6 Postinstallation Configuration Tasks

This chapter identifies postinstallation configuration tasks. Where appropriate, this chapter references other guides for procedures on performing these configuration tasks.

This chapter contains these topics:

About NTFS File System and Windows Registry Permissions
Patch Set Information
Validating Invalid PL/SQL Modules
Individual Component Postinstallation Configuration Tasks

About NTFS File System and Windows Registry Permissions

Oracle Corporation recommends that you configure Oracle database files, directories, and registry settings to allow only authorized database administrators (DBAs) to have full control. If you created a database using Database Configuration Assistant or upgraded a database using Oracle Database Upgrade Assistant, then no further action is required.

This section describes the permissions automatically set by Oracle Universal Installer, Database Configuration Assistant, and Oracle Database Upgrade Assistant and the steps to set these permissions manually.

This section contains these topics:

File Permissions
Setting NTFS File System Security
Setting Windows Registry Security

See Also:
Your Windows documentation for more information about modifying NTFS file system and Windows registry settings

File Permissions

Beginning with this release, Oracle Universal Installer, Database Configuration Assistant, and Database Upgrade Assistant set file permissions when Oracle software is installed or upgraded.

This section contains these topics:

File Permissions Set by Oracle Universal Installer
File Permissions Set by Database Configuration Assistant
File Permissions Set by Database Upgrade Assistant

File Permissions Set by Oracle Universal Installer

During Oracle9i installation, by default Oracle Universal Installer installs software in \ORACLE_BASE\ORACLE_HOME.

Oracle Universal Installer sets the following permissions to this directory, and all files and directories under this directory:

Administrators - Full Control
System - Full Control

Authenticated Users - Read, Execute and List Contents

Important:

If these accounts already exist and possess more restrictive permissions, then the most restrictive permissions are retained. If accounts other than Administrators, System, and Authenticated Users already exist, then the permissions for these accounts are removed.

File Permissions Set by Database Configuration Assistant

During database configuration, Database Configuration Assistant installs files and directories in the following default locations:

Administration files in directories under \ORACLE_BASE\admin\database_name

where database_name is the database name or SID.
Database files in directories under \ORACLE_BASE\oradata\database_name
REDO Log files and Control files in \ORACLE_BASE\oradata\database_name
SPFILESID.ORA file under the directory \ORACLE_BASE\ORACLE_HOME\database

Database Configuration Assistant sets the following permissions to these directories, and all files and directories under this directory:

Administrators - Full Control

System - Full Control

Important:

If these accounts already exist and possess more restrictive permissions, then the most restrictive permissions are retained. If accounts other than Administrators and System already exist, then the permissions for these accounts are removed.

File Permissions Set by Database Upgrade Assistant

When an older version (7.3.4, 8.0.6, 8.1.7, 9.0.1) of the database is upgraded to Oracle9i release 2 (9.2), Database Upgrade Assistant installs software in the following directories:

Administration files in directories under \ORACLE_BASE\admin\database_name

where database_name is the database name or SID.
Database files in directories under \ORACLE_BASE\oradata\database_name
REDO Log files and Control files in \ORACLE_BASE\oradata\database_name
SPFILESID.ORA file under the directory \ORACLE_BASE\ORACLE_HOME\database

Database Upgrade Assistant sets the following permissions to these directories, and all files and directories under this directory:

Administrators - Full Control

System - Full Control

Important:

Setting NTFS File System Security

To ensure that only authorized users have full file system permissions:

Go to Windows Explorer.

Set the following permissions for each directory or file:

Directory	Group and Permissions
`\ORACLE_BASE\ORACLE_HOME`	`Administrators` - Full Control `System` - Full Control `Authenticated` `Users` - Read, Execute and List Contents
`\ORACLE_BASE\admin\database_name` `\ORACLE_BASE\oradata\database_name` `\ORACLE_BASE\oradata\database_name` `\ORACLE_BASE\ORACLE_HOME\database\spfileSID.ora`	`Administrators` - Full Control `System` - Full Control

Note:

The Oracle9i database uses the Windows LocalSystem built-in security account. Therefore, file permissions must be granted to the System account of the local computer running the Oracle9i database.

See Also:

Your Windows online help for more information about how to modify NTFS file system and Windows registry settings

Setting Windows Registry Security

Oracle Corporation recommends that you remove write permissions from users who are not Oracle9i DBAs or system administrators in HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE of the Windows registry.

To remove write permissions:

Open the registry.
Go to HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE.
Select Permissions from the Security main menu.

The Registry Key Permissions dialog box appears.
Remove write permissions from any users who are not Oracle9i DBAs or system administrators. Note that the SYSTEM account must have Full Control, since this is the account with which the Oracle9i database runs.
Ensure that user accounts that must run Oracle applications have read privileges.
Choose OK.
Exit the registry.

Patch Set Information

An Oracle database installation always installs the base release, for example, Oracle9i release 1 (9.0.1.1.0). Oracle Corporation recommends installing the latest patch set release after successful installation of the base release.

Current patch set information is available at

https://metalink.oracle.com

You must register online before using OracleMetaLink. After logging into OracleMetaLink, select Patches from the left-hand column.

To find and download patches:

Find the latest patch set.

To find the latest patch set for Oracle9i, enter the values defined in Table 6-1 and then select Submit.

Table 6-1 Patch Set Information

Field	Value
Product Family	Oracle Server
Release	Select the highest release available for the base release you installed.
Platform	MS Windows NT/2000 Server
Limit Search to	Latest Product Patch sets or Minipacks

From the list of selected patches, select a patch to download.

Note that patch sets for Oracle databases are identified as "x.x.x PATCH SET FOR ORACLE DATA SERVER."
Review the README before proceeding with the download.

The README contains installation requirements and instructions.
Download and install the patch.

Validating Invalid PL/SQL Modules

When the Oracle9i database is created through the Enterprise Edition, Standard Edition, or Personal Edition installation type, the utlrp.sql script is automatically run. However, when an Oracle9i database is created through the Custom installation type, this script is not automatically run. Oracle Corporation recommends running the utlrp.sql script after creating, upgrading, or migrating a database. This script recompiles all PL/SQL modules that may be in an INVALID state, including packages, procedures, types, and so on. This step is optional, but recommended so that the cost of recompilation is incurred during the installation rather than in the future.

Note:

There should be no other data definition language (DDL) statements running on the database while the script is running, and packages STANDARD and DBMS_STANDARD must already be valid.

Start SQL*Plus:

C:\> sqlplus
Connect to the database with the SYS account:

SQL> CONNECT SYS/PASSWORD AS SYSDBA

where PASSWORD is CHANGE_ON_INSTALL by default, unless you changed it after installation.
Start the database (if necessary):

SQL> STARTUP
Run the utlrp.sql script:

SQL> @ORACLE_BASE\ORACLE_HOME\rdbms\admin\utlrp.sql

Individual Component Postinstallation Configuration Tasks

Some individual components require postinstallation configuration tasks. The following sections list configuration requirements and the sections or documents referenced for specific configuration procedures.

Management Pack for Oracle Applications
Messaging Gateway
Oracle Advanced Security
Oracle Administration Assistant for Windows NT
Oracle Enterprise Manager
Oracle Enterprise Manager Web Site
Oracle HTTP Server
Oracle interMedia and Oracle Spatial
Oracle Internet Directory
Oracle OLAP API
Oracle Performance Monitor for Windows NT
Oracle Real Application Clusters
Oracle Services for Microsoft Transaction Server
Oracle Workflow
Oracle XML DB
PL/SQL External Procedures
Pro*COBOL
Shared Server Support
Oracle Net Services

Management Pack for Oracle Applications

After installation is complete, you have additional configuration tasks to perform before using the Management Pack for Oracle Applications.

See Also:

Getting Started with the Oracle Management Pack for Oracle Applications

Messaging Gateway

Messaging Gateway, an Oracle9i Advanced Queuing feature, requires additional configuration.

See Also:

"Setting Up Messaging Gateway" of Oracle9i Application Developer's Guide - Advanced Queuing

Oracle Administration Assistant for Windows NT

This tool requires the Microsoft Management Console (the latest version available is recommended) and HTML Help 1.2 or higher to run. Microsoft Management Console is included with Windows 2000, but must be manually installed if you are using Windows NT 4.0.

See Also:

Microsoft documentation
Visit http://www.microsoft.com/

Oracle Advanced Security

Authentication, encryption, integrity support, and enterprise user security require configuration.

See Also:

Oracle Advanced Security Administrator's Guide

Oracle Enterprise Manager

There are two situations where postinstallation configuration is required:

Case 1: If you installed Oracle Management Server through the Oracle9i Database installation type and you want to start Oracle Enterprise Manager by logging into that Management Server, then you must start Oracle Enterprise Manager Configuration Assistant after installation to configure the Oracle Management Server to use a repository and to create its service.

Case 2: If you installed Oracle Management Server and you want to upgrade an existing release 2.x repository to a release 2 (9.2) repository, then you must start Oracle Enterprise Manager Configuration Assistant to upgrade the repository.

See Also:

"Configuring and Controlling the Management Server" of Oracle Enterprise Manager Configuration Guide

Oracle Enterprise Manager Web Site

Before you can use Oracle Enterprise Manager Web Site, you must complete postinstallation configuration steps.

See Also:

"Running Enterprise Manager Console from a Web Browser" in Oracle Enterprise Manager Configuration Guide

Oracle HTTP Server

You can start, stop, and verify the status of Oracle HTTP Server.

See Also:

Oracle Enterprise Manager Configuration Guide
"Managing HTTP Servers" in Oracle Enterprise Manager Administrator's Guide

Oracle interMedia and Oracle Spatial

These components are automatically configured when installed during the same installation as the Oracle9i database.

If you installed these components during a separate installation from the Oracle9i database or if you manually copied Oracle7 listener.ora and tnsnames.ora files into your Oracle9i network directory, manual configuration tasks need to be performed.

See Also:

"Postinstallation Configuration Tasks" of Oracle9i Database Administrator's Guide for Windows for procedures

Oracle Internet Directory

This section contains these topics:

Post-Upgrade Tasks
UNIX Emulation Utility

Post-Upgrade Tasks

Perform the following post-upgrade tasks for Oracle Internet Directory:

Job Queue Processes Parameter in init.ora File
Default Subscriber Configuration

Job Queue Processes Parameter in init.ora File Set the Job Queue Process parameter in the init.ora file of the database to the following values:

For single-node, set the parameter to at least 1.
For multi-node, set the parameter to (Number of nodes - 1)

Default Subscriber Configuration The following information needs to be added to the root Oracle Context in the entry identified by the following DN, "cn=Common, cn=Products, %RootOracleContextDN%". By default, the RootOracleContextDN is "cn=OracleContext".

Table 6-2 lists the attributes in the Root Oracle Context.

Table 6-2 Attributes in the Root Oracle Context

Attribute Description

Attribute	Description
Subscriber Search Base (`orclSubscriberSearchBase`)	This attribute identifies the node in the Directory Information Tree (DIT) under which all subscribers are placed.
Subscriber Nick Name Attribute (`orclSubscriberNickNameAttribute`)	This attribute identifies the nickname attribute to be used when searching for a subscriber under the subscriber search base.
Default Subscriber (`orclDefaultSubscriber`)	This attribute identifies the root of your organization (same as the value specified in the Upgrading Subscriber screen of OiD Configuration Assistant.

Subscriber Search Base (orclSubscriberSearchBase)

This attribute identifies the node in the Directory Information Tree (DIT) under which all subscribers are placed.

Subscriber Nick Name Attribute (orclSubscriberNickNameAttribute)

This attribute identifies the nickname attribute to be used when searching for a subscriber under the subscriber search base.

Default Subscriber

(orclDefaultSubscriber)

This attribute identifies the root of your organization (same as the value specified in the Upgrading Subscriber screen of OiD Configuration Assistant.

The following information needs to be added in the subscriber-specific Oracle Context in the entry identified by the following DN, "cn=Common, cn=Products, cn=oracleContext, subscriber DN".

Table 6-3 lists the attributes in the Default Subscriber Oracle Context.

Table 6-3 Attributes in the Default Subscriber Oracle Context

Attribute Description

Attribute	Description
User Search Base (`orclCommonUserBase`)	This attribute identifies the node in the DIT under which all users are placed. During the upgrade, this attribute value is set to the `subscriber` `DN` value. Note: If this attribute is not set, then the password policy under the Root Oracle Context will be applied.
User Nick Name Attribute (`orclCommonNickNameAttribute`)	This attribute identifies the nickname attribute to be used when searching for a user under the user search base.
Group Search Base (`orclCommonGroupSearchBase`)	This attribute identifies the node in the DIT under which all groups are placed.

User Search Base (orclCommonUserBase)

This attribute identifies the node in the DIT under which all users are placed. During the upgrade, this attribute value is set to the subscriber DN value.

Note: If this attribute is not set, then the password policy under the Root Oracle Context will be applied.

User Nick Name Attribute (orclCommonNickNameAttribute)

This attribute identifies the nickname attribute to be used when searching for a user under the user search base.

Group Search Base (orclCommonGroupSearchBase)

This attribute identifies the node in the DIT under which all groups are placed.

Note:

You can update these attributes by using Oracle Directory Manager.

See Also:

Oracle Internet Directory Administrator's Guide for more information about these attributes

Password Policy Configuration If the password policy exists in the earlier release of Oracle Internet Directory (located under DN "cn=pwdpolicyentry, cn=Oracle Internet Directory"), then this policy will be applied to both the Root Oracle Context and the default Subscriber Oracle Context. The original DN containing the policy "cn=pwdpolicyentry, cn=Oracle Internet Directory" will be removed from the earlier release. Otherwise, the default password policy is set up as part of the Subscriber Oracle Context creation. By default, the password policy for the default subscriber is set to the following values:

User passwords expire in 60 days (pwdmaxage=5184000).
Accounts are locked out after 10 successive failed login attempts (pwdlockout=1 and pwdmaxfailure=10).
Password syntax checking is enabled and a minimum length of user password is five characters (pwdchecksyntax=1 and pwdinlength=5).

User passwords must contain at least one numeric value (orclpwdalphanumberic=1)

Note:

You can find the above attribute values in the "cn=PwdPolicyEntry, cn=Common, cn=Products, cn=oracleContext, <subscriber DN>".

The password policy under Root Oracle Context applies to all entries under the root DSE. However, it does not apply to entries under Root Oracle Context.

See Also:

Oracle Internet Directory Administrator's Guide for more information on how to change the default password policy.

If the upgraded Oracle Internet Directory is integrating with other Oracle components, appropriate access control policies will need to be set up to grant necessary privileges to the Oracle components.

User Data Upgrade

You must do this if you choose to do the user data upgrade as a postinstallation step.

Password Conversions The password format in Oracle Internet Directory release 9.2 is base-64. The older passwords stored in hexadecimal must be converted. To perform the conversion, follow these steps:

Use the command below to perform an ldapsearch to output all the encrypted user passwords to a file. In this case, ORACLE_HOME/ldap/install/pwdin.ldif is used as the output file.

ORACLE_HOME/bin/ldapsearch -L -h OID host_name -p OID Non-SSL port -D
OID Super User DN -w OID Super User Password -b "" -s sub "objectclass=*"
dn userpassword > $OH/ldap/install/pwdin.ldif

Issue the command below to use the passwordconvert tool to convert the user passwords in ORACLE_HOME/ldap/install/pwdin.ldif and output them to ORACLE_HOME/ldap/install/pwdout.ldif.
```
ORACLE_HOME/bin/passwordconvert -m hex2base64 -f modify
ORACLE_HOME/ldap/install/pwdin.ldif ORACLE_HOME/ldap/install/pwdout.ldif
```

Issue the command below to use ldapmodify to upload the BASE-64 encoded user passwords in

$ORACLE_HOME/ldap/install/pwdout.ldif back into Oracle Internet Directory.

ORACLE_HOME/bin/ldapmodify -h OID host_name -p OID Non-SSL port -D
OID Super User DN -w OID Super User Password > -f
ORACLE_HOME/ldap/install/pwdout.ldif

UNIX Emulation Utility

You must download a UNIX emulation utility for Windows to run Oracle Internet Directory shell script tools on Windows (BULKLOAD.SH, BULKDELETE.SH, BULKMODIFY.SH, CATALOG.SH, and LDAPREPL.SH). Two certified third-party software vendors provide this utility:

Cygnus (open source)

http://sources.redhat.com/cygwin/
MKS Toolkit (commercially available)

http://www.mkssoftware.com/products/

See Also:
Oracle Internet Directory Administrator's Guide

Oracle Net Services

Oracle Net Configuration Assistant is a tool that assists you in configuring your Oracle network.

If you installed Oracle Net Services, Oracle Net Configuration Assistant automatically guided you through network configuration of client computers and Oracle9i database servers.

You can also configure your Oracle network after installation with the Oracle Net Configuration Assistant and Oracle Net Manager tools.

See Also:

Oracle9i Net Services Administrator's Guide and the online help available with both tools
"Configuring Your Network" for a discussion of available configuration choices

Oracle OLAP API

Before writing Java programs that use the OLAP API, you must make the files accessible in your Java development environment.

See Also:

"Setting Up the Development Environment" of Oracle9i OLAP Developer's Guide to the OLAP API

Oracle Performance Monitor for Windows NT

Before using Oracle Performance Monitor for Windows NT to view Oracle-specific counters, you must specify the SYSTEM password using OperfCfg.exe located in the ORACLE_BASE\ORACLE_HOME\bin directory.

To set the SYSTEM password, enter the following:

C:\> operfcfg.exe -U SYSTEM -P password [-D database_name]

See Also:

Oracle9i Database Getting Started for Windows and Oracle9i Database Administrator's Guide for Windows for additional information about Oracle Performance Monitor for Windows NT

Oracle Real Application Clusters

Postinstallation configuration procedures must be performed to enable high availability and Oracle Enterprise Manager functionality.

See Also:

Oracle9i Real Application Clusters Setup and Configuration

Oracle Services for Microsoft Transaction Server

For Windows NT installations, if you did not install the Microsoft Management Console (MMC) before installing Oracle9i, then you must manually start the OracleMTSRecoveryService service and change its status to Automatic.

Perform the following tasks before using Oracle Services for Microsoft Transaction Server:

Create the Microsoft Transaction Server administrator account
Schedule a database server-level transaction recovery job

See Also:
"Managing Recovery Scenarios" of Oracle Services for Microsoft Transaction Server Developer's Guide

Oracle Workflow

You must perform a number of configuration tasks, including:

Editing the init.ora parameter file
Installing and configuring a Web server
Verifying your base URL
Setting up the Oracle Workflow Monitor and HTML help
See Also:

Oracle Workflow Server Installation Notes

Oracle Workflow Client Installation Notes

Oracle Workflow Guide

Oracle XML DB

Refer to Oracle9i XML Database Developer's Guide - Oracle XML DB for more information on the following tasks:

Re-installation of Oracle XML DB
Configuring or customizing the Oracle XML DB tablespace
Configuring FTP, HTTP/WebDAV port numbers

See Also:
Appendix A of Oracle9i XML Database Developer's Guide - Oracle XML DB

PL/SQL External Procedures

Configuration is dependent on the network configuration files used. In nearly all cases, configuration is automatic. However, if you are using pre-8.0.3 tnsnames.ora and listener.ora files with your release 2 (9.2) database, manual configuration is required.

See Also:

"Developing Applications" of Oracle9i Database Getting Started for Windows

Pro*COBOL

Pro*COBOL supports specific compilers.

See Also:

"Introducing Pro*COBOL" of Pro*COBOL Precompiler Getting Started for Windows

Shared Server Support

Configuration is dependent on how support was installed. If you installed the Oracle9i database through the Enterprise Edition, Standard Edition, or Personal Edition installation types, shared support was not configured. If you created your Oracle9i database through Database Configuration Assistant, you were offered a choice of shared or dedicated server support.

See Also:

"Postinstallation Configuration Tasks" of Oracle9i Database Administrator's Guide for Windows
Chapter 3, "Selecting Database Creation and Oracle Net Services Configuration Methods"