Tuesday, October 1, 2024

Shrink datafile after 'ORA-03297'

Problem

When try to resize datafile following error occur

SQL> ALTER DATABASE DATAFILE '/u01/PROD/data/system01.dbf' RESIZE 10G;
ERROR at line 1:
ORA-03297: file contains used data beyond requested RESIZE value

Solution

1. Check the tablespace sizes
SQL> set pages 999
set lines 400
SELECT df.tablespace_name tablespace_name,
 max(df.autoextensible) auto_ext,
 round(df.maxbytes / (1024 * 1024), 2) max_ts_size,
 round((df.bytes - sum(fs.bytes)) / (df.maxbytes) * 100, 2) max_ts_pct_used,
 round(df.bytes / (1024 * 1024), 2) curr_ts_size,
 round((df.bytes - sum(fs.bytes)) / (1024 * 1024), 2) used_ts_size,
 round((df.bytes-sum(fs.bytes)) * 100 / df.bytes, 2) ts_pct_used,
 round(sum(fs.bytes) / (1024 * 1024), 2) free_ts_size,
 nvl(round(sum(fs.bytes) * 100 / df.bytes), 2) ts_pct_free
FROM dba_free_space fs,
 (select tablespace_name,
 sum(bytes) bytes,
 sum(decode(maxbytes, 0, bytes, maxbytes)) maxbytes,
 max(autoextensible) autoextensible
 from dba_data_files
 group by tablespace_name) df
WHERE fs.tablespace_name (+) = df.tablespace_name
GROUP BY df.tablespace_name, df.bytes, df.maxbytes
UNION ALL
SELECT df.tablespace_name tablespace_name,
 max(df.autoextensible) auto_ext,
 round(df.maxbytes / (1024 * 1024), 2) max_ts_size,
 round((df.bytes - sum(fs.bytes)) / (df.maxbytes) * 100, 2) max_ts_pct_used,
 round(df.bytes / (1024 * 1024), 2) curr_ts_size,
 round((df.bytes - sum(fs.bytes)) / (1024 * 1024), 2) used_ts_size,
 round((df.bytes-sum(fs.bytes)) * 100 / df.bytes, 2) ts_pct_used,
 round(sum(fs.bytes) / (1024 * 1024), 2) free_ts_size,
 nvl(round(sum(fs.bytes) * 100 / df.bytes), 2) ts_pct_free
FROM (select tablespace_name, bytes_used bytes
 from V$temp_space_header
 group by tablespace_name, bytes_free, bytes_used) fs,
 (select tablespace_name,
 sum(bytes) bytes,
 sum(decode(maxbytes, 0, bytes, maxbytes)) maxbytes,
 max(autoextensible) autoextensible
 from dba_temp_files
 group by tablespace_name) df
WHERE fs.tablespace_name (+) = df.tablespace_name
GROUP BY df.tablespace_name, df.bytes, df.maxbytes
ORDER BY 4 DESC;

2. Find High Watermark of tablespace
SQL>select tablespace_name,
file_id,
file_name DATA_FILE_NAME,Allocated_MBYTES,
High_Water_Mark_MBYTES,
FREE_MBYTES,
trunc((FREE_MBYTES/Allocated_MBYTES)*100,2) "% Free",
trunc(Allocated_MBYTES-High_Water_Mark_MBYTES,2) Resizable
from
(
select ddf.tablespace_name tablespace_name,
ddf.file_id file_id,
ddf.file_name file_name,
ddf.bytes/1024/1024 Allocated_MBYTES,
trunc((ex.hwm*(dt.block_size))/1024/1024,2) High_Water_Mark_MBYTES,
FREE_MBYTES
from dba_data_files ddf
join dba_tablespaces dt on ddf.tablespace_name = dt.tablespace_name
left join (
    select file_id, sum(bytes/1024/1024) FREE_MBYTES
    from dba_free_space
    group by file_id
    ) free on ddf.file_id = free.file_id
join (
    select file_id, max(block_id+blocks) hwm
    from dba_extents
    group by file_id
    ) ex on ddf.file_id = ex.file_id
where 1=1
and ddf.tablespace_name='SYSTEM'
order by ddf.tablespace_name, ddf.file_id);

3. List the segments that have extents near the high watermark for given datafile
SQL>select file_name data_file_name,
segment_type,
owner||'.'||segment_name segment_name,
partition_name,
block_id,
blockId_Mbytes,
decode (segment_type,'TABLE','ALTER TABLE '||owner||'.'||segment_name||' MOVE TABLESPACE AA_DATA;','INDEX','ALTER INDEX '||owner||'.'||segment_name||' REBUILD ONLINE;')sc
from
(
select
de.owner owner,
de.segment_name segment_name,
de.segment_type segment_type,
de.block_id block_id,
DE.PARTITION_NAME partition_name,
ddf.file_name file_name,
trunc((de.block_id*(dt.block_size))/1024/1024,2) blockId_Mbytes
from dba_extents de
join dba_data_files ddf on  de.file_id=ddf.file_id
join dba_tablespaces dt on ddf.tablespace_name = dt.tablespace_name
where 1=1
and ddf.file_id = 15
order by de.block_id desc
)
where rownum <= 100;

4. Rebuild Segments

    i. Tables

SQL>ALTER TABLE AD_MGR.T_THREAD_DUMP MOVE TABLESPACE AA_DATA;

    ii. Lobsegments

SQL>select * from dba_lobs where owner='AD_MGR' and segment_name='SYS_LOB0000386007C00005$$';

ALTER TABLE your_schema.your_table MOVE LOB(column_name) STORE AS (TABLESPACE new_tablespace); 
ALTER TABLE AD_MGR.T_THREAD_DUMP MOVE LOB(THREAD_DUMP) STORE AS (TABLESPACE AA_DATA);

    iii. Index

SQL>ALTER INDEX AA_MGR.IDX$$_199120004 REBUILD ONLINE;

Tuesday, September 10, 2024

Clone PDB on 19c

  1. Check Free space on server

  2. SQL> col name for a10
    col percentage 999.99
    SELECT name, free_mb, total_mb, free_mb/total_mb*100 as percentage FROM v$asm_diskgroup;
    
    NAME          FREE_MB   TOTAL_MB PERCENTAGE
    ---------- ---------- ---------- ----------
    TSTDB          129716    1351560 9.59750215
    
  3. Check the size if exisitng PDBS on server

  4. SQL> col name for a10
      select con_id, name, open_mode, total_size/1024/1024/1024 "PDB_SIZE_GB" from v$pdbs;
    
        CON_ID NAME       OPEN_MODE  PDB_SIZE_GB
    ---------- ---------- ---------- -----------
             2 PDB$SEED   READ ONLY   2.29394531
             3 GISDEV     READ WRITE   189.53125
             4 GISDB      READ WRITE  160.301758
    3 rows selected.
    

Clone on same server

  1. Start Source PDB in readonly mode

  2. SQL> select name,open_mode from v$pdbs;
    
    NAME       OPEN_MODE
    ---------- ----------
    PDB$SEED   READ ONLY
    GISDEV     READ WRITE
    GISDB      READ WRITE
    
    
    SQL> alter session set container=GISDEV;
    
    Session altered.
    
    SQL> select file_name from dba_data_files;
    
    FILE_NAME
    --------------------------------------------------------
    /u01/oracle/oradata/cdb1/tstdb/system01.dbf
    /u01/oracle/oradata/cdb1/tstdb/sysaux01.dbf
    
    SQL> shutdown immediate;
    Pluggable Database closed.
    
    SQL> startup open read only
    Pluggable Database opened.
    
  3. Connect to container database and clone from source PDB

  4. sqlplus / as sysdba
    SQL*Plus: Release 19.0.0.0.0 - Production on Sat Sep 16 12:32:58 2023
    Version 19.20.0.0.0
    
    Copyright (c) 1982, 2022, Oracle.  All rights reserved.
    
    
    Connected to:
    Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
    Version 19.20.0.0.0
    
    SQL> show con_name
    
    CON_NAME
    ---------------------
    CDB$ROOT
    
    SQL> create pluggable database GISTEST from GISDEV FILE_NAME_CONVERT=('/u01/oracle/oradata/cdb1/tstdb','/u01/oracle/oradata/cdb1/tstdb1');
    
    Pluggable database created.
    
  5. Start the both Source and target PDB's

  6. SQL> sho pdbs;
    
        CON_ID CON_NAME               OPEN MODE  RESTRICTED
    ---------- ---------------------- ---------- ----------
             2 PDB$SEED                       READ ONLY  NO
             3 GISDEV                         READ ONLY NO
             4 GISDB                          READ WRITE NO
             5 GISTEST						  READ ONLY NO
    
    SQL> ALTER PLUGGABLE DATABASE GISDEV OPEN;
    SQL> ALTER PLUGGABLE DATABASE GISTEST OPEN;
    
    SQL> sho pdbs;
    
        CON_ID CON_NAME                       OPEN MODE  RESTRICTED
    ---------- ---------------------- ---------- ----------
             2 PDB$SEED                       READ ONLY  NO
             3 GISDEV                         READ WRITE NO
             4 GISDB                          READ WRITE NO
             5 GISTEST						  READ WRITE NO
    

Clone from Remote server

  1. Connect to Source PDB

  2. SQL> select name,open_mode from v$pdbs;
    
    NAME       OPEN_MODE
    ---------- ----------
    PDB$SEED   READ ONLY
    GISPROD     READ WRITE
    DBPROD     READ WRITE
    
    
    SQL> alter session set container=GISPROD;
    
    Session altered.
    
  3. Create user and grant

  4. create user clone_pdb identified by clone_pdb;
    
    SQL> grant create session,create pluggable database to clone_pdb;
    
  5. Create DB link on Target db pointing to source DB, You can use either way to create DB link

  6. Method-1

    SQL> CREATE DATABASE LINK prodDB 
        CONNECT TO clone_pdb IDENTIFIED BY clone_pdb
        USING '(DESCRIPTION=
                    (ADDRESS=(PROTOCOL=TCP)(HOST=oracledb.example.com)(PORT=1521))
                    (CONNECT_DATA=(SERVICE_NAME=GISPROD))
                )';
    

    Method-2

    vi /u01/app/oracle/product/19.0.0.0/db_1/network/admin/tnsnames.ora
      ORCLPDB =
    (DESCRIPTION =
    (ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = oracledb.example.com)(PORT = 1521)))
    (CONNECT_DATA =(SERVICE_NAME = GISPROD))
    )
    
    SQL> CREATE DATABASE LINK prodDB CONNECT TO clone_pdb IDENTIFIED BY clone_pdb using 'ORCLPDB';
    
  7. Create pluggable DB using DB link

  8. SQL> create pluggable database orclpdbnew from  orclpdb@dblink file_name_convert='/u01/app/oracle/oradata/orcl/orclpdb/','/u01/app/ oracle/oradata/orcl/orclpdbnew/');
    

Tuesday, July 25, 2023

ORA-02391: exceeded simultaneous SESSIONS_PER_USER limit

There are many ways to overcome this issue

Method 1 - Increase parameter
  1. Check Current connection count

  2. SQL> SELECT count(*) as connections,username FROM v$session where username='APP01' GROUP BY username;
    
    CONNECTIONS  USERNAME
    ------------ ---------
    500          APP01
    
  3. Check current configuration of profile

  4. SQL> col username for a12
    col profile for a19
    col limit for a12
    set lines 299
    select a.username,b.PROFILE,b.RESOURCE_NAME,b.limit from dba_users a , dba_profiles b where a.profile=b.profile and b.RESOURCE_NAME='SESSIONS_PER_USER' 
    and a.username='APP01';
    
    USERNAME     PROFILE             RESOURCE_NAME                    LIMIT
    ------------ ------------------- -------------------
    APP01     DEFAULT             SESSIONS_PER_USER                500
    
  5. Increase parameter value

  6. SQL> ALTER PROFILE DEFAULT LIMIT SESSIONS_PER_USER 600;
    
    Profile altered.
    
  7. Makesure parameter has been changed successfully

  8. SQL> col username for a12
    col profile for a19
    col limit for a12
    set lines 299
    select a.username,b.PROFILE,b.RESOURCE_NAME,b.limit from dba_users a , dba_profiles b where a.profile=b.profile and b.RESOURCE_NAME='SESSIONS_PER_USER' and a.username='APP01';
    
    USERNAME     PROFILE             RESOURCE_NAME                    LIMIT
    ------------ ------------------- --------------------
    APP01     DEFAULT             SESSIONS_PER_USER                600
    
Method 2 - Kill Idle sessions based on duration
  1. Check Current connection count

  2. SQL> SELECT count(*) as connections,username FROM v$session where username='APP01' GROUP BY username;
    
    CONNECTIONS  USERNAME
    ------------ ---------
    500          APP01
    
  3. Select Idle connection which are inactive more than 12 hours

  4. set heading off;
    select 'alter system kill session ''' || sid || ',' || serial# || ''' immediate;' from v$session where username='APP01' and status = 'INACTIVE' and last_call_et/60/60 >= 12;
  5. Kill Idle sessions from above output

  6. alter system kill session '100,35175' immediate;
    alter system kill session '1768,53954' immediate;
    alter system kill session '2129,15490' immediate;
    alter system kill session '2251,6956' immediate;
    alter system kill session '3331,17248' immediate;
    ...............
    
  7. Makesure Connection count after killed Idle sessions

  8. SQL> SELECT count(*) as connections,username FROM v$session where username='APP01' GROUP BY username;
    
    CONNECTIONS  USERNAME
    ------------ ---------
    120          APP01
    
Method 3 - Kill sessions which create connection from particular machine/program
  1. Check Current connection count

  2. SQL> SELECT count(*) as connections,username FROM v$session where username='APP01' GROUP BY username;
    
    CONNECTIONS  USERNAME
    ------------ ---------
    500          APP01
    
  3. Check hosts which make multiple sessions

  4. select machine,program,username,count(*)
    from v$session 
    group by machine,program,username
    order by 4 desc;
    
    machine  program  username  count(*)
    -------  -------  --------  --------
    e5a07b31a6e5	JDBC Thin Client	APP01	470
    demo3021132.isaaviation.net	JDBC Thin Client	APP02	185
    
  5. Kill from above output

  6. begin
    for s in(
        select *
        from v$session
        where machine = 'e5a07b31a6e5' and username = 'APP01'
    )
    loop
        begin
        execute immediate 'alter system kill session '''||s.sid||','||s.serial#||''' immediate';
        exception when others then
            null;
        end;
    end loop;
    end;
    
    
  7. Makesure Connection count after killed Idle sessions

  8. SQL> SELECT count(*) as connections,username FROM v$session where username='APP01' GROUP BY username;
    
    CONNECTIONS  USERNAME
    ------------ ---------
    120          APP01
    

Sunday, March 19, 2023

Data Guard Broker Configuration in 19c

Data Guard broker is a centralized framework to manage entire Data Guard configuration through a client connection to any database in the configuration

From Primary
  1. Enable Broker configuration parameters

  2. SQL> alter system set dg_broker_start=true;
    SQL> alter system set local_listener='(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.196.210.135)(PORT = 1521))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = smsprod_bos03)))';
  3. Add entry for data guard broker on listener.ora

  4. [oracle@bo3upsmsxodb01 ~]$ vi $ORACLE_HOME/network/admin/listener.ora
    
    LISTENER =
      (DESCRIPTION_LIST =
        (DESCRIPTION =
          (ADDRESS = (PROTOCOL = TCP)(HOST = bo3upsmsxodb01.pearsoncmg.com)(PORT = 1521))
          (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
        )
      )
    
    SID_LIST_LISTENER =
      (SID_LIST =
        (SID_DESC =
          (GLOBAL_DBNAME = smsprod_bos03_DG)
          (ORACLE_HOME = /data01/app/oracle/product/19.0.0/dbhome_1)
          (SID_NAME = smsprod)
        )
      )
    
  5. Reload listener to effective the changes

  6. [oracle@bo3upsmsxodb01 ~]$ lsnrctl reload
    
    LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 22-JAN-2023 04:28:17
    
    Copyright (c) 1991, 2022, Oracle.  All rights reserved.
    
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=bo3upsmsxodb01.pearsoncmg.com)(PORT=1521)))
    The command completed successfully
  7. Makesure service for dataguard has been initiated

  8. [oracle@bo3upsmsxodb01 ~]$ lsnrctl status
    
    LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 22-JAN-2023 04:28:22
    
    Copyright (c) 1991, 2022, Oracle.  All rights reserved.
    
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=bo3upsmsxodb01.pearsoncmg.com)(PORT=1521)))
    STATUS of the LISTENER
    ------------------------
    Alias                     LISTENER
    Version                   TNSLSNR for Linux: Version 19.0.0.0.0 - Production
    Start Date                21-JAN-2023 06:55:52
    Uptime                    0 days 21 hr. 32 min. 30 sec
    Trace Level               off
    Security                  ON: Local OS Authentication
    SNMP                      OFF
    Listener Parameter File   /data01/app/oracle/product/19.0.0/dbhome_1/network/admin/listener.ora
    Listener Log File         /data01/app/oracle/diag/tnslsnr/bo3upsmsxodb01/listener/alert/log.xml
    Listening Endpoints Summary...
      (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=bo3upsmsxodb01.pearsoncmg.com)(PORT=1521)))
      (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
    Services Summary...
    Service "smsprodXDB" has 1 instance(s).
      Instance "smsprod", status READY, has 1 handler(s) for this service...
    Service "smsprod_bos03" has 1 instance(s).
      Instance "smsprod", status READY, has 1 handler(s) for this service...
    Service "smsprod_bos03_DG" has 1 instance(s).
      Instance "smsprod", status UNKNOWN, has 1 handler(s) for this service...
    The command completed successfully

From Standby
  1. Enable Broker configuration parameters

  2. SQL> alter system set dg_broker_start=true;
    SQL> ALTER SYSTEM SET local_listener='(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.196.210.38)(PORT = 1521))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = smsprod_stby)))';
  3. Add entry for data guard broker on listener.ora

  4. [oracle@bo3upsmsxdrs01 ahussmo]$ vi $ORACLE_HOME/network/admin/listener.ora
    
    LISTENER =
      (DESCRIPTION_LIST =
        (DESCRIPTION =
          (ADDRESS = (PROTOCOL = TCP)(HOST = bo3upsmsxdrs01.pearsoncmg.com)(PORT = 1521))
          (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
        )
      )
    
    SID_LIST_LISTENER =
      (SID_LIST =
        (SID_DESC =
          (GLOBAL_DBNAME = smsprod_stby_DG)
          (ORACLE_HOME = /data01/app/oracle/product/19.0.0/dbhome_1)
          (SID_NAME = smsprod)
        )
      )
    
  5. Reload listener to effective the changes

  6. [oracle@bo3upsmsxdrs01 ahussmo]$ lsnrctl reload
    
    LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 22-JAN-2023 04:33:14
    
    Copyright (c) 1991, 2022, Oracle.  All rights reserved.
    
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=bo3upsmsxdrs01.pearsoncmg.com)(PORT=1521)))
    The command completed successfully
  7. Makesure service for dataguard has been initiated

  8. [oracle@bo3upsmsxdrs01 ahussmo]$ lsnrctl status
    
    LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 22-JAN-2023 04:33:18
    
    Copyright (c) 1991, 2022, Oracle.  All rights reserved.
    
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=bo3upsmsxdrs01.pearsoncmg.com)(PORT=1521)))
    STATUS of the LISTENER
    ------------------------
    Alias                     LISTENER
    Version                   TNSLSNR for Linux: Version 19.0.0.0.0 - Production
    Start Date                20-JAN-2023 22:33:24
    Uptime                    1 days 5 hr. 59 min. 54 sec
    Trace Level               off
    Security                  ON: Local OS Authentication
    SNMP                      OFF
    Listener Parameter File   /data01/app/oracle/product/19.0.0/dbhome_1/network/admin/listener.ora
    Listener Log File         /data01/app/oracle/diag/tnslsnr/bo3upsmsxdrs01/listener/alert/log.xml
    Listening Endpoints Summary...
      (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=bo3upsmsxdrs01.pearsoncmg.com)(PORT=1521)))
      (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
    Services Summary...
    Service "smsprod_stby" has 1 instance(s).
      Instance "smsprod", status READY, has 1 handler(s) for this service...
    Service "smsprod_stby_DG" has 1 instance(s).
      Instance "smsprod", status UNKNOWN, has 1 handler(s) for this service...
    The command completed successfully
Enable Data guard configuration
  1. Login to data guard command line interface via sys user

  2. [oracle@bo3upsmsxodb01 ~]$ dgmgrl sys/f1Nal#cak3
  3. Create new configuration

  4. DGMGRL> create configuration 'smsprod_bos03_DG_config' as primary database is 'smsprod_bos03' connect identifier is smsprod;
    Configuration "smsprod_bos03_DG_config" created with primary database "smsprod_bos03"
  5. Make sure primary configuration is available

  6. DGMGRL> show configuration;
    
    Configuration - smsprod_bos03_DG_config
    
      Protection Mode: MaxPerformance
      Members:
      smsprod_bos03 - Primary database
    
    Fast-Start Failover:  Disabled
    
    Configuration Status:
    DISABLED
  7. Reset 'LOG_ARCHIVE_DEST_n' to avoid 'ORA-16698' Errors

  8. [oracle@bo3upsmsxodb01 ~]$ sqlplus / as sysdba
    
    SQL*Plus: Release 19.0.0.0.0 - Production on Sun Jan 22 05:25:38 2023
    Version 19.15.0.0.0
    
    Copyright (c) 1982, 2022, Oracle.  All rights reserved.
    
    
    Connected to:
    Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
    Version 19.15.0.0.0
    SQL> sho parameter log_archive_dest_2;
    
    NAME                                 TYPE        VALUE
    ------------------------------------ ----------- ------------------------------
    log_archive_dest_2                   string      SERVICE=smsprod_stby NOAFFIRM ASYNC VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=smsprod_stby
    SQL> alter system set LOG_ARCHIVE_DEST_2='';
  9. Add standby database to dataguard broker

  10. DGMGRL> Add database 'smsprod_stby' as connect identifier is smsprod_stby;
    Database "smsprod_stby" added
  11. Make sure both primary and standby configurations are available

  12. DGMGRL> show configuration;
    
    Configuration - smsprod_bos03_DG_config
    
      Protection Mode: MaxPerformance
      Members:
      smsprod_bos03 - Primary database
        smsprod_stby  - Physical standby database 
    
    Fast-Start Failover:  Disabled
    
    Configuration Status:
    DISABLED
  13. Reset 'LOG_ARCHIVE_DEST_n' to valid value

  14. [oracle@bo3upsmsxodb01 ~]$ sqlplus / as sysdba
    
    SQL*Plus: Release 19.0.0.0.0 - Production on Sun Jan 22 05:25:38 2023
    Version 19.15.0.0.0
    
    Copyright (c) 1982, 2022, Oracle.  All rights reserved.
    
    
    Connected to:
    Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
    Version 19.15.0.0.0
    SQL> alter system set LOG_ARCHIVE_DEST_2='SERVICE=smsprod_stby NOAFFIRM ASYNC VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=smsprod_stby';
    
    SQL> sho parameter log_archive_dest_2;
    
    NAME                                 TYPE        VALUE
    ------------------------------------ ----------- ------------------------------
    log_archive_dest_2                   string      SERVICE=smsprod_stby NOAFFIRM ASYNC VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=smsprod_stby
  15. Enable configuration

  16. DGMGRL> enable configuration;
    
    Enabled.
  17. Verify configuration status is 'SUCCESS'

  18. DGMGRL> show configuration
    
    Configuration - smsprod_bos03_DG_config
    
      Protection Mode: MaxPerformance
      Members:
      smsprod_bos03 - Primary database
        smsprod_stby  - Physical standby database 
    
    Fast-Start Failover:  Disabled
    
    Configuration Status:
    SUCCESS   (status updated 38 seconds ago)

Thursday, March 9, 2023

Configure SSL on Oracle E-Business Suite 12.2 using Self-Signed Certificate

1. Creating wallet
  1. Surce run edition environemnt variable

  2. $ source EBSapps.env run
    
  3. Navigate to s_web_ssl_directory/Apache, If not create the the directory

  4. cd /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs
    mkdir Apache
  5. Create an Auto-Login Wallet on Apache directory

  6. cd /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs/Apache
    $ orapki wallet create -wallet ./ -auto_login_only
    
  7. Create a Certificate Request

  8. cd /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs/Apache
    $ orapki wallet add -wallet ./ -dn 'CN=devoracleebs@nsb.local' -asym_alg RSA -keysize 2048 -sign_alg sha256 -self_signed -validity 3650 -auto_login_only
    
2. Modify the Oracle HTTP Server Wallet
  1. Copy wallet into $FMW_HOME/webtier/instances/<s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default

  2. cd /finsys/DEVEGL/fs1/FMW_Home/webtier/instances/EBS_web_DEVEGL_OHS1/config/OHS/EBS_web_DEVEGL/keystores/default
    cp /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs/Apache/cwallet.sso  .
  3. Copy wallet into $EBS_DOMAIN_HOME/opmn/<s_ohs_instance_loc>/<s_ohs_component>/wallet

  4. cd /finsys/DEVEGL/fs1/FMW_Home/user_projects/domains/EBS_domain_DEVEGL/opmn/EBS_web_DEVEGL_OHS1/EBS_web_DEVEGL/wallet
    cp /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs/Apache/cwallet.sso .
  5. Copy wallet into $EBS_DOMAIN_HOME/opmn/<s_ohs_instance_loc>/wallet

  6. cd /finsys/DEVEGL/fs1/FMW_Home/user_projects/domains/EBS_domain_DEVEGL/opmn/EBS_web_DEVEGL_OHS1/wallet
    cp /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs/Apache/cwallet.sso .
  7. Copy wallet into $FMW_HOME/webtier/instances/<s_ohs_instance_loc>/config/OHS/<s_ohs_component>/proxy-wallet

  8. cd /finsys/DEVEGL/fs1/FMW_Home/webtier/instances/EBS_web_DEVEGL_OHS1/config/OHS/EBS_web_DEVEGL/proxy-wallet
    cp /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs/Apache/cwallet.sso .
  9. Copy wallet into $FMW_HOME/webtier/instances/<s_ohs_instance_loc>/config/OPMN/opmn/wallet

  10. cd /finsys/DEVEGL/fs1/FMW_Home/webtier/instances/EBS_web_DEVEGL_OHS1/config/OPMN/opmn/wallet
    cp /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs/Apache/cwallet.sso .
3. Configure Protocol and Cipher Suite for FMW Internal Communication
  1. shutdown all services

  2. ./adstpall apps/apps
  3. Edit opmn.xml from $FMW_HOME/webtier/instances/<s_ohs_instance_loc>/config/OPMN/opmn

  4. vi /finsys/DEVEGL/fs1/FMW_Home/webtier/instances/EBS_web_DEVEGL_OHS1/config/OPMN/opmn/opmn.xml
    change
    <ssl enabled="true"
         wallet-file="<path to the wallet file>"/>
    
    to
    <ssl enabled="true"
        wallet-file="/finsys/DEVEGL/fs1/FMW_Home/webtier/instances/EBS_web_DEVEGL_OHS1/config/OPMN/opmn/wallet" ssl-versions="TLSv1.0,TLSv1.1,TLSv1.2"
    ssl-ciphers="SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"/>
  5. Edit admin.conf from $FMW_HOME/webtier/instances/<s_ohs_instance_loc>/config/OHS/<s_ohs_component>

  6. vi /finsys/DEVEGL/fs1/FMW_Home/webtier/instances/EBS_web_DEVEGL_OHS1/config/OHS/EBS_web_DEVEGL/admin.conf
    change
    SSLCipherSuite SSL_RSA_WITH_RC4_128_SHA
    SSLProtocol nzos_Version_1_0 nzos_Version_3_0
    
    to
    SSLCipherSuite HIGH:MEDIUM
    SSLProtocol nzos_Version_1_0 nzos_Version_1_1 nzos_Version_1_2
4. Update the Context File and Config Files
  1. Start Application services

  2. cd $ADMIN_SCRIPT_HOME
    ./adstrtall apps/apps
  3. Login to Fusion Middlewere EM console via http://<host_name>:<port>/em

  4. http://192.168.133.10:7021/em
  5. Select web tier target under the EBS domain

  6. Navigate to Administration, then Advanced Configuration

  7. Select ssl.conf file for edit

  8. Update the Listen and the VirtualHost default port as follows

  9. change
    Listen 4463 to Listen 4443
    VirtualHost _default_:4463
    
    to
    Listen 4443
    VirtualHost _default_:4443
    change
    SSLProtocol    -all +TLSv1 +SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
    
    to
    SSLProtocol    nzos_Version_1_0 nzos_Version_1_1 nzos_Version_1_2
    SSLCipherSuite HIGH:MEDIUM
  10. Click on Apply

  11. Run following command to propagate the changes made through the FMW console to the context file

  12. $ perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE
    Enter the APPS user password:
    Enter the WebLogic AdminServer password:
    ./adstrtall apps/apps
    Review the adSyncContext.log for the changes that have been picked up and made to the context file
  13. Edit Application contex file as per below

  14. $vi $CONTEXT_FILE
    change
    <url_protocol oa_var="s_url_protocol">http</url_protocol>
    
    to
    <url_protocol oa_var="s_url_protocol">https</url_protocol>
    change
    <local_url_protocol oa_var="s_local_url_protocol">http</local_url_protocol>
    
    to
    <local_url_protocol oa_var="s_local_url_protocol">https</local_url_protocol>
    change
    <webentryurlprotocol oa_var="s_webentryurlprotocol">http</webentryurlprotocol>
    
    to
    <webentryurlprotocol oa_var="s_webentryurlprotocol">https</webentryurlprotocol>
    change
    <activewebport oa_var="s_active_webport" oa_type="DUP_PORT" base="8000" step="1" range="-1" label="Active Web Port">8020</activewebport>
    
    to
    <activewebport oa_var="s_active_webport" oa_type="DUP_PORT" base="8000" step="1" range="-1" label="Active Web Port">4443</activewebport>
    change
    <web_ssl_port oa_var="s_webssl_port" oa_type="PORT" base="4443" step="1" range="-1" label="Web SSL Port">4443</web_ssl_port>
    
    to
    <web_ssl_port oa_var="s_webssl_port" oa_type="PORT" base="4443" step="1" range="-1" label="Web SSL Port">4443</web_ssl_port>
    change
    <httpslistenparameter oa_var="s_https_listen_parameter">4443</httpslistenparameter>
    
    to
    <httpslistenparameter oa_var="s_https_listen_parameter">4443</httpslistenparameter>
    change
    <login_page oa_var="s_login_page">http://devoracleebs.nsb.local:8020/OA_HTML/AppsLogin</login_page>
    
    to
    <login_page oa_var="s_login_page">https://devoracleebs.nsb.local:4443/OA_HTML/AppsLogin</login_page>
    change
    <externURL oa_var="s_external_url">http://devoracleebs.nsb.local:8020</externURL>
    
    to
    <externURL oa_var="s_external_url">https://devoracleebs.nsb.local:4443</externURL>
5. Run Autoconfig on application tier
cd $ADMIN_SCRIPT_HOME
adautocfg.sh
6. Re-start Application tier services
cd $ADMIN_SCRIPT_HOME
./adstpall.sh apps/apps
./adstrtal.sh apps/apps
7. Access the system via following URL
https://devoracleebs.nsb.local:4443/OA_HTML/AppsLocalLogin.jsp
Enable TLS for WLS AdminServer 1. Setup a WebLogic Server Identity Keystore
  1. Surce run edition environemnt variable

  2. $ source EBSapps.env run
    
  3. set an alias for orapki in order to pickup the executable from the $FMW_HOME and not the one under the 10.1.2 home

  4. $ alias orapki=$FMW_HOME/oracle_common/bin/orapki
    
  5. Create following directories

  6. mkdir /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/wlsSSLArtifacts -p
  7. Copy wallet file into newly created directory

  8. cp /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/certs/Apache/cwallet.sso /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/wlsSSLArtifacts
  9. Copy following to newly created directory

  10. cp /finsys/DEVEGL/fs1/EBSapps/comn/util/jdk64/jre/lib/security/cacerts /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/wlsSSLArtifacts
2. Convert the Oracle Wallet to a JKS Keystore
  1. Change directory to wlsSSLArtifacts

  2. cd /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/wlsSSLArtifacts
    
  3. Run the orapki command

  4. orapki wallet pkcs12_to_jks -wallet ./ -jksKeyStoreLoc ./ewallet.jks -jksKeyStorepwd Ebs#1234
  5. The ewallet.jks file will be generate. Extract alias using following command and note down the alias

  6. keytool -list -keystore ewallet.jks -v
3. Configure SSL on WLS
  1. Take a backup of $EBS_DOMAIN_HOME/config/config.xml file

  2. Use the adstpall.sh script to stop everything on the run file system and start only admin server

  3. cd $ADMIN_SCRIPT_HOME
    adstpall.sh
    ./adadminsrvctl.sh start
  4. login to the admin console via http://192.168.133.10:7021/console

  5. In the WebLogic Server Administration console, under the Domain Configuration, click on Environment and Servers

  6. Click Lock & Edit

  7. Click on the AdminServer to configure

  8. Under the Configuration tab, click on the Keystores sub-tab

  9. Click Change next to the Keystores setting

  10. Select the Custom Identity and Custom Trust option and click Save

  11. Enter the identity details

  12. For example:
    Custom Identity Keystore: /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/wlsSSLArtifacts/ewallet.jks
    Custom Identity Keystore Type: JKS (This must be in uppercase.)
    Custom Identity Keystore Passphrase: This must match the password used from the orapki command previously in Step 2. Ebs#1234
    Confirm Custom Identity Keystore Passphrase
  13. Enter the trust information

  14. For example:
    Custom Trust Keystore: /finsys/DEVEGL/fs_ne/inst/DEVEGL_devoracleebs/wlsSSLArtifacts/cacerts
    Custom Trust Keystore Type: JKS
    Custom Trust Keystore Passphrase: Enter the cacerts keystore password. See The cacerts Certificates File, keytool. initial password is changeit
    Confirm Custom Trust Keystore Passphrase: Confirm the cacerts keystore password
  15. Click Save

  16. Click the SSL tab

  17. Enter the identity details

  18. For example:
    Private Key Alias: orakey. This would correspond to the alias extracted from the keystore previously in Step 2.
    Private Key Passphrase: This must match the password used from the orapki command previously in Step 2. Ebs#1234
    Confirm Private Key Passphrase
  19. Click Save

  20. Click the General tab

  21. Select SSL Listen Port Enabled check box

  22. Enter the SSL Listen Port

  23. Note: The SSL Listen Port base values are available through the context variable s_wls_admin_sslport. Based on the server type, you need to choose the corresponding port value for the SSL Listen Port. You need to manually calculate SSL Listen Port value. For simplicity, the default SSL Listen port value is 1 prefixed with the server default Non SSL Listen port value.
    For example, for port pool 0, the AdminServer Non SSL Listen port is 7001, so the AdminServer SSL Listen port will be 17001. 17021
  24. Click Save

  25. Select the SSL tab

  26. Select the Advanced option and then perform the following

  27. Set the Hostname Verification to Custom Hostname Verifier and the Custom Hostname Verifier field to weblogic.security.utils.SSLWLSWildcardHostnameVerifier
  28. Click Save

  29. Click Activate Changes

Post-Configuration Tasks
  1. Restart everything including the Admin and Managed Servers using the adstpall.sh and adstrtal.sh

  2. ./adstpall.sh
    ./adstrtal.sh
  3. Sync Changes to the Context File

  4. perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE
    
    following changes will be reflect in contex file.
    s_custom_trustKeyStoreFile - complete path of trust keystore
    s_wls_admin_sslEnabled - true
    s_wls_admin_sslport - AdminServer SSL port.
    In the case where these listed context variables are not already populated, restart the middle tier services and re-run the following command:
    
    $ perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE

Wednesday, February 1, 2023

Change Backup Retention Policy on Standby Database

Problem

Following error occured when try to change backup policies on standby db

RMAN> CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 5 days;

using target database control file instead of recovery catalog
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of configure command at 09/08/2022 08:08:11
RMAN-05021: this configuration cannot be changed for a BACKUP or STANDBY control file;
Solution

From Primary
  1. Change backup polices as per the requirement

  2. RMAN> CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 5 days;
    
  3. Create standby controlfile and copy to standby database

  4. SQL> alter database create standby controlfile as '/tmp/stby.ctl';
    Database altered.
    
From Standby
  1. Cancel redo apply

  2. SQL> alter database recover managed standby database cancel;
    
  3. Backup exisitng control files and replace newly copied controlfiles from primary

  4. cd /u02/oradata/PROD_STBY/controlfile
    mv control01.ctl control01.ctl_bkp
    mv control02.ctl control02.ctl_bkp
    cp /tmp/stby.ctl control01.ctl
    cp /tmp/stby.ctl control02.ctl
    
  5. Mount standby database

  6. SQL> alter database mount;
    
  7. Change standby file managemnet to manual inorder change datafiles

  8. alter system set standby_file_management='MANUAL';
    
  9. Rename the datafile names to same as standby datafiles

  10. SQL> select name from v$datafile;
    NAME
    --------------------------------------
    /u02/oradata/PROD/datafile/system01.dbf
    /u02/oradata/PROD/datafile/syaux01.dbf
    /u02/oradata/PROD/datafile/undo01.dbf
    /u02/oradata/PROD/datafile/users01.dbf
    /u02/oradata/PROD/datafile/data01.dbf
    /u02/oradata/PROD/datafile/index01.dbf
    
    alter database rename file '/u02/oradata/PROD/datafile/system01.dbf' to '/u02/oradata/PROD_STBY/datafile/system01.dbf';
    alter database rename file '/u02/oradata/PROD/datafile/syaux01.dbf' to '/u02/oradata/PROD_STBY/datafile/syaux01.dbf';
    alter database rename file '/u02/oradata/PROD/datafile/undo01.dbf' to '/u02/oradata/PROD_STBY/datafile/undo01.dbf';
    alter database rename file '/u02/oradata/PROD/datafile/users01.dbf' to '/u02/oradata/PROD_STBY/datafile/users01.dbf';
    alter database rename file '/u02/oradata/PROD/datafile/data01.dbf' to '/u02/oradata/PROD_STBY/datafile/data01.dbf';
    alter database rename file '/u02/oradata/PROD/datafile/index01.dbf' to '/u02/oradata/PROD_STBY/datafile/index01.dbf';
    
  11. Change back standby file managemnet to auto

  12. alter system set standby_file_management='AUTO';
    
  13. Start redo apply

  14. SQL> alter database recover managed standby database disconnect from session;
    

ORA-30554: function-based index is disabled

Problem

Following error occured from DB when access the table

Rejected - Error on table GPS.MAIN_PROD.
ORA-30554: function-based index GPS.FN_IDX_MAIN_PROD_1 is disabled
Solution

Check the table and index status

SQL> select object_name,object_type,owner,status from dba_objects where object_name like 'MAIN_PROD';

OBJECT_NAME  OBJECT_TYPE  OWNER   STATUS
-----------  -----------  ------- ---------
MAIN_PROD      TABLE       GPS     VALID
SQL> select object_name,object_type,owner,status from dba_objects where object_name like 'FN_IDX_MAIN_PROD_1';

OBJECT_NAME         OBJECT_TYPE  OWNER  STATUS
------------       ------------ ------ -------
FN_IDX_MAIN_PROD_1    INDEX      GPS     VALID
SQL> select owner, index_name from dba_indexes,funcidx_status where index_name like 'FN_IDX_MAIN_PROD_1';

OWNER       INDEX_NAME      STATUS   FUNCIDX_STATUS
------ ------------------- --------  --------------
 GPS    FN_IDX_MAIN_PROD_1   VALID     DISABLED

Re-build index which was disabled

SQL> alter index gps.FN_IDX_MAIN_PROD_1 rebuild;

Index altered.

Check the index status again confirm whether issue is sorted

SQL> select owner, index_name from dba_indexes,funcidx_status where index_name like 'FN_IDX_MAIN_PROD_1';

OWNER       INDEX_NAME      STATUS   FUNCIDX_STATUS
------ ------------------- --------  --------------
 GPS    FN_IDX_MAIN_PROD_1   VALID     ENABLED