I am currently in the process of implementing several items out of the Secure Configuration Guide for Oracle E-Business Suite Release 12 document (MOS 403537.1). As I am researching items and testing them against our development and test instances, I am running into items that were not included in the instructions that were discovered through trial and error.
We will start with adding IP restrictions to the database listener. This is not a bad idea, especially if you keep abreast and current of any new machines that would need to access your database. The instructions say this:
"Middle-tier applications include web servers, forms servers, concurrent managers, discoverer, terminal
servers, central administrator machines and any remote monitoring tool that uses SQL*Net."
You may use IP addresses or hostnames. You may also use IP addresses with wildcards, such as 1.1.1.*.
What they don't out and out specify is that this list of servers to add needs to include: the database server and your OEM server (if you use it).
Also, you must stop and start the database listener for these changes to take effect. The reload command will work as well (lsnrctl reload <LISTENER_NAME> - if you want an economy of command-line computing). A successfully restricted database listener will return an ORA-12547: TNS:lost contact message.
Showing posts with label EBS. Show all posts
Showing posts with label EBS. Show all posts
Wednesday, March 5, 2014
Tuesday, February 25, 2014
Java and Oracle Forms
Once you have logged into Oracle Applications and move to one of their Java forms, the Applications Server will check to see which version of Java you are running. If it is not the same as what the Application Server believes you should have, it will ask you to download and install the version that the Application Server has. This version is NOT updated on the Application Server when a new version of Java is released - it must be handled manually. Please see MOS 393931.1 for instructions on how to do this. They are pretty thorough.
However, if you run a shop like ours, where multiple users could possible have multiple versions of Java, and updating the Java version on the Application server is not an option, there is a fix in MOS 393931.1 that will help.
Under the Known Issues section, and then under the Forms Launch Issues heading, is the following helpful piece of information:
Here you will find the setting for your appsweb.cfg file that will tell the Application Server to not attempt to install Java if the client PC has ANY version of Java installed. Simple replace the setting as indicated in the document, and the client PCs will pick up the information the next time they attempt to access Oracle Forms.
Of course, since appsweb.cfg is a file that is rewritten by autoconfig, this setting will need to be changed in the autoconfig process in order that it be rewritten properly should you need to autoconfig your EBS instance.
This part, which is covered in MOS 387859.1, is documented well for how to actually change the setting...but not for where to FIND the file containing the setting to be changed. I guess it should have occurred to me, a relative DBA newbie, that the file required is the Context file. It didn't occur to me, so I did it the old fashioned way - I opened $ADMIN_SCRIPTS_HOME/adautocfg.sh and looked inside to find the file.
However, if you run a shop like ours, where multiple users could possible have multiple versions of Java, and updating the Java version on the Application server is not an option, there is a fix in MOS 393931.1 that will help.
Under the Known Issues section, and then under the Forms Launch Issues heading, is the following helpful piece of information:
3. Different Users run different JRE Releases from Multiple JRE Streams
Here you will find the setting for your appsweb.cfg file that will tell the Application Server to not attempt to install Java if the client PC has ANY version of Java installed. Simple replace the setting as indicated in the document, and the client PCs will pick up the information the next time they attempt to access Oracle Forms.
Of course, since appsweb.cfg is a file that is rewritten by autoconfig, this setting will need to be changed in the autoconfig process in order that it be rewritten properly should you need to autoconfig your EBS instance.
This part, which is covered in MOS 387859.1, is documented well for how to actually change the setting...but not for where to FIND the file containing the setting to be changed. I guess it should have occurred to me, a relative DBA newbie, that the file required is the Context file. It didn't occur to me, so I did it the old fashioned way - I opened $ADMIN_SCRIPTS_HOME/adautocfg.sh and looked inside to find the file.
Of course, there it was right near the top:
CTX_FILE="<$INST_TOP>/appl/admin/<SID>_<SERVER_NAME>.xml
Subscribe to:
Comments (Atom)