W HIT E

P AP E R

Using Encrypted Passwords with the Enterprise Oracle Agent v4.x

INTRODUCTION
Beginning with the Enterprise Oracle Agent 4.0 release, detailed monitoring and listener passwords are no longer stored in the VERITAS Cluster Server (VCS) configuration file as plain text. An overview of the necessary steps to encrypt existing passwords is discussed in agent users guide, http://support.veritas.com/docs/265404 , but that document does not provide examples. This document will provide two detailed examples of encrypting a listener password, also covering a listener password encrypted by Oracles lsnrctl utility, which must again be encrypted by the vcsencrypt utility before storing the final string in the VCS configuration.

ORACLE LSNRCTL PASSWORD MANAGEMENT: ENCRYPTED VS. CLEAR TEXT

An Oracle listener can be configured in several ways: No password Encrypted password stored in listener.ora Clear text password stored in listener.ora Here is my $ORACLE_HOME/network/admin/listener.ora file before configuring any listener passwords:
\---------------------------| E1.veritas.com$ cat listener.ora | CLEARTXT = | (DESCRIPTION = | (ADDRESS = (PROTOCOL = TCP)(HOST = e1.veritas.com)(PORT = 1528)) | ) | | ENCRYPTED = | (DESCRIPTION = | (ADDRESS = (PROTOCOL = TCP)(HOST = e1.veritas.com)(PORT = 1529)) | ) | E1.veritas.com$ | E1.veritas.com$ cp listener.ora listener.ora.no_passwords # saving the original | E1.veritas.com$ /----------------------------

W HIT E

P AP E R

Starting and stopping the CLEARTXT as well as ENCRYPTED listeners currently requires no password:
\---------------------------| E1.veritas.com$ lsnrctl start CLEARTXT | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 11:31:46 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Starting /u00/oracle/product/9.2.0/bin/tnslsnr: please wait... | | TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | System parameter file is /u00/oracle/product/9.2.0/network/admin/listener.ora | Log messages written to /u00/oracle/product/9.2.0/network/log/cleartxt.log | Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1528))) | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1528))) | STATUS of the LISTENER | -----------------------| Alias CLEARTXT | Version TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | Start Date 08-SEP-2005 11:31:47 | Uptime 0 days 0 hr. 0 min. 0 sec | Trace Level off | Security OFF | SNMP OFF | Listener Parameter File /u00/oracle/product/9.2.0/network/admin/listener.ora | Listener Log File /u00/oracle/product/9.2.0/network/log/cleartxt.log | Listening Endpoints Summary... | (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1528))) | The listener supports no services | The command completed successfully | E1.veritas.com$ /---------------------------\---------------------------| E1.veritas.com$ lsnrctl start ENCRYPTED | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 11:31:55 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Starting /u00/oracle/product/9.2.0/bin/tnslsnr: please wait... | | TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | System parameter file is /u00/oracle/product/9.2.0/network/admin/listener.ora | Log messages written to /u00/oracle/product/9.2.0/network/log/encrypted.log | Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1529))) | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | STATUS of the LISTENER | -----------------------| Alias ENCRYPTED | Version TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | Start Date 08-SEP-2005 11:31:55 | Uptime 0 days 0 hr. 0 min. 0 sec | Trace Level off | Security OFF | SNMP OFF | Listener Parameter File /u00/oracle/product/9.2.0/network/admin/listener.ora | Listener Log File /u00/oracle/product/9.2.0/network/log/encrypted.log | Listening Endpoints Summary... | (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1529))) | The listener supports no services | The command completed successfully | E1.veritas.com$ /----------------------------

W HIT E

P AP E R

\---------------------------| E1.veritas.com$ lsnrctl stop ENCRYPTED | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 11:32:19 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | The command completed successfully | E1.veritas.com$ /---------------------------\---------------------------| E1.veritas.com$ lsnrctl stop CLEARTXT | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 11:32:25 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1528))) | The command completed successfully | E1.veritas.com$ /----------------------------

Now, lets start the ENCRYPTED listener and setup a password:

\---------------------------| E1.veritas.com$ lsnrctl start ENCRYPTED | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 11:35:44 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Starting /u00/oracle/product/9.2.0/bin/tnslsnr: please wait... | | TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | System parameter file is /u00/oracle/product/9.2.0/network/admin/listener.ora | Log messages written to /u00/oracle/product/9.2.0/network/log/encrypted.log | Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1529))) | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | STATUS of the LISTENER | -----------------------| Alias ENCRYPTED | Version TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | Start Date 08-SEP-2005 11:35:44 | Uptime 0 days 0 hr. 0 min. 0 sec | Trace Level off | Security OFF | SNMP OFF | Listener Parameter File /u00/oracle/product/9.2.0/network/admin/listener.ora | Listener Log File /u00/oracle/product/9.2.0/network/log/encrypted.log | Listening Endpoints Summary... | (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1529))) | The listener supports no services | The command completed successfully | E1.veritas.com$ | E1.veritas.com$ lsnrctl | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 11:35:55 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Welcome to LSNRCTL, type "help" for information. | | LSNRCTL> set current_listener ENCRYPTED

W HIT E

P AP E R

| Current Listener is ENCRYPTED | LSNRCTL> set save_config_on_stop on | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | ENCRYPTED parameter "save_config_on_stop" set to ON | The command completed successfully | LSNRCTL> change_password | Old password: <- just hit enter | New password: <- lsnrpwd | Reenter new password: <- lsnrpwd | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | Password changed for ENCRYPTED | The command completed successfully | LSNRCTL> /----------------------------

Now, lets try to stop the ENCRYPTED listener:

\---------------------------| LSNRCTL> stop | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | TNS-01169: The listener has not recognized the password | LSNRCTL> /----------------------------

That failed because we configured a password with change_password, but did not set the required session level password with set password. Lets try to use set password by specifying the password directly on the same line (which will fail), then we will enter the same password interactively (which will work):
\---------------------------| LSNRCTL> set password lsnrpwd | The command completed successfully | LSNRCTL> | LSNRCTL> | LSNRCTL> stop | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | TNS-01169: The listener has not recognized the password | LSNRCTL> set password | Password: <- lsnrpwd | The command completed successfully | LSNRCTL> | LSNRCTL> | LSNRCTL> stop | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | The command completed successfully | LSNRCTL> | LSNRCTL> exit | E1.veritas.com$ /----------------------------

Examining the changes made to our listener.ora file, we see the password was stored in an encrypted format:
\---------------------------| E1.veritas.com$ diff listener.ora listener.ora.no_passwords | 21,25d20 | < | < #----ADDED BY TNSLSNR 08-SEP-2005 11:37:10--| < SAVE_CONFIG_ON_STOP_ENCRYPTED = ON | < PASSWORDS_ENCRYPTED = CF20C8417F556C6E | < #-------------------------------------------| E1.veritas.com$ /----------------------------

W HIT E

P AP E R

Now, lets setup a password for the CLEARTXT listener, which must be done by manually editing the listener.ora:
\---------------------------| E1.veritas.com$ cp listener.ora listener.ora.encrypted_passwd_set_ONLY | E1.veritas.com$ vi listener.ora | E1.veritas.com$ diff listener.ora listener.ora.encrypted_passwd_set_ONLY | 26,27d25 | < | < PASSWORDS_CLEARTXT = (lsnrpwd) | E1.veritas.com$ | E1.veritas.com$ lsnrctl start CLEARTXT | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 11:42:11 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Starting /u00/oracle/product/9.2.0/bin/tnslsnr: please wait... | | TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | System parameter file is /u00/oracle/product/9.2.0/network/admin/listener.ora | Log messages written to /u00/oracle/product/9.2.0/network/log/cleartxt.log | Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1528))) | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1528))) | STATUS of the LISTENER | -----------------------| Alias CLEARTXT | Version TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | Start Date 08-SEP-2005 11:42:11 | Uptime 0 days 0 hr. 0 min. 0 sec | Trace Level off | Security ON | SNMP OFF | Listener Parameter File /u00/oracle/product/9.2.0/network/admin/listener.ora | Listener Log File /u00/oracle/product/9.2.0/network/log/cleartxt.log | Listening Endpoints Summary... | (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1528))) | The listener supports no services | The command completed successfully | E1.veritas.com$ /----------------------------

Now, lets try to stop the CLEARTXT listener:

\---------------------------| E1.veritas.com$ lsnrctl | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 11:42:22 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Welcome to LSNRCTL, type "help" for information. | | LSNRCTL> set current_listener CLEARTXT | Current Listener is CLEARTXT | LSNRCTL> | LSNRCTL> | LSNRCTL> stop | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1528))) | TNS-01169: The listener has not recognized the password | LSNRCTL> | LSNRCTL> | LSNRCTL> set password lsnrpwd | The command completed successfully | LSNRCTL> | LSNRCTL>

W HIT E

P AP E R

| LSNRCTL> stop | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1528))) | The command completed successfully | LSNRCTL> | LSNRCTL> | LSNRCTL> exit | E1.veritas.com$ /----------------------------

Providing the password on the same line with set password worked because the password is stored in the listener.ora file as clear text. Now, lets try the ENCRYPTED listener once more:
\---------------------------| E1.veritas.com$ lsnrctl | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 12:29:37 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Welcome to LSNRCTL, type "help" for information. | | LSNRCTL> set current_listener ENCRYPTED | Current Listener is ENCRYPTED | LSNRCTL> start | Starting /u00/oracle/product/9.2.0/bin/tnslsnr: please wait... | | TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | System parameter file is /u00/oracle/product/9.2.0/network/admin/listener.ora | Log messages written to /u00/oracle/product/9.2.0/network/log/encrypted.log | Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1529))) | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | STATUS of the LISTENER | -----------------------| Alias ENCRYPTED | Version TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | Start Date 08-SEP-2005 13:11:41 | Uptime 0 days 0 hr. 0 min. 0 sec | Trace Level off | Security ON | SNMP OFF | Listener Parameter File /u00/oracle/product/9.2.0/network/admin/listener.ora | Listener Log File /u00/oracle/product/9.2.0/network/log/encrypted.log | Listening Endpoints Summary... | (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1529))) | The listener supports no services | The command completed successfully | LSNRCTL> /----------------------------

As discussed above, attempting to use the clear text version of the password on the same line with set password will not work, but if we use the encrypted version from the listener.ora file, it works:
\---------------------------| LSNRCTL> | LSNRCTL> set password lsnrpwd | The command completed successfully | LSNRCTL> | LSNRCTL> | LSNRCTL> stop | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | TNS-01169: The listener has not recognized the password | LSNRCTL>

W HIT E

P AP E R

| LSNRCTL> | LSNRCTL> set password CF20C8417F556C6E <- this came from listener.ora | The command completed successfully | LSNRCTL> | LSNRCTL> | LSNRCTL> stop | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | The command completed successfully | LSNRCTL> exit | E1.veritas.com$ /----------------------------

So, to summarize the above exercises for an encrypted listener password: If you specify the clear text password on the same line as "set password" it does NOT work. If you type "set password" hit enter, then enter clear text password interactively, it works (see example at top of file) If you specify the encrypted version on the same line, it works. Because the VCS agent specifies the string on the same line, we must vcsencrypt the Oracle encrypted version, which is covered in the next section.

ADDING LISTENERS TO VCS

As discussed in the agent users guide, http://support.veritas.com/docs/265404 , we must first encrypt the password string prior to adding the resources into VCS, even if the string was already Oracle encrypted:
\---------------------------| [E1.veritas.com]# /opt/VRTSvcs/bin/vcsencrypt -agent lsnrpwd ; echo | AMMoDMoOCoAOhME | [E1.veritas.com]# /opt/VRTSvcs/bin/vcsencrypt -agent CF20C8417F556C6E ; echo | emhMkkGkeMhkMkiKfkLmkKjkJkkMhkKmj | [E1.veritas.com]# | [E1.veritas.com]# | [E1.veritas.com]# haconf -dump -makero | [E1.veritas.com]# hastop -all -force | [E1.veritas.com]# vi /etc/VRTSvcs/conf/config/main.cf | ... | group listener_tests ( | SystemList = { E1 = 0 } | ) | | Netlsnr cleartxt_listener ( | Owner = oracle | Home = "/u00/oracle/product/9.2.0" | TnsAdmin = "/u00/oracle/product/9.2.0/network/admin" | Listener = CLEARTXT | LsnrPwd = "AMMoDMoOCoAOhME" | MonScript = "./bin/Netlsnr/LsnrTest.pl" | ) | | Netlsnr encrypted_listener ( | Owner = oracle | Home = "/u00/oracle/product/9.2.0" | TnsAdmin = "/u00/oracle/product/9.2.0/network/admin" | Listener = ENCRYPTED | LsnrPwd = "emhMkkGkeMhkMkiKfkLmkKjkJkkMhkKmj" | MonScript = "./bin/Netlsnr/LsnrTest.pl" | ) | [E1.veritas.com]# | [E1.veritas.com]# hacf -verify /etc/VRTSvcs/conf/config/ ;echo $? | 0 | [E1.veritas.com]# /----------------------------

W HIT E

P AP E R

The Oracle encrypted version of the password must be provided when vcsencrypting the string for the ENCRYPTED listener. This is necessary, because the LsnrTest.pl script specifies the password on the same line with the set password command. The easy way to remember: encrypt the string stored in the listener.ora file. Even if the string is encrypted by Oracle, we still need to vcsencrypt the string, so we may pass the password on the same line with the set password command in lsnrctl.

SUMMARY
The agent users guide (http://support.veritas.com/docs/265404), provides a detailed overview of configuring the Oracle and Netlsnr agents, but does not include examples. When accompanied by this document, re-encrypting the Oracle listener password that was already encrypted by Oracle hopefully should be less confusing. Please do not hesitate to contact Symantec, formerly VERITAS, Support if we may be of any assistance.

APPENDIX: LOGS FROM ONLINE & OFFLINE OF EXAMPLE VCS RESOURCES

In conclusion, here is engine log and shell output from testing online/offline of the test group referenced above:
\---------------------------| [E1.veritas.com]# tail -0f /var/VRTSvcs/log/engine_A.log & | [1] 24841 | [E1.veritas.com]# | [E1.veritas.com]# hastatus -sum | | -- SYSTEM STATE | -- System State Frozen | | A E1 RUNNING 0 | A E3 RUNNING 0 | | -- GROUP STATE | -- Group System Probed AutoDisabled State | | B ClusterService E1 Y N ONLINE | B ClusterService E3 Y N OFFLINE | B VxSS E1 Y N ONLINE | B VxSS E3 Y N ONLINE | B cvm E1 Y N ONLINE | B cvm E3 Y N ONLINE | B fastt_test E1 Y N OFFLINE | B fastt_test E3 Y N OFFLINE | B listener_tests E1 Y N OFFLINE | [E1.veritas.com]# | | [E1.veritas.com]# hagrp -online listener_tests -sys E1 | [E1.veritas.com]# 2005/09/08 13:30:30 VCS INFO V-16-1-50135 User root fired command: hagrp -online listener_tests E1 from localhost | 2005/09/08 13:30:30 VCS NOTICE V-16-1-10166 Initiating manual online of group listener_tests on system E1 | 2005/09/08 13:30:30 VCS NOTICE V-16-1-10233 Clearing Restart attribute for group listener_tests on all nodes | 2005/09/08 13:30:30 VCS NOTICE V-16-1-10301 Initiating Online of Resource cleartxt_listener (Owner: unknown, Group: listener_tests) on System E1 | 2005/09/08 13:30:30 VCS NOTICE V-16-1-10301 Initiating Online of Resource encrypted_listener (Owner: unknown, Group: listener_tests) on System E1 | 2005/09/08 13:30:32 VCS NOTICE V-16-20002-40 (E1) Netlsnr:cleartxt_listener:online:lsnrctl returned the following output | +--------------------------------------------------------------------+ | LD_LIBRARY_PATH - /usr/lib: | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 13:30:31 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. |

W HIT E

P AP E R

| Starting /u00/oracle/product/9.2.0/bin/tnslsnr: please wait... | | TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | System parameter file is /u00/oracle/product/9.2.0/network/admin/listener.ora | Log messages written to /u00/oracle/product/9.2.0/network/log/cleartxt.log | Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1528))) | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1528))) | STATUS of the LISTENER | -----------------------| Alias CLEARTXT | Version TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | Start Date 08-SEP-2005 13:30:32 | Uptime 0 days 0 hr. 0 min. 0 sec | Trace Level off | Security ON | SNMP OFF | Listener Parameter File /u00/oracle/product/9.2.0/network/admin/listener.ora | Listener Log File /u00/oracle/product/9.2.0/network/log/cleartxt.log | Listening Endpoints Summary... | (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1528))) | The listener supports no services | The command completed successfully | +====================================================================+ | 2005/09/08 13:30:32 VCS NOTICE V-16-20002-40 (E1) Netlsnr:encrypted_listener:online:lsnrctl returned the following output | +--------------------------------------------------------------------+ | LD_LIBRARY_PATH - /usr/lib: | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 13:30:31 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Starting /u00/oracle/product/9.2.0/bin/tnslsnr: please wait... | | TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | System parameter file is /u00/oracle/product/9.2.0/network/admin/listener.ora | Log messages written to /u00/oracle/product/9.2.0/network/log/encrypted.log | Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1529))) | | Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | STATUS of the LISTENER | -----------------------| Alias ENCRYPTED | Version TNSLSNR for Solaris: Version 9.2.0.6.0 - Production | Start Date 08-SEP-2005 13:30:32 | Uptime 0 days 0 hr. 0 min. 0 sec | Trace Level off | Security ON | SNMP OFF | Listener Parameter File /u00/oracle/product/9.2.0/network/admin/listener.ora | Listener Log File /u00/oracle/product/9.2.0/network/log/encrypted.log | Listening Endpoints Summary... | (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=E1.veritas.com)(PORT=1529))) | The listener supports no services | The command completed successfully | +====================================================================+ | 2005/09/08 13:30:34 VCS INFO V-16-1-10298 Resource encrypted_listener (Owner: unknown, Group: listener_tests) is online on E1 (VCS initiated) | 2005/09/08 13:30:34 VCS INFO V-16-1-10298 Resource cleartxt_listener (Owner: unknown, Group: listener_tests) is online on E1 (VCS initiated) | 2005/09/08 13:30:34 VCS NOTICE V-16-1-10447 Group listener_tests is online on system E1 | 2005/09/08 13:30:35 VCS INFO V-16-6-15002 (E1) hatrigger:hatrigger executed /opt/VRTSvcs/bin/triggers/nfs_restart listener_tests successfully | 2005/09/08 13:30:35 VCS INFO V-16-6-15004 (E1) hatrigger:Failed to send trigger for postonline; script doesn't exist |

W HIT E

P AP E R

| [E1.veritas.com]# hastatus -sum | | -- SYSTEM STATE | -- System State Frozen | | A E1 RUNNING 0 | A E3 RUNNING 0 | | -- GROUP STATE | -- Group System Probed AutoDisabled State | | B ClusterService E1 Y N ONLINE | B ClusterService E3 Y N OFFLINE | B VxSS E1 Y N ONLINE | B VxSS E3 Y N ONLINE | B cvm E1 Y N ONLINE | B cvm E3 Y N ONLINE | B fastt_test E1 Y N OFFLINE | B fastt_test E3 Y N OFFLINE | B listener_tests E1 Y N ONLINE | [E1.veritas.com]# | | | [E1.veritas.com]# hagrp -offline listener_tests -sys E1 | [E1.veritas.com]# 2005/09/08 13:31:12 VCS INFO V-16-1-50135 User root fired command: hagrp -offline listener_tests E1 from localhost | 2005/09/08 13:31:12 VCS NOTICE V-16-1-10167 Initiating manual offline of group listener_tests on system E1 | 2005/09/08 13:31:12 VCS NOTICE V-16-1-10300 Initiating Offline of Resource cleartxt_listener (Owner: unknown, Group: listener_tests) on System E1 | 2005/09/08 13:31:12 VCS NOTICE V-16-1-10300 Initiating Offline of Resource encrypted_listener (Owner: unknown, Group: listener_tests) on System E1 | 2005/09/08 13:31:13 VCS INFO V-16-20002-40 (E1) Netlsnr:cleartxt_listener:offline:lsnrctl returned the following output | +--------------------------------------------------------------------+ | LD_LIBRARY_PATH - /usr/lib: | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 13:31:12 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Welcome to LSNRCTL, type help for information. | | LSNRCTL> Current Listener is CLEARTXT | LSNRCTL> The command completed successfully | LSNRCTL> Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1528))) | The command completed successfully | LSNRCTL> +====================================================================+ | 2005/09/08 13:31:13 VCS INFO V-16-20002-40 (E1) Netlsnr:encrypted_listener:offline:lsnrctl returned the following output | +--------------------------------------------------------------------+ | LD_LIBRARY_PATH - /usr/lib: | | LSNRCTL for Solaris: Version 9.2.0.6.0 - Production on 08-SEP-2005 13:31:12 | | Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. | | Welcome to LSNRCTL, type help for information. | | LSNRCTL> Current Listener is ENCRYPTED | LSNRCTL> The command completed successfully | LSNRCTL> Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=e1.veritas.com)(PORT=1529))) | The command completed successfully | LSNRCTL> +====================================================================+ | 2005/09/08 13:31:13 VCS WARNING V-16-20002-207 (E1) Netlsnr:cleartxt_listener:monitor:Open for tnslsnr failed, setting cookie to null | 2005/09/08 13:31:13 VCS WARNING V-16-20002-207 (E1) Netlsnr:encrypted_listener:monitor:Open for tnslsnr failed, setting cookie to null

10

W HIT E

P AP E R

| 2005/09/08 13:31:13 VCS INFO V-16-1-10305 Resource cleartxt_listener (Owner: unknown, Group: listener_tests) is offline on E1 (VCS initiated) | 2005/09/08 13:31:13 VCS INFO V-16-1-10305 Resource encrypted_listener (Owner: unknown, Group: listener_tests) is offline on E1 (VCS initiated) | 2005/09/08 13:31:13 VCS NOTICE V-16-1-10446 Group listener_tests is offline on system E1 | 2005/09/08 13:31:13 VCS INFO V-16-6-15004 (E1) hatrigger:Failed to send trigger for postoffline; script doesn't exist | [E1.veritas.com]# | [E1.veritas.com]# | | [E1.veritas.com]# hastatus -sum | | -- SYSTEM STATE | -- System State Frozen | | A E1 RUNNING 0 | A E3 RUNNING 0 | | -- GROUP STATE | -- Group System Probed AutoDisabled State | | B ClusterService E1 Y N ONLINE | B ClusterService E3 Y N OFFLINE | B VxSS E1 Y N ONLINE | B VxSS E3 Y N ONLINE | B cvm E1 Y N ONLINE | B cvm E3 Y N ONLINE | B fastt_test E1 Y N OFFLINE | B fastt_test E3 Y N OFFLINE | B listener_tests E1 Y N OFFLINE | [E1.veritas.com]# /----------------------------

11

VERITAS Software Corporation

Corporate Headquarters 350 Ellis Street Mountain View, CA 94043 650-527-8000 or 866-837-4827

For additional information about VERITAS Software, its products, or the location of an office near you, please call our corporate headquarters or visit our Web site at www.veritas.com.
12

Copyright 2005 VERITAS Software Corporation. All rights reserved. VERITAS, the VERITAS Logo and all other VERITAS product names and slogans are trademarks or registered trademarks of VERITAS Software Corporation. VERITAS, the VERITAS Logo Reg. U.S. Pat. & Tm. Off. Other product names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. Specifications and product offerings subject to change without notice.