ORA-24247: Network Access Denied By Access Control List (ACL)

 

ORA-24247: Network Access Denied By Access Control List (ACL)

While sending mail using utl_mail or utl_stmp , you may get access denied error:or 

If you are trying to use oracle to invoke a web service or to connect to a smtp service and you get the following error:

begin
utl_mail.send(sender => 'admin@testuser.com’,
recipients => ‘admin@testuser.com’,
subject => ‘Test mail from user’,
message => ‘testing’);
end;
/

*
ERROR at line 1:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at “SYS.UTL_MAIL”, line 662
ORA-06512: at “SYS.UTL_MAIL”, line 679
ORA-06512: at line 2

Since Oracle 11, oracle introduced a fine grained access to network services using access control lists (ACL).

This new feature gave the DBA a better control on which user can connect to which computer

In order to solve ORA-24247 you will need to:

1) Create an acl (if it is not already created)

2) Add privileges to the user using the network resources

3) Assign the acl to a specific address

SELECT * FROM dba_network_acls;

If the computer you are trying to connect to is not listed under host, you will need to create an acl:

Solution:

From 11g onward, to send mail using UTL_MAIL or UTL_SMTP , ACL need to be created in the database.

Set the SMTP_OUT_SERVER parameter

SQL> alter system set smtp_out_server='mailhost' scope=both; 

 System altered.

Now create ACLS

Suppose the user chitrap want to send mail from procedure.

--- creating ACL as below

exec DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('test_mail.xml','Allow mail to be send', 'chitrap', TRUE, 'connect');

commit;

----Grant the connect and resource privilege as below

exec DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('test_mail.xml','chitrap',TRUE, 'connect');

exec DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('test_mail.xml','chitrap',TRUE, 'resolve');

exec DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('test_mail.xml','*',25);

commit;

Now try to send mail:

begin
utl_mail.send(sender => 'admin@testuser.com’,
recipients => ‘admin@testuser.com’,
subject => ‘Test mail from user’,
message => ‘testing’);
end;
/

PL/SQL procedure successfully completed

select acl , host , lower_port , upper_port from DBA_NETWORK_ACLS;

select acl , principal , privilege , is_grant from DBA_NETWORK_ACL_PRIVILEGES;

Drop ACL :

BEGIN

DBMS_NETWORK_ACL_ADMIN.drop_acl (

acl => 'test_mail.xml');

COMMIT;

END;

/

It is important to note that only one ACL can be assigned to any host computer. If you assign a new acl to a target the old acl gets unassigned.

Query Applied Patches in Oracle EBS 12.2

 

Query Applied Patches in Oracle EBS 12.2

In releases prior to 12.2, we used to query ad_bugs or ad_applied_patches to find out if a patch is applied or not.
In 12.2, this is no longer the right way to do it due to the implications of online patching.
For example, if you apply a patch in an online patching cycle and aborted the cycle before it is complete, the records inserted in the above two tables will not be updated or removed.

The following query helps in identifying the patches applied:

SELECT adop_session_id, bug_number, session_type, 
       DECODE(status,'N','Applied on other nodes',
                     'R','Running',
                     'H','Failed (Hard)',
                     'F','Failed (Jobs Skipped)',
                     'S','Success (Jobs Skipped)',
                     'Y','Success',
                     'C','Clone Complete') status,
       applied_file_system_base, patch_file_system_base,
       node_name, start_date, end_date, 
       ROUND((end_date - start_date) * 24*60,2) exec_time,
       adpatch_options, autoconfig_status, driver_file_name
FROM ad_adop_session_patches
WHERE session_type IN ('ADPATCH','HOTPATCH','DOWNTIME','ONLINE')
ORDER BY adop_session_id, start_date, end_date;

Session type column was restricted to the following values:

• ADPATCH: Patches applied using the traditional adpatch tool. It is used right after installing 12.2 and before online patching is enabled by applying patch 13543062.
• HOTPATCH: Patches applied in hotpatch mode (aka. no online patching cycle is involved). It should be used only when instructed by Oracle.
• DOWNTIME: Patches applied when all application services are down. Only used when instructed by Oracle, such as when applying 12.2.6 RUP.
• ONLINE: Patches applied in a normal online patching cycle. This is the recommended method.

If you want to find out which patch fixed a specific bug, you can use the following query:

SELECT b.bug_number, asp.adop_session_id, asp.bug_number patch#,
       asp.session_type, asp.applied_file_system_base,
       asp.node_name, asp.start_date, asp.end_date
FROM ad_bugs b, ad_patch_run_bugs prb, ad_patch_runs pr,
     ad_patch_drivers pd, ad_adop_session_patches asp
WHERE b.bug_id = prb.bug_id
  AND prb.patch_run_id = pr.patch_run_id
  AND pr.patch_driver_id = pd.patch_driver_id
  AND pr.patch_run_id = asp.patchrun_id
  AND prb.applied_flag = 'Y'
  AND b.bug_number = '&bug_num';

A Script to Drop Obsolete Schemas in EBS 12.2

A Script to Drop Obsolete Schemas in EBS 12.2

After successful upgrade to 12.2.x, you should drop obsolete schemas. 

The following query generates a script to facilitate that:

select 'sqlplus apps/<apps_pwd> @$AD_TOP/patch/115/sql/addropschema.sql <system_pwd> applsys ' || username drop_schema from dba_users where username in ('ABM', 'AHM', 'AMF', 'AMW', 'BIL', 'BIV', 'BIX', 'BSC', 'CSS', 'CUE', 'CUF', 'CUI', 'CUN', 'CUP', 'CUS', 'DDD', 'EAA', 'EDWREP', 'EVM', 'FEM', 'FII', 'FPT', 'FTP', 'GCS', 'HCC', 'IBA', 'IBP', 'IGF', 'IGS', 'IGW', 'IMT', 'IPD', 'ISC', 'ITA', 'JTS', 'ME', 'MST', 'OKB', 'OKI', 'OKO', 'OKR', 'OZP', 'OZS', 'PFT', 'POA', 'PSB', 'RCM', 'RHX', 'RLA', 'VEH','XNC', 'XNI', 'XNM', 'XNS', 'ZFA', 'ZPB', 'ZSA');

Oracle E-Business Suite Release 12.2 with Database 19c Documentation

 

Oracle E-Business Suite Release 12.2 with Database 19c Documentation References:

• Document 2567105.1, FAQ: Oracle E-Business Suite and the Oracle Multitenant Architecture
• Document 2552181.1, Interoperability Notes: Oracle E-Business Suite Release 12.2 with Oracle Database 19c
• Document 2530665.1, Using Oracle 19c RAC Multitenant (Single PDB) with Oracle E-Business Suite Release 12.2
• Document 2665458.1, Oracle E-Business Suite Release 12.2: Upgrading to Oracle Database 19c with Existing Physical Standby
• Document 2608028.1, Oracle E-Business Suite Release 12.2: Adding or Deleting 19c Oracle RAC Nodes
• Document 2615883.1, Using Oracle E-Business Suite Release 12.2 with a Database Tier Only Platform on Oracle 19c
• Document 396009.1, Database Initialization Parameters for Oracle E-Business Suite Release 12
• Document 2525754.1, Using UTL_FILE_DIR or Database Directories for PL/SQL File I/O in Oracle E-Business Suite Releases 12.1 and 12.2
• Document 1594274.1, Oracle E-Business Suite Release 12.2: Consolidated List of Patches and Technology Bug Fixes
• Document 1392527.1, Database Patches Required by Oracle E-Business Suite on Oracle Engineered Systems: Exadata Database Machines and SuperClusters
• Document 2683670.1, Previous Oracle Database 19c Release Update Database Patch Lists for Oracle E-Business Suite
• Document 2559570.1, Using Fast Online Conversion to Enable Transparent Data Encryption (TDE) for Oracle E-Business Suite
• Document 2554156.1, Export/Import Process for Oracle E-Business Suite Release 12.2 Database Instances Using Oracle Database 19c
• Document 2674405.1, Using Transportable Tablespaces to Migrate Oracle E-Business Suite Release 12.2 using Oracle Database 19c Enterprise Edition on a Multitenant Environment
• Document 2617787.1, Business Continuity for Oracle E-Business Suite Release 12.2 on Oracle Database 19c Using Physical Host Name
• Document  2617788.1, Business Continuity for Oracle E-Business Suite Release 12.2 on Oracle Database 19c Using Logical Host Names
• Document 2608030.1, Using Active Data Guard Reporting with Oracle E-Business Suite Release 12.2 and Database 19c
• Document 2692032.1, Deploying Oracle GoldenGate 19c to Achieve Operational Reporting for Oracle E-Business Suite Release 12 with Oracle Database 19c
• Document 2617770.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Database Vault 19c
• Document 2552208.1, Cloning Oracle E-Business Suite Release 12.2 with Multitenant Database using Rapid Clone
• Document 2670270.1, Using Oracle E-Business Suite Release 12.2 Data Masking Template with Oracle Database 19c with Oracle Enterprise Manager Cloud Control 13c
• Document 2676355.1, Getting Started with Oracle Application Management Pack (AMP) for Oracle E-Business Suite, Release 13.4.1.0.0
• Document 2045552.1, Getting Started with Oracle Application Management Pack (AMP) for Oracle E-Business Suite, Release 13.1.1.1.0

 

Troubleshooting:

• Document 2684666.1, 12.2 E-Business Technology Stack Autoconfig Performance Issue After Upgrade to 19c Database
  
• Document 2685022.1, R12 E-Business Suite Technology Stack Post 19c Upgrade, Running Autoconfig Script txkCfgUtlfileDir.pl Fails With Fatal Error In FUNCTION: main::getUtlFileDirParam ERRORMSG: Unable to read UTL_FILE_DIR parameter
• Document 2662860.1, 19c Database with Oracle E-Business Suite R12 Known Issues & Solutions

 

EBS Analyzers:

• E-Business Suite 19c Database Upgrade Analyzer (Doc ID 2704990.1)
• EBS Installation Configuration Management (ICM) Application DBA Online Patching (ADOP) Analyzer (Doc ID 2379656.1)
• E-Business Suite Upgrade Analyzer - 12.X to 12.2.X (Doc ID 2634237.1)
  

 

  Additional Documentation:

• Oracle Database 19c - What's New
• Oracle Database Upgrade Guide 19c
• Oracle Database Installation Guide 19c
• Oracle E-Business Suite Upgrade Guide Release 12.0 and 12.1 to 12.2
• Database Initialization Parameters for Oracle E-Business Suite Release 12
• Database Preparation Guidelines for an Oracle E-Business Suite Release 12.2 Upgrade
• Database Performance Tuning Guide
• Oracle Grid Infrastructure Grid Infrastructure Installation and Upgrade Guide, 19c for Linux