| Oracle® Database Vault Release Notes 10g Release 2 (10.2.0.3) for Microsoft Windows (32-Bit) Part Number B32385-02 |
|
| View PDF |
| Oracle® Database Vault Release Notes 10g Release 2 (10.2.0.3) for Microsoft Windows (32-Bit) Part Number B32385-02 |
|
| View PDF |
Release Notes
10g Release 2 (10.2.0.3) for Microsoft Windows (32-Bit)
B32385-02
December 2006
These Release Notes describe issues you may encounter with Oracle Database Vault 10g Release 2 (10.2.0.3). The Oracle Database Vault installation is covered in detail in the Oracle Database Vault Installation Guide.
This document may be updated after it is released. To check for updates to this document and to view other Oracle documentation, see the Documentation section on the Oracle Technology Network (OTN) Web site:
http://www.oracle.com/technology/documentation/
This document contains the following sections:
This section describes the known issues pertaining to installation. It also provides the workarounds that you can use.
Bug 5334101
When installing a new custom database in an existing Database Vault home using Database Configuration Assistant (DBCA), the installation fails with the following error:
ORA-00604: error occurred at recursive SQL level 1 ORA-01031: insufficient privileges ORA-06512: at "XDB.DBMS_XDB", line 73 ORA-06512: at line 319
The workaround is to disable Database Vault before installing a custom database in an existing Database Vault home. Reenable Database Vault after installing the database.
See Also:
Oracle Database Vault Administrator's Guide for more information on enabling and disabling Database Vault.Bug 5258820
Running Database Vault Configuration Assistant (DVCA) manually, after creating a new database in the Database Vault home, fails if the Oracle System Identifier (SID) for the database is longer than 8 characters.
The following steps reproduce the bug:
Use Database Configuration Assistant (DBCA) to create a new database in an existing Database Vault home.
Run DVCA on the newly created database:
C:\> ORACLE_HOME\bin\dvca -action option -oh oracle_home -jdbc_str jdbc_connection_string -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd DV_owner_account_password [-acctmgr_account DV_account_manager_account_name] [-acctmgr_passwd DV_account_manager_password] [-logfile ./dvca.log] [-silent] [-nodecrypt][-lockout] [-languages {["en"],["de"],["es"],["fr"],["it"],["ja"],["ko"],["pt_BR"],["zh_CN"],["zh_TW"]}]
See Also:
Oracle Database Vault Installation Guide for more information on running the DVCA command.The reason for the bug is that the Oracle Net service name in the tnsnames.ora (ORACLE_HOME\network\admin\tnsnames.ora) file is truncated to 8 characters.
The workaround for the bug is to change the truncated Net service name in the tnsnames.ora file to it's correct value. For example, say the SID for the database is ORACLEDB90, and the entry in tnsnames.ora appears as:
ORACLEDB = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST ....
Replace the truncated entry in the tnsnames.ora file with the correct entry:
ORACLEDB90 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST ....
Bug 5617850
DVCA fails to deploy the Database Vault Administrator application during the DEPLOY_DVA step. DVCA shows the following error:
Error executing task DEPLOY_DVA:java.io.FileNotFoundException: D:\ORACLE\PRODUCT\10.2.0\DB_1\oc4j\j2ee\OC4J_DBConsole_wptgjqa07_ORCL\config\server.xml (Specified PATH not found)
You can use the following workaround steps:
Set the ORACLE_HOME, ORACLE_SID, and PATH environment variables.
Stop the Enterprise Manager Database Control process. Use the following command:
C:\> ORACLE_HOME\bin\emctl stop dbconsole
Edit the file, ORACLE_HOME\oc4j\j2ee\OC4J_DBConsole_hostname_SID\config\server.xml. Enter the following line just before the last line that reads, </application-server>:
<application name="dva" path="ORACLE_HOME\dv\jlib\dva_webapp.ear" auto-start="true" />
For example:
<application name="dva" path="C:\oracle\product\10.2.0\db1\dv\jlib\dva_webapp.ear" auto-start="true" />
Edit the file, ORACLE_HOME\oc4j\j2ee\OC4J_DBConsole_hostname_SID\config\http-web-site.xml. Enter the following line just above the last line that reads, </web-site>:
<web-app application="dva" name="dva_webapp" root="/dva" />
Start the Enterprise Manager Database Control process. Use the following command:
C:\> ORACLE_HOME\bin\emctl start dbconsole
Bug 5590346
The Database Vault installer does not allow you to use special characters, like the underscore ( _ ) character, for the Database Vault Owner and the Database Vault Account Manager user names.
The workaround is to use only alphanumeric characters for the Database Vault Owner and Account Manager user names.
Bug 5577503
The Database Vault installer fails to install Database Vault in an existing physical standby database.
You can create a new physical standby database by using the following steps:
Install Database Vault on the primary database.
Create a physical standby database using a hot backup of the primary database. This backup should include the Oracle home.
Set up communications between the primary and the physical standby database. Redo logs communicate changes from the primary database to the standby database.
See Also:
Data Guard Concepts and Administration Guide for more information on creating a physical standby databaseBug 5623404
Enterprise Manager does not start automatically after installing Database Vault on a single instance database.
The workaround is to restart the process manually using the following commands:
C:\> ORACLE_HOME\bin\emctl stop dbconsole C:\> ORACLE_HOME\bin\emctl start dbconsole
Bug 5654876
After installing Database Vault on a Real Applications Cluster (RAC) database, and running the dvca -action optionrac command on the remote nodes, Enterprise Manager does not start automatically on the remote nodes.
See Also:
Oracle Database Vault Installation Guide for more information on running thedvca -action optionrac command.The workaround is to set the correct value for the ORACLE_SID variable in the ORACLE_HOME\bin\dvca.bat file on the remote node. The ORACLE_SID variable needs to be changed from the local node SID to the remote node SID on the remote node. You can then run DVCA on the remote node.
Alternatively, you can manually restart the dbconsole process using the following commands:
C:\> ORACLE_HOME\bin\emctl stop dbconsole
C:\> ORACLE_HOME\bin\emctl start dbconsole
Bug 5646888
The Database Vault installer returns an error message when it is run for a German Locale. The Negative Time error message is displayed.
This error occurs if some of the files accompanying the installer have a timestamp earlier than 1st January, 1970. In most cases, these files are under the Disk1\stage or Disk1\stage\properties directory. The workaround is to open and save these files again so that their timestamps are updated.
Bug 5621437
After installing Database Vault into a database, and enabling SYSDBA connections, if you try to delete the database using DBCA, the operation fails.
You can use the following workaround steps to delete a single instance database:
Make sure that the ORACLE_HOME and ORACLE_SID environment variables are set.
Deconfigure Database Control for the database using the following command:
C:\> ORACLE_HOME\bin\emca -deconfig dbcontrol db
Use SQL*Plus to connect to the database as SYSDBA. Issue the following commands:
SQL> SHUTDOWN IMMEDIATE SQL> STARTUP MOUNT RESTRICT SQL> DROP DATABASE
Note:
You should have enabledSYSDBA connections for the database. Refer to Oracle Database Vault Installation Guide for information on enabling SYSDBA connections.Quit SQL*Plus. Run the following command to delete the database:
C:\> ORACLE_HOME\bin\oradim -delete -sid SID
Manually delete the log files in the following directories:
ORACLE_HOME\cfgtoollogs\dbca\SID ORACLE_HOME\cfgtoollogs\emca\SID
Manually delete the following dat file:
ORACLE_HOME\database\hc_SID.dat
You can use the following workaround steps to delete a Real Application Clusters (RAC) database:
Make sure that the ORACLE_HOME and ORACLE_SID environment variables are set.
Deconfigure Database Control for the database using the following command:
C:\> ORACLE_HOME\bin\emca -deconfig dbcontrol db
You need to issue the preceding command on all the RAC nodes.
Remove the database from Oracle Cluster Registry (OCR). Use the following command:
srvctl remove database -d db_name
Stop the database using the following command:
C:\> ORACLE_HOME\bin\srvctl stop database -d DB_NAME -c "SYS/SYS_Password AS SYSDBA"
Use SQL*Plus to connect to the database as SYSDBA. Issue the following commands:
SQL> STARTUP NOMOUNT; SQL> ALTER SYSTEM SET CLUSTER_DATABASE=FALSE SCOPE=SPFILE; SQL> SHUTDOWN IMMEDIATE; SQL> STARTUP MOUNT RESTRICT; SQL> DROP DATABASE;
Note:
You should have enabledSYSDBA connections for the database. Refer to Oracle Database Vault Installation Guide for information on enabling SYSDBA connections.Quit SQL*Plus. Run the following command to delete the database:
C:\> ORACLE_HOME\bin\oradim -delete -sid SID
You need to issue the preceding command on all the RAC nodes.
Manually delete the log files in the following directories:
ORACLE_HOME\cfgtoollogs\dbca\DB_NAME ORACLE_HOME\cfgtoollogs\emca\DB_NAME
Note:
If the database was upgraded from an earlier version, then the files to be deleted are:ORACLE_HOME\cfgtoollogs\dbua\DB_NAME ORACLE_HOME\cfgtoollogs\emca\DB_NAME
Manually delete the following dat file:
ORACLE_HOME\database\hc_SID.dat
You need to delete the log files on all RAC nodes.
After creating a cloned RAC node, and before running DVCA (dvca -action option) manually on the cloned node, you need to set the correct values for the ORACLE_HOME and ORACLE_SID variables in the ORACLE_HOME\bin\dvca.bat file on the cloned node.
See Also:
Oracle Database Vault Installation Guide for more information on running thedvca -action option command.If you are using the lockout option with the dvca command, then to successfully lockout SYSDBA connections, you also need to add the following values to your Microsoft Windows registry under HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_ORACLE_HOME_NAME:
Table 1 Registry Values to Be Added
| Name | Type | Data |
|---|---|---|
|
For example,
|
|
For example,
|
Note:
For a Real Application Clusters (RAC) database, replace SID with instance_name, which is the SID combined with the instance_number.
For a RAC database, you need to add the registry values for all cluster nodes.
Bug 5663098
When installing Database Vault for a RAC database, the following registry entry needs to be corrected on the remote node before running DVCA (dvca -action optionrac) on the remote node:
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_ORACLE_HOME_NAME\ORA_instance_name_PWFILE
The instance_name in the remote node registry should be the database instance name for the remote node, and not the database instance name for the local node.
The value for this key should be the complete path to the password file on the remote node. For example:
C:\ORACLE\PRODUCT\10.2.0\DB_1\dbs\orapwORCL2
Bug 5679164
The Database Vault installer fails to detect the database during a silent installation. The following error is displayed:
OUI-10155:Error while setting variable s_dbSIDSelectedForUpgrade: The 10.2.0.3.0 database with the SID you have specified does not exist in the system or does not run in the Oracle Home you have specified.
The workaround is to ensure that the value specified for the s_dbSIDSelectedForUpgrade variable in the response file is in uppercase. The s_dbSIDSelectedForUpgrade variable is used to provide the system identifier (SID) of the existing 10.2.0.3 database to the Database Vault installer. You must ensure that the SID is specified in uppercase.
Bugs 5654569 and 5676283
The Database Vault installer displays the DLL Not Found error while running the Database Vault Configuration Assistant (DVCA).
The workaround for this problem is to click OK and continue with the installation. After the installation is complete, you might need to manually start the Enterprise Manager dbconsole process. Use the following command to manually start the dbconsole process:
C:\> ORACLE_HOME\bin\emctl start dbconsole
An alternative workaround is to include the following directory paths at the start of the PATH environment variable, before you start the Database Vault installation:
ORACLE_HOME\jdk\bin;ORACLE_HOME\jdk\jre\bin;
This section discusses usage issues that you may encounter with Database Vault. It also provides the workarounds for these issues.
Bug 5161953
Accounts with the DV_OWNER, DV_ADMIN, or DV_SECANALYST role cannot run the following command:
ALTER USER user QUOTA UNLIMITED ON tablespace
The workaround is to REVOKE the role from the account, run the ALTER USER command, and then GRANT back the role to the account. This works if the account is not the DV_OWNER account that was created during installation. If the account is the DV_OWNER account created during installation, then you would need to use the following steps:
Disable the Database Vault command rule for the ALTER USER command.
Run the ALTER USER command.
Re-enable the Database Vault command rule for the ALTER USER command.
Bug 5582720
Enabling a realm fails with the following error:
ORA-00942: Table or view does not exist
This might happen if you try to enable a realm on an invalid object. The workaround is to make sure that all objects protected by the realm are valid, before trying to enable the realm.
Bug 5508407
The following error is displayed when you try to update the owner or the rule set for the SELECT command rule:
Command Rule SELECT not found for schema.%
After the update has failed, you are not allowed to delete the command rule. You can use the following workaround steps:
Login to SQL*Plus using the SYSTEM account. Run the following command:
SQL>ALTER SYSTEM FLUSH SHARED_POOL;
Delete the command rule.
If you were trying to update the command rule, then re-create the command rule with the new parameters.
Repeat Step 1 for the new command rule to take effect.
This section covers some of the frequently asked questions related to Database Vault installation. Oracle Database Vault installation is covered in detail in the Oracle Database Vault Installation Guide .
The installer does not detect my existing Oracle Database Enterprise Edition 10g Release 2 (10.2.0.3) instance. What should I do?
To allow the installer to find the database instance information, you should check the following:
The database home has Oracle Enterprise Manager Console DB 10.2.0.3.0 installed.
The 10.2.0.3 database home does not have Oracle Database Vault in it.
The 10.2.0.3 database home does not contain an Automatic Storage Management (ASM) instance.
Oracle Clusterware is running. Oracle Clusterware should be running for the Database Vault installer to find the existing Real Application Clusters (RAC) databases.
I have installed Oracle Database Vault into an Oracle home that has multiple databases. How do I secure the other databases in the Oracle home?
You would need to run Database Vault Configuration Assistant (DVCA) manually on the other databases. Refer to Appendix C in the Oracle Database Vault Installation Guide for detailed instructions.
I have installed Oracle Database Vault on a Real Application Clusters (RAC) database instance. How do I secure the other nodes in the cluster?
You need to run DVCA manually on the other RAC nodes. Refer to the Oracle Database Vault Installation Guide for detailed instructions.
You can manually deploy Database Vault Administrator (DVA) to the following Oracle Application Server Containers for J2EE (OC4J) home:
ORACLE_HOME\oc4j\j2ee\home
Use the following steps to manually deploy the DVA application:
Edit the file, ORACLE_HOME\oc4j\j2ee\home\config\server.xml. Enter the following line just before the last line that reads, </application-server>:
<application name="dva" path="ORACLE_HOME\dv\jlib\dva_webapp.ear" auto-start="true" />
For example:
<application name="dva" path="C:\oracle\product\10.2.0\db1\dv\jlib\dva_webapp.ear" auto-start="true" />
Edit the file, ORACLE_HOME\oc4j\j2ee\home\config\http-web-site.xml. Enter the following line just above the last line that reads, </web-site>:
<web-app application="dva" name="dva_webapp" root="/dva" />
Edit the file, ORACLE_HOME\oc4j\j2ee\home\config\global-web-application.xml. Search for <servlet-class>oracle.jsp.runtimev2.JspServlet</servlet-class>. Uncomment the following lines after this:
<init-param> <param-name>main_mode</param-name> <param-value>justrun</param-value> </init-param>
Create the directory, ORACLE_HOME\dv\jlib\sysman\config.
Create the database connection configuration file, emoms.properties, in the configuration directory that you just created. Add the following lines to the file:
oracle.sysman.emSDK.svlt.ConsoleMode=standalone oracle.sysman.eml.mntr.emdRepRAC=FALSE oracle.sysman.eml.mntr.emdRepDBName=ORACLE_SID oracle.sysman.eml.mntr.emdRepConnectDescriptor=TNS_connection_string
Note:
oracle.sysman.eml.mntr.emdRepRAC should be set to TRUE for a Real Application Clusters (RAC) database.
For oracle.sysman.eml.mntr.emdRepConnectDescriptor, you can use an alias from ORACLE_HOME\network\admin\tnsnames.ora. Alternatively, you can use the following syntax:
oracle.sysman.eml.mntr.emdRepConnectDescriptor=(DESCRIPTION\=(ADDRESS_LIST\=(ADDRESS\=(PROTOCOL\=TCP)(HOST\=HOSTNAME)(PORT\=PORT)))(CONNECT_DATA\=(SERVICE_NAME\=ORACLE_SID)))
Start OC4J. Before starting OC4J, ensure that the correct environment variables are set. For example :
ORACLE_SID=orcl ORACLE_HOME=C:\oracle\product\10.2.0\dv LD_LIBRARY_PATH=C:\oracle\product\10.2.0\dv\BIN;C:\oracle\product\10.2.0\dv\LIB;C:\oracle\product\10.2.0\dv\jdbc\lib PATH=ORACLE_HOME\bin;ORACLE_HOME\jdk\bin;%PATH%
Note:
LD_LIBRARY_PATH must be set to use the OCI-based JDBC libraries.Start OC4J using the following syntax:
C:\> ORACLE_HOME\jdk\bin\java -Djava.awt.headless=true -DEMDROOT=ORACLE_HOME\dv\jlib -jar ORACLE_HOME\oc4j\j2ee\home\oc4j.jar -userThreads -config ORACLE_HOME\oc4j\j2ee\home\config\server.xml
You can now access the DVA application. The HTTP port defaults to 8888 for this environment. Use the following URL:
http://hostname:8888/dva
This section contains miscellaneous notes not covered in the Oracle Database Vault documentation.
The keyword SNAPSHOT is supported in place of MATERIALIZED VIEW for backward compatibility.
The JOB_QUEUE_PROCESSES initialization parameter specifies the maximum number of processes that can be created for the execution of jobs. It specifies the number of job queue processes per instance.
This parameter must have a non-zero value. The default value for JOB_QUEUE_PROCESSES is 10.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
TTY Access to Oracle Support Services
Oracle provides dedicated Text Telephone (TTY) access to Oracle Support Services within the United States of America 24 hours a day, seven days a week. For TTY support, call 800.446.2398.
Oracle Database Vault Release Notes 10g Release 2 (10.2.0.3) for Microsoft Windows (32-Bit)
B32385-02
Copyright © 2006, Oracle. All rights reserved.
The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited.
The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose.
If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the Programs, including documentation and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and we disclaim liability for any damages caused by such use of the Programs.
Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
The Programs may provide links to Web sites and access to content, products, and services from third parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites. You bear all risks associated with the use of such content. If you choose to purchase any products or services from a third party, the relationship is directly between you and the third party. Oracle is not responsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with the third party, including delivery of products or services and warranty obligations related to purchased products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party.
