Skip navigation.

APPS Blogs

Mechanism level: GSSHeader did not find the right tag,Error when accessing OAM WNA resources

Online Apps DBA - Wed, 2015-07-22 01:04

Hi All,

After long gap I’m start writing blogs and I’m feeling for that.

Today I have faced login issue in WNA setup environment.

Requirement is user would need to login via WNA fallback authentication and access to the OAM WNA protected resources but it login request landed into error page “Account locked or disabled”.

From oam-server1.out logs

Note: If you are not able to see below then you should enable Kerberos trace level.

 <Jul 21, 2015 6:27:52 PM AEST> <Error> <oracle.oam.plugin> <BEA-000000> <Defective token detected (Mechanism level: GSSHeader did not find the right tag) GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)         at<init>(         at         at         at$         at         at         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)         at sun.reflect.NativeMethodAccessorImpl.invoke( Normally this issue appears to be that something different from a Kerberos or NTLM token is being sent by the Microsoft IE browser client machine.

OAM only accepts Kerberos or NTLM tokens for now.

We noticed browser was sending the following token when accessing in company network domain.

And it keeps sending this similar like “Authorization: Negotiate” string over and over.

Authorization: Negotiate




This is not a standard NTLM value, as normally when we review the headers we would expect to see either:

Authorization: Negotiate TlRMTVNTUAABAAA…. (NTLM)

Authorization: Negotiate YIIGeAYGK…(Kerberos)

then this will still not work for OAM WAN Fallback, since the token received by OAM Server is NOT an NTLM token like, but appears to be more related to a NEGOEXTS token, which the Windows 7 clients sometimes send.

So, the token was not sent correctly by the browser to OAM server.


On the UNIX host, use kinit on your user account and use klist to verify that you have a ticket to the HTTP/DOMAIN.NAME@REALM.NAME principal or not.

In our cause we have encountered below exception

kinit(v5): Client not found in Kerberos database while getting initial credentials

We have found a DNS issue for application OAM hostname. OAM VIP host name was resolving to different hostname and Keytab was created based on VIP hostname not actual hostname different and frontend host which is critical specially for creating a keytab


Re-generated the keytab for DNS resolve hostname as follow


-mapuser aurdev\srv-oam-iap1 -pass <Password> -out master.keytab -kvno 0


Copy the new keytab into <Oracle Home>/server/config/ and restart OAM server.

Hope above information helped you to get out of the issues.

The post Mechanism level: GSSHeader did not find the right tag,Error when accessing OAM WNA resources appeared first on Oracle : Design, Implement & Maintain.

Categories: APPS Blogs

Oracle Supply Chain Management Cloud

OracleApps Epicenter - Thu, 2015-07-16 06:11
Cloud = Service-based computing model providing self-service, elasticity, shared resources, and pay-as-you-go New cloud computing technologies are enabling breakthrough innovations in supply chain management (SCM) applications delivered via software as a service (SaaS) models. To help companies support their complete quote-to-cash process in the Cloud, Oracle has expanded the Oracle Supply Chain Management Cloud with […]
Categories: APPS Blogs

How to become/learn Oracle Apps DBA R12.2 : Part I

Online Apps DBA - Wed, 2015-07-15 16:10

I started this blog 9 years back with first post as How to become Oracle Apps DBA (back then it was 11i) and with 225 comments, this is still the most common question I get in mail or on this blog.

We are starting our new batch for Oracle Apps DBA training (R12.2) from August 8, 2015 and first thing we cover is Architecture of Oracle E-Business Suite.  If you are learning (getting trained) on Oracle E-Business Suite on your own then first thing you should learn is Architecture of Oracle Apps.

As shown below Oracle E-Business suite is Three Tier Architecture

a) Database Tier : With Oracle Database where data resides
b) Application Tier : With Application & Web Server where business logic resides
c) Client Tier : browser based client from where end user access application



Note: Till Oracle E-Business Suite R12.1 (prior versions include 12.0 & 11i), Application Tier uses 10g Application Server (or 9 for some versions of 11i). From Oracle E-Business Suite 12.2 onwards Application Tier is deployed on Oracle WebLogic Server as application Server.



You can get more information on Architecture of Oracle E-Business Suite in Concepts Guide or learn it from our expert team by registering to Oracle Apps DBA Training (starting on 8th August) where Day1 covers

Architecture and File System
  • Architecture of R12.2
  • Changes in Oracle Apps from previous version
  • Requirement/Hardware Sizing Guidelines
  • File System Overview
  • Benefit of New Architecture
  • File System including Changes from previous version
Architecture and File System (Lab Activity)
  • Provide one working instance of R12.2 to the Trainee with Front end and backend access
  • Get comfortable with the Terminology/File system/Environment Variables
  • Understand the Architecture via Navigation


Get 200 USD off by registering before 20th July and use code A2OFF at time of checkout (We limit seats per batch to register early to avoid disappointment).


The post How to become/learn Oracle Apps DBA R12.2 : Part I appeared first on Oracle : Design, Implement & Maintain.

Categories: APPS Blogs

Introduction to Order Management Cloud Service -Welcome to the future with Oracle

OracleApps Epicenter - Mon, 2015-07-13 10:10
In Release 10, there is a new product called Oracle Order Management Cloud Service. This is an application available on Oracle cloud as a service to enable quote to cash process flow. This Module is typically used to designed toimprove order execution across quote to cash process. It includes predefined integrations, centrally-managed orchestration policies, fulfillment […]
Categories: APPS Blogs

What is Oracle Mobile Cloud Service (MCS)?

OracleApps Epicenter - Mon, 2015-07-13 00:00
  Oracle Mobile Cloud Service MCS is a cloud-based service that provides a unified hub for developing, deploying, maintaining, monitoring, and analyzing your mobile apps and the resources that they rely on. Oracle Mobile Cloud Service provides everything you need to build out your enterprise mobile strategy using innovative, state-of-the-art tools. With Oracle Mobile Cloud […]
Categories: APPS Blogs

Oracle Integration Cloud Service

OracleApps Epicenter - Sat, 2015-07-11 07:27
Do you know , Oracle Integration Cloud Service (ICS) is a simple and powerful integration platform in the cloud to maximize the value of your investments in SaaS and on-premise applications. Oracle Integration Cloud Service lets you connect to both cloud and on-premises applications, and is fully integrated with other Oracle Cloud offerings. UNDERSTAND THE […]
Categories: APPS Blogs

About BYOE – Bring Your Own Encryption

OracleApps Epicenter - Fri, 2015-07-10 08:14
BYOE aka Bring your own encryption is a security model that gives cloud customers complete control over the encryption of their data by allowing them to deploy a visualized instance of their own encryption software in tandem with the application they are hosting in the cloud. BYOE can help an organization that wishes to take […]
Categories: APPS Blogs

Learn Oracle Apps DBA (R12) with us:Training Starts on 8th of August

Online Apps DBA - Thu, 2015-07-09 05:40
Everyone having a similar question in mind when they are freshers or are into the same field same domain for years together that which technology we should learn which should be innovative, long running, having some sort of creative touch, and my answer to all those Tech geeks or would be tech geeks is – Oracle Technologies. Oracle from last few years (will not go beyond that !!!) has developed in such a fast pace that you cannot ignore it. When there are lots of development activities goes on and Go Live of the Projects, Testing then there is one Crucial member in the Company/Team who (usually gets ignore ;-)) manages all the environment and give optimise environment to perform all those things : Apps DBA. Apps DBA is combination of Oracle DBA and Oracle Applications- Double Power. Apps DBA is the first entry towards the Big technology which oracle has developed. Oracle Application licenses are increasing every year and all these company are looking for Good Apps DBA who has understanding, knowledge and one of the most important Learning Attitude, to do experiment (of course not on PROD!!!). Who can learn Apps DBA ? Logically if I want to answer. Here is the list
  • All the Freshers, Newbies or may be who want to enter Oracle Applications Area.
  • Who is into Core DBA from years and want new technology to learn.
Apps DBA requirement is not only conceptual but practical as well. As much as you make your hands dirty your leaning grows many folds. When I was at your stage I always search for such institute or training which gives more practical stuff, real time scenarios but was not able to get it, keeping that in mind K21 Technologies is starting Apps DBA Training of R12 from 8th Aug-2015. More Practical oriented, Dedicated instance to play around, mini projects, Support. Apps DBA is a gateway to enter Oracle Technologies and you can move further with many feathers like Fusion Middleware ,Fusion Applications, SOA etc. What topics I should learn to become Apps DBA To start with you should start with Architecture, Installation, Patching, Cloning, changing Schema Password, backup & recovery. We cover this all including hands-on where you do all these using our step by step instructions on our Server. Who ever wants to learn please get enrolled soon as seats are limited. K21 focus on Quality Training with Full Money back Guarantee (If you are not happy after 2 sessions then you can ask for Full Money Back )

For further details check

The post Learn Oracle Apps DBA (R12) with us:Training Starts on 8th of August appeared first on Oracle : Design, Implement & Maintain.

Categories: APPS Blogs

Installation steps of JDK 7 for Linux for Oracle Fusion Middleware

Online Apps DBA - Sun, 2015-07-05 14:40

This post covers procedure installs the Java Development Kit (JDK) for 64-bit RPM-based Linux platforms, such as Red Hat and SuSE, using an RPM. This post is from our Oracle Fusion Middleware (FMW) or Oracle Access Manager (OAM) training where we provide dedicated machine to trainees to practice but if you need to install similar setup on your local machine (We use Oracle Virtual Box with Oracle Linux 5.5 ).

You must be login as root user to install  this installation (Assumption is that you are installing JDK on 64 bit Linux)

1. Download the JDK software from here (jdk-7u60-linux-64.rpm)


2. The installation process should be carried out with the “root” user.

su – root

when prompted for password, enter the root password.

3. Navigate to the directory where your JDK software is downloaded

cd /stage/oracle/jdk

4. Install the package  using the command : rpm -ivh <package_name>

rpm -ivh  jdk-7u60-linux-x64.rpm

Note: This step will install JDK 1.7 under /usr/java/jdk1.7.0_60

5. To verify the version of java, navigate to the directory /usr/java/jdk1.7.0_60/bin and check javac and java versions. The version should be the latest installed JDK version.

Note: JDK is default installed under the directory /usr/java/jdk1.7.0_60

cd /usr/java/jdk1.7.0_60/bin

./java -version



6. Delete the .rpm file if you want to save disk space.

7. Exit the root shell. No need to reboot.




If you are part of our training program and have not yet registered for closed Facebook Group then send request and post any technical queries.




The post Installation steps of JDK 7 for Linux for Oracle Fusion Middleware appeared first on Oracle : Design, Implement & Maintain.

Categories: APPS Blogs

WebLogic Server (FMW) : Generating Thread Dumps using OS commands

Online Apps DBA - Fri, 2015-07-03 03:33

This post is coming from our Oracle Fusion Middleware Training where we cover Oracle WebLogic Server on Day1 . One of the performance issue that commonly encountered in poorly written application (or on not so performant Fusion Middleware infrastructure) is Stuck Threads.

Stuck Threads in WebLogic Server means a thread performing the same request for a very long time and more than the configurable Stuck Thread Max Time in WebLogic .

Thread dumps are diagnosis information that is used to analyse and troubleshoot performance related issues such as server hangs, deadlocks, slow running, idle or stuck applications etc.

How to generate Thread dumps?
In this post, I will walk you through the steps to generate Thread dumps of a server using operating system (O.S.) commands.

1. Start the server from command line script (using nohup). Let us take managed server as an example for which we need to generate the thread dumps so start the server using script as shown below.
nohup ./ <Server_name> &

2. Now identify the PID (java Process ID) for the managed server using the below command:
ps auxwww | grep –i java | grep –i <server_name> (This command is for Solaris)

3. Now run the below command to create the thread dump.
kill -3 <PID>

(This will send a signal to the process whose dump we require. This signal causes the Java Virtual Machine to generate a stack trace of the process.)

This command will create thread dump in the nohup.out file (where we started the managed server)

4. Open the nohup.out file to see generated thread dumps:


The post WebLogic Server (FMW) : Generating Thread Dumps using OS commands appeared first on Oracle : Design, Implement & Maintain.

Categories: APPS Blogs

A week with Apple Watch: From Cynic to Believer

David Haimes - Wed, 2015-07-01 08:50

I had convinced myself the Apple Watch was an overpriced fitness band and that it wasn’t for me and was set to get a Garmin to track my running instead.  Then out of the blue I was given an Apple Watch.  So you can certainly put me down as a cynic, but I certainly like to think I am open minded, so here are my thoughts after a week with the watch.

The experience of getting it set up was surprisingly frustrating, I had to upgrade my phone to iOS 8 before I could activate the watch and that meant deleting things to free a few Gb of memory (to upgrade my Operating System, really?).  So everything had to wait until after I got home and backed up my phone.

First I got this rather cool visual on my watch to scan with the phone and then it was paired and I got this screen telling me the model that I had bought.  OK so I still could not get the time from this watch and I have had the thing all day, I’m getting a little impatient at this point.

watch pairingwatch pairing 2

After waiting about 5 minutes for it to synch, suddenly a load of my apps, including my email, texts, calendar, twitter fitness apps and more are available on my watch.  This is about to get interesting.

The first thing I noticed is that it is actually really easy to ready and see at a glance the notifications that are sent to your watch, such as Calendar reminders, text messages and Oracle Social Network updates (glad to see we are quick to the new platform with our own mobile apps).  This is good for me, I get a lot of these alerts and I found a glance at my wrist was much nicer than pulling out my phone and unlocking it and starting at it.  This sounds like a very small thing, but it is these small improvements in frequent interactions that make for a great user experience.  I also agree with Jeremy Ashley about the huge value in being able to retain eye contact, notifications on my watch are far less obtrusive and the glance at my wrist it is a great experience.

So I wanted to try using it for some different things so I decided to test out text messages first, a quick SMS to respond to my wife’s text ‘ETA?’ to let her know what time I am planning to get home.

My wife and I prefer very efficient communications.

My wife and I prefer very efficient communications.

So I tap once on that nice Reply button


I can now either pick from a set of pre-defined responses and they would be sent without any other interaction from me. However I like the personal touch, this is my wife after all, so I decide I will click on the microphone icon to dictate a response.  I speak in my answer and see the sound wave at the bottom and the text comes up perfectly first time.


So now I click done and get a really option to either send the audio or to just tap on the text and send that.  This is a great feature if maybe the voice to text didn’t work properly and I don’t want to waste time correcting it or speaking it again.


After tapping on the text I am now done.  The whole interaction was very fast and felt very natural.  At this point I am really starting to like the Apple Watch.  In the next few days I try driving directions, twitter, my calendar, a variety of fitness apps and more and pretty much across the board I find the interactions are natural and quick and the fact I have to pull out my phone less is a much bigger deal than I expected.  I find I can glance down at my watch see a text or meeting reminder and carry on a conversation in a way that was not really possible if I had to pull my phone out.  The one app I haven’t yet mentioned is the time, I haven’t worn a watch for over 10 years and I have realized in the last week it’s much easier to glance at my wrist than to pull out my phone – who knew?

Categories: APPS Blogs

Basics of Patching in Oracle Apps (adpatch)

Online Apps DBA - Mon, 2015-06-29 15:09


Whenever a patch request comes in the first and foremost thing which has to be done by an Oracle apps DBA is to look into existing system, if the patch exists. We can query ad_bugs.login to sqlplus with apps user and fire the below command.

SQL> select bug_number,creation_date from apps.ad_bugs where bug_number in (‘&bug_number’);


Enter the patch number and if you see any rows, it means the patch is in the system already and you can go ahead and tell the business that patch already exists. You will see something like this.

But if you see no rows returned, then you have to set the ball rolling. Now you will have to perform the patch analysis of requested patch.

The next step would be to login to Oracle support with your credentials and open the README of the patch, There would be a pre-requisite section which would state that if there is any prerequisite of this patch which has to be applied. Now if you see a prerequisite then you will have to open the REDAME of that patch and check the prerequisite of that patch and this process goes on till there is no prerequisite.

From my personal experience I would suggest to prepare a template like below to do the analysis of the patch.

Now lets understand the example given above, the main patch requested in 123456, this patch has a pre-requisite 67890 and 67890 has a pre-requisite 8585858 and this has a pre-requisite 8686868.

So to apply the main patch we have to

a) First apply 8686868 and
b) Then 8585858 and
c) Then 67890 and then the main patch.

So now you will send this analysis back to your business and you will request for the downtime. Now downtime is calculated on the basis of your experience.

I assume that you have received the confirmation from the business to apply the patch. Download the patch in your patch top directory and unzip the file. After unzipping you will see a driver file like u123456.drv. When you will run adpatch (in 12.1) from this location it will ask you the name of the driver file and you have to give u123456.drv.

Now something about file systems, There are basically two types

1)Shared file systems
2)Distributed file systems

In my environment, I have shared file system and there are multiple web nodes. So in case of shared file system patches have to be applied on one node only since it is shared file system.

So let us assume that we have 3 application nodes and Non RAC DB server and also the patch is available only in American English and there are no other languages installed on the application.

Steps for patching (EBS 12.1) would be

  • Shut down the application on all the 3 nodes by logging into each node separately.
  • From adadmin put the application into maintenance mode
  • Take the count of invalids by logging to sql plus with apps user
  • Use adpatch to apply patches to the application.


  • Again check the count of invalid objects in database and compare with pre-patch application invalid count.
  • From adadmin disable the maintenance mode
  • Start the application on all the 3 nodes

Please don’t forget that for any operation to take place in the app, DB has to be up and running.


Please note that before doing any kind of patching activity, ask the unix team to perform the backup of the file systems because we can’t roll back the patch applied using adpatch


We will discuss more about patching in my next blog. Any comments or queries then post here

Related Posts for R12 Patches
  1. Basics of Patching in Oracle Apps (adpatch)

The post Basics of Patching in Oracle Apps (adpatch) appeared first on Oracle : Design, Implement & Maintain.

Categories: APPS Blogs

OAM Training (4th July) : EBS & AD Integration : 11gR2 PS3 Launch

Online Apps DBA - Sun, 2015-06-28 01:43

We announced OAM Training on 4th of July (only 3 seats left) and since our announcement lot of you asked what integration we are going to cover.  Looking at kind of queries we received, I though its worth posting here. We are going to cover

  • Oracle E-Business Suite (R12 – 12.1) integration with Oracle Access Manager
  • Microsoft Active Directory (AD)/Windows Native Authentication (WNA) integration with Oracle Access Manager (OAM) for Zero Single Sign-On.

Register here for Oracle Access Manager Training (100 USD off if you register before 1st July, last 3 seats before we close registration)


Oracle announced OAM 11gR2 PS3 in May 2013, register here for Technical Update on OAM 11gR2 PS3.

Related Posts for Oracle Access Manager
  1. OAM Training (4th July) : EBS & AD Integration : 11gR2 PS3 Launch

The post OAM Training (4th July) : EBS & AD Integration : 11gR2 PS3 Launch appeared first on Oracle : Design, Implement & Maintain.

Categories: APPS Blogs

Moved to new/better blog Feeds via eMail

Online Apps DBA - Mon, 2015-06-22 18:21

Screen shot 2015-06-23 at 01.12.28


If you subscribed to our blog onlineAppsDBA (using RSS feed) prior to April 2015 then from today you will receive email for new posts via new/better email service provider.

Emails for new post will come from email ID contactus[@] and subject as [New Post] … and will look like image above.

Note: Ensure that you add email address contactus[@] as safe sender list.

The post Moved to new/better blog Feeds via eMail appeared first on Oracle : Design, Implement & Maintain.

Categories: APPS Blogs

Server refused public-key signature despite accepting key!

Vikram Das - Mon, 2015-06-22 11:23
A new SFTP connection was not working, even though everything looked fine:

1. Permissions were correct on directories:
chmod go-w $HOME/
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
chmod 600 $HOME/.ssh/id_rsa
chmod 644 $HOME/.ssh/
chmod 644 $HOME/.ssh/known_hosts

2. Keys were correctly placed
However, it still asked for password, whenever SFTP connection was done:
Using username "sftpuser".Authenticating with public key "rsa-key-20150214"Server refused public-key signature despite accepting key!Using keyboard-interactive authentication.Password:
I tried various things, none worked and I eventually went back to my notes for SFTP troubleshooting:
1. Correct Permissionschmod go-w $HOME/chmod 700 $HOME/.sshchmod 600 $HOME/.ssh/authorized_keyschmod 600 $HOME/.ssh/id_rsachmod 644 $HOME/.ssh/id_rsa.pubchmod 644 $HOME/.ssh/known_hosts
2. Make sure the owner:group on the directories and files is correct:
ls -ld  $HOME/ls -ld  $HOME/.sshls -ltr $HOME/.ssh
3. Login as root
chown user:group $HOME chown user:group $HOME/.sshchown user:group $HOME/.ssh/authorized_keyschown user:group $HOME/.ssh/id_rsachown user:group $HOME/.ssh/id_rsa.pubchown user:group $HOME/.ssh/known_hosts
4. Check for user entries in /etc/passwd and /etc/shadow
5. grep user /etc/shadow
When I did the 5th step, I found that /etc/shadow entry for the user didn't exist.  So I did these steps:
chmod 600 /etc/shadowvi /etc/shadowInsert this new line at the endsftpuser:UP:::::::Save Filechmod 400 /etc/shadow
It started working after that.
Categories: APPS Blogs

Quiet Release MySQL Plugin — bug fixes

Alex Gorbachev - Tue, 2012-12-11 12:30
This is just a small bug fix release of the plugin. It was actually quietly released for a while now of if you have downloaded the plugin recently, you have the latest version. To be sure — check the version in the Console or you will see it in the file name. There are two [...]
Categories: APPS Blogs

IOUG Big Data SIG — Kick-off Meeting at OOW12

Alex Gorbachev - Thu, 2012-09-27 16:47
Announcing the IOUG Big Data Special Interest Group (SIG)! We have the SIG meeting at Oracle Open World — come join us with you morning coffee. Nothing better than starting your Big morning with Big Data talks! Yes — we actually managed to get the room at this busy times at OOW thanks to IOUG. [...]
Categories: APPS Blogs

IOUG Collaborate 2013 — Call for Speakers Informational Webinar

Alex Gorbachev - Tue, 2012-09-11 04:28
As I’ve become Director of Communities for IOUG recently, I’m intimately involved in many aspects of leading IOUG community. One of the area the user group is pursuing all the time is finding the new speakers and that takes some part of convincing the community members to actually start presenting. There are many of you [...]
Categories: APPS Blogs

Oracle OpenWorld 2012 – Bloggers Meetup

Alex Gorbachev - Thu, 2012-09-06 13:40
Oracle OpenWorld 2012 is just over a month away and yes we are organizing the Annual Oracle Bloggers Meetup — one of your top favorite events of the OpenWorld. What: Oracle Bloggers Meetup 2012 When: Wed, 3-Oct-2012, 5:30pm Where: Main Dining Room, Jillian’s Billiards @ Metreon, 101 Fourth Street, San Francisco, CA 94103 (street view). [...]
Categories: APPS Blogs

Announcing MySQL Plugin for Oracle Enterprise Manager 12c Cloud Control

Alex Gorbachev - Thu, 2012-08-30 12:00
MySQL management plugin for EM 12c has been long overdue. I’ve initially migrated the older plugin to EM 12c about 6 months ago and few dozen people received this as initial beta of the plugin. It worked OK but didn’t use any of the 12c new features and its home page was a bit of [...]
Categories: APPS Blogs