Oracle 12c Security Patch Download

Posted on by admin

  • Oracle's Java Critical Patch Update for April 2017 contains 8 new security fixes across multiple Java SE products and sub-products. Affected Versions: Oracle Java JDK and JRE, versions 6u141 and earlier, 7u131 and earlier, 8u121 and earlier.
  • Doesn't MSSQL Express get security patches? Oracle should considering matching its competition. I (used to) use XE as a free starting platform for our POS software ('here use our POS lite and XE for free.
  • This Database 12c: Security training teaches you how to use Oracle Database features to meet the security, privacy and compliance requirements of your organization. Learn through interactive instruction and hands-on exercises. Understand Oracle security solutions and how they can help address your security requirements.

Product Compatibility:

Oracle today released the July 2017 Critical Patch Update. October 2018 Critical Patch Update Released. Oracle today released the October 2018 Critical Patch Update. This Critical Patch Update provides security updates for a wide range of. Critical Patch Updates. Applying July 2017 OJVM security patch 26027162 on orcl prod clusters. Applying July 2017 OJVM security patch 26027162 on orcl prod clusters. (+1) 872-2ORACLE (67-2253). Previous Post PSU Kernel ACFS Security Patch Next Post How to download Oracle 11g & 12c. Leave a Reply Cancel reply. Your email address will not be published. How to download Oracle 11g & 12c Database software and create your 1st Oracle Database. All about July 2017 PSU Red Hat Kernel upgrade ACFS patching Security Patch. Will apply July 2017 PSU Kernel ACFS on our 2 nodes RAC cluster on RH 7.4, at the same time our SA (System Administrator) also suggested to upgrade the Linux Kernel from 327 to.

This book applies to all Database 12.x, Enterprise Manager 12c/13c, and Fusion Middleware 12.x releases.

OPatch consists of patching utilities that help ensure your Oracle software stays current and secure. The utilities are:

  • OPatch: A Java-based utility that enables the application and rollback of patches to Oracle software.

  • OPatchauto: A patch orchestration tool that generates patching instructions specific to your target configuration and then uses OPatch to perform the patching operations without user intervention. Specifically, OPatchAuto can:

    1. Perform pre-patch checks.

    2. Apply the patch

    3. Start and stop the running servers.

    4. Perform post-patch checks.

    5. Roll back patches when patch deinstallation is required.

  • OPatchauto -binary: A patch application tool that applies a single patch on a selected Oracle home. OPatchauto -binary patches only one Oracle home per session.

These utilities provide you with the flexibility to analyze, troubleshoot, and patch an individual GI (Grid Infrastructure)/RAC (Real Application Cluster) home environments.

For large-scale IT environments, patching individual product (e.g., Fusion Middleware) homes may not be practical since patching large numbers of targets manually is both monotonous and error prone. To maintain and deploy Oracle patches across many targets across your organization, you can use Enterprise Manager Cloud Control's patch automation capability. For more information about Enterprise Manager's patch management solution, see the 'Patching Software Deployments' in the Oracle® Enterprise Manager Lifecycle Management Administrator's Guide.

This chapter covers the following introductory and overview topics:

The patch process is not always straight forward as there are numerous factors that determine which software patches you need and how these patches should be applied. For example, the types of Oracle software installed on each target, software versions, or platforms on which the software is running are just a few.

1.1 Overview of the Patch Process

Regardless of your environment's patching requirements, the basic patching methodology is the same. The normal patching workflow can be broken down into the following nine steps shown in the following figure.

1.1.1 Obtaining the Patches You Need

As shown in Figure 1-1, 'Patch Process Overview - Process Flow', the first step is to determine what patches you need. You may find out about required patches from blogs, Oracle Technology Network (OTN), Service Requests, Knowledge Articles, Oracle documentation, or any number of other sources. However, the single source of truth for patching is the Oracle Support Web site—My Oracle Support (MOS).

From here, you have access to interactive support tools and information that simplify searching for and obtaining the requisite patches for your Oracle environment. You can find complete documentation about MOS at the following location:

My Oracle Support contains many features and capabilities that are grouped under tabs across the top of the application. Of primary interest is the Patches and Updates tab shown in the following figure.

Figure 1-3 MOS Patches and Updates


From this page, you can search for the desired patch based on a specific configuration. One particularly useful search feature is the Recommended Patch Advisor. The Recommended Patch Advisor lets you find recommended and mandatory patches for standalone products, product combinations, or products for a product stack. For example, using the Recommended Patch Advisor, you search for patches for the following product:

  • Product: Oracle Database

  • Release: 11.2.0.2.0

  • Platform: Linux x86-64

This search returns the following results:


By clicking on patch 14727315 (PSU) you are taken to the patch page where you can view bugs resolved by this patch, related Knowledge Articles, or view a generic patch README.


From this page, you also complete Step 2 of the patching workflow—Download the patch to your local system. The following list summarizes sources from which you can obtain patches.

  • Oracle Support Services: If you are working directly with an Oracle Support engineer, you may be provided with a diagnostic patch or an interim patch.

  • My Oracle Support: As part of your regular patch maintenance schedule, you can obtain all patches from My Oracle Support:

    Once you log in, click the Patches & Updates tab to begin your patch search. My Oracle Support offers several patch download options and automated tools to help you keep current with patches. See the Patches & Updates Web-based help for more information:

  • Oracle Technology Network: Some Oracle software may be distributed through the Oracle Technology Network:

Types of Oracle Patches

Oracle regularly makes patches available to upgrade features, enhance security, or fix problems with supported software. The major types of patches are:

  • Interim patches - contain a single bug fix or a collection of bug fixes provided as required

  • Interim patches for security bug fixes - contain customer-specific security bug fixes

  • Diagnostic patches - intended to help diagnose or verify a fix or a collection of bug fixes

  • Bundle Patch Updates (BPUs) - a cumulative collection of fixes for a specific product or component

  • Patch Set Updates (PSUs) - a cumulative collection of high impact, low risk, and proven fixes for a specific product or component and Security Patch Updates

  • Security Patch Updates (SPU) - a cumulative collection of security bug fixes. SPUs were formerly known as Critical Patch Updates (CPU).

  • System Patch - contains several sub-patches in a format that can be used by OPatchAuto.

  • Merge Label Request (MLR) - a merge of two or more fixes. MLR creation requires a label for the new set of merged code and a Patch Set Exception

1.1.2 Applying the Patch to the Desired Targets

Now that you have the requisite patch, you determine which targets in your environment need to be patched (Step 3 in the patching workflow) and then apply the patch to each target (Step 4). Step 4 is where the OPatch utilities come into play. See Figure 1-1, 'Patch Process Overview - Process Flow' to view the complete patching workflow.

Note:

Ensure that you have the latest version of OPatch. For more information, see 'Obtain the Latest OPatch Utility.'

1.1.2.1Manual Patching

Using OPatch, you follow the generic instructions in the patch README. You can view the patch README bundled with the patch or directly from the MOS page for the patch in question.

Custom Security Patch

You are required to read the linked support documentation and fill in the details of your specific configuration before you can implement any of the commands or add them to custom install scripts. Although this method is laborious, it provides you with a great deal of diagnostic capability and control if patch conflicts arise. See Chapter 2, 'Binary Patching Using OPatch.'

1.1.2.2Configuration Patching

OPatchAuto performs end-to-end configuration patching. Configuration patching is the process of patching a target based on its configuration. By incorporating the site configuration information into the patch process, OPatchAuto is able to simplify patching tasks by automating most of the steps.

See Chapter 3, 'Concepts of Multi-Node Patch Orchestration Using OPatchAuto' for more information.

1.2 Patching with Enterprise Manager

As useful as the OPatch utilities are, by themselves, they are limited in their ability to apply patches to large numbers of targets because they patch one GI/RAC home at a time. This could be challenging and time consuming in large, heterogeneous IT environments.

In order to handle large-scale patching, Oracle provides a new patch management solution that integrates OPatch with Enterprise Manager Cloud Control 12c. Enterprise Manager's tight integration with My Oracle Support (MOS) allows you to view patch recommendations, search patches, and roll out patches from a single user interface. In addition, Enterprise Manager's advanced Patch Plan feature provides you with a complete, end-to-end orchestration of the patching workflow. Automating the selection of deployment procedures and analysis of patch conflicts greatly reduces manual effort required to patch complex IT environments.

Enterprise Manager integrates both OPatch and My Oracle Support for downloading and applying patches. See the following documentation for information:

  • See 'Part VII: Patch Management' in the Oracle® Enterprise Manager Lifecycle Management Administrator's Guide:

  • See the 'Patching Enterprise Manager' chapter in the Oracle® Enterprise Manager Cloud Control Administrator's Guide:

  • Automation of patch conflict resolution and deployment through EM 12c. (Webcast)

1.3 Who Should Use OPatch?

While OPatch is integrated with many Oracle product installations, you may still find that you need to use the OPatch directly. The core OPatch tool is used directly by admins as part of manual patching. OPatchAuto invokes OPatch, so an understanding of core OPatch is useful. OPatch is also useful for conflict detection and resolution as well as troubleshooting.

Note:

Before performing any patch task, alwaysDownload read the patch README file for any special patching instructions.

You can use the OPatch utilities if your administrative tasks require you to:

  • Report on installed products and patches.

  • Apply one or more patches.

  • Roll back the application of one or more patches.

  • Detect conflicts among incoming patches and between it and previous patches that have been applied. OPatch suggests the best options to resolve a conflict.

1.4 What's Covered in this Guide

This document describes how to use these patching utilities and covers the following topics:

Note:

Recommendation of what tool to use when is stated in the README of the given patch. Always start with the README.

  • Chapter 2, 'Binary Patching Using OPatch' - Describes the basic functions of the core opatch tool, that applies patches to an Oracle Home.

  • Chapter 3, 'Concepts of Multi-Node Patch Orchestration Using OPatchAuto' - Recommended for administrators who wish to apply GI-RAC or Exadata patches to GI node in one shot via an orchestration tool.

With these patching tools, you can design and implement a patch plan based on the configuration of your Oracle products.

Note:

Before patching any Oracle product, always check the product documentation for patching instructions.

1.5 OPatch Integration with Other Oracle Software

In addition to Enterprise Manager, many Oracle software products have integrated the OPatch utilities to provide for a seamless and efficient patching task. Depending on the application, the call to the OPatch utility may be transparent, and all patching activity is maintained within the respective application.

These applications listed below have integrated OPatch into their respective environments. Always check the user documentation for any patching instructions before applying a patch.

Fusion Middleware/Fusion Applications

Other Oracle products, such as Fusion Middleware and Fusion Applications, integrate OPatch and may require different interaction to apply a particular patch. Refer to the following documentation:

  • For patching Fusion MiddleWare:

    • Section 2.3 'OPatch in a Fusion Middleware Environment' in the Oracle® Fusion Middleware Patching Guide:

    • Section 3 Applying the Latest Oracle Fusion Middleware Patch Set in the Oracle® Fusion Middleware Patching Guide:

  • For patching Fusion Applications:

    • Section 3 Using Oracle Fusion Applications Patch Manager in the Oracle® Fusion Applications Patching Guide:

1.6 How to Access the OPatch Utilities

With OPatch integrated in many Oracle products, the utility is automatically installed when you install the respective product (for example, Enterprise Manager). The patching tools are installed in the following directories:

  • OPatch - $ORACLE_HOME/OPatch/opatch

  • OPatchAuto - $ORACLE_HOME/opatch/opatchauto

See Appendix A, 'OPatch Syntax and Commands,' and Appendix B, 'OPatchAuto Syntax and Commands' for a complete list of commands and options supported by OPatch utilities.

This chapter provides an overview of patching, and describes how you can patch the Enterprise Manager core components, mainly Oracle Management Service (OMS), Oracle Management Agent (Management Agent), and Oracle Management Repository (Management Repository).

Overview

A patch is an entity that contains one more bugs fixes. In order to transform a software product with a defect to a software product without a defect, you must apply patches, this process is called Patching. The patching cycle involves downloading patches, applying patches, and verifying the applied patch to ensure that the bug fixes present in the patch reflect appropriately.

Patching involves migrating from one version of the software product to another, within a particular release, unlike upgrading which involves moving from one release of a product to another newer release of the software product.

Oracle periodically releases the following types of patches to fix the bugs encountered in the core Enterprise Manager components:

  • Interim Patches are released to fix a bug, or a collection of bugs.

  • Interim Patches (for Security bug fixes) are released to provide customer specific security fixes.

  • Diagnostic Patches mainly help diagnose and verify a fix, or a collection of bug fixes.

  • Bundle Patch Updates are cumulative collection of fixes for a specific product or component.

  • Patch Set Updates (PSU), are cumulative patch bundles that contain well-tested and proven bug fixes for critical issues. PSUs have limited new content, and do not include any changes that require re-certification.

  • Security Patch Updates are cumulative collection of security bug fixes.

Patching OMS and Management Repository

Patching OMS and Management Repository follows the Manual patching approach that requires you to follow step-by-step instructions to patch a target. This mechanism of patching expects you to meet certain prerequisites, manually validate the patch for applicability and conflicts, and patch only one target at a time.

This section contains the following topics:

OMS Patches

OMS patches typically fix one or more OMS errors encountered. These patches can be downloaded from My Oracle Support portal. For information about the critical OMS patches released by Oracle that apply to your environment, see the Patch Recommendation region available on the Patches and Updates tab in My Oracle Support. Alternately, if you know the patch number of the OMS patch that you need to apply, go to the Patch Search region available on the Patches and Updates tab, enter the patch number, and click Search. The OMS patches are applied using the OPatch utility, or the emctl utility. For information on applying the patch see 'Applying OMS and Repository Patches'

In Enterprise Manager 12c, OMS patches are available as OMS Core Patches and OMS Plugin Patches, required to patch the core component and plugins respectively. Ensure that you navigate to the correct directory location under <middleware_home> to patch OMS core or OMS plugin:

For example, to patch OMS core, you must navigate to <middleware_home>/oms and for plugins, navigate to <middleware_home>/plugins.

Oracle 12c Server Download

Repository Patches

Enterprise Manager Repository patches typically update PL/SQL procedures, or other SQL content. They are patched using the emctl patching tool.

Note:

The Repository Patches are applied on the OMS targets. For location details of a core, and plugin patch, see 'OMS Patches'

For information on applying the patch see 'Applying OMS and Repository Patches'

Applying OMS and Repository Patches

To apply OMS or repository patches, follow these steps:

  1. Log into My Oracle Support (https://support.oracle.com) console with the necessary credentials.

    Note:

    Check the Patch Recommendation region to view the patches recommended for your environment. You can also provide the recommended patch number in the patch search region to download the recommended patch.

  2. On the My Oracle Support home page, click Patches and Updates.

  3. Enter the patch number in the Patch Search region, then click Search.

  4. Select the patch, and from the context menu, click Download.

  5. After downloading the zip file, follow the instructions available in the Readme.html or Readme.txt to patch the target.

    Note:

    Depending on whether it is a core patch or a plugin patch you must log into the host machine, navigate to the directory location, and unzip the patch file.

Patching Enterprise Manager Agents

Oracle offers two approaches to apply the Agent patches: automated approach, and the manual approach. Oracle strongly recommends you to use the automated approach because it not only saves time and effort in mass-deploying patches but also reduces human intervention, thereby minimizing the errors involved while patching.

This section contains the following topics:

Management Agent Patches

Management Agent Patches are released to fix one or more errors encountered in the agent targets. In addition to the Management Agent running on OMS, you can patch all the agent targets that report to the OMS running on your host machine.

Oracle 12c Security Patch Download

A GUI based utility called Patches and Updates is used to patch the Agent targets. For information about accessing the tool, see 'Accessing Patches and Updates'.

In Enterprise Manager 12c, there are separate Agent patches for core components and for plugins. Ensure that you navigate to the correct directory location under <installation_base_directory> to patch Agent core or Agent plugin:

For example, to patch Agent core component, you must navigate to <installation_base_directory>/core/ and for plugins, navigate to <installation_base_directory>/plugins.

Patches and Updates Versus My Oracle Support

The Table 16-1 captures the advantages of using Enterprise Manager Cloud Console over My Oracle Support for Automated Patching:

Table 16-1 Advantages of using Enterprise Manager Cloud Console to My Oracle Support

Enterprise Manager Cloud ControlMy Oracle Support

Enterprise Manager Cloud Control enables you to leverage existing Cloud Control Agents to perform configuration data collection without having to install individual configuration managers on each managed target.

You must install Oracle Configuration Manager 10.3.2 (or higher) or Enterprise Manager Cloud Control for My Oracle Support configuration collection (Enterprise Manager harvester) on each of the managed target for the latest patch recommendations.

Enterprise Manager Cloud console is inherently built with the intelligence to support the entire lifecycle of patching, it allows you to select the recommended patch for your environment, add to a plan, and deploy the patch on the selected targets after validating the patches for applicability and conflicts in your environment.

MOS only supports adding the recommended patches to a plan, and validating the patch for conflicts. You cannot deploy the patch from MOS.

In Enterprise Manager, once the patches are applied, they will not appear in the recommended patches list for the selected target.

In MOS this is not an automated process, depending on the data collection by the configuration manager present on the patched targets, the patch recommendation region is automated.


Automated Agent Patching

Automated Patching is a quick-and-easy, reliable, and a GUI-based patching mechanism that is facilitated using Patch Plans, a new concept introduced through the Patches and Updates functionality within the Enterprise Manager Cloud Control console (Cloud Control console).

Automated patching can be performed in the Online mode, and in the Offline mode. In the Online Mode, you can connect to My Oracle Support Web site to download the patches. However, if you are patching in the offline mode, then you must ensure that the patches to be applied are already available on the Software Library.

This section includes the following:

Accessing Patches and Updates

To access the Patches and Updates page, in Cloud Control, from the Enterprise menu, select Provisioning and Patching, then select Patches and Updates.

Oracle 12c Security

The following page appears:


Some of the advantages of using the Patches and Updates page (Automated Patching approach) are:

  • Patching operations are more organized, done through a single window, and is always initiated only from the OMS.

  • Allow you to schedule jobs that will run periodically, and connect to My Oracle Support, check for the latest patches, and automatically download them. This relieves you of the manual effort involved in searching the latest patches and patch sets, and downloading them whenever they are available.

  • One patch plan can be used to add multiple patches to multiple sets of homogeneous targets. For example, both core and plugin agent patches can be added to the same plan.

Viewing Patch Recommendations

The Patch Recommendation region is one of the regions in the patching domain that proactively communicates all the recommendations that are applicable to your environment. This region minimizes human effort in terms of searching for Oracle recommended patches, which may or may not apply to your environment.

Note:

Keep the following points in mind:

  • Recommendations are not available for custom plugins. Oracle only supports the default plugins that ship with the product, and releases timely updates for them.

  • You must use the configuration manager release 10.3.2 or higher for Patch Recommendations to be enabled.

Figure 16-1 captures the Patch Recommendations region as it appears in the Patches and Updates page.

Patches are primarily classified as Security patches, and Other Recommended patches. For example, if you select Security from the graph, all the security related patches are displayed on the Patch Recommendation page. Alternately, you can also view the patches by their target types. Click the bar graph to drill down to a list of recommended patches, view details about those patches, download the patches, or add them to a patch plan. The bar graph summarizes the number of issues found (for example, if there is one issue, then there is one recommendation for one target).

Patch Recommendation region allows you to:

  • Compare the patches installed in your configuration with what Oracle recommends, and identifies any missing patches.

  • Identify and prioritize targets missing Critical Patch Updates.

  • Identify missing recommended patches issued by Oracle.

Oracle 12c Security Patch Download Download

Searching Patches

The Patch Search is a region in the patching domain that allows you to search for Oracle, Sun, Siebel, and Hyperion products. The primary purpose of searching a patch is to limit results to the exact patch name or number.

From Figure 16-2 you can see that the Patch Search region contains three tabs: Search, Saved, and Recent. The Search tab lets you apply the desired filters to drill down to the exact results. You can choose to save the search, and view it later. All the saved searches appear in the Saved region. A history of all the searches is registered in the Recent tab, and you can check the logs if you want to access them.

Use any of the following approaches to search for a patch:

Basic Search

To perform a Basic Search, follow these steps:

  1. From the Enterprise menu, select Patching and Provisioning, then select Patches and Updates.

  2. On Patches and Updates page, enter the Patch Name or Number, or Sun CR ID, if there are multiple values, then they must be separated by commas. You can select the platform name from the list in the Patch Search Region, and then click Search.

  3. The Patch Search Results page displays the results based on the search criterion provided.

    From the Patch Search results page, you can do the following:

    • You can highlight one or more patches in the search results and, from the inline tool bar, add the patches to a patch plan (if you use the collector), download the patches, or copy patch details to the system clipboard.

    • If a single patch is highlighted, you can view the patch readme.

Advanced Search

To perform an Advanced Search, follow these steps:

  1. From the Enterprise menu, select Patching and Provisioning, then select Patches and Updates.

  2. On the Patches and Updates page, click Product or Family (Advanced Search).

  3. Enter a Product name, and set the Release number to narrow down your search.

    Additionally, if you are accessing Patches and Updates page in the Offline mode, then click (+) icon to add more filters like Type, Platform, or Language. In the Online mode, in addition to all the filters available in the Offline mode, you can use advanced search categories like: Classification, Description, Patch Target, or Updated to drill down to the desired results.

    Note:

    Advanced Search allows you to search for recommended patches for your environment through the Classification search category available when you are accessing Patches and Updates page in the online mode.

  4. Click Search.

    After updating the appropriate search filters, you can save the search combination by clicking Save.

  5. The Patch Search Results page displays the results based on the search criterion provided.

    From the Patch Search results page, you can do the following:

    • You can highlight one or more patches in the search results and, from the inline tool bar, add the patches to a patch plan (if you use the collector), download the patches, or copy patch details to the system clipboard.

    • If a single patch is highlighted, you can view the patch readme.

Applying Management Agent Patches

To apply a Management Agent patch using patch plans, follow these steps:

Note:

Applying the core agent patch, or the plugin agent patch follows the same patching process (as listed in this section.)

Ensure that the patches selected are applied on homogeneous set of targets, which means that the patches selected should have the same platform and version, as the targets being patched. For example, 12.1.0.1.0 Linux x86 patches can only be applied on 12.1.0.1.0 LinuxX86 targets, any mismatch will result in a patching error.

  1. In Cloud Control, from the Enterprise menu, select Provisioning and Patching, then select Patches and Updates.

  2. On the Patches and Updates page, select Management Agent patches from one of the following regions:

    • In the Patch Recommendation region, click the graph to drill down to the list of recommended patches for your environment.

      For more information on Patch Recommendation, see 'Viewing Patch Recommendations'

    • In the Patch Search region, enter the patch number of the Agent patch or perform an Advanced Search to search, and select the desired patch.

      For more information on Basic and Advanced search, see 'Searching Patches'

  3. Select one or more patches, and from the context menu, click Add to a Plan.

    Click Add to New to create a new plan, if not you can update an existing plan by selecting Add to Existing option.

  4. If you select Add to New, then one of the following dialog box appears:

    • In the Create a New Plan dialog box, enter a unique name for your plan, and click Create Plan.


      The patch selected along with the associated target gets added to the plan.

    • In the Add Patch to Plan dialog box as shown in Figure 16-3, enter a unique name for the plan, and select the targets. To search and select targets, follow one of these approaches:

      • If you know the target name, then enter the name of the target in the search field.

      • Click the search icon to view all the targets reporting to the OMS running on your host machine, group them by type Agent, and select the desired Agent targets.

      • Create a group of Agent targets, and provide the group name in the search field to add all the targets in that particular group to the plan. To create a group of targets, from Setup menu, select Add Target, and then click group. On the Create Group page, add all the Agent targets to the group, and create the group with a unique name.

      After selecting the targets, click Create Plan. The selected patches and associated targets are added to the plan after validating for conflicts.

    Note:

    If you want to add to an existing plan, click Add to Existing and, then click More. From the Add Selected Patch to Plan dialog box, select the plan name and click Select Targets. From the Add Selected Patch to Plan <plan_name> dialog box, select the targets and click Add to Plan.

  5. If the selected patches are applied on homogeneous targets, then the plan gets successfully created with a link to View Plan. Click the link to view the plan details.


    If any of the agent targets added to the patch plan are NFS-Agents, then you may see a warning message Issues with Adding Patch as shown in Figure 16-4. As a solution to this problem, a list of all the targets impacted appear, click Add All To Plan to add all the affected targets to the patch plan.

    Figure 16-4 Issues with Adding Patch: Impacts Other Targets


    However, if there is a mismatch between the platform and version of the patch selected, and that of the target, you may see one of the following warnings:

    Note:

    Oracle recommends that you fix the warning before proceeding as it may result in an error during the plan validation. However, if you still want to proceed, you can select the patches, and click Ignore Warnings and Add to proceed

    1. Target is Down: This warning message appears when the target added is not up and running. All the other homogeneous targets get added to the plan, and the plan is created without this target. Click View Plan to see the details.


    2. Null Platform: This error occurs when the target selected appears with a null platform, the validation fails as there is a mismatch in the platform of the patch and that of the target. This could happen when a target is down, in this case the plan is not created until the error is fixed.


  6. On the Patches & Updates page, in the Plans region, click the plan name you want to view, and from the context menu, click View.


    To filter the plans table, select All Plan Types or Patch depending on your preference. To search for a plan, enter a plan name or partial plan name in the search box, then click the search button.

  7. In the Create Plan Wizard, on the Plan Information page, in the Overview section, validate the Patch Plan name. You can choose to edit it if you want.

    (Optional) Select a date and time when you want to deploy the Patch Plan, and enter a short description to describe the Patch Plan.

  8. Click Next.

  9. On the Patches page, review the patches added to the Patch Plan.

    To associate additional targets to a patch that is already in your Patch Plan, click Add Patch. In the Edit Search dialog box, enter the patch number and click Search. Select the patch, and click Add to This Plan. From Add Patch To Plan dialog box, select the targets, and click Add to This Plan.

  10. Click Next.

  11. In the Deployment Options page, retain the default location (%emd_emstagedir%) available on the target machine or edit the Stage Location to provide a new location for staging the Agent patches.

    In the Credentials section, select Oracle Home Preferred Credentials if you have already set them earlier. You can otherwise click Override Oracle Home Preferred credentials and set the Normal Oracle Home Credentials and Privileged Oracle Home Credentials to access the Oracle home of the target.

  12. Click Next.

  13. On the Validation page, click Analyze to validate the patch before deploying it. A Validation job is submitted, that performs an exhaustive list of checks like: check for conflicts, check for the latest OPatch version, check if the version and platform of the targets and the patch match (homogeneity rule), and so on in the background.

    To track the progress of the job, from Enterprise menu, select Job, and then click Activity. On the Job Activity Page, in the Advanced Search region, enter the name of the job, and then click Go. Select the job, and drill down to the steps by click Expand All. If the status is Succeeded, then the job is valid. If not, then review the issues, and try to resolve it according to the corresponding problem description available on the page. After resolving the issue, click Re-Analyze.

    Upon validation, if there are conflicts between the two patches, then you might be recommended to request for replacement patches. In this case, click Request Patch.

    If there is a Merge Patch already available, you can directly opt to replace the conflicting patches with the Merge Patch. In this case, click Replace Patch.

    See Also:

    For more information about the common errors during the Validation phase, see 'Validating Agent Patch Errors'

  14. Click Next.

  15. On the Review & Deploy page, review the details you have provided for the patch plan, then click Deploy.

    A job is submitted, to track the progress of the job, from Enterprise menu, select Job, and then click Activity. On the Job Activity Page, in the Advanced Search region, enter the name of the job, and then click Go.

Note:

For a demonstration about how to apply patches on Enterprise Manager 12c Agents using Cloud Control Console, see My Oracle Support note 1359221.1.

Verifying the Applied Agent Patches

To verify the applied patches using Enterprise Manager, perform the following steps:

  1. In Cloud Control, click Targets, then select All Targets

  2. On the All Targets page, enter the target name in the Search Target Name field to search for the target you patched.

    For example, enter adc2101818 in the search field, and click the search icon.

  3. Click the target name to select Oracle home of the target that was patched.


    A summary page with details about the target is displayed.

  4. On the Summary page, in the Patch Advisories region, select Patches Applied tab to verify all the patches that have been successfully applied on the target.

Validating Agent Patch Errors

Here are some of the errors that may appear during the Validation phase of patch plans:

  • Problems Associating the Patches To the Plan

    This error occurs when patches do not match the targets selected.

    For example if the patch is released for Linux x86 platform, and you are trying to apply the patch on a Linux x64 target, then the plan fails.


  • Oracle Home Credentials Not Set

    This error occurs when the oracle Home credentials like Privileged Oracle Home credentials or the Normal Oracle Home credentials are not set.


  • Conflict Check Analysis Failure

    This error occurs when there is a conflict in the patches added.


Deinstalling the Applied Agent Patches

To roll back applied Agent patches, follow the deinstallation steps available in the Readme.html or Readme.txt for the patch.

Manual Agent Patching

Manual patching is a patching mechanism that requires you to follow step-by-step instructions to patch a Management Agent manually. This mechanism of patching expects you to meet certain prerequisites, manually validate the patch for applicability and conflicts, and patch only one Management Agent at a time.

Note:

Oracle recommends you to use the automated patching mechanism because it not only saves time and effort in mass-deploying patches but also reduces human intervention, thereby minimizing the errors involved while patching.

To patch manually, you must perform the following steps:

  1. Log into My Oracle Support (https://support.oracle.com) console with the necessary credentials.

    Note:

    Check the Patch Recommendation region to view the patches recommended for your environment. You can also provide the recommended patch number in the patch search region to download the recommended patch.

  2. On the My Oracle Support home page, click Patches and Updates.

  3. Enter the patch number in the Patch Search region, then click Search.

  4. Select the patch, and from the context menu, click Download.

  5. After downloading the zip file, follow the instructions available in the Readme.html or Readme.txt to install the patch.