_update_by or last_updated_date columns.
Case 2 – Shipped by Oracle and customized by you
If a record were customized in source instance, then it would update the record based on last_update_date column. If the last_update_date in the target were more recent, then FNDLOAD would not update the record. So, it won’t change last_update_by column. Otherwise, it would update the records with user who customized the records in source instance.
Case 3 – Created and maintained by customers
If a record were newly added/edited in source instance by you, then it would update the record based on last_update_date column. If the last_update_date of the record in the target were more recent, then FNDLOAD would not update the record. So, it won’t change last_update_by column. Otherwise, it would update the records with user who customized the records in source instance.
Profiles
HR: Business Group => Set the name of the Business Group for which you would like to extract data from source instance. After loading Business Group onto the target instance, make sure that this profile option is set appropriately.
HR: Security Profile => Set the name of the Business Group for which you would like to extract data from source instance. After loading Business Group onto the target instance, make sure that this profile option is set appropriately.
MO: Operating Unit => Set the Operating Unit name for which you would like to extract data from source instance. After loading Operating Unit onto the target instance, make sure that this profile option is set if required.
Navigation path to do the above setup:
System Administrator -> Profile -> System.
Query for the above profiles and set the values accordingly.
Descriptive & Key Flex Fields
You must compile and freeze the flex field values before extracting using iSetup.
Otherwise, it would result in partial migration of data. Please verify that all the data been extracted by reporting on your extract before loading to ensure data consistency.
You can load the KFF/DFF data to target instance even the structures in both source as well as target instances are different only in the below cases.
Case 1:
Source => Loc1 (Mandate), Loc2 (Mandate), Loc3, and Loc4
Target=> Loc1, Loc2, Loc3 (Mandate), Loc4, Loc5 and Loc6
If you provide values for Loc1 (Mandate), Loc2 (Mandate), Loc3, Loc4, then locations will be loaded to target instance without any issue. If you do not provide value for Loc3, then API will fail, as Loc3 is a mandatory field.
Case 2:
Source => Loc1 (Mandate), Loc2 (Mandate), Loc3, and Loc4
Target=> Loc1 (Mandate), Loc2
If you provide values for Loc1 (Mandate), Loc2 (Mandate), Loc3 and Loc4 and load data to target instance, API will fail as Loc3 and Loc4 are not there in target instance.
It is always recommended that KFF/DFF structure should be same for both source as well as target instances.
Concurrent Programs and Request Groups
Concurrent program API migrates the program definition(Definition + Parameters + Executable) only. It does not migrate physical executable files under APPL_TOP. Please use custom solution to migrate executable files. Load Concurrent Programs prior to loading Request Groups. Otherwise, associated concurrent program meta-data will not be moved even through the Request Group extract contains associated Concurrent Program definition.
Locations - Geographies
If you have any custom Geographies, iSetup does not have any API to migrate this setup. Enter them manually before loading Locations API.
Currencies Types
iSetup does not have API to migrate Currency types. Enter them manually on target instance after loading Currency API.
GL Fiscal Super user--> setup--> Currencies --> rates -- > types
Associating an Employee details to an User
The extract process does not capture employee details associated with users. So, after loading the employee data successfully on the target instance, you have to configure them again on target instance.
Accounting Setup
Make sure that all Accounting Setups that you wish to migrate are in status “Complete”. In progress or not-completed Accounting Setups would not be migrated successfully.
Note: Currently iSetup does not migrate Sub-Ledger Accounting methods (SLA). Oracle supports some default SLA methods such as Standard Accrual and Standard Cash. You may make use of these two. If you want to use your own SLA method then you need to manually create it on target instances because iSetup does not have API to migrate SLA. If a Primary Ledger associated with Secondary Ledgers using different Chart of Accounts, then mapping rules should be defined in the target instance manually. Mapping rule name should match with XML tag “SlCoaMappingName”. After that you would be able to load Accounting Setup to target instance.
Organization API - Product Foundation Selection Set
All Organizations which are defined in HR module will be extracted by this API. This API will not extract Inventory Organization, Business Group. To migrate Inventory Organization, you have to use Inventory Organization API under Discrete Mfg. and Distribution Selection Set. To extract Business Group, you should use Business Group API.
Inventory Organization API - Discrete Mfg & Distribution Selection Set
Inventory Organization API will extract Inventory Organization information only. You should use Inventory Parameters API to move parameters such as Accounting Information. Inventory Organization API Supports Update which means that you can update existing header level attributes of Inventory Organization on the target instance. Inventory Parameters API does not support update. To update Inventory Parameters, use Inventory Parameters Update API.
We have a known issue where Inventory Organization API migrates non process enabled organization only. If your inventory organization is process enabled, then you can migrate them by a simple workaround. Download the extract zip file to desktop and unzip it. Navigate to Organization XML and edit the XML tag <ProcessEnabledFlag>Y</ProcessEnabledFlag> to <ProcessEnabledFlag>N</ProcessEnabledFlag>. Zip it back the extract and upload to target instance. You can load the extract now. After successful completion of load, you can manually enable the flag through Form UI. We are working on this issue and update you once patch is released to metalink.
Freight Carriers API - Product Foundation Selection Set
Freight Carriers API in Product Foundation selection set requires Inventory Organization and Organization Parameters as prerequisite setup. These two APIs are available under Discrete Mfg. and Distribution Selection Set. Also,Freight Carriers API is available under Discrete Mfg and Distribution Selection Set with name Carriers, Methods, Carrier-ModeServ,Carrier-Org. So, use Discrete Mfg selection set to load Freight Carriers. In next rollup release Freight Carriers API would be removed from Product Foundation Selection Set.
Organization Structure Selection Set
It is highly recommended to set filter and extract and load data related to one Business Group at a time. For example, setup objects such as Locations, Legal Entities,Operating Units,Organizations and Organization Structure Versions support filter by Business Group. So, set the filter for a specific Business Group and then extract and load the data to target instance.
List of mandatory iSetup Fwk patches*
8352532:R12.AZ.A - 1OFF:12.0.6: Ignore invalid Java identifier or Unicode identifier characters from the extracted data
8424285:R12.AZ.A - 1OFF:12.0.6:Framework Support to validate records from details to master during load
7608712:R12.AZ.A - 1OFF:12.0.4:ISETUP DOES NOT MIGRATE SYSTEM PROFILE VALUES
List of mandatory API/functional patches*
8441573:R12.FND.A - 1OFF:12.0.4: FNDLOAD DOWNLOAD COMMAND IS INSERTING EXTRA SPACE AFTER A NEWLINE CHARACTER
7413966:R12.PER.A - MIGRATION ISSUES
8445446:R12.GL.A - Consolidated Patch for iSetup Fixes
7502698:R12.GL.A - Not able to Load Accounting Setup API Data to target instance.
Appendix_
How to read logs
·     Logs are very important to diagnose and troubleshoot iSetup issues. Logs contain both functional and technical errors.
·     To find the log, navigate to View Detail screens of Extracts/ Transforms/Loads/Standard/Comparison Reports and click on View Log button to view the log.
·     Generic Loader (FNDLOAD or Seed data loader) logs are not printed as a part of main log. To view actual log, you have to take the request_id specified in the concurrent log and search for the same in Forms Request Search Window in the instance where the request was launched.
·     Functional errors are mainly due to
o     Missing prerequisite data – You did not load one more perquisite API before loading the current API. Example, trying to load “Accounting Setup” without loading “Chart of Accounts” would result in this kind of error.
o     Business validation failure – Setup is incorrect as per business rule. Example, Start data cannot be greater than end date.
o     API does not support Update Records – If the there is a matching record in the target instance and If the API does not support update, then you would get this kind of errors.
o     You unselected Update Records while launching load - If the there is a matching record in the target instance and If you do not select Update Records, then you would get this kind of errors.
Example – business validation failure
o     VONAME = Branches PLSQL; KEY = BANKNAME = 'AIBC‘
o     BRANCHNAME = 'AIBC'
o     EXCEPTION = Please provide a unique combination of bank number, bank branch number, and country combination. The 020, 26042, KA combination already exists.
Example – business validation failure
o     Tokens: VONAME = Banks PLSQL
o     BANKNAME = 'OLD_ROYAL BANK OF MY INDIA'
o     EXCEPTION = End date cannot be earlier than the start date
Example – missing prerequisite data.
o     VONAME = Operating Unit; KEY = Name = 'CAN OU'
o     Group Name = 'Setup Business Group'
o     ; EXCEPTION = Message not found. Application: PER, Message Name: HR_ORG_SOB_NOT_FOUND (Set of books not found for ‘Setup Business Group’)
Example – technical or fwk error
o     OAException: System Error: Procedure at Step 40
o     Cause: The procedure has created an error at Step 40.
o     Action: Contact your system administrator quoting the procedure and Step 40.
Example – technical or fwk error
o     Number of installed languages on source and target does not match.
Edited by: Mugunthan on Apr 24, 2009 2:45 PM
Edited by: Mugunthan on Apr 29, 2009 10:31 AM
Edited by: Mugunthan on Apr 30, 2009 10:15 AM
Edited by: Mugunthan on Apr 30, 2009 1:22 PM
Edited by: Mugunthan on Apr 30, 2009 1:28 PM
Edited by: Mugunthan on May 13, 2009 1:01 PM

Mugunthan
Yes we have applied 11i.AZ.H.2. I am getting several errors still that we trying to resolve
One of them is
===========>>>
Uploading snapshot to central instance failed, with 3 different messages
Error: An invalid status '-1' was passed to fnd_concurrent.set_completion_status. The valid statuses are: 'NORMAL', 'WARNING', 'ERROR'FND     at oracle.apps.az.r12.util.XmlTransmorpher.<init>(XmlTransmorpher.java:301)
     at oracle.apps.az.r12.extractor.cpserver.APIExtractor.insertGenericSelectionSet(APIExtractor.java:231)
please assist.
regards
girish

How do I restrict or allow a few client machines to connect to Server ?

In my setup I wanted to restrict the use of oracle Database.
Database Version : 10.2.0.1.0
OS : Linux
Into the sqlnet.ora file,below These parameters enable to configure access control to the database,
TCP.EXCLUDED_NODES=(finance.us.acme.com, mktg.us.acme.com, 144.25.5.25)
TCP.INVITED_NODES=(sales.us.acme.com, hr.us.acme.com, 144.185.5.73)
TCP.VALIDNODE_CHECKING=yes|no
but hence this solution is not working at my end...Database is accessed easily by excluded_node.
Can anyone suggest me what so reason behind that...
Thanks....

limiting access to a specific ip address
Re: restrict to particular IPaddress
links may be helpful to you.

Works on local 10g Express but not 9i. : Got minus one from a read call

Using a desktop I have a 3rd party tool that needs to access an Oracle 9i DB. The tool does not connect to the db at all. I also have Toad installed on the desktop and Toad can connect fine. The error message I get with the 3rd party tool is:
"Got minus one from a read call"
I have a laptop in which I have a local 10g Express installed along with the same 3rd party tool. The 3rd party tool can connect to the local Express db.
I have written a java app. See below. When I run the app on the desktop machine ir produces the same error as the 3rd party tool.
What is happening on the 9i server that is causing this error. I have seen this error posted on many sites but no responses. Any ideas/suggestions?
Thanks
import java.sql.*;
class TestConnection {
public static void main (String args []) throws SQLException
Connection connection = null;
try {
// Load the JDBC driver
String driverName = "oracle.jdbc.driver.OracleDriver";
Class.forName(driverName);
// Create a connection to the database
String serverName = "119.133.45.3";
String portNumber = "1606";
String sid = "HCPSD";
String url = "jdbc:oracle:thin:@" + serverName + ":" + portNumber + ":" + sid;
String username = "HCPSODS";
String password = "HCPSODS";
connection = DriverManager.getConnection(url, username, password);
} catch (ClassNotFoundException e) {
System.out.println(e);
} catch (SQLException e) {
System.out.println(e);
Statement stmt = connection.createStatement();
ResultSet rset = stmt.executeQuery("select PROVIDER_NAME from HCPSODS.BLAZE_PROVIDER_VALUES");
while (rset.next())
System.out.println (rset.getString(1));
stmt.close();
}

Here is a fix to this problem I found. Not sure if it will help:
1. Go to directory $TNS_ADMIN on database tier or database home.
2. Modify sqlnet.ora file with following.
tcp.validnode_checking = yes
Either set above directive value to NO or add machine name where jdeveloper is running to following directive.
tcp.invited_nodes=(machin-name, machine-name)
3. Bounce listener using addlnctl.sh under database directory.

Errors using themes and tomahawk within portlets

I've been developing a portlet using Creator2 Update 1 that uses the myfaces tomahawk library of components. Besides the difficulty of not being able to use the visual designer, I've managed to get my portlet functioning the way I want.
My next step was to apply styles to my portlet. The difficulty here is that since portlets are aggregated within a portal, the portlet does not have access to the <head> tag of the container page (meaning I couldn't just add my own stylesheets and link them in.) I'm not sure how Creator works around this problem - I just know that it manages to using <ui:themeLinks> somehow.
Changing the theme for a regular Creator-components-only (read: no tomahawk) is a no-brainer. I simply pick a different theme in the Project view and set it as the Current Theme. I can even set my own user-defined theme. Running the portlet either through Creator or Liferay shows the applied theme.
However, once I start using tomahawk components, the theme system breaks down, throwing exceptions, such as the following:
com.sun.rave.web.ui.theme.ThemeConfigurationException: WARNING: the Sun Web Components could not load any themes.
at com.sun.rave.web.ui.theme.ThemeFactory.createThemeManager(ThemeFactory.java:274)
Curiously, it only breaks if I use one of my user-defined themes. The Creator-provided themes will work with the tomahawk components portlet.
In short, I am baffled. Creator-provided themes work regardless of tomahawk components present. My own themes work so long as there aren't tomahawk components present.

Sorry, I don't think that's going to work. Themes are not used in the standard SES index, and therefore the Oracle Text knowledgebase is not installed - hence the DRG-11446 error you're seeing.
If you figured out a way to install the knowledgebase from another system (and I'm NOT recommending that), you would still need to recreate the text index with INDEX_THEMES turned on.
You should be able to connect to the SES instance from a remote machine by commenting out both "tcp.invited_nodes" and "tcp.validnode_checking" from the sqlnet.ora file. Not sure why just adding an entry to tcp.invited_nodes didn't work for you.

Select statement fails under Express, but works under Fortewhen using

Express sometimes (e.g. with nested windows) generates SQL with a select
subquery, e.g.
select x1, x2 from t1 where (x1,x2) in (select x1,x2 from t2.....)
This fails on DB2 with a message that the comma in the where clause (x1,x2)
is not allowed.
This works on Oracle.
Does anyone have a workaround or other suggestion?
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

Here is a fix to this problem I found. Not sure if it will help:
1. Go to directory $TNS_ADMIN on database tier or database home.
2. Modify sqlnet.ora file with following.
tcp.validnode_checking = yes
Either set above directive value to NO or add machine name where jdeveloper is running to following directive.
tcp.invited_nodes=(machin-name, machine-name)
3. Bounce listener using addlnctl.sh under database directory.

Data from BW to Oracle.

Hi All,
I am new into BW and i know how to get the data from my applications backend i.e ORACLE to BW system for reporting purpose. I have a scenario where user can edit this information through IP. I want this modified data to go back to ORACLE DB so that i can use this in my webdynpro application for further processing.
So how can i achieve the transfer of data from BW to ORACLE DB in real time.
Hope i am clear and will get some solution for this.
thanks & regards,
Manoj

@Jai
no, it's not DBCONNECT.
Database links are an ORACLE feature that comes for free if you have Oracle on both sides.
Main steps for the implementation part:
BW side:
1. you have to invite the Oracle database in the protocol.ora file of the MY_BW database.
The host is the server where the local Oracle database instance is running.
protocol.ora:
TCP.INVITED_NODES= (myORACLEserver,...other hosts...)
2. Define a database user in the BW database MY_BW_USER
3. Grant SELECT privileges for the user MY_BW_USER that is used in the link:
grant select on my_bw_table to my_bw_user;
Oracle side:
1. database link
CREATE DATABASE LINK "MY_BW.WORLD" CONNECT TO "MY_BW_USER"
    IDENTIFIED BY "my_bw_user_password"
    USING '(DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (COMMUNITY = SAP.WORLD)(PROTOCOL = TCP)(HOST = mySAPBWServer.com)(PORT = 1521))
    (CONNECT_DATA = (SID = MY_BW)(GLOBAL_NAME = MY_BW.WORLD))
2. Create a view with the SELECT to extract from BW via the link (listed after the @):
Create view view_extract_from_bw as
select * from my_bw_table@MY_BW.WORLD
You can do any transformations in the SELECT part to fit the data into the local Oracle table later in the insert.
3. You will pull the data on the Oracle DB side from the BW database via the view that inturn uses the link
to the BW Oracle system:
insert into local_Oracle_table select * from view_extract_from_bw
You see some support is needed from Basis guys to establish the link. But once implemented
you have a interface from your local Oracle to the BW database.
bye
yk
Edited by: Bernd Boecker on Jul 2, 2008 1:52 PM

Is it possible/wise to have 2 listeners for a single 8i database?

I currently have an 8i database with one listener. That listener has TCP.INVITED_NODES set in the sqlnet.ora. We have some DBAs that may need to add their own machines to the TCP.INVITED_NODES list on an ad-hoc basis. Since 8i does not let you change the TCP.INVITED_NODES without restarting the listener, I'm wondering if it's possible/wise to set up a 2nd listener. Then those DBAs could use the 2nd listener to update that list and stop/start the listener without any risk of interruption to the 1st listener which is used by production applications. We are hesitant to include DBAs' addresses in the permanent TCP.INVITED_NODES list for the current listener because if their IP address ever changed, and the listener was rebooted, then the listener would not start.
Thank you.

the listener is NOT involved with any existing session.
stopping & restarting the listener has NO impact on existing sessions.
I suggest it is better to control network access to any system using a Firewall which is the best tool for this task.
Yes, it is possible to have more than 1 listener. It is also possible to poke yourself in the eye with a sharp pencil.
I suggest that you should avoid both of these possible activities.
Simply put having multiple listeners is wrong for multiple reasons & should be avoided.

TNS-12546

HI All,
This is a Prod Environment
I am trying to embedd the parameter tcp.invited_nodes and assign the respective IP's in the sqlnet.ora and restart the listener services.
But it is failing with the below error
TIMESTAMP * CONNECT DATA [* PROTOCOL INFO] * EVENT [* SID] * RETURN CODE
16-JUN-2010 12:09:19 * 12546
TNS-12546: TNS:permission denied
TNS-12560: TNS:protocol adapter error
TNS-00516: Permission denied
Version : ORacle 10 g
Platform : HP-UX
PLs help

HI,
Please find the contents of the sqlnet.ora and listner.ora
SID_LIST_NIBCOREBCV =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = NIBCORE)
(ORACLE_HOME = /oracle/product/10.2.0/db_2)
(SID_NAME = NIBCORE)
NIBCOREBCV =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 10.11.7.165)(PORT = 2891))
SID_LIST_NIBPRODBCV =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = NIBCORE)
(ORACLE_HOME = /oracle/product/10.2.0/db_2)
(SID_NAME = NIBCORE)
NIBPRODBCV =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 10.11.7.165)(PORT = 2892))
=========
# Generated by Oracle configuration tools.
#SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES)
SQLNET.INBOUND_CONNECT_TIMEOUT = 0
tcp.validnode_checking = yes
tcp.invited_nodes =(localhost,10.10.199.141,10.11.0.18,10.11.0.19,10.11.0.20,10.11.7.139,10.11.7.140,10.11.7.141,10.11.7.146,1
0.11.7.147,10.11.7.148,10.11.0.100,10.11.0.101,10.11.0.102,10.11.0.21,10.11.0.22,10.11.0.23,10.11.0.24,10.11.0.25,10.11.0.26,1
0.11.0.27,10.11.0.28,10.11.0.29,10.11.0.30,10.11.0.31,10.11.0.34,10.11.0.32,10.11.0.33,10.11.0.35,10.11.0.36,10.11.0.196,10.11
.0.197,10.11.0.216,10.20.102.18,192.168.163.163,10.11.5.149,10.11.7.152,10.11.7.153,10.11.7.154,10.10.134.181,10.10.134.165,10
.11.0.40,10.11.0.50,10.11.7.168,10.11.7.169,10.11.7.170,10.11.7.128,10.11.7.180,10.11.7.12,10.11.7.182,10.11.7.160,10.11.7.173
,10.11.7.177,10.11.17.4,10.11.16.4,10.10.192.15,10.11.14.30,10.11.0.52,192.168.180.39,10.10.199.144)

ERROR: Install cannot verify the oracle 10g Database

I just completed installation of the SES 10.1.8.2 version and am now trying to apply the 10.1.8.4 Service Pack. After the OUI screen asks for my sys password, I click on Next and receive a popup error message that reads,
Install cannot verify the oracle 10g Database. Please ensure that the database and its listener are running and please verify that the information you entered is correct.
The installer log file (installActions2010-04-15_08-56-19PM.log) shows this:
*** Specify the SYS Password Page***
Calling Query EmQueries4.2.2 checkUserExists
schemaName = SYS
schemaPassword = Protected value, not to be logged
connectString = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=HostNodeName_1)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=Ses01.HostNodeName_1)))
userName = EQSYS
Query Returned: ERROR:Exception occured while connecting to database. Please check the connection details of the database you specified and retry.
Io exception: Got minus one from a read call
Error:*** Alert: Install cannot verify the Oracle10g Database. Please ensure that the database and its listener are running and please verify that the information you entered is correct. ***
User Selected: Yes/OK
===
I've verified that I can login as EQSYS using sqlplus. Also tested that I can login as sys, too. I've also tested the login using the Admin console and that is fine, too.
Any ideas on what is causing this or how to fix it is most welcome as I've not encountered this error before when installing SES or a service pack. I've even tried the OUI for Service pack 10.1.8.3 but also get the same error.
I've checked the listener.ora and tnsnames and they are OK. I've checked and the listener is running and so is the DB.
Right now, I have the Oracle SES instance up and running at 10.1.8.2 but need to upgrade this to the same level as the other SES search nodes.
Edited by: user8655787 on Apr 15, 2010 2:18 PM
My listener.log file is showing this message each time, I run the OUI and enter the sys password and click "Next"
15-APR-2010 23:17:05 * 12502
TNS-12502: TNS:listener received no CONNECT_DATA from client

A couple of other things that I have tried but have had no affect. I'm still getting the same error:
1. Tried recreating the orapwd file
orapwd file=orapwprdses01 password=prdses01
And make sure that the pfile or spfile has:
remote_login_passwordfile='EXCLUSIVE'
another OTN posting said to try this:
1. Go to directory $ORACLE_HOME/network/admin
2. Modify sqlnet.ora file with following parameter:
tcp.validnode_checking = no
3. If you don't want to disable this, you can put the machine names as follows:
tcp.invited_nodes=(machine1, machine2)
3. Bounce the listener.
.... but, I'm still getting the same error when trying to run the .runInstaller OUI for the service pack for 10.1.8.4.

Error Loading on target instance

Hi,
I'm trying to evaluate iSetup for our implementaiton. I extracted some FND Data (Users) and now want to load it on the target instance. Howver, I'm getting the below error in the target Instance:
AZR12LOADER module: iSetup R12 Loader
Current system time is 30-JAN-2013 10:39:05
Error while loading apis
oracle.apps.fnd.common.AppsException: oracle.apps.fnd.common.PoolException: Not able to create new database connection: FND     at oracle.apps.fnd.profiles.Profiles.getProfileOption(Profiles.java:1509)
     at oracle.apps.fnd.profiles.Profiles.getProfile(Profiles.java:362)
     at oracle.apps.fnd.profiles.ExtendedProfileStore.getSpecificProfileFromDB(ExtendedProfileStore.java:211)
     at oracle.apps.fnd.profiles.ExtendedProfileStore.getSpecificProfile(ExtendedProfileStore.java:171)
     at oracle.apps.fnd.profiles.ExtendedProfileStore.getProfile(ExtendedProfileStore.java:148)
     at oracle.apps.fnd.common.logging.DebugEventManager.configureUsingDatabaseValues(DebugEventManager.java:1294)
     at oracle.apps.fnd.common.logging.DebugEventManager.configureLogging(DebugEventManager.java:1149)
     at oracle.apps.fnd.common.logging.DebugEventManager.internalReinit(DebugEventManager.java:1118)
     at oracle.apps.fnd.common.logging.DebugEventManager.reInitialize(DebugEventManager.java:1085)
     at oracle.apps.fnd.common.logging.DebugEventManager.reInitialize(DebugEventManager.java:1072)
     at oracle.apps.fnd.common.AppsLog.reInitialize(AppsLog.java:595)
     at oracle.apps.fnd.common.AppsContext.initLog(AppsContext.java:602)
     at oracle.apps.fnd.common.AppsContext.initializeContext(AppsContext.java:579)
     at oracle.apps.fnd.common.AppsContext.initializeContext(AppsContext.java:533)
     at oracle.apps.fnd.common.AppsContext.<init>(AppsContext.java:301)
     at oracle.apps.fnd.common.WebAppsContext.<init>(WebAppsContext.java:1147)
     at oracle.apps.az.r12.util.ConnectionUtil.createContextFromDBCFile(ConnectionUtil.java:328)
     at oracle.apps.az.r12.util.ConnectionUtil.getAppsContext(ConnectionUtil.java:151)
     at oracle.apps.az.r12.common.cpserver.AZTransaction.createConnections(AZTransaction.java:143)
     at oracle.apps.az.r12.common.cpserver.AZTransaction.<init>(AZTransaction.java:111)
     at oracle.apps.az.r12.common.cpserver.AZContextImpl.<init>(AZContextImpl.java:139)
     at oracle.apps.az.r12.loader.cpserver.LoaderCp.runProgram(LoaderCp.java:63)
     at oracle.apps.fnd.cp.request.Run.main(Run.java:157)
Caused by: oracle.apps.fnd.common.PoolException: Not able to create new database connection: FND     at oracle.apps.fnd.security.DBConnObj.<init>(DBConnObj.java:255)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at oracle.apps.fnd.common.Pool.createObject(Pool.java:1273)
     at oracle.apps.fnd.common.Pool.borrowObject(Pool.java:1027)
     at oracle.apps.fnd.security.DBConnObjPool.borrowObject(DBConnObjPool.java:584)
     at oracle.apps.fnd.security.AppsConnectionManager.borrowConnection(AppsConnectionManager.java:330)
     at oracle.apps.fnd.common.Context.borrowConnection(Context.java:1719)
     at oracle.apps.fnd.common.AppsContext.getPrivateConnectionFinal(AppsContext.java:2314)
     at oracle.apps.fnd.common.AppsContext.getPrivateConnection(AppsContext.java:2251)
     at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:2108)
     at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:1918)
     at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:1762)
     at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:1775)
     at oracle.apps.fnd.common.Context.getJDBCConnection(Context.java:1453)
     at oracle.apps.fnd.cache.GenericCacheLoader.load(GenericCacheLoader.java:170)
     at oracle.apps.fnd.profiles.Profiles.getProfileOption(Profiles.java:1500)
     ... 22 more
I have 2 instances VISI1 and VISI2. I have placed VISI2.dbc under VISI1's $FND_SECURE and vice-versa. The extract on VISI1 is working fine. I have also updated the sqlnet.ora file on both the instances for the below parameters:
#iSetup
tcp.validnode_checking=yes
tcp.invited_nodes=(<host for VISI1>,<host for VISI2>)
It is a single node install, and the DB is not RAC. EBS Version is R12.1.3. I have also verified that I can connect to the target database (using sqlplus) from the source database.
Any pointers on how to resolve this issue?
Thanks,
Ashish

Please see the details below. I have bounced the listeners on both the instances
VISI121C:db:~> cd $TNS_ADMIN
VISI121C:db:/u01/oracle/db/tech_st/11.1.0/network/admin/VISI121C> more sqlnet.ora
# This file is automatically generated by AutoConfig. It will be read and
# overwritten. If you were instructed to edit this file, or if you are not
# able to use the settings created by AutoConfig, refer to Metalink Note
# 387859.1 for assistance.
#$Header: NetServiceHandler.java 120.19.12010000.6 2010/03/09 08:11:36 jmajumde ship $
NAMES.DIRECTORY_PATH=(TNSNAMES, ONAMES, HOSTNAME)
SQLNET.EXPIRE_TIME= 10
SQLNET.INBOUND_CONNECT_TIMEOUT =60
DIAG_ADR_ENABLED=ON
ADR_BASE=/u01/oracle/db/tech_st/11.1.0/admin/VISI121C
SEC_USER_AUDIT_ACTION_BANNER = /u01/oracle/db/tech_st/11.1.0/appsutil/template/txkDBSecUserAuditActionBanner.txt
#iSetup
tcp.validnode_checking=no
tcp.invited_nodes=(<host1>,<host2>)
IFILE=/u01/oracle/db/tech_st/11.1.0/network/admin/VISI121C/sqlnet_ifile.ora
VISI121C:db:/u01/oracle/db/tech_st/11.1.0/network/admin/VISI121C> more /u01/oracle/db/tech_st/11.1.0/network/admin/VISI121C/sqlnet_ifile.ora
VISI121C:db:/u01/oracle/db/tech_st/11.1.0/network/admin/VISI121C>
The sqlnet_ifle.ora is empty.

Tcp.invited_nodes

Similar Messages

Maybe you are looking for