Assigning Approval Management Responsibilities

December 28, 2016, 10:52 pm

≫ Next: Troubleshooting Punchout Issues

≪ Previous: Troubleshooting Oracle Workflow Mailer Issues

$

0

0

This post helps you to assign Approvals Management (AME) responsibilities to a Oracle Applications User

1. Login as SYSADMIN user.
2. Switch the responsibility to “User Management” and Navigate to the Users function.
3. Query for user for ex. Nkaranam.
4. Click on the update action from the result table.
5. In the Update User page, click on the Assign Roles button.
6. Change the “Search By” field from “Roles and Responsibilities” to “Roles”
7. In the search window, query for Approval%
8. Select the “Approvals Management Administrator” and “Approvals Management Business
   Analyst” roles or (any specific approvals roles required by functional team).
9. After selecting the Roles, provide the Justification for the role and the effective date.
10. After completing the action, you can query back the same user and can verify the list of roles being attached to the user.
11. Run Workflow Background process with mandatory parameter as YES, YES.
    

Optional for System administrator , but good to know:

After assigning the responsibility following the above 11 steps

1. Now switch the responsibility to “Functional Administrator”.
   
2. Click on create grants under the grants sub-tab.
   
3. Enter a Grant Name and provide an effective date.
   
4. Navigate to the security Context region and select the Grantee Type as ‘Specific User’
   
5. In the Grantee field select “Narasimha Rao, Karanam” user (Person name of the user).
   
6. In the Data Security region select ‘AME Transaction Types’ as the Object.
   
7. Clicking “Next” will take you to the ‘Select Object Data Context’ page’.
   
8. You have a default value of ‘All Rows’ in the Data Context Type, leave it as it is, and navigate further.
   
9. In the ‘Object parameter and Select Set’ page, enter ‘AME calling applications’ as the value in the Set field.
   
10. Clicking Next will take you to the Review page.
    
11. Verify the information and submit the transaction.
    
12. Peferred to Run Workflow Background process with mandatory parameter as YES, YES - once again.
    

-- Narasimha Rao

---

Troubleshooting Punchout Issues

December 28, 2016, 11:46 pm

≫ Next: Untrusted Certificate Issue in ECX (XML PO) transmission

≪ Previous: Assigning Approval Management Responsibilities

$

0

0

This post helps or guide you in fixing all issues related to punchout.

1. When user click over the punchout link, and in the detailed exception message you see "CONNECTION REFUSED"

Solution : telnet <punchout/supplier site> 443 in oracle applications oacore & apache server, it will be unsuccessful . Check with Firewall team, is there any network port block for that site from oracle applications oacore or apache server.

2. When user click over the punchout link, and in the detailed exception message you see "No Trusted Certificate found"

Solution:  1. Check with Supplier is the certificate key got changed, get the valid certificate from supplier, export it as .base64 certificate and get it in .txt format.

2. Get the absolute file path of the certificates file , that stores the certificates' names , in Profile "POR :CA Certificate File Name".

     
The certificate file is located at tech_st directory structure: 
/.../apps/tech_st/10.1.2/sysman/config/b64InternetCertificate.txt

3. append the ceritificate to the beginning of the file mentioned in profile POR :CA Certificate File Name),  Ensure to append it in the beginning of file. "Append only the trusted certificates".

4. Bounce the apache and oacore services.

--Narasimha Rao

Untrusted Certificate Issue in ECX (XML PO) transmission

December 29, 2016, 2:31 am

≫ Next: MRP0: Background Media Recovery terminated with error 448

≪ Previous: Troubleshooting Punchout Issues

$

0

0

When the XML Gateway (ECX) has been configured for XML PO Transmission ,  when https protocol has been configured in trading partner setup , valid certificates has to be uploaded to keystore , Else you will get untrusted certificate error in Exception text when you ran the ECX Diag script

This post provides you the steps to follow to setup and upload certificate (SHA2 certificate)

XML gateway configuration is done via the oc4j.properties file under the oc4j container:   $INST_TOP/ora/10.1.3/j2ee/oafm/config/oc4j.properties

1. Ensure and update the $INST_TOP/ora/10.1.3/j2ee/oafm/config/oc4j.properties file contains the values to point the oxta servelet to the new jdk keystore:

javax.net.ssl.trustStoreType=JKS
javax.net.ssl.trustStore=$AF_JRE_TOP/jre/lib/security/cacerts   ### preferred to be physical location
javax.net.ssl.trustStorePassword=changeit
test.trustmanager.algorithm = SunX509

2. copy the certificate (exported as base64) as (in text format) and .cer extension to $AF_JRE_TOP/jre/lib/security. 
(for this post example, staples_cert.cer)

3. Import the certificate into the cacerts file using keytool command:

keytool -import -alias <alias name> -file <certificate filename>.cer -trustcacerts -v -keystore cacerts -storepass changeit

For example :
alias name is staples_cert
ceriticate name (step 2) : staples_cert.cer

keytool -import -alias staples_cert -file staples_cert.cer -trustcacerts -v -keystore cacerts -storepass changeit


--Narasimha Rao

MRP0: Background Media Recovery terminated with error 448

December 29, 2016, 6:48 am

≫ Next: Shell Script to Run RMAN Backup in Background with nohup

≪ Previous: Untrusted Certificate Issue in ECX (XML PO) transmission

$

0

0

MRP0: Background Media Recovery terminated with error 448

Recently encountered ORA-00448: normal completion of background process Managed Standby Recovery not using Real Time Apply due to ORA-00600 on standby Database. 

After executing "ALTER DATABASE RECOVER MANAGED STANDBY DATABASE USING CURRENT LOGFILE DISCONNECT";.

Standby database starts throwing following error into the alert log when try to enable MRP.

Wed Dec 21 15:19:19 2016
Dumping diagnostic data in directory=[cdmp_20161221151919], requested by (instance=1, osid=22962 (PR2L)), summary=[incident=2760999].
Errors in file /u01/app/oracle/diag/rdbms/PROD_dgp/PROD/trace/PROD_mrp0_22684.trc  (incident=2760247):
ORA-00600: internal error code, arguments: [3020], [93], [327813], [390398085], [], [], [], [], [], [], [], []
ORA-10567: Redo is inconsistent with data block (file# 93, block# 327813, file offset is 2685444096 bytes)
ORA-10564: tablespace PROD_DATA
ORA-01110: data file 93: '/u03/oradata/PROD/PROD_DATA_48.dbf'
ORA-10561: block type 'TRANSACTION MANAGED INDEX BLOCK', data object# 204854
Incident details in: /u01/app/oracle/diag/rdbms/PROD_dgp/PROD/incident/incdir_2760247/PROD_mrp0_22684_i2760247.trc
Wed Dec 21 15:19:19 2016
Archived Log entry 103378 added for thread 1 sequence 92576 ID 0x22d0a3c8 dest 1:
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
Recovery Slave PR2L previously exited with exception 600
Wed Dec 21 15:19:21 2016
MRP0: Background Media Recovery terminated with error 448
Errors in file /u01/app/oracle/diag/rdbms/PROD_dgp/PROD/trace/PROD_pr00_22768.trc:
ORA-00448: normal completion of background process
Managed Standby Recovery not using Real Time Apply
Recovery interrupted!
Wed Dec 21 15:19:21 2016
Sweep [inc][2760999]: completed
Sweep [inc][2760247]: completed
Sweep [inc2][2760999]: completed
Sweep [inc2][2760247]: completed
Dumping diagnostic data in directory=[cdmp_20161221151921], requested by (instance=1, osid=22684 (MRP0)), summary=[incident=2760247].
Recovered data files to a consistent state at change 593576225741
Wed Dec 21 15:19:23 2016
MRP0: Background Media Recovery process shutdown (PROD)


Steps to resolve this issue:

Primary Database::

alter database begin backup;

Take backup of data file 93: '/u03/oradata/PROD/PROD_DATA_48.dbf' 

alter database end backup;


Standby Database:

shutdown the database.

Physically drop the datafile
rm /u03/oradata/PROD/PROD_DATA_48.dbf

Copy the backup of datafile# 93 from Primary to Standby database server.


Mount the database.

Restart the managed recovery operations.
alter database recover managed standby database  using current logfile disconnect;

select process,status from v$managed_standby;


Check the alert log:
Media Recovery Log and real-time apply successful

Thank you !!

Happy Reading… 

Shell Script to Run RMAN Backup in Background with nohup

December 28, 2016, 2:57 pm

≫ Next: Steps to find values populated in DBA_TAB_MODIFICATIONS

≪ Previous: MRP0: Background Media Recovery terminated with error 448

$

0

0

Please find the below steps.


Step 1. Prepare a RMAN command file

vi bkup.cmd

run

{

allocate channel ch1 device type disk;
allocate channel ch2 device type disk;

sql 'ALTER SYSTEM ARCHIVE LOG CURRENT';

       configure retention policy to recovery window of 7 days;

CONFIGURE DEVICE TYPE DISK BACKUP TYPE TO COMPRESSED BACKUPSET PARALLELISM 4;

CONFIGURE COMPRESSION ALGORITHM 'MEDIUM';

CROSSCHECK BACKUP DEVICE TYPE DISK;

CROSSCHECK ARCHIVELOG ALL;

delete noprompt archivelog all backed up 1 times to device type disk;

backup incremental level 0 as compressed backupset  database archivelog all   tag level0_weekly_ backup delete input;

DELETE NOPROMPT OBSOLETE;

DELETE NOPROMPT EXPIRED BACKUP;

release channel ch1;
release channel ch2;

}

Step 2. Create a shell script to invoke RMAN

vi bkup.ksh

#!/bin/ksh

export ORACLE_SID=ORCL1

export ORACLE_HOME=/u01/oracle/product/database/11.2.0/db_ORCL

export PATH=$PATH1:$ORACLE_HOME/bin

rman catalog rman/rmanPWD@rmancat target rmanbkup/RMANBKUP@mxcrm1e msglog /home/oracle/rman/rman_bkup.log cmdfile=/home/oracle/rman/bkup.cmd

Step 3. Invoke the script using nohup

          Change the permission of the shell script.

chmod 744 bkup.ksh

nohup ./bkup.ksh &

Steps to find values populated in DBA_TAB_MODIFICATIONS

December 28, 2016, 3:06 pm

≫ Next: Oracle Database and Applications Security Audit Part 1

≪ Previous: Shell Script to Run RMAN Backup in Background with nohup

$

0

0

Goal :
The goal is to explain why the view DBA_TAB_MODIFICATIONS  does sometimes have no values
even when the parameter STATISTICS_LEVEL  is set to TYPICAL and  the specific schema has been analyzed successful using the package DBMS_STATS.GATHER_SCHEMA_STATS.
In addition all the tables in that schema shows MONITORING=YES in the view dba_tables.


Fix:
The updates to the table *_tab_modifications are related to the volumne of updates for a table.
There is a need of approximately 10% of datavolumn changes. Just only on single update of the row for example might not lead to fill the *_tab_modifications.




Example :

SQL>  create table test ( num  varchar2(32));
Table created.

Lets insert 100 rows to table test:

SQL>  begin
  2  for i in 1..100 loop
  3  insert into sys.test values (i);
  4  end loop;
  5  commit;
end;  6
  7  /
PL/SQL procedure successfully completed.

SQL> select count(*) from test;
  COUNT(*)
----------
       100

Gather stats for this table:

SQL> EXEC DBMS_STATS.GATHER_TABLE_STATS('SYS','TEST');
PL/SQL procedure successfully completed.


SQL>  SELECT OWNER,TABLE_NAME,STALE_STATS,NUM_ROWS,BLOCKS,EMPTY_BLOCKS FROM DBA_TAB_STATISTICS where OWNER ='SYS' AND TABLE_NAME='TEST';
OWNER                          TABLE_NAME                     STA   NUM_ROWS
------------------------------ ------------------------------ --- ----------
    BLOCKS EMPTY_BLOCKS
---------- ------------
SYS                            TEST                           NO         100
         1            0

SQL>  select * from dba_tab_modifications where TABLE_OWNER='SYS' AND TABLE_NAME='TEST';

no rows selected

Now lets manually flush the modifications from SGA:

Note: The procedure DBMS_STATS.FLUSH_DATABASE_MONITORING_INFO flushes in-memory monitoring information for all tables in the dictionary.

Corresponding entries in the *_TAB_MODIFICATIONS, *_TAB_STATISTICS and *_IND_STATISTICS views are updated immediately, without waiting for the Oracle database to flush them periodically (per default every 3 hours). This procedure is useful when you need up-to-date information in those views.

SQL> exec dbms_stats.flush_database_monitoring_info;
PL/SQL procedure successfully completed.

SQL>  SELECT OWNER,TABLE_NAME,STALE_STATS,NUM_ROWS,BLOCKS,EMPTY_BLOCKS FROM DBA_TAB_STATISTICS where OWNER ='SYS' AND TABLE_NAME='TEST';
OWNER                          TABLE_NAME                     STA   NUM_ROWS
------------------------------ ------------------------------ --- ----------
    BLOCKS EMPTY_BLOCKS
---------- ------------
SYS                            TEST                           NO         100
         1            0

Now lets insert 1000 more values and check if it put entry in dba_tab_modifications:

SQL> begin
 for i in 1..1000 loop
  insert into sys.test values (i);
 end loop;
  commit;
 end;
  /
  2    3    4    5    6    7
PL/SQL procedure successfully completed.

SQL> select count(*) from test;
  COUNT(*)
----------
      1100

SQL>  SELECT OWNER,TABLE_NAME,STALE_STATS,NUM_ROWS,BLOCKS,EMPTY_BLOCKS FROM DBA_TAB_STATISTICS where OWNER ='SYS' AND TABLE_NAME='TEST';
OWNER                          TABLE_NAME                     STA   NUM_ROWS
------------------------------ ------------------------------ --- ----------
    BLOCKS EMPTY_BLOCKS
---------- ------------
SYS                            TEST                           NO         100
         1            0
no rows selected

SQL>  select * from dba_tab_modifications where TABLE_OWNER='SYS' AND TABLE_NAME='TEST';
no rows selected

SQL>  SELECT OWNER,TABLE_NAME,STALE_STATS,NUM_ROWS,BLOCKS,EMPTY_BLOCKS FROM DBA_TAB_STATISTICS where OWNER ='SYS' AND TABLE_NAME='TEST';
OWNER                          TABLE_NAME                     STA   NUM_ROWS
------------------------------ ------------------------------ --- ----------
    BLOCKS EMPTY_BLOCKS
---------- ------------
SYS                            TEST                           NO         100
         1            0

SQL> exec dbms_stats.flush_database_monitoring_info;
PL/SQL procedure successfully completed.

SQL> SELECT OWNER,TABLE_NAME,STALE_STATS,NUM_ROWS,BLOCKS,EMPTY_BLOCKS FROM DBA_TAB_STATISTICS where OWNER ='SYS' AND TABLE_NAME='TEST';
OWNER                          TABLE_NAME                     STA   NUM_ROWS
------------------------------ ------------------------------ --- ----------
    BLOCKS EMPTY_BLOCKS
---------- ------------
SYS                            TEST                           YES        100
         1            0

SQL>  select * from dba_tab_modifications where TABLE_OWNER='SYS' AND TABLE_NAME='TEST';
TABLE_OWNER                    TABLE_NAME
------------------------------ ------------------------------
PARTITION_NAME                 SUBPARTITION_NAME                 INSERTS
------------------------------ ------------------------------ ----------
   UPDATES    DELETES TIMESTAMP TRU DROP_SEGMENTS
---------- ---------- --------- --- -------------
SYS                            TEST
                                                                    1000
         0          0 19-JUN-12 NO              0

Oracle Database and Applications Security Audit Part 1

December 29, 2016, 12:05 pm

≫ Next: ORA-04063: package body “APPS.AD_ZD_ADOP” has errors

≪ Previous: Steps to find values populated in DBA_TAB_MODIFICATIONS

$

0

0

Hello Everyone,

I would like to start series of write ups/post based on the experience regarding How to perform Security Audit for oracle database and applications. 

Hoping that it will guide/help you to ensure/be aware of the areas related to Oracle Database & Applications Security , and Data Security, and to perform frequent internal security audit for Proactive and Reactive measures.

Assumption: Though most of the topic it would be in plain English / Laymen language, I assume that the reader has and  understands basic RDBMS, Applications , Data and networking concepts.

I don't want to rush with multiple concepts in one post. I would like to go step by step with detail analysis and description. In this series of post , im not going to talk about tools which can automate the complete audit operations, Thought process is to explain the key areas/factors related to data security, Recommendations / Guidelines related to them, How and What to audit and action to be taken over them.

So Let us Begin.....

What is Data Security ? : Simple Terms : Ensuring my data (sensitive/insensitive)not visible and accessible by others, available & accessible by me always.

Hope i dont want to elaborate , and i have obvious assumption that the readers knows what is data security.

What are areas we need to protect and monitor for Data Security ( High level ) ?
(other words : Area you should plan to audit the data security)

Network  : Network layer plays an vital role in IT Data Security. 
IP Address and Port access should be perfect maintained such that other intruders cannot get into our system. Based on the Sensitivity and volume on the data , It is recommended to have an ethical hacker on board to take proactive and reactive actions.

Guidelines:

1. Production Servers  and Non-Production Servers highly recommended to be in two different networks.

2. Production Servers (file system , database and applications) are not recommended to be accessible from non-prod servers.

3. Mandatory : Production Servers (file system, database and applications) should not be visible outside network ( if there is a requirement, the network security should be tightened up that the one specific applications should only be accessible ).

4. Production (Database and applications) Ports should not be using the default one like 1521 for DB and 8000 for Applications. - Reason behind 1521 and 8000 are worldwide known default Oracle database and applications ports, so Intruders can easily get into system very easily.

For Applications , It is recommended to implement SSL for Oracle applications , or traffic that comes to oracle applications server should be protected by SSL , for example Hardware Load Balancer.

5. Highly recommended to set TCP.INVITED_NODES in sqlnet.ora, which wont let all other IP address which was not mentioned in INVITED_NODES to access the database.

6. Subscribe for Oracle OTN Notifications , through which you will get Frequest Oracle security Updates ... As well as (related to this topic), if there are any network vulnerability released like for example : Poodle vulnerability related to SSLv3 , you will get to know and you can take immediate action over them.

How and What to Audit:

1. Get the list of non-production servers , sort them by number of developer or users using them. though all servers needs to be controlled and checked but in general the server which was accessed by high number of users should be continously monitored and checked.

2. Though there are lot of monitoring tools available, as a basic components you can use telnet.

3. Check that the points mentioned in the guidelines are met. , if not work with network team to block the ports (Action to be taken).

4. For Oracle Database , 
login to database server , do tnsping/telnet with production host ip and 1521 port ,

telnet 192.168.1.2 1521

you may also do 

netstat -an|grep 1521

It should not be successful, if it is successful then check with DBAs to change the db port to different other than 1521

5. For Oracle Applications, 
login to database server , do tnsping/telnet with production host ip and 8000 port ,

telnet 192.168.1.2 8000

you may also do 

netstat -an|grep 8000

It should not be successful, if it is successful then check with Apps DBAs to change the applications port to different other than 8000.

Recommended : recommended to implement SSL for Oracle applications , or traffic that comes to oracle applications server should be protected by SSL , for example Hardware Load Balancer.


Next Posts : Database and Applications Security... After that Data security.

-- Narasimha Rao

ORA-04063: package body “APPS.AD_ZD_ADOP” has errors

December 30, 2016, 9:03 am

≫ Next: Oracle License Calculations

≪ Previous: Oracle Database and Applications Security Audit Part 1

$

0

0

 adop prepare phase was failing with the following error in customer test environment.


echo $FILE_EDITION
run

echo $TWO_TASK
test


adop phase=prepare

Enter the APPS password:
Enter the SYSTEM password:
Enter the WLSADMIN password:

Validating credentials.

Initializing.
    Run Edition context  : /u01/apps/fs1/inst/test_erptest/appl/admin/test_erptest.xml
    Patch edition context: /u01/apps/fs2/inst/test_erptest/appl/admin/test_erptest.xml
    Patch file system free space: 89.80 GB

Validating system setup.



    [ERROR]     Failed to execute SQL statement:
 select AD_ZD_ADOP.GET_INVALID_NODES() from dual
    [ERROR]     Error Message:
    [ERROR]     ORA-04063: package body "APPS.AD_ZD_ADOP" has errors (DBD ERROR: OCIStmtExecute)
    [UNEXPECTED]Error determining whether this is a multi-node instance


[STATEMENT] Please run adopscanlog utility, using the command

"adopscanlog -latest=yes"

to get the list of the log files along with snippet of the error message corresponding to each log file.


adop exiting with status = 2 (Fail)

Cause :

Package “APPS.AD_ZD_ADOP” is not valid since this package became invalid due to incorrect execution of adgrants.sql script.



Solution:

SQL> alter package APPS.AD_ZD_ADOP compile body;

Warning: Package Body altered with compilation errors.

SQL> show error
Errors for PACKAGE BODY APPS.AD_ZD_ADOP:

LINE/COL ERROR
-------- -----------------------------------------------------------------
2686/3   PL/SQL: Statement ignored
2686/7   PLS-00201: identifier 'SYS.DBMS_METADATA_UTIL' must be declared
SQL>
SQL> conn / as sysdba
Connected.

SQL> grant execute on DBMS_METADATA_UTIL to apps;

Grant succeeded.

SQL> conn apps
Enter password:
Connected.

SQL> alter package APPS.AD_ZD_ADOP compile body;

Package body altered.

adop phase=prepare

ADOP cycle completed without any further issues.

Thank you for reading.

---

Oracle License Calculations

December 30, 2016, 9:47 am

≫ Next: How to change Date & time in AIX.

≪ Previous: ORA-04063: package body “APPS.AD_ZD_ADOP” has errors

$

0

0

To calculate/compare the user license according to application/responsibility. –In Details which user using which responsibility.

SELECT   fu.employee_id,
         fu.user_name,
         application_name,
         t.responsibility_name,
         wur.START_DATE responsibility_start_date,
         wur.EXPIRATION_DATE responsibility_end_date
     FROM fnd_responsibility_tl t,
         fnd_responsibility b,
         fnd_application_tl fn,
         fnd_user fu,
         wf_all_user_roles wur,
         per_all_assignments_f asg
   WHERE b.responsibility_id = t.responsibility_id
     AND asg.person_id = fu.employee_id
     AND b.application_id = t.application_id
     AND b.application_id = fn.application_id
     AND t.LANGUAGE = 'US'
          --AND fu.end_date IS NULL
     --AND wur.expiration_date IS NULL
     AND fn.LANGUAGE = 'US'
     AND b.end_date IS NULL
     AND fu.user_name = wur.user_name
     AND wur.role_orig_system_id = t.responsibility_id
     AND wur.role_orig_system = 'FND_RESP'
     AND sysdate between wur.START_DATE and NVL (wur.expiration_date, SYSDATE )
     -- AND fu.user_name='4445'
     -- AND application_name='Human Resources'
     and sysdate between fu.START_DATE  and nvl(fu.end_date,sysdate)

Sample output:

EMPLOYEE_ID USER_NAME   APPLICATION_NAME  RESPONSIBILITY_NAME            RESPONSIBILITY_START_DATE         RESPONSIBILITY_END_DATE

20804   4724     Human Resources        Employee Self-Service  12/25/2013
20804   4724     Human Resources        Employee Self-Service  12/25/2013
20804   4724     Oracle iProcurement     AME Application Administrator   6/1/2014  
20804   4724     Oracle iProcurement     AME Application Administrator   6/1/2014  
20735   4555     Advanced Product Catalog        Project Engineer           12/10/2013
20735   4555     Advanced Product Catalog        Project Engineer           12/10/2013
20735   4555     Advanced Product Catalog        Project Engineer           12/10/2013
20735   4555     Advanced Product Catalog        Project Engineer           12/10/2013
20696   4462     Enterprise Asset Management   Enterprise Asset Management   8/3/2015   

More Precise (which user using one application how many licenses

SELECT   fu.user_name,
         application_name,
         count(application_name)
     FROM fnd_responsibility_tl t,
         fnd_responsibility b,
         fnd_application_tl fn,
         fnd_user fu,
         wf_all_user_roles wur,
         per_all_assignments_f asg
   WHERE b.responsibility_id = t.responsibility_id
     AND asg.person_id = fu.employee_id
     AND b.application_id = t.application_id
     AND b.application_id = fn.application_id
     AND t.LANGUAGE = 'US'
          --AND fu.end_date IS NULL
     --AND wur.expiration_date IS NULL
     AND fn.LANGUAGE = 'US'
     AND b.end_date IS NULL
     AND fu.user_name = wur.user_name
     AND wur.role_orig_system_id = t.responsibility_id
     AND wur.role_orig_system = 'FND_RESP'
     AND sysdate between wur.START_DATE and NVL (wur.expiration_date, SYSDATE )
     and sysdate between fu.START_DATE  and nvl(fu.end_date,sysdate)
     group by application_name, fu.user_name

Sample output:

USER_NAME   APPLICATION_NAME  COUNT(APPLICATION_NAME)

4445                 Human Resources                    4
4490                 Purchasing                                 4
4632                 Human Resources                    3
4632                 Purchasing                                 3
4502                 Human Resources                    4


More Precise (per application How many users) as comes in oracle Invoice.

select application_name, count(user_name)
from
(SELECT   fu.user_name,
         application_name,
         count(application_name)
     FROM fnd_responsibility_tl t,
         fnd_responsibility b,
         fnd_application_tl fn,
         fnd_user fu,
         wf_all_user_roles wur,
         per_all_assignments_f asg
   WHERE b.responsibility_id = t.responsibility_id
     AND asg.person_id = fu.employee_id
     AND b.application_id = t.application_id
     AND b.application_id = fn.application_id
     AND t.LANGUAGE = 'US'
          --AND fu.end_date IS NULL
     --AND wur.expiration_date IS NULL
     AND fn.LANGUAGE = 'US'
     AND b.end_date IS NULL
     AND fu.user_name = wur.user_name
     AND wur.role_orig_system_id = t.responsibility_id
     AND wur.role_orig_system = 'FND_RESP'
     AND sysdate between wur.START_DATE and NVL (wur.expiration_date, SYSDATE )
     and sysdate between fu.START_DATE  and nvl(fu.end_date,sysdate)
     group by application_name, fu.user_name)
     group by application_name;

Sample Output:

Application Name                                                         Count(Users)
                                                 
General Ledger                                                                  33
Receivables                                                                        21
Order Management                                                         14
Advanced Supply Chain Planning                                     3
Process Manufacturing Product Development              4
Sourcing                                                                              44
Assets                                                                                    8
Process Manufacturing Financials                                    6
Application Object Library                                               17
YES Custom                                                                       162
Marketing                                                                           15
XML Publisher                                                                      4
System Administration                                                      11
Process Manufacturing Process Execution                    86
Cash Management                                                             21
Time and Labor Engine                                                     13
Advanced Product Catalog                                                1
Alert                                                                                      4
Oracle iProcurement                                                          1
Enterprise Asset Management                                    204
Inventory                                                                         135
Oracle Landed Cost Management                                16
Human Resources                                                        1196
Purchasing                                                                      386
Treasury                                                                            11
Property Manager                                                            8
Cost Management                                                            3
Quality                                                                                5
Advanced Pricing                                                             8
Bills of Material                                                                1
Payables                                                                          25
                                                                        

Hope this helps..

How to change Date & time in AIX.

December 30, 2016, 11:20 am

≫ Next: How to Cancel a Concurrent Request Stuck in the Queue

≪ Previous: Oracle License Calculations

$

0

0

smitty date

# smitty date

                                                   Change / Show Day and Time

Type or select values in entry fields.

Press Enter AFTER making all desired changes.

                                        [Entry Fields]

  YEAR (00-99)                        [16]                                                                                      #

  MONTH (01-12)                       [02]                                                                                      #

  DAY (1-31)                          [02]                                                                               #

  HOUR (00-23)                        [09]                                                                                      #

  MINUTES (00-59)                     [46]                                                                                      #

  SECONDS (00-59)                     [49]                                                                                      #

F1=Help                                F2=Refresh                              F3=Cancel                              F4=List

Esc+5=Reset                            Esc+6=Command                           Esc+7=Edit                             Esc+8=Image

Esc+9=Shell                            Esc+0=Exit                              Enter=Do

Press Enter <After you change the date & time.

Happy Learning !

How to Cancel a Concurrent Request Stuck in the Queue

December 30, 2016, 1:45 pm

≫ Next: Article 1

≪ Previous: How to change Date & time in AIX.

$

0

0

Some times we get a Request from customers that they are not able to cancel their request because of the following error.

"The concurrent manager process that was running this request has exited abnormally.    The ICM will mark this request as completed with error".

Navigation 

If we try to cancel a concurrent request using "Cancel Request" button from the Administer > Concurrent > Manager form.
We will get the following message:
Request xxxxxx can no longer be cancelled. The Concurrent Manager Process that was running this request has exited abnormally. The ICM will mark this request as completed with error.

Solution

This can be safely done when Concurrent Managers are up and running.

1) Backup fnd_concurrent_requests table

2) SQL> UPDATE fnd_concurrent_requests
SET phase_code = ‘C’, status_code = ‘X’
WHERE Request_id=&request_id
Here Request id is the request which we want to cancel….

3) Commit


Happy Learning...

Article 1

December 31, 2016, 10:16 am

≫ Next: Article 0

≪ Previous: How to Cancel a Concurrent Request Stuck in the Queue

$

0

0

Find IOPS of an Oracle database

There may be a situation where we have to calculate IOPS (Input Output Per Second) of oracle database to know the performance bottleneck of an oracle database regarding IO or when planning capacity for new hardware implementation. Though we can find it from AWR report, below is the sql to calculate the IOPS of an Oracle database

IOPS for entire day:
====================

ALTER SESSION SET NLS_DATE_FORMAT='DD-MON-YY HH24:MI:SS';
break on report
compute sum of value on report
select METRIC_NAME,avg(AVERAGE) value from dba_hist_sysmetric_summary
where begin_time between to_date('20-DEC-16 00:00:00', 'dd-MON-yy hh24:mi:ss') and to_date('20-DEC-16 23:59:59', 'dd-MON-yy hh24:mi:ss')
and end_time like '%20-DEC-16%' and  METRIC_NAME in ('Physical Read Total IO Requests Per Sec','Physical Write Total IO Requests Per Sec')
group by METRIC_NAME;

You can change the time interval in the above sql query based on your requirement.

Article 0

December 31, 2016, 10:30 am

≫ Next: ORA-00600: internal error code, arguments: [krfg_mgen_coord2], [], [], [], [], [], [], [], [], [], [], []

≪ Previous: Article 1

$

0

0

Login flow in R12.2 and basic troubleshooting

Login flow in R12.2

1  When a HTTP request is made for EBS, the request is received by the Oracle HTTP Server (OHS).

2 When the configuration of OHS is for a resource that needs to be processed by Java, such as logging into EBS, the OHS configuration will redirect the request to the Web Logic Server (WLS) Java process (OACore in this case).

3 WLS determines the J2EE application that should deal with the request, which is called “oacore”.

4 This J2EE application needs to be deployed and available for processing requests in order for the request to succeed.   The J2EE application needs to access a database and does this via a datasource which is configured within WLS.

Here is the processing in terms of URL(Login HTTP headers)

When the EBS login works OK, the browser will be redirected to various different URLs in order for the login page to be displayed.  The page flow below shows the URLs that will be called to display the login page:

/OA_HTML/AppsLogin EBS Login URL /OA_HTML/AppsLocalLogin.jsp Redirects to local login page /OA_HTML/RF.jsp?function_id=1032925&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US&oas=3TQG_dtTW1oYy7P5_6r9ag..&params=5LEnOA6Dde-bxji7iwlQUg Renders the login page The URLs after the user enters username and password, then clicks the “login” button are shown below/OA_HTML/OA.jsp?page=/oracle/apps/fnd/sso/login/webui/MainLoginPG&_ri=0&_ti=640290175&language_code=US&requestUrl=&oapc=2&oas=4hoZpUbqVSrv9IE0iJdY1g.. /OA_HTML/OA.jsp?OAFunc=OANEWHOMEPAGE /OA_HTML/RF.jsp?function_id=MAINMENUREST&security_group_id=0 Renders user home page Once the users home page is displayed, the logout flow also redirects to several different URL before returning to the login page: /OA_HTML/OALogout.jsp?menu=Y Logout icon has been clicked /OA_HTML/AppsLogout /OA_HTML/AppsLocalLogin.jsp?langCode=US&_logoutRedirect=y Redirects to the login page /OA_HTML/RF.jsp?function_id=1032925&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US&oas=r6JPtR7-a4n5U2H3–ytEg..&params=1JU-PCsoyAO7NMAeJQ.9N6auZoBnO8UYYXjUgSPLHdpzU3015KGHA668whNgEIQ4 Renders login page again

Basic Troubleshooting for Login in R12.2

1)  OHS (apache) failure
If OHS is not running or not responding, one would see a message as below. If OHS is not running then there will not be any messages in any EBS log file for this request.

Firefox: “The connection was reset”

Steps to take
Check OHS has started OK

adapcctl.sh status adapcctl.sh stop adapcctl.sh start

2  OACore JVM process not available
If the OACore JVM is not running or not reachable, then one will likely see the following message in the browser:

Failure of server APACHE bridge: No backend server available for connection: timed out after 10 seconds or idempotent set to OFF or method not idempotent.

There could be two reason
Steps to take
a)Make sure the OACore JVM has started correctly
admanagedsrvctl.sh start oacore
b) Check mod_wl_ohs.conf file is configured correctly
3) oacore J2EE application not available
There may be cases where the OACore JVM is running and reachable but the oacore application is not available.
The browser will report the error:

Error 404–Not Found From RFC 2068 Hypertext Transfer Protocol — HTTP/1.1: 10.4.5 404 Not Found The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

Access_log will show 404 error:

GET /OA_HTML/AppsLogin HTTP/1.1″ 404

Steps to take

In the FMW Console check the “deployments” to confirm the “oacore” application is at status “Active” and Health is “OK”.

4) Datasource failure
The oacore logs will show this type of error

<Error> <ServletContext-/OA_HTML> <BEA-000000> <Logging call failed exception:: java.lang.NullPointerException at oracle.apps.fnd.sso.AppsLoginRedirect.logSafe(AppsLoginRedirect.java:639) at oracle.apps.fnd.sso.AppsLoginRedirect.doGet(AppsLoginRedirect.java:1314) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

The explorer will show

The system has encountered an error while processing your request.Please contact your system administrator

Steps to Take

1. Review the EBS Datasource and make sure it is targeted to the oacore_cluster1 managed server.   Also use the “Test Datasource” option to confirm database connection can be made
2. If one makes any changes, one will need to restart the managed server, despite FMW Console saying no restart is necessary.

ORA-00600: internal error code, arguments: [krfg_mgen_coord2], [], [], [], [], [], [], [], [], [], [], []

January 4, 2017, 4:22 am

≫ Next: RMAN-06136: ORACLE error from auxiliary database: ORA-01503: CREATE CONTROLFILE failed ORA-12720: operation requires database is in EXCLUSIVE mode

≪ Previous: Article 0

$

0

0

Description
    A standby media recovery session may suddenly fail with
    ORA-600 [krfg_mgen_coord2]
   
Look for all the following:
    - this is a RAC standby, with more than one running standby
      instance
    - on the RAC standby instance performing media recovery, the
      recovery session terminates with ORA-600 [krfg_mgen_coord2]
    - flashback is enabled for the standby database
        ie "select flashback_on from v$database" returns 'YES'.
    - in the alert log of one of the other running standby instances
      check the messages written for the most recent database mount
      operation, the mount will have completed, but:
        - the message "Successful mount of redo thread <n>" will
          be there, but the following query on the standby:
             select rtnum "thread#",
             decode(bitand(rtsta,128), 128, 'FB_ENABLED_FOR_THREAD',
                    'FB_DISABLED_FOR_THREAD') "FLASHBACK"
               from x$kccrt;
          returns either no row for thread# <n>, or else it returns
          one row for thread# <n> row showing flashback is disabled
          for that thread.

Workaround
    To prevent the problem, any threads mounted on the standby
    instance need to already have flashback enabled for the thread.
    To check this, run these 2 queries on the standby:
        select thread# from gv$instance;
        select rtnum "thread#",
         decode(bitand(rtsta,128), 128, 'THREAD_ENABLED_FOR_FLASHBACK',
               'THREAD_DISABLED_FOR_FLASHBACK') "THREAD_FLASHBACK_STATE"
           from x$kccrt;

   

RMAN-06136: ORACLE error from auxiliary database: ORA-01503: CREATE CONTROLFILE failed ORA-12720: operation requires database is in EXCLUSIVE mode

January 4, 2017, 4:36 am

≫ Next: RMAN-11003: failure during parse/execution of SQL statement: alter database create standby controlfile as '' ORA-00245: control file backup failed; target is likely on a local file system

≪ Previous: ORA-00600: internal error code, arguments: [krfg_mgen_coord2], [], [], [], [], [], [], [], [], [], [], []

$

0

0

RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of Duplicate Db command at 06/05/2014 08:03:41
RMAN-05501: aborting duplication of target database
RMAN-06136: ORACLE error from auxiliary database: 

ORA-01503: CREATE CONTROLFILE failed
ORA-12720: operation requires database is in EXCLUSIVE mode

The above is due to cluster_database is set to true. 

Please set the cluster_database to false and restart the restore.

---

RMAN-11003: failure during parse/execution of SQL statement: alter database create standby controlfile as '' ORA-00245: control file backup failed; target is likely on a local file system

January 4, 2017, 8:05 pm

≫ Next: Oracle Database and Applications Security Audit Part 2

≪ Previous: RMAN-06136: ORACLE error from auxiliary database: ORA-01503: CREATE CONTROLFILE failed ORA-12720: operation requires database is in EXCLUSIVE mode

$

0

0

Cause:

This is down to the snapshot controlfile being on a local disk and it needs to be on a shared disk for all of the cluster in our case we need to put it on ASM diskgroup

Solution:

To fix the issue we need to configure the SNAPSHOT CONTROLFILE to the  ASM diskgroup in RMAN, this is done as follows:

RMAN> configure snapshot controlfile name to '+ORA_DATA/snapcf_PRODDB1.f';

new RMAN configuration parameters:

CONFIGURE SNAPSHOT CONTROLFILE NAME TO '+ORA_DATA/snapcf_PRODDB1.f';

new RMAN configuration parameters are successfully stored

Oracle Database and Applications Security Audit Part 2

January 8, 2017, 9:27 am

≫ Next: Compile Invalid Objects in oracle

≪ Previous: RMAN-11003: failure during parse/execution of SQL statement: alter database create standby controlfile as '' ORA-00245: control file backup failed; target is likely on a local file system

$

0

0

This post is continuation of  "Oracle Database and Applications Security Audit Part 1"

There are small correction in Part 1, Instead of netstat -an , better to use netstat -anp , if you any questions or comments, please do comment on the respective posts,  I will reply back as soon as i can.

One more point would like to mention is that My experiences related to security are around Oracle Database and Oracle E-Business Suite (/ Oracle Applications), So I will be focusing mainly on Oracle Database and Oracle E-Business Suite (/Oracle Applications).

So..Let us focus on the next areas to be audited (/paid attention) , which is/are a key for data security. 

Oracle Database : 

Few things to recollect from previous post (part 1) related to Oracle Database ... 
1. Default Port 1521 should not be used.
2. Highly recommended to set TCP.INVITED_NODES in sqlnet.ora

Guidelines:

A. Auditing:

1. Most of Us reading this post , know that : 
Related to Data - There are Insert, Update, Delete , Truncate , Select , execute Pl/Sql objects access.
Related to Database object - There are Create , Alter , Drop objects access.
Related to Database System level privileges related to data access - Update any table, Insert any table, delete any table , select any table , execute any package, create any table,alter any table and drop any table.

All the above access rights should be tracked and audited ( Select - Up to you ) on key sensitive objects , which stores and retrieves Companies financial - Asset , Customer , Supplier , Banks , Credit Card  and/or any Sensitive data.


2. When you design custom schema for applications, identify the key objects which are going to store sensitive data , and design to create and store them in a separate schema  (different than custom Applications schema), This will help to control the access , configure , track and audit the schema.

3.  No user should have direct access to applications schema , specifically related to Oracle Applications - No users should have direct access to APPS schema in production. All users should have named users like NKARANAM , HSINGH.  All named user should be audited , access to shared to any users should be controlled , approved and reported very frequently.

4. APPS schema/Custom schemas password should be changed every Quarter, and should be reported. Password sheet/software which hold the latest password should be controlled.

5. Database Roles should be created based on the categories of users like role to view the data, role to modify the data, role to execute the packages,
role to alter and drop the objects. This will help to ensure which list of access has been provided to whom , though this point is not related to security - it will help in implementing the above points.

6. Considering Performance , Auditing should be carefully planned , and access on point 1 should not be audited on all objects on schema which holds sensitive data. We need to plan and track operations based on the importance of data it holds.


B. Availaibility

How availability is related to database security: One of key feature of data security is that Data should be available to us for access.

We have lot of options and recommendations for Database Availability.
All options are best for certain situations and reasons, each options has its own trade offs , hence I'M not going to say which is best and which are not.

1.  Backup : This is Most common, budgeted options. From the Security Point of View, Database and  transaction/archive logs backups should be planned in such a way that the database should be restored till point in time. database parameters related to archive logs generation should be tuned to met the recovery requirement. (FAST_START_MTTR_TARGET). (i will be write a separate series on backup configuration and best practices). 

Frequent restoration should be planned, tested and documented. So that we can ensure that data can restored at any point of time.

Backups should be monitored and in event of backup failures, the restoration plan should be re-looked , backup schedule should be changed and restored.

Backup set should also be planned to send of offsite, so that the database can be restored in case of natural calamities.

2. Physical Standby : This is one of the advanced options, through which database can be mirrored, and synced up in remote site (basically via archivelogs) from the production database . This option requires additional database license as new oracle home and standby will be created in remote server. Through Physical Standby, database can be brought up point in time in read write mode within few mins of crash occurrence in production database, whereas in backup option, We need to wait till the time the backups gets restored and archivelog get applied to bring up the database to read write and point in time.

Standby should be monitored such that it is getting synced up with production database , (archive logs are getting copied and getting applied).

Frequent switchovers should be planned, tested and documented. So that we can ensure that data can restored at any point of time.

3. Clusters (Real Application Clusters) : This is one of the advanced option through the database will be stored in shared storage and will be accessible from multiple server, This option also need additional investment. Clusters mainly useful in load balancing the performance of production database and in case of crash of any server , the other available servers can be used for accessing the data , which leads to 99% availability.  RAC + STANDBY (Option 2) are generally considered best combo, as it ensure data availability when events occurred between server and within data center.

C. Patching : 

Oracle release Critical Patch Updates (Security patches) and Patch Set updates every Quarter. It is highly recommended and mandatory from security update to be applied to production as soon as it released after testing it in non-production.

D. MASKING :

Whenever lower instances/ non-production database getting refreshed/cloned using production database , Tables holding Sensitive data should be masked either via sql/plsql/program or via oracle tools , as the lower instance will be accessed by all developers, contractors/external vendors and project teams.


E. Reporting related to database security :

Below are the list of reports related to database security recommended to be created and reviewed frequently.

1. List of named users and their operations in the database.

2. List of named users, their system and object level privileges they have. ensure that they have only the approved privileges.

3. List of changes made to tables holding Sensitive data.

4. Result of last backup and Switch over (when using physical standby) performed, and any proactive changes needs to be done.

5. When and what was the latest security patch applied, and delay of any to be reviewed.

6. When was the last time APPS Schema/Database custom schema password got changed.

7. (take a baseline of database parameter before) list of changes made to any database parameters.

Next Post : Application Security

--Narasimha Rao

Compile Invalid Objects in oracle

January 8, 2017, 8:46 pm

≫ Next: Monitor JVM Heap Memory for the managed servers in R12.2

≪ Previous: Oracle Database and Applications Security Audit Part 2

$

0

0

Compile Invalid Objects in oracle

SELECT    'alter '
       || DECODE (object_type, 'PACKAGE BODY', 'PACKAGE', object_type)
       || ''
       || owner
       || '.'
       || object_name
       || ' compile;'
  FROM dba_objects
 WHERE status = 'INVALID'
/

Monitor JVM Heap Memory for the managed servers in R12.2

January 9, 2017, 1:23 am

≫ Next: Script to monitor Weblogic managed server status

≪ Previous: Compile Invalid Objects in oracle

$

0

0

#!/bin/sh
# Script to monitor JVM Heap Memory for the managed servers
# Author : Ramasubbu Sunadaravel
# Date   : 23-Aug-2016
# Usage  : sh jvm_heap_mem_mon.sh run 

## VARIABLES
save_date=`date +%d_%b_%y`
LOGFILE=/export/home/applmgr/oraprocs/logs
HISTFILE=/export/home/applmgr/oraprocs/histfile
threshold=10
MAIL_LIST=rsundaravel@yahoo.com
SCRIPT=/export/home/applmgr/oraprocs/.jvm_check.py

## SCRIPTS STARTS HERE
. /r11/app/FLRPRD/R12apps/EBSapps.env
. $FMW_HOME/wlserver_10.3/server/bin/setWLSEnv.sh
java weblogic.WLST $SCRIPT > $LOGFILE/jvm_heap_monitoring.log
date '+Start Time: %m/%d/%y %H:%M:%S'>> $HISTFILE/jvm_heap_monitoring_$save_date.log
cat $LOGFILE/jvm_heap_monitoring.log|grep "%">> $HISTFILE/jvm_heap_monitoring_$save_date.log
date '+End Time: %m/%d/%y %H:%M:%S'>> $HISTFILE/jvm_heap_monitoring_$save_date.log

#Alert DBA's if any of the managed server heap size reached more than $threshold value
current=`cat $LOGFILE/jvm_heap_monitoring.log|grep %|awk '{print $8}'|cut -f1 -d'%'|sort -n |head -1`

if test $current -lt $threshold
then
echo "one of the managed server heap size free % reached less than $threshold% . Please check logfile $LOGFILE/jvm_heap_monitoring.log from `hostname`" |mailx -s "Managed server heap size free % reached less
 than $threshold%  in `hostname` " $MAIL_LIST < $LOGFILE/jvm_heap_monitoring.log
else
echo "All is well"
fi
## END 

### Weblogic script to find out JVM Memory usage.

cat /export/home/applmgr/oraprocs/.jvm_check.py 
connect('weblogic','password','t3://test.testing.int:7014')
domainRuntime()

servers = domainRuntimeService.getServerRuntimes();
print('################################################################')
print('# Java heap information per server')
print('################################################################')
print('%20s %10s %8s %8s %4s' % ('Server','Current','Free','Max','Free'))
for server in servers:
   free    = int(server.getJVMRuntime().getHeapFreeCurrent())/(1024*1024)
   freePct = int(server.getJVMRuntime().getHeapFreePercent())
   current = int(server.getJVMRuntime().getHeapSizeCurrent())/(1024*1024)
   max     = int(server.getJVMRuntime().getHeapSizeMax())/(1024*1024)
   print('%20s %7d MB %5d MB %5d MB %3d%%' % (server.getName(),current,free,max,freePct))

disconnect()
exit()

Script to monitor Weblogic managed server status

January 9, 2017, 1:23 am

≫ Next: ADADMIN With Error "PLS-00201: identifier 'AD_JAR.GET_JRIPASSWORDS' must be declared"

≪ Previous: Monitor JVM Heap Memory for the managed servers in R12.2

$

0

0

#!/bin/sh

# Script to monitor Weblogic managed server status

# Author : Ramasubbu Sunadaravel

# Date   : 23-Aug-2016

. /r11/app/FLRPRD/R12apps/EBSapps.env

## VARIABLES ###

LOGFILE=/export/home/applmgr/oraprocs/logs

MAIL_LIST=rsundaravel@yahoo.com

ADMIN_URL=http://test.domain.int:7014/console

PARFILE=/export/home/applmgr/oraprocs/mgd_server_list.par ## - place all the managed servers name.

WEBLOGIC_PWD = /export/home/applmgr/oraprocs/.weblogicpwd

## SCRIPT STARTS

cat $PARFILE |while read line

do

managed_server=`echo $line | awk '{print $1}'`

LOGFILE=/export/home/applmgr/oraprocs/logs

echo $managed_server

echo `cat $WEBLOGIC_PWD`|$ADMIN_SCRIPTS_HOME/admanagedsrvctl.sh status $managed_server|grep $managed_server|grep -v logs > $LOGFILE/$managed_server.log

status=`cat $LOGFILE/$managed_server.log|grep "is running"|wc -l`

if test $status -eq 1

then

echo "$managed_server is Running"

else

echo "$managed_server is Not Running. Please refer Documents to restart "|mailx -s "BLACKBERRY:- Managed Server $managed_server is not running on $ADMIN_URL" $MAIL_LIST

fi

done

## END

PARFILE Entries:

cat /export/home/applmgr/oraprocs/mgd_server_list.par

oacore_server1

oacore_server2

forms_server1

oafm_server1