Release Notes
10g Release 2 (10.2.0.5) for Linux Itanium
B32499-06
April 2013
These Release Notes describe issues you may encounter with Oracle Database Vault 10g Release 2 (10.2.0.5). The Oracle Database Vault installation is covered in detail in Oracle Database Vault Installation Guide for Linux Itanium.
This document may be updated after it is released. To check for updates to this document and to view other Oracle documentation, see the Documentation section on the Oracle Technology Network (OTN) Web site:
http://www.oracle.com/technetwork/indexes/documentation/index.html
This document contains the following sections:
This section describes the known issues pertaining to installation. It also provides the workarounds that you can use.
Bug 11783587
When you install Oracle Database Vault on SUSE Linux Enterprise Server 11, the prerequisite check may fail with an error message.
The recommended workaround is to run the Oracle Universal Installer using the ignoreSysPrereqs flag which causes the installer to skip the operating system check and continue with the installation:
./runinstaller -ignoreSysPrereqs
If you do not use the ignoreSysPrereqs flag, then you may see the following error messages:
INFO: Expected result: One of redhat-3,redhat-4,SuSE-9,asianux-1,asianux-2,redhat-5,SuSE-10 Actual Result: SuSE-11 Check complete. The overall result of this check is: Failed
Click Continue to ignore the error and proceed with the installation.
Bug 11847748
If you do not use the ignoreSysPrereqs flag when you install the 10.2.0.5 patch set, then the prerequisite check to validate the kernel version might fail.
If your system has any one of the following kernel versions (or later), the workaround is to ignore the error message and proceed with the installation.
Red Hat Enterprise Linux 4.0: 2.6.9-11.EL Red Hat Enterprise Linux 5.0: 2.6.18 SUSE Linux Enterprise Server 9: 2.6.5-7.191-pseries64 SUSE Linux Enterprise Server 10: 2.6.16 SUSE Linux Enterprise Server 11: 2.6.27
Bug 9587181
Oracle Database Vault Administrator (DVA) link does not work after an upgrade from Oracle Database Vault 10.2.0.4 to 10.2.0.5.
You can use the following workaround steps:
Set the ORACLE_HOME, ORACLE_SID, and PATH environment variables.
Stop the Oracle Enterprise Manager Database Control process. Use the following command:
$ORACLE_HOME/bin/emctl stop dbconsole
Edit the file, $ORACLE_HOME/oc4j/j2ee/OC4J_DBConsole_hostname_SID/config/server.xml. Enter the following line just before the last line that reads, </application-server>:
<application name="dva" path="$ORACLE_HOME/dv/jlib/dva_webapp.ear" auto-start="true" />
For example:
<application name="dva" path="/home/oracle/product/10.2.0/db1/dv/jlib/dva_webapp.ear" auto-start="true" />
Edit the file, $ORACLE_HOME/oc4j/j2ee/OC4J_DBConsole_hostname_SID/config/http-web-site.xml. Enter the following line just above the last line that reads, </web-site>:
<web-app application="dva" name="dva_webapp" root="/dva" />
Start the Oracle Enterprise Manager Database Control process. Use the following command:
$ORACLE_HOME/bin/emctl start dbconsole
Bug 6912225
When you install Oracle Database Vault for a database you may notice an array index out of bounds error message in the DVCA install log. The DVCA install log may contain the following error messages:
java.lang.ArrayIndexOutOfBoundsException: -1
at java.util.Vector.elementAt(Unknown Source)
at
oracle.sysman.oii.oiif.oiifp.OiifpConfigTablePanel$DetailsTextArea.scrollToTo
l(OiifpConfigTablePanel.java:1869)
at
oracle.sysman.oii.oiif.oiifp.OiifpConfigTablePanel.showDetails(OiifpConfigTal
ePanel.java:1487)
at
oracle.sysman.oii.oiif.oiifp.OiifpConfigTablePanel.rowSelected(OiifpConfigTal
ePanel.java:1554)
at oracle.ewt.grid.Grid.processRowSelectEvent(Unknown Source)
at oracle.ewt.grid.Grid.processEventImpl(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
at oracle.ewt.grid.Grid.fireRowEvent(Unknown Source)
at oracle.ewt.grid.SingleRowSelection.setRowSelected(Unknown Source)
at oracle.ewt.grid.SingleRowSelection.setCellSelected(Unknown Source)
at oracle.ewt.grid.Grid.processNewFocusCell(Unknown Source)
at oracle.ewt.grid.Grid._sendKeyToNavigator(Unknown Source)
at oracle.ewt.grid.Grid._handleKeyPressed(Unknown Source)
at oracle.ewt.grid.Grid.processKeyEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.processEventImpl(Unknown Source)
at oracle.ewt.grid.Grid.processEventImpl(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown
Source)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown
Source)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown
Source)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown
Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown
Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
You can safely ignore this error as it does not affect either the database or Oracle Database Vault functionality.
Bug 5577503
The Oracle Database Vault installer fails to install Oracle Database Vault in an existing physical standby database.
You can create a new physical standby database by using the following steps:
Install Oracle Database Vault on the primary database.
Create a physical standby database using a hot backup of the primary database. This backup should include the Oracle home.
Set up communications between the primary and the physical standby database. Redo logs communicate changes from the primary database to the standby database.
See Also:
Article ID 754065.1, titled "Installing Oracle Database Vault in a Data Guard Environment" on My Oracle Support (formerly OracleMetaLink):
Oracle Data Guard Concepts and Administration for more information on creating a physical standby database
Bug 5613521
After installing Oracle Database Vault on a database, and running the postinstallation steps on the nodes, you get an error when trying to access Oracle Enterprise Manager.
Also, when you try to check the status of dbconsole using the emctl status dbconsole command, you get a message saying that Oracle Enterprise Manager daemon is not running even though the process is running.
The workaround is to manually restart the dbconsole process using the following commands:
$ORACLE_HOME/bin/emctl stop dbconsole $ORACLE_HOME/bin/emctl start dbconsole
Bug 6630108
The SYS user cannot log in to Oracle Enterprise Manager after installing Oracle Database Vault on an Oracle database. The following error is encountered:
ORA-01031: insufficient privileges
You must regenerate the password file, using the orapwd utility, to reenable the SYS user to connect as SYSDBA. Use the following syntax to enable SYSDBA logins:
orapwd file=password_filename password=password [entries=users] force=y nosysdba=n
See Also:
Oracle Database Vault Installation Guide for Linux Itanium for more information about using theorapwd utilityBug 6630191
After you install Oracle Database Vault, the database instances and listeners on the remote nodes do not start automatically. You must start these manually.
This is expected behavior. The DVCA utility configures the local node, and starts the database instance and listener processes on the local node. You must start these processes manually on each of the remote nodes.
Bug 6658315
The following steps are used to create a cloned Oracle Database Vault instance:
Install Oracle Database Vault 10g Release 2 (10.2.0.5) in the first Oracle home.
Clone the first instance to create a second Oracle home.
Run Net Configuration Assistant (NetCA) and Oracle Database Configuration Assistant (DBCA) to configure a listener and database for the cloned instance.
Run DBCA again to configure Oracle Label Security (OLS) for the cloned instance.
Run Oracle Database Vault Configuration Assistant (DVCA) as follows:
$ORACLE_HOME/bin/dvca -action option -oh oracle_home -jdbc_str jdbc_connection_string -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd DV_owner_account_password -acctmgr_account DV_account_manager_account_name -acctmgr_passwd DV_account_manager_password -logfile ./dvca.log -nodecrypt
The following SQL statement shows that the cloned Oracle Database Vault instance contains invalid objects:
SQL> select count(*) from all_objects where status = 'INVALID';
COUNT(*)
----------
45
The workaround is to run the utlrp.sql script. This script recompiles all PL/SQL modules that might be in an invalid state, including packages, procedures, and types. Use the following commands to run the utlrp.sql script:
cd $ORACLE_HOME/rdbms/admin sqlplus SYS "AS SYSDBA" Enter password: SQL> @utlrp.sql
Bug 6140164
After you add a second node to a single-node Oracle Real Application Clusters (Oracle RAC) installation, the following error occurs when you try to configure Oracle Database Vault security for the second node:
ORA-32001: write SPFILE requested but no SPFILE specified at startup
The following steps reproduce the bug:
Install Oracle Clusterware on a 2-node cluster.
Install Oracle Database Vault on the first node.
Run the addnode.sh script on the first node to add the second node.
Configure the database listener and database instance for the second node.
Run the following ALTER SYSTEM statements on the second node:
ALTER SYSTEM SET AUDIT_SYS_OPERATIONS=TRUE SCOPE=SPFILE; ALTER SYSTEM SET OS_ROLES=FALSE SCOPE=SPFILE; ALTER SYSTEM SET RECYCLEBIN='OFF' SCOPE=SPFILE; ALTER SYSTEM SET REMOTE_LOGIN_PASSWORDFILE='EXCLUSIVE' SCOPE=SPFILE; ALTER SYSTEM SET SQL92_SECURITY=TRUE SCOPE=SPFILE; ALTER SYSTEM SET OS_AUTHENT_PREFIX='' SCOPE=SPFILE;
The workaround is to run the following steps before running the addnode.sh script in Step 3:
Note:
These steps must be run from the first node.Shut down the database.
$ORACLE_HOME/bin/srvctl stop database -d db_name
Start the database with the nomount option.
$ORACLE_HOME/bin/srvctl start database -d db_name -o nomount
Connect to the database AS SYSDBA.
sqlplus SYS "AS SYSDBA" Enter password:
Create a server parameter file (SPFILE) using the traditional initialization parameter file (PFILE). The initialization parameter file is usually located at $ORACLE_HOME/admin/db_name/pfile for Optimal Flexible Architecture compliant databases.
For example:
SQL> CREATE SPFILE='SHARED_LOCATION/spfileORACLE_SID.ora' FROM 'PFILE=ORACLE_HOME/admin/db_name/pfile/initORACLE_SID.ora'
This statement reads the text initialization parameter file to create a server parameter file. You must have the or SYSOPER system privilege to run the CREATE SPFILE statement.
Shut down the database.
$ORACLE_HOME/bin/srvctl stop database -d db_name
Clear the current contents of the initialization parameter file. Add the server parameter file location in the initialization parameter file:
SPFILE = 'SHARED_LOCATION/spfileORACLE_SID.ora'
Restart the database.
For example:
$ORACLE_HOME/bin/srvctl start database -d db_name
Bug 7506215
Oracle Database Vault installer swap space requirement test may fail in some cases even when enough swap space is available.
The swap space required for installation should not exceed 16 GB. In case the required swap space is shown as more than 16 GB, this warning can be safely ignored.
Bug 9888841
Oracle Database Vault Installation Guide for Linux Itanium includes instructions to upgrade a previous version of Oracle Database Vault to Oracle Database Vault 10.2.0.5. One of the upgrade steps requires the user to run the catmac.sql script. Oracle Database Vault installation guide advises the user to spool the output of this script into a file to look for errors.
The spooled output file may include the following errors:
ORA-01920: user name 'DVSYS' conflicts with another user or role name ORA-01920: user name 'DVF' conflicts with another user or role name SP2-0310: unable to open file catmaca.sql ORA-01952: system privileges not granted to 'DBA' ORA-00955: name is already used by an existing object ORA-02260: table can have only one primary key
You can safely ignore these error messages.
Bug 10033496
An ORA-01031: insufficient privileges error may be generated during the Lock DVSYS phase of Oracle Database Vault installation process. This may be caused by a low shared pool size.
The workaround is to increase the shared pool size to a larger value. To set the shared pool size, use the following SQL statement:
ALTER SYSTEM SET SHARED_POOL_SIZE=VALUE;
There may be invalid objects in the database after you install Oracle Database Vault.
Workaround:
Log into SQL*Plus as a user who has been granted the SYSDBA administrative privilege. For example:
sqlplus sys as sysdba
Enter password: password
In SQL*Plus, perform the following query to find invalid objects.
SELECT COUNT(*) FROM ALL_OBJECTS WHERE STATUS = 'INVALID';
If there are invalid objects, then run the utlrp.sql script, which by default is located in the $ORACLE_HOME/rdbms/admin directory, to recompile the invalid objects.
@?/rdbms/admin/utlrp.sql
If the utlrp.sql script provides any instructions, follow them, and then run the script again. If the script terminates abnormally without giving any instructions, then run it again.
Oracle Bug: 7631281
This section discusses usage issues that you may encounter with Oracle Database Vault. It also provides the workarounds for these issues.
Bug 5161953
Accounts with the DV_OWNER, DV_ADMIN, or DV_SECANALYST role cannot run the following command:
ALTER USER user QUOTA UNLIMITED ON tablespace
The workaround is to REVOKE the role from the account, run the ALTER USER command, and then GRANT back the role to the account. This works if the account is not the DV_OWNER account that was created during installation. If the account is the DV_OWNER account created during installation, then you must use the following steps:
Disable Oracle Database Vault command rule for the ALTER USER command.
Run the ALTER USER command.
Re-enable Oracle Database Vault command rule for the ALTER USER command.
This section covers some frequently asked questions related to Oracle Database Vault installation. Oracle Database Vault installation is covered in detail in Oracle Database Vault Installation Guide for Linux Itanium.
The installer does not detect my existing Oracle Database Enterprise Edition 10g Release 2 (10.2.0.5) instance. What should I do?
To allow the installer to find the database instance information, you should check the following:
The database home has Oracle Enterprise Manager Console DB 10.2.0.5.0 installed.
For an Oracle Real Application Clusters (Oracle RAC) database, ensure that Oracle Clusterware is running on all nodes.
For an Oracle Real Application Clusters (Oracle RAC) database, ensure that the srvctl utility can be run from the Oracle Clusterware home and the Oracle RAC database home.
The file inventory.xml under oraInventory/ContentsXML correctly lists the Oracle home information including the node names (for Oracle RAC).
/etc/oratab has an entry for the database. This entry is case-sensitive.
All database names listed in /etc/oratab have unique system identifier (SID) names.
The file, /etc/oraInst.loc exists.
The oraInventory location is set in the /etc/oraInst.loc file.
The oraInventory location set in /etc/oraInst.loc is the same as the 10.2.0.5 Enterprise Edition database's oraInventory location.
The 10.2.0.5 database home does not have Oracle Database Vault in it.
The 10.2.0.5 database home does not contain an Oracle Automatic Storage Management (Oracle ASM) instance.
I have installed Oracle Database Vault into an Oracle home that has multiple databases. How do I secure the other databases in the Oracle home?
You must run Oracle Database Vault Configuration Assistant (DVCA) manually on the other databases. Refer to Oracle Database Vault Installation Guide for Linux Itaniumfor detailed instructions.
I have installed Oracle Database Vault on Oracle Real Application Clusters (Oracle RAC) database instance. How do I secure the other nodes in the cluster?
You must configure Oracle Database Vault security on the other Oracle RAC nodes. Refer to Oracle Database Vault Installation Guide for Linux Itanium for detailed instructions.
This section contains miscellaneous notes not covered in the Oracle Database Vault documentation.
The keyword SNAPSHOT is supported in place of MATERIALIZED VIEW for backward compatibility.
The JOB_QUEUE_PROCESSES initialization parameter specifies the maximum number of processes that can be created for the execution of jobs. It specifies the number of job queue processes per instance.
This parameter must have a non-zero value. The default value for JOB_QUEUE_PROCESSES is 10.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Database Vault Release Notes 10g Release 2 (10.2.0.5) for Linux Itanium
B32499-06
Copyright © 2008, 2013, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.