Wednesday, April 27, 2011

530 5.7.0 Must issue a STARTTLS command first

530 5.7.0 Must issue a STARTTLS command first

this message is show, when SMTP mail server need SSL or TLS (Transport Layer Security) connection.


After you configure the SMTP connector to use the Transport Layer Security (TLS) protocol, a server that is running Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 cannot communicate with domains that do not use TLS. When this issue occurs, you may experience the following symptoms:


SMTP queues that contain messages are in a retry state. When you examine the status of the queues, you see the following:

"The remote SMTP service does not support TLS"

Users receive non-delivery reports (NDRs) that contain information that is similar to the following:
The recipient could not be processed because it would violate the security policy in force.

"5.7.0 SMTP: 530 5.7.0 Must issue a start TLS command first"


Cause:-
This issue occurs when you use one SMTP connector to route traffic both to domains that are TLS-configured and to domains that are not TLS-configured.



Solution:-

To resolve this issue, remove TLS encryption from the default SMTP connector, and then create a dedicated SMTP connector for TLS-encrypted traffic. To do this, follow these steps:
Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
Remove TLS encryption from the default SMTP connector. To do this:
Click Connectors, right-click the SMTP connector that you use for TLS-encrypted traffic, and then click Properties.
Click the Advanced tab, click Outbound Security, click to clear the TLS encryption check box, and then click OK two times.
Create a connector for TLS-encrypted traffic. To do this:
With the Connectors branch still selected, right-click the right pane of Exchange System Manager, point to New, and then click SMTP Connector.
In the Name box, type a descriptive name for the new connector. For example, type TLS_Dedicated_Connector.
Click Add, click the name of the SMTP virtual server that you want to use with this connector, and then click OK.
Click the Address Space tab, click Add, and then click SMTP if it is not already selected.
Make sure that the Allow messages to be relayed to these domains check box is cleared, and then click OK.
In the Internet Address Space Properties dialog box, accept the default values, and then click OK.
Click the Advanced tab, click Outbound Security, click to select the TLS encryption check box, and then click OK two times.



you can see here for details


How to test SMTP Mail Gateway From a Command Line Interface

SMTP Mail Gateway From a Command Line Interface
======================================================


Note that:- be careful when typing any command or message


1. Start a telnet session to the SMTP server's communication port.
From a command prompt on either Windows NT or Unix, type:

telnet 25

Note:-
- is the local smtp gateway name.
- 25 is the SMTP communication port


2. A telnet session should open with a response from SMTP:
response from smtp ---> 220 ukxxx1 Sendmail SMI-8.6/SMI-SVR4 ready at

note: make sure echo is on the terminal

3. Now introduce the client machine to the server by typing:
helo


If a message is returned ---> 501 helo requires domain address

Then type: ---> helo mx.gmail.com

(substitute mx.gmail.com with the local domain of the SMTP server)


4. Tell the SMTP Gateway who the test email is coming fro by typing:

-------> mail from: emailid@domain

If a message is returned ---> 501 Syntax error in return path

Then type: ---> mail from:

NOTE: Include the angle brackets around the address.

A response from smtp ---> 250 emailid@domain... Sender ok


5. Tell the SMTP Gateway who to send the test email to by typing:

--------> rcpt to: emailid@domain
or
--------> rcpt to:

A response from smtp ---> 250 emailid@domain... Recipient ok


6. Tell the SMTP Gateway what type of information is being sent by typing:
-------> data

A response from smtp ---> 354 Enter mail, end with "." on a line
by itself

7. Enter the test message and remember to close the email with a dot "."
Type ---> Subject: SMTP Test
Hello this is an smtp test for EM.
.

A response from smtp ---> 250 PAA15913 Message accepted for delivery

8. End the SMTP connection session by typing:
--------> quit
response from smtp ---> 221 ukxxx1 closing connection
The connection has been terminated.

Tuesday, April 26, 2011

ORA-29278: SMTP transient error: 421 Service not available

This error message tells that localhost, the same server where you have your Oracle database running, does not have an SMTP server up and running.

Means this error occur when SMTP SERVER IS NOT REACHABLE so it is not oracle error.
when UTL_SMTP package not able to connect SMTP server then above error will occur.

So first need to check without involving oracle we are able to connect smtp server through TELNET command

for eg:

C:\>telnet SMTP_SERVERNAME port (default port 25)




A Qestion:- do we need smtp and oracle on the same server ?
===========================================================

Answer:-
===============

No, its no need to, smtp and oracle on the same server.

You first have to check whether you are able to contact the email server without involving ORACLE.
you need just connection with SMTP server

C:\>telnet SMTP_server port
Connecting To SMTP_server Could not open connection to the host, on port 23: Connect failed

You will see the above error it means system is not able to connect smtp server that is why the above error occur.

after successfully connect to SMTP server , then try via oracle database.

Oracle Database Firewall

Oracle Database Firewall


Cost Effective Protection for Oracle and non-Oracle Databases
Oracle Database Firewall, part of Oracle's comprehensive portfolio of database security solutions, is the first line of defense for both Oracle and non-Oracle databases. It monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks - all in real time. Based on innovative SQL grammar technology that can reduce millions of SQL statement into a small number of SQL characteristics, Oracle Database Firewall offers unmatched accuracy, scalability, and performance. Enforcement of positive (white lists) and negative (black lists) security models provides protection from threats without time consuming and costly false positives. Oracle Database Firewall also enables organizations to address SOX, PCI, HIPAA/HITECH, and other regulatory requirements without changes to existing applications or databases, and demonstrate compliance with built-in customizable reports.



BENEFITS



* Flexible policy enforcement—Block, substitute, alert and pass, or log unauthorized SQL statements to your databases.
* Flexible deployments—Can be quickly deployed out-of-band or in-line with heterogeneous database environments.
* Optional host based agents—Monitor for unauthorized use of local console, keyboard or remote sessions by privileged users for regulatory compliance.
* Consolidated Safe Reporting—Heterogeneous database activity consolidated into a centralized database for reporting with option to mask sensitive information.


ORACLE AND SECERNO


Oracle has acquired Secerno, adding a heterogeneous database firewall to Oracle's industry-leading database security solutions. 'This combination will further enable customers to reduce the cost and complexity of securing their information throughout the enterprise with a protective perimeter around Oracle and non-Oracle databases.

See more here

Sunday, April 24, 2011

Network Requirements or configuration for Oracle RAC

Network Requirements or configuration for Oracle RAC
=====================================

Check that you have the networking hardware and internet protocol (IP) addresses required for an Oracle Real Application Clusters installation.

The two nodes in the cluster must be able to communicate with each other and with external clients using the TCP/IP protocol. Communication between clients and the nodes in the cluster is across the public network. Both nodes need a network adapter configured for the public network.

To enable availability and failover, a virtual IP (VIP) address is also required for each of your nodes. A VIP address can be moved between nodes in case of a failure. CRS manages the VIP addresses for you.

To support a virtual IP address, both nodes require an unused IP address that is compatible with the public network's subnet and netmask. The virtual IP address and host name should also be registered in the domain name system (DNS).

For communications between the instances running on the two nodes, a private network is required. This private network connects only the nodes in the cluster and cannot be accessed from outside the cluster. Both nodes need a separate network adapter configured for this private network.

Specifically, both nodes must meet the following public and private network requirements:

  • Support two network adapters: one for the public network interface, used for client connections, and one for the private network interfaces, used for communication between the database instances.

  • The following describes the naming restrictions for the public and private network interface names:

    • The characters used for the names are case sensitive

    • The names must not contain any multibyte language characters

    • The public and private network interface names must be different from each other

    • The name for each interface must be the same on both nodes

    • The public and private IP addresses must be on different subnets

  • The public network interface must have an IP address and host name registered in the domain name system (DNS)

  • Each private network interface must have a private IP address and may, optionally, have a private host name. Oracle recommends that you use private network IP addresses for these interfaces, for example: 10.*.*.* or 192.168.*.*. You can use the %SystemRoot%\system32\drivers\etc\hosts file on both nodes to associate private host names with private IP addresses.

For example, in a two node cluster, you might have the following host names and IP addresses:

Host Name Type IP Address Registered In
rac1.mydomain.com Public 143.46.43.100

DNS
rac2.mydomain.com Public 143.46.43.101

DNS
rac1-vip.mydomain.com Virtual 143.46.43.104

DNS
rac2-vip.mydomain.com Virtual 143.46.43.105

DNS
rac1-priv Private 10.0.0.1

%SystemRoot%\system32\
drivers\etc\hosts
rac2-priv Private 10.0.0.2

%SystemRoot%\system32\
drivers\etc\hosts

As you perform the following steps, you may wish to add your own values to the preceding table for easy reference when completing the installation dialogs.

To configure or determine the IP addresses associated with your cluster nodes, perform the following steps:

  1. Determine the IP addresses and names for the two public and two virtual IP addresses that you will be using. These names and IP addresses should be registered with your DNS. You will also need to know the IP address of your DNS server during the installation: you may want to add it to the values that you record in the preceding table.

  2. If your nodes already contain network adapters with IP addresses, you can retrieve the public addresses by entering the ipconfig command in a Command window.

  3. If necessary, install the network adapters for the public and private networks and configure one of them with a private IP address and the other with the public IP address. For a node using Windows 2000, for example, complete the following procedure to assign IP address information to each network adapter:

    1. Navigate to Start > Settings > Control Panel > Network and Dial-up Connections > Local Area Connection > Properties

    2. Double-click Internet Protocol (TCP/IP)

    3. Click Use the following IP address and enter the required IP address components. Also specify your DNS server IP address.

    4. Click OK on each intermediate open window and Close on the main Local Area Connection Status window to complete the task.

  4. If you need to change a network interface name, follow these steps:

    1. Navigate to Start > Settings > Control Panel > Network and Dial-up Connections

    2. Right click the icon of the network interface for which you need to change the name

    3. Select Rename

    4. Enter and save the new name

  5. On both nodes, edit the %SystemRoot%\system32\drivers\etc\hosts file to add an entry for each of the private IP addresses. Because the private IP addresses are not accessible on the public network, you do not need to register them with your DNS. The following example uses the values from the preceding table, you should substitute your own values if they are different:

    10.0.0.1     rac1-priv
    10.0.0.2 rac2-priv

  6. From a Command window on one node, execute a ping command, using the IP address or alias name for the other node's private IP address, and another ping command for its public IP address. Repeat this process from a Command window on the other node.

    If any of the ping commands fail to receive a reply, there is a configuration problem that must be resolved before you proceed.

OS Watcher (OSW)

What is OS watcher
============

OS Watcher (OSW) is a collection of UNIX shell scripts intended to collect and archive operating system and network metrics to aid support in diagnosing performance issues.

for windows download from here

for unix/linux/solaries


Description
==========

OSW consists of a series of shell scripts. OSWatcher.sh is the main controlling executive, which spawns individual shell processes to collect specific kinds of data, using Unix operating system diagnostic utilities. Control is passed to individually spawned operating system data collector processes, which in turn collect specific data, timestamp the data output, and append the data to pre-generated and named files. Each data collector will have its own file, created and named by the File Manager process.

Data collection intervals are configurable by the user, but will be uniform for all data collector processes for a single instance of the OSW tool. For example, if OSW is configured to collect data once per minute, each spawned data collector process will generate output for its respective metric, write data to its corresponding data file, then sleep for one minute (or other configured interval) and repeat. Because we are collecting data every minute, the files generated by each spawned processes will contain 60 entries, one for each minute during the previous hour. Each file will contain, at most, one hour of data. At the end of each hour, File Manager will wake up and copy the existing current hour file to an archive location, then create a new current hour file.

The File Manager ensures only the last N hours of information are retained, where N is a configurable integer defaulting to 48. File Manager will wake up once per hour to delete files older than N hours. At any time, the entire output file set will consist of one current hour file, plus N archive files for each data collector process.

stopOSW.sh will terminate all processes associated with OSW, and is the normal, graceful mechanism for stopping the tool's operation.

OSW invokes these distinct operating system utilities, each as a distinct background process, as data collectors. These utilities will be supported, or their equivalents, as available for each supported target platform.

  • ps
  • top
  • mpstat
  • iostat
  • netstat
  • traceroute
  • vmstat
(OSW is certified to run on AIX, Tru64, Solaris, HP-UX, and Linux.)

Active Session History (ASH) in oracle

Befor 10g database, we would STATPAK report but after 10g it is better to use ACTIVE SESSION HISTORY report.

What is Active session :-
--------------------------
Any session that is connected to the database and is waiting for an event that does not belong to the Idle wait class is considered as an active session. This includes any session that was on the CPU at the time of sampling.

Active sessions are sampled every second and are stored in a circular buffer in SGA.
As part of the Automatic Workload Repository (AWR) snapshots, the content of V$ACTIVE_SESSION_HISTORY is also flushed to disk. Because the content of this V$ view can get quite large during heavy system activity, only a portion of the session samples is written to disk.

Using the Active Session History enables you to examine and perform detailed analysis on both current data in the V$ACTIVE_SESSION_HISTORY view and historical data in the DBA_HIST_ACTIVE_SESS_HISTORY view .

the following are stayed in this ASH report

  • SQL identifier of SQL statement
  • Object number, file number, and block number
  • Wait event identifier and parameters
  • Session identifier and session serial number
  • Module and action name
  • Client identifier of the session
  • Service hash identifier

How to Run ASH report from SQLPLUS
===========================
connect with sys user then run

SQL> @oracle_home/RDBMS/admin/ashrpt.sql (for single node database)

SQL> @oracle_home/RDBMS/admin/ashrpti.sql (for RAC database)

after execution... pass the parameter as a requirement basis .

STARTUP ERRORS ora-00824 cannot set sga_target with statistics_level=BASIC

STARTUP ERRORS ora-00824 cannot set sga_target with statistics_level=BASIC
===================================================

This will happen, when your statistics_level parameter is set to BASIC but you define SGA_TARGET in oracle database 10g

SQL> startup
ORA-00824: cannot set sga_target due to existing internal settings, see alert log for more information

in alert log you can find this

Cannot set sga_target with statistics_level=BASIC

solution:-
change either one of these value of statistics_level to TYPICAL or SGA_TARGET =0

UNIX Tools for Operating Statistics

UNIX Tools for Operating Statistics
Component UNIX Tool

CPU

sar, vmstat, mpstat, iostat

Memory

sar, vmstat

Disk

sar, iostat

Network

netstat

Unable to generate ASH report due to error ORA-01722

Unable to generate ASH report due to error ORA-01722
======================================


When attempting to generate ASH report with "ashrpti.sql" or "ashrpt.sql",
it failed with ORA-01722.


Solution :
==========

Manually set DEFINE ON before executing ashrpt.sql

SQL> set define on
SQL> @$ORACLE_HOME/rdbms/admin/ashrpt.sql

DEBUG: Replaying xcb, DEBUG: Restoring block headers for xcb, DEBUG: Finished replay for xcb

DEBUG: Replaying xcb
DEBUG: Restoring block headers for xcb
DEBUG: Finished replay for xcb
=====================================


Today, The following messages appear in the alert.log (oRACLE DATABASE 10.2.0.4 ):


Sun Apr 24 09:35:27 2011
DEBUG: Replaying xcb 0x903a9df68
Reconstructing Uhdr 0x34017f9 for xcb 0x903a9df68
Doing block recovery for file 13 block 6137
Block recovery from logseq 84873
Sun Apr 24 09:35:44 2011
DEBUG: Replaying xcb 0xd036ba400
Sun Apr 24 09:35:58 2011
Reconstructing Uhdr 0x2401929 for xcb 0xd036ba400
Doing block recovery for file 9 block 6441
Block recovery from logseq 84873
Sun Apr 24 09:35:59 2011
Recovery of Online Redo Log: Thread 1 Group 2 Seq 84873 Reading mem 0
Mem# 0: /d01/oracle/oradata/stlbas/redo02.log
Sun Apr 24 09:35:59 2011
Recovery of Online Redo Log: Thread 1 Group 2 Seq 84873 Reading mem 0
Mem# 0: /d01/oracle/oradata/stlbas/redo02.log
Block recovery completed at rba 84873.228401.16
DEBUG: Restoring block headers for xcb 0xd036ba400
DEBUG: Finished replay for xcb 0xd036ba400
Sun Apr 24 09:35:59 2011
Block recovery completed at rba 84873.227428.16
DEBUG: Restoring block headers for xcb 0x903a9df68
DEBUG: Finished replay for xcb 0x903a9df68
Sun Apr 24 09:39:43 2011
Timed out trying to start process P636.
Sun Apr 24 09:48:24 2011


---------------*****------------------------------


After Diagnosis the message, I found that,

If you see messages like "DEBUG: ..." without having activated Event 30047, then you have possibly encountered this bug.

This is a oracle bug, Bug no 7433585 .


The messages can be ignored. They are written unconditionally during restore and recover of a block online when replaying a transaction.

Or, you can use the following workaround:

set _in_memory_undo=false in the init.ora

Be advised this parameter may have a performance impact so test before implementing.

There are currently no patches available for this problem. It will be fixed in 11.2