Oracle Enterprise Manager Not Functional From MS Internet Explorer V7 & 8 After MS Windows Patch KB2661254

Sorry I just got around to posting this fix for at Microsoft security patch that came out in October 2012 for MS Explorer versions 7 & 8 at least.  It’s a patch that forces 512 encryption when encryption is used.  So those apps that don’t support 512 byte encryption like Oracle Enterprise Manager (OEM) 11.1 BREAK… unless without massive additional patching to OEM ugh…

Here is one relativesly easy fix (in my mind – of course you could just use Chrome – the MS patch doesn’t break that) and then the note that led me to the fix for our Oracle Enterprise Manager problem (not able to get to the URL – browser blocks it because the key is only 512 bits).

Test OEM from MS IE 8 first, if its not working, and you just applied the patch, before you make these changes to assure you need the changes to your registry.

On the client running the IE browser

You may want to backup your registry before you do this…

  • ·         Run regedit.exe
  • ·         You may want to backup your registry…
  • ·         Navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config
  • ·         Add a new DWORD for: MinRsaPubKeyBitLength  Value Decimal 512
  • ·         Add a new DWORD for: EnableWeakSignatureFlags Value Decimal 2
  • ·         Stop all running version of IE explains what needs to be done but, it is buried about 10 pages down in the note…  hint, search for MinRsaPubKeyBitLength.

What you will see is Microsoft provides a work around with 4 registry entries of which you only really need 2 of the 4.

Hope this helps, Mike


Adding / Configuring an Oracle Standby To Oracle Enterprise Manager

After adding a Data Guard Standby database node to our list of managed systems, the node showed a red arrow – and that a database shutdown or recovery is in process.

For regular database nodes you usually use the Oracle User DBSNMP – Oracle user account for agent monitoring and connect as a “NORMAL” Oracle user.

A standby database is in recovery, Oracle’s documentation does not explicitly state this (at least anywhere I can find), to monitor a standby database properly the configuration in OEM – for a standby node – should be to Oracle’s SYS user as SYSDBA type connect, NOT a NORMAL type connection.

This makes sense when you think about it, a standby database is in “managed recovery” and the only way to connect to an instance in that state is as SYS AS SYSDBA.

I initially set this up with the standard DBSNMP user and the instance status always showed  RED / and displayed an error.  To make matters worse, the username field is not editable until you change the connect type to SYSDBA (not intuitive at all) – only then can you change the username to SYS… so much for that great OEM documentation.  Even / Oracle Support doesn’t have anything on this “feature”.

So now all of our OEM standby database arrows are green… green is good…

Hope this helps, Mike