Hi, VN-2015 error occurs becuase of mismatch of the required privilges
of the user. It all depends on the OS and type of USER.
for a unix/solaris based OEM configuration please refer to other posting
RE:VNI-2015
if the OS is MS-NT, please follow the procedure. for windows2000 the procedure
differs narrowly.
If you are a DOMAIN user then
CREATE/MODIFY AN NT DOMAIN USER
NOTE: Use this step if the Intelligent Agent is installed on an NT Domain Server
1. Open the NT User Manager tool:
a. Click on Start => Programs => Administrative Tools => User Manager
for Domain
b. Highlight an Administrator's account and copy it.
c. Type in a new username and password for the Intelligent Agent to
use. For example: magdba / magdba
d. Verify the password.
Verify that the only checked box is: Password never expires
If a Domain account and a Local account exist with the same name,
the passwords must be identical
Passwords are case sensitive
The local account takes precedence
The Username should not contain an underscore or special character
2. Add "Logon as Batch Job" privilege:
Domain users ARE supported but you MUST grant the DOMAIN user the
"log on as batch job" privilege on the machine where the agent is running.
It is NOT sufficient to grant this privilege on the Domain Controller
for the entire domain.
Connect as a local user who is a member of the groups
Domain Administrator and Administrators ONLY.
a. Highlight the user that was just created.
b. Click on Policies => User Rights.
c. Click on the box next to Show advanced user rights.
d. Click on the drop down list (Rights) and choose LOGON AS A
BATCH JOB. If any account has been granted this permission, the
"Grant to" box will contain the name of that account.
e. Click on ADD. Verify the LIST NAMES FROM box
contains the domain name.
f. Click on Show Users. Find the domain user account that was just
created and Click ADD. This should move the account to the bottom of
the Add Names box. Verify the name is correct and click OK. This will
add the user to the Grant To: box. Then Click OK to close this dialog
box. Close User Manager utility.
NOTE: On a Primary Domain Controller (PDC), if the account that has
"LOGON AS A BATCH JOB" privilege is not a member of the
local Administrators group, you will also need to grant
LOGON LOCALLY. This privilege is granted from the Policy window
just like "LOGON AS A BATCH JOB".
If you are a local NT user then
CREATE / MODIFY A LOCAL NT USER
1. Run User Manager.
a. Start => Programs => Administrative Tools => User Manager
For Domains.
b. Verify that the title bar of the window (USER MANAGER - DOMAIN NAME.)
looks like:
USER MANAGER - \ <machine name>
NOTE: If it has domain name, click User>Select Domain...type in "\<server name>"
(ie.\magpc)
c. Highlight on the Administrator's account and copy it.
d. Type in a new username and password for the Intelligent Agent to use.
For example: magdba / magdba
e. Verify the only box checked is: "Password never expires". Click on ADD.
NOTE: If a Domain account and a Local account exist with the same name on this domain,
the passwords must be identical. Passwords are case sensitive. The local account takes precedence.
2. Add "Logon as Batch Job" privilege:
a. Highlight the user that was just created.
b. Click on Policies->User Rights. (From the MAIN MENU) Verify that
Computer: has the local PC name.
c. Click on the box next to Show advanced user rights.
d. Click on the drop down list (Rights) and choose
LOGON AS A BATCH JOB. If any account has been granted this permission,
the "Grant to" box will contain the name of that account.
e. Click on ADD, Click on LIST NAMES FROM. Verify this name is the LOCAL
server name and not the domain name.
f. Click on Show Users. Find the local user account that was just created
and click ADD. This should move the account to the bottom of the Add
Names box. Verify the name is correct and click OK. This will add the user
to the Grant To: box. Then Click OK to close the dialog box. Close User Manager utility.
Once you are done with above, do the following
SET DIRECTORY AND EM LOGON PERMISSIONSM
1. Verify the OS file system type (FAT or NTFS)
a. Click on START => PROGRAMS => WINDOWS NT EXPLORER. Highlight the
ORACLE_HOME where the Agent is installed. Right click. Several tabs will
appear on the screen.
If the tab on the right says SECURITY, then this drive is formatted as
NTFS (Microsoft Windows NT Secure File System). This means that
LOCAL FILE and DIRECTORY permissions exist on that system.
b. If the file system is NTFS, click on the SECURITY tab, then click
on PERMISSIONS.
c. If "Everyone" is listed with "full control" this should be enough.
To explicitly grant full control to a user:
Click on ADD => Verify in the LIST NAMES FROM field that the correct
name of the server is there (PDC/BDC/Stand alone Server).
d. Click on the SHOW USERS button.
e. Select the same account as was granted LOGON AS A BATCH JOB.
f. Click on ADD.
g. Change the TYPE OF ACCESS to FULL CONTROL. Click OK.
h. Click both check boxes on. Then click OK. This will grant full control
of the %ORACLEHOME% subdirectories and files to the EM user attempting to
logon locally to this box.
2. LOGOFF the system
If these changes were just made to the same account that is logged onto NT currently, the user must logoff and then log back on. Otherwise the permissions will not change for that user until the next login.
3. Verify the Intelligent Agent's startup account is the default SYSTEM:
Go to Control Panel / Services
Highlight the Oracle<OracleHome>Agent service
Click on the Startup button
"Log On As" must be set to the local NT SYSTEM Account (not another account)
Restart the Agent service
] 
Blog
Search
Help
Members
Register
Login
Home
