How to Create Oracle Wallet to Secure External Password Store

A wallet is a necessary repository in which you can securely store user certificates and the trust points needed to validate the certificates of peers.

The following steps provide an overview of the complete oracle wallet creation process:

Creating Oracle Wallet Secure External Password Store:-

First of all we need to create directory.

$mkdir -p /data03/UAT_8026/orahome/ewallet

Enter below information in sqlnet.ora.

----------------------------------

WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = /data03/UAT_8026/orahome/ewallet)

     ) )

SQLNET.WALLET_OVERRIDE = TRUE

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_VERSION = 0

Create a oracle wallet using the following syntax at the command line:👇

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -create

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter password:******

Enter password again:  ******

[oratest@***test orahome]$ cd ewallet/

[oratest@***test ewallet]$ ls

cwallet.sso  ewallet.p12

[oratest@***test ewallet]$ ll

total 8

-rw------- 1 oratest dba 3589 Aug 29 10:08 cwallet.sso

-rw------- 1 oratest dba 3512 Aug 29 10:08 ewallet.p12

To add database login credentials to an existing client wallet, enter the following command at the command line:-

mkstore -wrl /data03/UAT_8026/orahome/ewallet -createCredential <db_connect_string> <username> <password>

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -createCredential UAT apps apps

[oratest@***test ewallet]$ mkstore -wrl /***data03/UAT_8026/orahome/ewallet -createCredential UAT apps apps

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Create credential oracle.security.client.connect_string1

$mkstore -wrl /data03/UAT_8026/orahome/ewallet -listCredential

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

List credential (index: connect_string username)

1: UAT apps

If you change user password . No problem just update the wallet Password

$mkstore -wrl /data03/UAT_8026/orahome/ewallet  -modifyCredential UAT apps apps

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:   ******

Modify credential

Modify 1

How to find wallet path:-

SQL> SELECT * FROM V$ENCRYPTION_WALLET;

wrl_type	wrl_parameter	status
file	/data03/UAT_8026/orahome/ewallet	OPEN_NO_MASTER_KEY

After wallet creation, connect to the database without specifying the username and password, as shown below.

$sqlplus /@UAT

SQL*Plus: Release 11.2.0.4.0 Production on Sat Aug 29 10:38:52 2020

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> show user

USER is "APPS"

Wallets can be copied to different machines, which can represent a security risk. In 11g Release 2, you can prevent the auto login functionality of the wallet from working if it is copied to another machine by creating a local wallet using the "orapki" command, instead of the "mkstore" command.

$ orapki wallet create -wallet "/data03/UAT_8026/orahome/ewallet" -pwd "Password" -auto_login_local

Here you can see how to use the secure external password store from a Java application you must use the OCI driver, which in turn means you must have an Oracle client installed. To make the connection use a custom URL like this.

Connection conn = DriverManager.getConnection ("jdbc:oracle:oci:/@UAT");

Password credentials of existing wallet entries can be modified or deleted using the following commands.

$mkstore -wrl <wallet_location> -modifyCredential <dbase_alias> <username> <password>

$mkstore -wrl <wallet_location> -deleteCredential <db_alias>

Very important thing that how to Manage Wallets and Certificates.

Starting Oracle Wallet Manager:-

👉 On Microsoft Windows, click Start, Programs, ORACLE_HOME, Network Administration, and then Wallet Manager.

👉 On UNIX, type owm at the command prompt.

$owm

Once you type owm . Oracle Wallet Manager console will open to import/export secure ssl certificates.

👉Open existing wallet by selecting the wallet path.👇

👉Once open the existing wallet you can see existing wallet details will show as below.👇

👉Write click on "Trusted Certificates" and click on "Import Trusted Certificates".

👉Choose the second option to select the certificate file.

👉Enter the path that contain the certificates.

👉Once you locate the .crt click on ok to import it as well. Finally we need to save it by clicking on save button.

After completing the preceding steps, you have a wallet that contains a user certificate and its associated trust points.

Unable to Authenticate Session in EBS R12

EBS login Error:- Unable to Authenticate Session.

When user login to E-Business Suit R12.*.*. with two different instance in same browser. Suddenly error will generated as 'Unable to authenticate session'.

If you receive an 'Unable to authenticate session' error in your browser when running multiple sessions using the JRE Plugin architectuire, set the -noframemerging option as outlined in the Multiple Oracle E-Business Suite Java Sessions (JRE Plugin).

Create a new IE icon, adding the -noframemerging parameter as follows:

Start > Program Files

Right-click on the Internet Explorer icon and select Properties

Add -noframemerging to the end of the link in the Target field. For example:

"C:\Program Files\Internet Explorer\iexplore.exe" -noframemerging or

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -noframemerging

Click the OK button to close the window.

This icon may then be copied to the desktop if desired.

If this does not resolve the problem, or you are not running multiple sessions, clear your browser cache by deleting the 'Temporary Internet Files' as follows:

👉Stop all Browser sessions.

👉Tools > Internet Options > General (tab) > Browsing History > Delete (button).

👉Start a new Browser session and logon to the Instance.

Note: Oracle recommend that Oracle E-Business Suite is run through the 'Trusted Sites' zone, with a 'Medium' Security Setting.

How to compile the forms(.fmb),libraries(.pll),reports(.rdf) automatically using script alias in Oracle Apps R12.2

To implement script to automatic compile forms(.fmb),libraries(.pll),reports(.rdf) using script in Oracle Apps R12.2. Follow the below steps to know 'how to compile forms in r12.2'. 

We need to update the same in .bash_profile to execute it using alias.

Hidden file .bash_profile located under /home/applmgr. Open .bash_profile using vi editor and write the script as given below.

$vi .bash_profile

# Get the aliases and functions

if [ -f ~/.bashrc ]; then

        . ~/.bashrc

fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH

#Source the APPS Tier enviorment

. /oracle//apps/apps_st/appl/APPS***_prodapps.env

cd $ADMIN_SCRIPTS_HOME

export LDEMULATION=elf_i386

export OPATCH_PLATFORM_ID=226

alias frmcmp='$HOME/.frmcmp.sh'

#Create the .frmcmp.sh and write the script as given below.

[applmgr@prodapps ~]$ cat $HOME/.frmcmp.sh

. /oracle/apps/apps_st/appl/APPS***_prodapps.env

cd $AU_TOP/forms/US

echo

echo 'Enter value for fmb and fmx file'

echo

read -p 'Fmb_file.fmb: ' fmbfile

read -p 'Fmx_file.fmx: ' fmxfile

echo

echo 'Enter Username and Password'

echo

read -p 'Username: ' username

##read -s -p 'Password: ' password

echo

echo 'fmx will create in $XXCUSTOM_TOP/forms/US/'

frmcmp_batch  module=$fmbfile output_file=$XXCUSTOM_TOP/forms/US/$fmxfile  userid=$username/pderpsusrlg

Note:- Fmx file will generate the under $XXCUSTOM_TOP. If you want to store it another place , pls update the location accordingly.

How to Update Database Tier to Latest Code

Updating database tier nodes with the latest code, by performing the following steps:

On the application tier (login as the applmgr user):

Source the run edition environment file.

UNIX:

$cd $APPL_TOP/APPSPHASE1_acetest.env

$ . APPSPHASE1_acetest.env run

Windows:

C:\> <RUN_BASE>\EBSapps\appl\envshell<CONTEXT_NAME>.cmd

Execute the admkappsutil.pl utility to create the appsutil.zip file in <INST_TOP>/admin/out.

$ perl $AD_TOP/bin/admkappsutil.pl

On the database tier (login as the oracle user):

Source the environment for RDBMS ORACLE_HOME.

UNIX:

$ cd  $ORACLE_HOME

$ . /$ORACLE_HOME/$CONTEXT_NAME.env

Windows:

C:\> <RDBMS ORACLE_HOME>\<CONTEXT_NAME>.cmd

Copy or FTP the appsutil.zip file to <RDBMS ORACLE_HOME>.

Unzip appsutil.zip, under <RDBMS ORACLE_HOME>.

$ cd $ORACLE_HOME

$ unzip -o appsutil.zip

Run AutoConfig on <RDBMS ORACLE_HOME>.

UNIX:

$ sh <RDBMS_ORACLE_HOME>/appsutil/scripts/<CONTEXT_NAME>/adautocfg.sh

Windows:

C:\> <RDBMS_ORACLE_HOME>\appsutil\scripts\<CONTEXT_NAME>\adautocfg.cmd

Note: For Oracle RAC systems, the above steps need to be executed on each Oracle RAC node. For more details, refer to Oracle E-Business Suite Setup Guide, Release 12.2.

Run AutoConfig on the run file system:-

As the applmgr user, run AutoConfig on application tier nodes by executing whichever of these commands applies to your system:

UNIX:

$ sh $INST_TOP/admin/scripts/adautocfg.sh

How to run Autoconfig On DB Tier and Apps Tier on R12

Basically autoconfig is tool to reconfigure your Oracle Application configuration files using context (XML file) and template files.

To run autoconfig in ebs R12.*.*. We need to follow the below steps to run autoconfig on DB-Tier and Middle(APPS) Tier.

1.    Stop the Middle Tier Services.

source the APPS environment

Go under $APPL_TOP and run the APPSPHASE1_acetest.env .

$ .  APPSPHASE1_acetest.env  or source APPSPHASE1_acetest.env  run

Check if apps environment was sources.

$ env or echo $ORACLE_HOME

Now stop the Middle(APPS) Tier .

$ cd $ADMIN_SCRIPTS_HOME

$sh adstpall.sh   

2.     Run Autoconfig on DB-Tier

source dbTier environment:-

$cd $ORACLE_HOME

$source PHASE1_aceapps.env run

Go under  $ORACLE_HOME/appsutil/scripts/$CONTEXT_NAME

$ls 

$adautocfg.sh  adchknls.pl  addbctl.sh  addlnctl.sh  adexecsql.pl  adpreclone.pl  adstopdb.sql  adstrtdb.sql

Now run the autoconfig on DB-Tier.

$cd $ORACLE_HOME/$CONTEXT_NAME

$ sh adautocfg.sh

Enter the APPS user password:

The log file for this session is located at: /data01/GSTUAT3/orahome1124/appsutil/log/PHASE1_aceapps/08201500/adconfig.log

AutoConfig is configuring the Database environment...

AutoConfig will consider the custom templates if present.

        Using ORACLE_HOME location : /data01/GSTUAT3/orahome1124

        Classpath                   : :/data01/GSTUAT3/orahome1124/jdbc/lib/ojdbc6.jar:/acedata01/GSTUAT3/orahome1124/appsutil/java/xmlparserv2.jar:/data01/GSTUAT3/orahome1124/appsutil/java:/acedata01/GSTUAT3/orahome1124/jlib/netcfg.jar:/data01/GSTUAT3/orahome1124/jlib/ldapjclnt11.jar

        Using Context file          : /data01/GSTUAT3/orahome1124/appsutil/PHASE1_aceapps.xml

Updating Context file...COMPLETED

        Attempting upload of Context file and templates to database...COMPLETED

Updating rdbms version in Context file to db112

Updating rdbms type in Context file to 64 bits

Configuring templates from ORACLE_HOME ...

AutoConfig completed successfully.

Check the autoconfig logs.

$cd $ORACLE_HOME/appsutil/log/

$pwd

/data01/GSTUAT3/orahome1124/appsutil/log

3.    Run Autoconfig on Application Tier

source APPSPHASE1_acetest.env run

Check whether you source run edition

 

$echo $FILE_EDITION

run

Now run the Autoconfig on Middle(APPS) Tier.

$cd $ADMIN_SCRIPTS_HOME

$sh adautocfg.sh

Enter the APPS user password:

The log file for this session is located at: /data05/EBS_FS_12.2.5/fs1/inst/apps/PHASE1_acetest/admin/log/08201454/adconfig.log

wlsDomainName: EBS_domain

WLS Domain Name is VALID.

AutoConfig is configuring the Applications environment...

AutoConfig will consider the custom templates if present.

        Using CONFIG_HOME location     : /data05/EBS_FS_12.2.5/fs1/inst/apps/PHASE1_acetest

        Classpath                   : /data05/EBS_FS_12.2.5/fs1/FMW_Home/Oracle_EBS-app1/shared-libs/ebs-appsborg/WEB-INF/lib/ebsAppsborgManifest.jar:/acedata05/EBS_FS_12.2.5/fs1/EBSapps/comn/java/classes

        Using Context file          : /data05/EBS_FS_12.2.5/fs1/inst/apps/PHASE1_acetest/appl/admin/PHASE1_acetest.xml

Context Value Management will now update the Context file

        Updating Context file...COMPLETED

        Attempting upload of Context file and templates to database...COMPLETED

Configuring templates from all of the product tops...

        Configuring AD_TOP........COMPLETED

        Configuring FND_TOP.......COMPLETED

        Configuring ICX_TOP.......COMPLETED

        Configuring MSC_TOP.......COMPLETED

        Configuring IEO_TOP.......COMPLETED

        Configuring BIS_TOP.......COMPLETED

        Configuring CZ_TOP........COMPLETED

        Configuring SHT_TOP.......COMPLETED

        Configuring AMS_TOP.......COMPLETED

        Configuring CCT_TOP.......COMPLETED

        Configuring WSH_TOP.......COMPLETED

        Configuring CLN_TOP.......COMPLETED

        Configuring OKE_TOP.......COMPLETED

        Configuring OKL_TOP.......COMPLETED

        Configuring OKS_TOP.......COMPLETED

        Configuring CSF_TOP.......COMPLETED

        Configuring IBY_TOP.......COMPLETED

        Configuring JTF_TOP.......COMPLETED

        Configuring MWA_TOP.......COMPLETED

        Configuring CN_TOP........COMPLETED

        Configuring CSI_TOP.......COMPLETED

        Configuring WIP_TOP.......COMPLETED

        Configuring CSE_TOP.......COMPLETED

        Configuring EAM_TOP.......COMPLETED

        Configuring GMF_TOP.......COMPLETED

        Configuring PON_TOP.......COMPLETED

        Configuring FTE_TOP.......COMPLETED

        Configuring ONT_TOP.......COMPLETED

        Configuring AR_TOP........COMPLETED

        Configuring AHL_TOP.......COMPLETED

        Configuring IES_TOP.......COMPLETED

        Configuring OZF_TOP.......COMPLETED

        Configuring CSD_TOP.......COMPLETED

        Configuring IGC_TOP.......COMPLETED

AutoConfig completed successfully.

Check the Autoconfig logs in APPS Tier.

$cd $APPL_TOP/admin/$TWO_TASK/log

4.    Restart Application (Middle Tier) services

source the APPS environment

Go under $APPL_TOP and run the APPSPHASE1_acetest.env .

$echo $FILE_EDITION

run

$cd $ADMIN_SCRIPTS_HOME

$sh adstrtal.sh

Errors while applying 12.2.5 RUP Patch (19676458) in Oracle E-Business Suite 12.2

Recently EBS system got hanged while applying 12.2.5 RUP Patch (19676458) and adop exits with the errors.

$adop phase=apply apply_mode=downtime patches=19676458 abandon=no restart=yes

Enter the APPS password:

Enter the SYSTEM password:

Enter the WLSADMIN password:

Validating credentials.

Initializing.

    Run Edition context  : /data05/EBS_FS_12.2.5/fs1/inst/apps/PHASE1_***test/appl/admin/PHASE1_acetest.xml

    Patch edition context: /data05/EBS_FS_12.2.5/fs2/inst/apps/PHASE1_***test/appl/admin/PHASE1_acetest.xml

*******FATAL ERROR*******

PROGRAM : (/data05/EBS_FS_12.2.5/fs1/EBSapps/appl/ad/12.0.0/bin/adzdoptl.pl)

TIME    : Thu Aug  6 10:34:36 2020

FUNCTION: ADOP::GlobalVars::_GetMandatoryArgs [ Level 1 ]

ERRORMSG: Cannot identify any valid application tier nodes in

          ADOP_VALID_NODES table. Ensure AutoConfig has been run on all nodes.

[STATEMENT] Please run adopscanlog utility, using the command

"adopscanlog -latest=yes"

to get the list of the log files along with snippet of the error message corresponding to each log file.

adop exiting with status = 255 (Fail)

Error While running autoconfig on DB Tier:-

cannot insert NULL into ("APPLSYS"."FND_OAM_CONTEXT_FILES"."NODE_NAME")

  Attempting upload of Context file and templates to database...ERROR: InDbCtxFile.uploadCtx() : Exception : Error executng BEGIN fnd_gsm_util.upload_context_file(:1,:2,:3,:4,:5); END;: 1; Oracle error -1400: ORA-01400: cannot insert NULL into ("APPLSYS"."FND_OAM_CONTEXT_FILES"."NODE_NAME") has been detected in FND_GSM_UTIL.upload_context_file.

oracle.apps.ad.autoconfig.oam.InDbCtxFileException: Error executng BEGIN fnd_gsm_util.upload_context_file(:1,:2,:3,:4,:5); END;: 1; Oracle error -1400: ORA-01400: cannot insert NULL into ("APPLSYS"."FND_OAM_CONTEXT_FILES"."NODE_NAME") has been detected in FND_GSM_UTIL.upload_context_file.

        at oracle.apps.ad.autoconfig.oam.InDbCtxFile.uploadCtx(InDbCtxFile.java:281)

        at oracle.apps.ad.autoconfig.oam.CtxSynchronizer.uploadToDb(CtxSynchronizer.java:332)

        at oracle.apps.ad.tools.configuration.FileSysDBCtxMerge.updateDBCtx(FileSysDBCtxMerge.java:757)

        at oracle.apps.ad.tools.configuration.FileSysDBCtxMerge.updateDBFiles(FileSysDBCtxMerge.java:228)

        at oracle.apps.ad.context.CtxValueMgt.processCtxFile(CtxValueMgt.java:1721)

        at oracle.apps.ad.context.CtxValueMgt.main(CtxValueMgt.java:787)

FAILED

COMPLETED

Error:-

👉 All workers are failed with the Java error..

👉 Invalid objects.

Troubleshooting:-

👉 Cleared the invalid objects by using utlrp.sql

👉 Run the auto config on DB node

👉 Start the patching activity again.

In step (c) while running auto config in database node exists with the below error.

ORA-01400: cannot insert NULL into ("APPLSYS"."FND_NODES"."NODE_NAME")

Adop error message:- 

ERRORMSG: Cannot identify any valid application tier nodes in ADOP_VALID_NODES table. Ensure AutoConfig has been run on all nodes.

To fix this error need to follow the below steps:

Step 1:

👉drop synonym apps.fnd_nodes;

👉create synonym apps.fnd_nodes for applsys.fnd_nodes;

👉drop synonym apps.fnd_oam_context_files;

👉create synonym apps.fnd_oam_context_files for applsys.fnd_oam_context_files;

Step 2:

Change the worker status to restart using adcrtl utility.

Step 3:

Run auto config again in database node. (Auto config completed without any errors)

Step 4:

👉Restart the patching activity.

$adop phase=apply apply_mode=downtime patches=19676458 abandon=no restart=yes workers=10