Below script is enhanced version to skip these already granted privilege. The original script could be found here: Be Cautious When Revoking Privileges Granted to PUBLIC (Doc ID 247093.1)

SQL> select unique statements from
  2  (
  3   select nvl2(p.grantee,'-- ','')||'grant execute on '|| d.referenced_name||' to '||d.owner||';' statements
  4   from dba_dependencies d left join dba_tab_privs p
  5  on d.owner=p.grantee and p.privilege='EXECUTE' and d.referenced_name=p.table_name
  6   where d.referenced_owner in ('SYS','PUBLIC')
  7  and d.referenced_type in ('PACKAGE','SYNONYM')
  8  and d.referenced_name in
  9     (
10     'DBMS_RANDOM',
11     'DBMS_EXPORT_EXTENSION',
12     'UTL_FILE',
13     'DBMS_JOB',
14     'DBMS_LOB',
15     'UTL_SMTP',
16     'UTL_TCP',
17     'UTL_HTTP'
18     )
19  and d.owner <> 'SYS'
20  and d.owner <> 'PUBLIC'
21  )
22  order by replace(statements,'-- ','')
23  /

STATEMENTS
--------------------------------------------------------------------------------
-- grant execute on DBMS_JOB to APEX_030200;
-- grant execute on DBMS_JOB to APEX_040200;
grant execute on DBMS_JOB to DBSNMP;
grant execute on DBMS_JOB to XDB;
-- grant execute on DBMS_LOB to APEX_030200;
-- grant execute on DBMS_LOB to APEX_040200;
grant execute on DBMS_LOB to CTXSYS;
grant execute on DBMS_LOB to MDSYS;
-- grant execute on DBMS_LOB to ORDPLUGINS;
-- grant execute on DBMS_LOB to ORDSYS;
-- grant execute on DBMS_LOB to WMSYS;
grant execute on DBMS_LOB to XDB;
-- grant execute on DBMS_RANDOM to APEX_030200;
-- grant execute on DBMS_RANDOM to APEX_040200;
grant execute on DBMS_RANDOM to DBSNMP;
grant execute on DBMS_RANDOM to MDSYS;
-- grant execute on UTL_FILE to APEX_030200;
grant execute on UTL_FILE to MDSYS;
-- grant execute on UTL_FILE to ORACLE_OCM;
-- grant execute on UTL_FILE to ORDPLUGINS;
-- grant execute on UTL_FILE to ORDSYS;
-- grant execute on UTL_FILE to WMSYS;
grant execute on UTL_FILE to XDB;
-- grant execute on UTL_HTTP to APEX_030200;
-- grant execute on UTL_HTTP to APEX_040200;
grant execute on UTL_HTTP to MDSYS;
-- grant execute on UTL_HTTP to ORDPLUGINS;
-- grant execute on UTL_SMTP to APEX_030200;
-- grant execute on UTL_SMTP to APEX_040200;

29 rows selected.

----------------------------------------

Purpose of a Multitenant Environment

(Extracted from: http://docs.oracle.com/cd/E16655_01/server.121/e17636/cdb_intro.htm#ADMIN14147)

A multitenant environment enables the central management of multiple PDBs in a single installation. By using a multitenant environment, you can accomplish the following goals:

• Cost reduction

  By consolidating hardware and sharing database memory and files, you reduce costs for hardware, storage, availability, and labor. For example, 100 PDBs on a single server share one database instance and one set of database files, thereby requiring less hardware and fewer personnel.

• Easier and more rapid movement of data and code

  By design, you can plug a PDB into a CDB, unplug the PDB from the CDB, and then plug this PDB into a different CDB. Therefore, you can easily move an application's database back end from one server to another.

• Easier management and monitoring of the physical database

  The CDB administrator can attend to one physical database (one set of files and one set of database instances) rather than split attention among dozens or hundreds of non-CDBs. Backup strategies and disaster recovery are simplified.

• Separation of data and code

  Although consolidated into a single physical CDB, PDBs mimic the behavior of traditional non-CDBs. For example, if a user error causes data loss, then a PDB administrator can use point-in-time recovery to retrieve the lost data without affecting other PDBs.

• Ease of performance tuning

  It is easier to collect performance metrics for a CDB than for multiple non-CDBs. It is easier to size one SGA than several SGAs.

• Support for Oracle Database Resource Manager

  In a CDB, one concern is contention for system resources among the PDBs running on the same server. Another concern is limiting resource usage for more consistent, predictable performance. To address such resource contention, usage, and monitoring issues, you can use Oracle Database Resource Manager

• Fewer patches and upgrades

It is easier to apply a patch to one CDB than to multiple non-CDBs and to upgrade one CDB than to upgrade several non-CDBs.

A multitenant environment is especially useful when you have many non-CDBs deployed on different hardware in multiple Oracle Database installations. These non-CDBs might use only a fraction of the hardware resources dedicated to them, and each one might not require a full-time database administrator to manage it.

By combining these non-CDBs into a CDB, you can make better use of your hardware resources and database administrator resources. In addition, you can move a PDB from one CDB to another without requiring changes to the applications that depend on the PDB.

Extracted from: http://docs.oracle.com/cd/E16655_01/server.121/e17636/cdb_intro.htm#ADMIN14145

A CDB includes the following components:

• Root

  The root, named CDB$ROOT, stores Oracle-supplied metadata and common users. An example of metadata is the source code for Oracle-supplied PL/SQL packages. A common user is a database user known in every container. A CDB has exactly one root.

• Seed

  The seed, named PDB$SEED, is a template that you can use to create new PDBs. You cannot add objects to or modify objects in the seed. A CDB has exactly one seed.

• PDBs

  A PDB appears to users and applications as if it were a non-CDB. For example, a PDB can contain the data and code required to support a specific application. A PDB is fully backward compatible with Oracle Database releases before Oracle Database 12c.

Each of these components is called a container. Therefore, the root is a container, the seed is a container, and each PDB is a container. Each container has a unique container ID and name within a CDB. Figure 36-1 shows a CDB with several PDBs.

You can easily plug a PDB into a CDB and unplug a PDB from a CDB. When you plug in a PDB, you associate the PDB with a CDB. When you unplug a PDB, you disassociate the PDB from a CDB. An unplugged PDB consists of an XML file that describes the PDB and the PDB's files (such as the data files and wallet file).

You can unplug a PDB from one CDB and plug it into a different CDB without altering your schemas or applications. A PDB can be plugged into only one CDB at a time.

Each PDB has a globally unique identifier (GUID). The PDB GUID is primarily used to generate names for directories that store the PDB's files, including both Oracle Managed Files directories and non-Oracle Managed Files directories.

With the Database Configuration Assistant (DBCA), a graphical tool:

Extracted from: http://docs.oracle.com/cd/E16655_01/network.121/e17607/authorization.htm#DBSEG806

To enable common users to access data about specific PDBs, you must run the ALTER USER statement in the root.

Example 4-6 shows how to run the ALTER USER statement to enable the common user c##hr_admin to view information pertaining to the CDB$ROOT, SALES_PDB, and hrpdb containers in all container data objects that he can access, using the V$SESSION view.

Example 4-6 Enabling a Common User to View Specific Object Data

CONNECT SYSTEM@root
Enter password: password
Connected.

ALTER USER c##hr_admin
SET CONTAINER_DATA = (CDB$ROOT, SALESPDB, HRPDB) 
FOR V$SESSION CONTAINER=CURRENT;

In this specification:

• 
  

  CDB$ROOT, SALES_PDB, hrpdb refer to the containers that must be accessible to user c##hr_admin. You must include CDB$ROOT.

  
  



• 
  

  FOR V$SESSION specifies the CONTAINER_DATA dynamic view, which common user c##hr_admin will query.

  
  



• 
  

  CONTAINER = CURRENT must be specified because when you are connected to the root, CONTAINER=ALL is the default for the ALTER USER statement, but modification of the CONTAINER_DATA attribute must be restricted to the root.

  
  

SQL> create user c##guest identified by password;

User created.

SQL> alter user c##donghua grant connect through c##guest;

User altered.

oracle@solaris:~$sqlplus c##guest[c##donghua]/password@orclcdb

SQL*Plus: Release 12.1.0.1.0 Production on Mon Jun 9 23:37:29 2014

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Last Successful login time: Mon Jun 09 2014 23:37:11 +08:00

Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

SQL> show user;
USER is "C##DONGHUA"

SQL> col session_user for a20
SQL> col proxy_user for a20
SQL> select sys_context('USERENV','SESSION_USER') session_user,
  2  sys_context('USERENV','PROXY_USER') proxy_user from dual;

SESSION_USER         PROXY_USER
-------------------- --------------------
C##DONGHUA           C##GUEST

"Ora-29471: Dbms_sql Access Denied" From Software Package After Upgrade (Doc ID 556301.1)

Applies to:

Symptoms

Receiving error running DBMS_SQL in 11g.

ORA-29471: DBMS_SQL access denied
ORA-06512: at "SYS.DBMS_SQL", line 980
ORA-06512: at "SYS.BUILD_XVIEW", line 28
ORA-06512: at line 12 in table MakeXviews

This may have worked in 10g.

Changes

DBMS_SQL has been recoded with some security checks in 11g.   A new error has been introduced, ORA-29471, which indicates usage fails a security check.

Cause

Usage of DBMS_SQL has failed a security check.

Solution

The application must be recoded.  For a temporary work around, a new parameter security_level can be added into DBMS_SQL.OPEN_CURSOR.

security_level specifies the level of security protection to enforce on the opened cursor. Valid security level values are 0, 1, and 2. When a NULL argument value is provided to this overload, as well as for cursors opened using the overload of open_cursor without the security_level parameter, the default security level value 1 will be enforced on the opened cursor.

• Level 0 - allows all DBMS_SQL operations on the cursor without any security checks. The cursor may be fetched from, and even re-bound and re-executed, by code running with a different effective userid or roles than those in effect at the time the cursor was parsed. This level of security is off by default.

dbms_sql.open_cursor (
SECURITY_LEVEL in integer)
return integer;

• Level 1 - requires that the effective userid and roles of the caller to DBMS_SQL for bind and execute operations on this cursor must be the same as those of the caller of the most recent parse operation on this cursor.
• Level 2 - requires that the effective userid and roles of the caller to DBMS_SQL for all bind, execute, define, describe, and fetch operations on this cursor must be the same as those of the caller of the most recent parse operation on this cursor.

 

To completely turn off the security features in dbms_sql, you can set the following parameter :

alter system set "_dbms_sql_security_level" = 384 scope=spfile;

Please note that this setting is not recommended and that this workaround might cease to work in future versions.

Document reference:

Security model:
http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_sql.htm#i1027587
Open cursor:
http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_sql.htm#i997665

For common user and common roles, must prefix with C## or c##

For example: create user c##guest identified by password;

oracle@solaris:~$ sqlplus donghua@orcl

SQL*Plus: Release 12.1.0.1.0 Production on Thu Jun 12 04:26:54 2014

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Enter password:
Last Successful login time: Thu Jun 12 2014 04:26:43 +08:00

Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

SQL> alter database move datafile '/u01/app/oracle/oradata/orcl/users2.dbf'
  2  to '/u01/app/oracle/oradata/orcl/users2_new.dbf';

Database altered.

SQL> ! ls -l /u01/app/oracle/oradata/orcl/users2*
-rw-r-----   1 oracle   oinstall 10493952 Jun 12 04:27 /u01/app/oracle/oradata/orcl/users2_new.dbf

SQL> alter database move datafile '/u01/app/oracle/oradata/orcl/users2_new.dbf'
  2   to '/u01/app/oracle/oradata/orcl/users2.dbf'keep;

Database altered.

SQL> ! date
Thursday, June 12, 2014 04:29:02 AM SGT

SQL> alter system checkpoint;

System altered.

SQL> ! ls -l /u01/app/oracle/oradata/orcl/users2*
-rw-r-----   1 oracle   oinstall 10493952 Jun 12 04:28 /u01/app/oracle/oradata/orcl/users2_new.dbf
-rw-r-----   1 oracle   oinstall 10493952 Jun 12 04:29 /u01/app/oracle/oradata/orcl/users2.dbf

SQL> alter database move datafile '/u01/app/oracle/oradata/orcl/users2.dbf'
  2  to '/u01/app/oracle/oradata/orcl/users2_new.dbf';
alter database move datafile '/u01/app/oracle/oradata/orcl/users2.dbf'
*
ERROR at line 1:
ORA-01119: error in creating database file
'/u01/app/oracle/oradata/orcl/users2_new.dbf'
ORA-27038: created file already exists
Additional information: 1

SQL> alter database move datafile '/u01/app/oracle/oradata/orcl/users2.dbf'
  2  to '/u01/app/oracle/oradata/orcl/users2_new.dbf'reuse;

Database altered.

SQL> ! ls -l /u01/app/oracle/oradata/orcl/users2*
-rw-r-----   1 oracle   oinstall 10493952 Jun 12 04:31 /u01/app/oracle/oradata/orcl/users2_new.dbf

SQL> alter tablespace temp add tempfile '/u01/app/oracle/oradata/orclcdb/temp02.dbf' size 10M autoextend on;

Tablespace altered.

SQL> alter tablespace temp drop tempfile '/u01/app/oracle/oradata/orclcdb/temp01.dbf';
alter tablespace temp drop tempfile '/u01/app/oracle/oradata/orclcdb/temp01.dbf'
*
ERROR at line 1:
ORA-25152: TEMPFILE cannot be dropped at this time

SQL> show parameter db_files

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
db_files                             integer     200

SQL> SELECT file#, name from v$tempfile;

     FILE# NAME
---------- ----------------------------------------------------------------------
         1 /u01/app/oracle/oradata/orclcdb/temp01.dbf
         2 /u01/app/oracle/oradata/orclcdb/pdbseed/pdbseed_temp01.dbf
         3 /u01/app/oracle/oradata/orclcdb/pdb1/temp01.dbf
         4 /u01/app/oracle/oradata/orclcdb/temp02.dbf

SQL> SELECT s.sid, s.username, s.status, u.tablespace, u.segfile#, u.contents, u.extents, u.blocks
  2   FROM v$session s, v$sort_usage u
  3  WHERE s.saddr=u.session_addr
  4  ORDER BY u.tablespace, u.segfile#, u.segblk#, u.blocks;

       SID USERNAME                       STATUS   TABLESPACE   SEGFILE# CONTENTS     EXTENTS     BLOCKS
---------- ------------------------------ -------- ---------- ---------- --------- ---------- ----------
        10 SYS                            ACTIVE   TEMP              201 TEMPORARY          1        128

SQL> select sid,serial# from v$session where sid = 10;

       SID    SERIAL#
---------- ----------
        10          3

SQL> alter system kill session '10,3';

SQL> alter tablespace temp drop tempfile '/u01/app/oracle/oradata/orclcdb/temp01.dbf';

Tablespace altered.

SMON: enabling tx recovery
Errors in file /u01/app/oracle/diag/rdbms/orclcdb/orclcdb/trace/orclcdb_dbw0_3896.trc:
ORA-01157: cannot identify/lock data file 201 - see DBWR trace file
ORA-01110: data file 201: '/u01/app/oracle/oradata/orclcdb/temp01.dbf'
ORA-27037: unable to obtain file status
Solaris-AMD64 Error: 2: No such file or directory
Additional information: 3
Errors in file /u01/app/oracle/diag/rdbms/orclcdb/orclcdb/trace/orclcdb_dbw0_3896.trc:
ORA-01186: file 201 failed verification tests
ORA-01157: cannot identify/lock data file 201 - see DBWR trace file
ORA-01110: data file 201: '/u01/app/oracle/oradata/orclcdb/temp01.dbf'
File 201 not verified due to error ORA-01157
Re-creating tempfile /u01/app/oracle/oradata/orclcdb/temp01.dbf
Starting background process SMCO
SMCO started with pid=32, OS id=3962

On the Oracle database security documentation, there is a short paragraph on audit distributed environment:

Auditing is site autonomous. A database instance audits only the statements issued by directly connected users. A local Oracle Database node cannot audit actions that take place in a remote database.

What will be the audit output looks like if the session is via DBLINK?

Scenario preparation:

SQL> show user;
USER is "DONGHUA"

SQL> create user linkuser identified by ora123;

User created.

SQL> grant select any table to linkuser;

Grant succeeded.

SQL> grant create session to linkuser;

Grant succeeded.

SQL> audit all on t1;

Audit succeeded.

SQL> create database link orcl_link connect to linkuser identified by ora123 using 'orcl';

Database link created.

SQL> select count(*) from donghua.t1@orcl_link;

  COUNT(*)
----------
         1

Output:

Surprisingly, the session_user context kept through DBLink:

SQL> select sys_context('userenv','session_user') from dual@orcl_link;

SYS_CONTEXT('USERENV','SESSION_USER')
--------------------------------------------------------------------------------
DONGHUA

SQL> select sys_context('userenv','session_user') from dual;

SYS_CONTEXT('USERENV','SESSION_USER')
--------------------------------------------------------------------------------
DONGHUA

Files to be installed:

• kmod-oracleasm
• oracleasm-support.x86_64
• oracleasmlib

[root@vmxdb01 ~]# uname -a
Linux vmxdb01.dbaglobe.com 2.6.39-400.215.3.el6uek.x86_64 #1 SMP Fri Jun 20 00:37:05 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux

[root@vmxdb01 ~]# yum install kmod-oracleasm oracleasm-support.x86_64

[root@vmxdb01 ~]# wget http://download.oracle.com/otn_software/asmlib/oracleasmlib-2.0.4-1.el6.x86_64.rpm

[root@vmxdb01 ~]# rpm -ihv oracleasmlib-2.0.4-1.el6.x86_64.rpm

Configure the ASMLIB:

[root@vmxdb01 ~]# /etc/init.d/oracleasm configure
Configuring the Oracle ASM library driver.

This will configure the on-boot properties of the Oracle ASM library
driver.  The following questions will determine whether the driver is
loaded on boot and what permissions it will have.  The current values
will be shown in brackets ('[]').  Hitting <ENTER> without typing an
answer will keep that current value.  Ctrl-C will abort.

Default user to own the driver interface []: oracle
Default group to own the driver interface []: dba
Start Oracle ASM library driver on boot (y/n) [n]: y
Scan for Oracle ASM disks on boot (y/n) [y]: y
Writing Oracle ASM library driver configuration: done
Initializing the Oracle ASMLib driver:                     [  OK  ]
Scanning the system for Oracle ASMLib disks:               [  OK  ]

[root@vmxdb01 ~]# /etc/init.d/oracleasm createdisk VOL4G /dev/sdb1
Marking disk "VOL4G" as an ASM disk:                       [  OK  ]
[root@vmxdb01 ~]# /etc/init.d/oracleasm createdisk VOL12G /dev/sdc1
Marking disk "VOL12G" as an ASM disk:                      [  OK  ]

[root@vmxdb01 ~]# ls -l /dev/sd[bc]1 /dev/oracleasm/disks/
brw-rw----. 1 root disk 8, 17 Jun 29 22:29 /dev/sdb1
brw-rw----. 1 root disk 8, 33 Jun 29 22:26 /dev/sdc1

/dev/oracleasm/disks/:
total 0
brw-rw----. 1 oracle dba 8, 33 Jun 29 22:26 VOL12G
brw-rw----. 1 oracle dba 8, 17 Jun 29 22:29 VOL4G

[root@vmxdb01 ~d]# oracleasm querydisk -d /dev/sdb1
Device "/dev/sdb1" is marked an ASM disk with the label "VOL4G"
[root@vmxdb01 ~]# oracleasm querydisk -d VOL4G
Disk "VOL4G" is a valid ASM disk on device [8,17]

[root@vmxdb01 ~]# oracleasm-discover
Using ASMLib from /opt/oracle/extapi/64/asm/orcl/1/libasm.so
[ASM Library - Generic Linux, version 2.0.4 (KABI_V2)]
Discovered disk: ORCL:VOL12G [25163776 blocks (12883853312 bytes), maxio 512]
Discovered disk: ORCL:VOL4G [8385867 blocks (4293563904 bytes), maxio 512]

Create the DiskGroup:

SQL> CREATE DISKGROUP DATA EXTERNAL REDUNDANCY  DISK 'ORCL:VOL12G' SIZE 12287M  ATTRIBUTE 'compatible.asm'='11.2.0.0.0','au_size'='1M' /* ASMCA */
NOTE: Assigning number (1,0) to disk (ORCL:VOL12G)
NOTE: initializing header on grp 1 disk VOL12G
NOTE: initiating PST update: grp = 1
GMON updating group 1 at 1 for pid 17, osid 2509
NOTE: group DATA: initial PST location: disk 0000 (PST copy 0)
NOTE: PST update grp = 1 completed successfully
NOTE: cache registered group DATA number=1 incarn=0x9798f809
NOTE: cache began mount (first) of group DATA number=1 incarn=0x9798f809
NOTE: cache opening disk 0 of grp 1: VOL12G label:VOL12G
NOTE: cache creating group 1/0x9798F809 (DATA)
NOTE: cache mounting group 1/0x9798F809 (DATA) succeeded
NOTE: allocating F1X0 on grp 1 disk VOL12G
NOTE: Created Used Space Directory for 1 threads
NOTE: diskgroup must now be re-mounted prior to first use
NOTE: cache dismounting (clean) group 1/0x9798F809 (DATA)
NOTE: messaging CKPT to quiesce pins Unix process pid: 2509, image: oracle@vmxdb01.dbaglobe.com (TNS V1-V3)
NOTE: lgwr not being msg'd to dismount
NOTE: cache dismounted group 1/0x9798F809 (DATA)
GMON dismounting group 1 at 2 for pid 17, osid 2509
GMON dismounting group 1 at 3 for pid 17, osid 2509
NOTE: Disk VOL12G in mode 0x7e marked for de-assignment
SUCCESS: diskgroup DATA was created

Possible errors if oracleasmlib not installed:

1. oracleasm-discover is missing

2. /opt/oracle/extapi/64/asm/orcl/1/libasm.so is missing

3. Errors:ORA-15014 ORA-15031

Sun Jun 29 23:45:52 2014
SQL> CREATE DISKGROUP DATA EXTERNAL REDUNDANCY  DISK '/dev/oracleasm/disks/VOL12G' SIZE 12287M  ATTRIBUTE 'compatible.asm'='11.2.0.0.0','au_size'='1M' /* ASMCA */
NOTE: failed to discover disks from gpnp profile asm diskstring
Errors in file /u01/app/oracle/diag/asm/+asm/+ASM/trace/+ASM_rbal_20523.trc:
ORA-29786: SIHA attribute GET failed with error [Attribute 'ASM_DISKSTRING' sts[200] lsts[0]]
ORA-15018: diskgroup cannot be created
ORA-15031: disk specification '/dev/oracleasm/disks/VOL12G' matches no disks
ORA-15014: path '/dev/oracleasm/disks/VOL12G' is not in the discovery set
ERROR: CREATE DISKGROUP DATA EXTERNAL REDUNDANCY  DISK '/dev/oracleasm/disks/VOL12G' SIZE 12287M  ATTRIBUTE 'compatible.asm'='11.2.0.0.0','au_size'='1M' /* ASMCA */
Sun Jun 29 23:45:52 2014
GMON dismounting group 1 at 2 for pid 17, osid 20619
ERROR: diskgroup DATA was not created
Sun Jun 29 23:46:12 2014
NOTE: failed to discover disks from gpnp profile asm diskstring
Errors in file /u01/app/oracle/diag/asm/+asm/+ASM/trace/+ASM_rbal_20523.trc:
ORA-29786: SIHA attribute GET failed with error [Attribute 'ASM_DISKSTRING' sts[200] lsts[0]]
Sun Jun 29 23:46:12 2014

SQL> col name for a20
SQL> col compatibility for a15
SQL> col database_compatibility for a25
SQL> select name, compatibility, database_compatibility from v$asm_diskgroup;

NAME                           COMPATIBILITY   DATABASE_COMPATIBILITY
------------------------------ --------------- -------------------------
DATA                           11.2.0.0.0      10.1.0.0.0

SQL> select name,value from v$asm_attribute where group_number=1 and name not like 'template%';

NAME                                               VALUE
-------------------------------------------------- --------------------
disk_repair_time                                   3.6h
au_size                                            1048576
sector_size                                        512
compatible.asm                                     11.2.0.0.0
compatible.rdbms                                   10.1.0.0.0
compatible.advm                                    11.2.0.0.0
cell.smart_scan_capable                            FALSE
access_control.enabled                             FALSE
access_control.umask                               066

9 rows selected.

SQL>  alter diskgroup data set attribute 'disk_repair_time' = '10h';
alter diskgroup data set attribute 'disk_repair_time' = '10h'
*
ERROR at line 1:
ORA-15032: not all alterations performed
ORA-15242: could not set attribute disk_repair_time
ORA-15283: ASM operation requires compatible.rdbms of 11.1.0.0.0 or higher

SQL> alter diskgroup data set attribute 'compatible.rdbms' = '11.2.0.0.0';

Diskgroup altered.

SQL> select name, compatibility, database_compatibility from v$asm_diskgroup;

NAME                 COMPATIBILITY   DATABASE_COMPATIBILITY
-------------------- --------------- -------------------------
DATA                 11.2.0.0.0      11.2.0.0.0

SQL> select name,value from v$asm_attribute where group_number=1 and name not like 'template%';

NAME                                               VALUE
-------------------------------------------------- --------------------
disk_repair_time                                   10h
au_size                                            1048576
sector_size                                        512
compatible.asm                                     11.2.0.0.0
compatible.rdbms                                   11.2.0.0.0
compatible.advm                                    11.2.0.0.0
cell.smart_scan_capable                            FALSE
access_control.enabled                             FALSE
access_control.umask                               066

9 rows selected.

Fallback is not possible:

SQL>  alter diskgroup data set attribute 'compatible.rdbms' = '10.1.0.0.0';
alter diskgroup data set attribute 'compatible.rdbms' = '10.1.0.0.0'
*
ERROR at line 1:
ORA-15032: not all alterations performed
ORA-15242: could not set attribute compatible.rdbms
ORA-15244: new compatibility setting less than current [11.2.0.0.0]

SQL> alter diskgroup data add volume acfsvol1 size 1G;
alter diskgroup data add volume acfsvol1 size 1G
*
ERROR at line 1:
ORA-15032: not all alterations performed
ORA-15477: cannot communicate with the volume driver

[root@vmxdb01 ~]# cd /u01/app/11.2.0/grid/bin/
[root@vmxdb01 bin]# ./acfsroot install
ACFS-9300: ADVM/ACFS distribution files found.
ACFS-9312: Existing ADVM/ACFS installation detected.
ACFS-9314: Removing previous ADVM/ACFS installation.
ACFS-9315: Previous ADVM/ACFS components successfully removed.
ACFS-9307: Installing requested ADVM/ACFS software.
ACFS-9308: Loading installed ADVM/ACFS drivers.
ACFS-9321: Creating udev for ADVM/ACFS.
ACFS-9323: Creating module dependencies - this may take some time.
ACFS-9154: Loading 'oracleoks.ko' driver.
ACFS-9154: Loading 'oracleadvm.ko' driver.
ACFS-9154: Loading 'oracleacfs.ko' driver.
ACFS-9327: Verifying ADVM/ACFS devices.
ACFS-9156: Detecting control device '/dev/asm/.asm_ctl_spec'.
ACFS-9156: Detecting control device '/dev/ofsctl'.
ACFS-9309: ADVM/ACFS installation correctness verified.

[root@vmxdb01 bin]# acfsload start <— run this in the /etc/rc.local to enable mount during the bootup
ACFS-9391: Checking for existing ADVM/ACFS installation.
ACFS-9392: Validating ADVM/ACFS installation files for operating system.
ACFS-9393: Verifying ASM Administrator setup.
ACFS-9308: Loading installed ADVM/ACFS drivers.
ACFS-9327: Verifying ADVM/ACFS devices.
ACFS-9156: Detecting control device '/dev/asm/.asm_ctl_spec'.
ACFS-9156: Detecting control device '/dev/ofsctl'.
ACFS-9322: completed

[root@vmxdb01 bin]# lsmod | grep oracle
oracleacfs           1976568  0
oracleadvm            243152  0
oracleoks             426742  2 oracleacfs,oracleadvm
oracleasm              53865  1

[root@vmxdb01 ~]# mkdir /acfs

[oracle@vmxdb01 stage]$ sqlplus / as sysasm

SQL*Plus: Release 11.2.0.4.0 Production on Mon Jun 30 22:07:21 2014

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Automatic Storage Management option

SQL> alter diskgroup data add volume acfsvol1 size 1G;

Diskgroup altered.

[oracle@vmxdb01 stage]$ /sbin/mkfs -t acfs -b 4k /dev/asm/acfsvol1-436
mkfs.acfs: version                   = 11.2.0.4.0
mkfs.acfs: on-disk version           = 39.0
mkfs.acfs: volume                    = /dev/asm/acfsvol1-436
mkfs.acfs: volume size               = 1073741824
mkfs.acfs: Format complete.

[oracle@vmxdb01 stage]$ /sbin/acfsutil registry -f -a /dev/asm/acfsvol1-436 /acfs
acfsutil registry: mount point /acfs successfully added to Oracle Registry

[root@vmxdb01 ~]# /bin/mount -t acfs /dev/asm/acfsvol1-436 /acfs
[root@vmxdb01 ~]# chown oracle:dba /acfs
[root@vmxdb01 ~]# df -h /acfs
Filesystem            Size  Used Avail Use% Mounted on
/dev/asm/acfsvol1-436
                      1.0G   41M  984M   4% /acfs

Mount All: (either command)

[root@vmxdb01 ~]# /bin/mount -t acfs -o all none none
[root@vmxdb01 ~]# /sbin/mount.acfs -o all

Umount All:   

[root@vmxdb01 ~]# /bin/umount -t acfs -a

Existing configuration:

[oracle@vmxdb01 admin]$ cat listener.ora |grep -v '^#'|grep -v '^$'
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )
ADR_BASE_LISTENER = /u01/app/oracle
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON              # line added by Agent

[oracle@vmxdb01 admin]$ lsnrctl status

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 21:31:50

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 21:13:26
Uptime                    0 days 0 hr. 18 min. 24 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

Change the local listener setting

[oracle@vmxdb01 admin]$ sqlplus / as sysasm

SQL*Plus: Release 11.2.0.4.0 Production on Wed Jul 2 21:43:01 2014

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Automatic Storage Management option

SQL> show instance;
instance "local"
SQL> select instance_name from v$instance;

INSTANCE_NAME
----------------
+ASM

SQL> set lin 85
SQL> select value from v$parameter where name='local_listener';

VALUE
-------------------------------------------------------------------------------------
(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521))))

SQL> alter system set local_listener='(DESCRIPTION=(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)))';

System altered.

SQL> select value from v$parameter where name='local_listener';

VALUE
-------------------------------------------------------------------------------------
(DESCRIPTION=(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)))

SQL> select instance_name from v$instance;

INSTANCE_NAME
----------------
orcl

SQL> select value from v$parameter where name='local_listener';

VALUE
-------------------------------------------------------------------------------------
(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521))

SQL> alter system set local_listener='(DESCRIPTION=(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)))';

System altered.

SQL> select value from v$parameter where name='local_listener';

VALUE
-------------------------------------------------------------------------------------
(DESCRIPTION=(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)))

Change the listener.ora

[oracle@vmxdb01 admin]$ cat listener.ora |grep -v '^$'
# listener.ora Network Configuration File: /u01/app/11.2.0/grid/network/admin/listener.ora
# Generated by Oracle configuration tools.
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )
ADR_BASE_LISTENER = /u01/app/oracle
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON              # line added by Agent
# SECURE_REGISTER_LISTENER=ipc
# SECURE_CONTROL_LISTENER=ipc
SECURE_PROTOCOL_LISTENER=ipc

[oracle@vmxdb01 admin]$ lsnrctl stop listener

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 21:51:06

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
The command completed successfully

[oracle@vmxdb01 admin]$ lsnrctl start listener

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 21:54:01

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Starting /u01/app/11.2.0/grid/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.4.0 - Production
System parameter file is /u01/app/11.2.0/grid/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
TNS-12564: TNS:connection refused
TNS-01194: The listener command did not arrive in a secure transport
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias                     listener
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 21:54:01
Uptime                    0 days 0 hr. 0 min. 8 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully

[oracle@vmxdb01 admin]$ lsnrctl status

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 21:56:09

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
TNS-12564: TNS:connection refused
TNS-01194: The listener command did not arrive in a secure transport
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias                     listener
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 21:54:01
Uptime                    0 days 0 hr. 2 min. 7 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

Fix error message TNS-01194 by putting the IPC address as the first address in the listener

[oracle@vmxdb01 admin]$ cat listener.ora |grep -v '^#'|grep -v '^$'
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
    )
  )
ADR_BASE_LISTENER = /u01/app/oracle
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON              # line added by Agent
SECURE_PROTOCOL_LISTENER=ipc

After restart the listener, the message TNS-1194 disappeared.

[oracle@vmxdb01 admin]$ lsnrctl status

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 22:01:40

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias                     listener
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 21:56:48
Uptime                    0 days 0 hr. 4 min. 52 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

[oracle@vmxdb01 admin]$ cd $ORACLE_HOME/network/admin

[oracle@vmxdb01 admin]$ echo "SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF" >> listener.ora

[oracle@vmxdb01 admin]$ lsnrctl reload

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 22:42:41

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
The command completed successfully

Please Note: Setting SUBSCRIBE_FOR_NODE_DOWN_<listener_name> to OFF disables a necessary RAC functionality. The above workaround is recommended only for non-RAC environments.
The issue may be present in all 10g and newer installations.

Note:  The use of this undocumented parameter may cause problems with the use of the Net Manager (NetMgr) configuration utility.  See Note 437598.1 NetMGR May Error When Listener.ora File Contains:SUBSCRIBE_FOR_NODE_DOWN_EVENT

1) Create an Oracle wallet: "ewallet.p12".

[oracle@vmxdb01 admin]$ mkdir $ORACLE_HOME/network/admin/cost
[oracle@vmxdb01 admin]$ orapki wallet create -wallet $ORACLE_HOME/network/admin/cost -pwd PassWd
Oracle PKI Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

2) The new wallet will contain a number of trusted certificates that are installed by default, remove all of these well known trusted certificates from the wallet.

[oracle@vmxdb01 admin]$ orapki wallet remove -trusted_cert_all -wallet $ORACLE_HOME/network/admin/cost -pwd PassWd
Oracle PKI Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

3) Create a self-signed certificate that will be stored in the wallet.

[oracle@vmxdb01 admin]$ orapki wallet add -wallet $ORACLE_HOME/network/admin/cost -self_signed -dn "cn=secure_register" -keysize 1024 -validity 3650 -pwd PassWd
Oracle PKI Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

4) View the wallet contents to confirm that it has a single trusted and user certificate.

[oracle@vmxdb01 admin]$ orapki wallet display -wallet $ORACLE_HOME/network/admin/cost -pwd PassWd -summary
Oracle PKI Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:
User Certificates:
Subject:        CN=secure_register
Trusted Certificates:
Subject:        CN=secure_register

5) Make copies of the finished wallet (ewallet.p12) and place on each node in the same directory location;

$ORACLE_HOME/network/admin/cost.

6) Using orapki create a unique obfuscated auto-login file "cwallet.sso" (each node in RAC) .

Both PMON and the listener will use the cwallet.sso to establish a secure SSL connection with each other. Once COST parameters restricting registration to TCPS are enabled only instances that have access to the wallet and obfuscated wallet (cwallet.sso) will be able to register with the SCAN listeners.

[oracle@vmxdb01 admin]$ orapki wallet create -wallet $ORACLE_HOME/network/admin/cost -pwd PassWd -auto_login
Oracle PKI Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

[oracle@vmxdb01 admin]$ ls -l $ORACLE_HOME/network/admin/cost
total 8
-rw-------. 1 oracle oinstall 2493 Jul  2 22:56 cwallet.sso
-rw-------. 1 oracle oinstall 2416 Jul  2 22:53 ewallet.p12

7) Modify the permissions of the obfuscated wallet (cwallet.sso) to allow usage by authorized group members. (Optional)

8) Update the oracle home (including grid home) listener.ora & sqlnet.ora so that it references the wallet location and add the COST parameters that will restrict registration. Do this for each node.

Add the wallet location to sqlnet.ora & listener.ora.

WALLET_LOCATION =
  (SOURCE =
   (METHOD = FILE)
    (METHOD_DATA =
     (DIRECTORY =  /u01/app/11.2.0/grid/network/admin/cost)
    )
  )
[oracle@vmxdb01 ~]$ cp /u01/app/11.2.0/grid/network/admin/sqlnet.ora /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/

9) Update listener.ora to include TCPS end point

[oracle@vmxdb01 admin]$ cat listener.ora |grep -v '^#'|grep -v '^$'
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 1522))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
    )
  )
ADR_BASE_LISTENER = /u01/app/oracle
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON              # line added by Agent
SECURE_PROTOCOL_LISTENER=(tcps,ipc)
SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF
WALLET_LOCATION =
  (SOURCE =
   (METHOD = FILE)
    (METHOD_DATA =
     (DIRECTORY =  /u01/app/11.2.0/grid/network/admin/cost)
    )
  )

10) Update local_listener (or remote listener in RAC cases)

SQL> alter system set local_listener='(DESCRIPTION=(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 1522)))';

11) (Optional) Update the tcps end point in the tnsnames.ora

[oracle@vmxdb01 admin]$ echo "
> ORCL_TCPS =
>   (DESCRIPTION =
>     (ADDRESS = (PROTOCOL = TCPS)(HOST = vmxdb01.dbaglobe.com)(PORT = 1522))
>     (CONNECT_DATA =
>       (SERVER = DEDICATED)
>       (SERVICE_NAME = orcl)
>     )
>   )
> " >> tnsnames.ora

[oracle@vmxdb01 admin]$ sqlplus system/PassWd@ORCL_TCPS

SQL*Plus: Release 11.2.0.4.0 Production on Wed Jul 2 23:37:52 2014

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options

SQL> select SYS_CONTEXT('USERENV','NETWORK_PROTOCOL') from dual;

SYS_CONTEXT('USERENV','NETWORK_PROTOCOL')
--------------------------------------------------------------------------------
tcps

SQL> exit

[oracle@vmxdb01 admin]$ lsnrctl status listener

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 23:21:58

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=localhost)(PORT=1522)))
ORA-28759: failure to open file
TNS-12560: TNS:protocol adapter error
  TNS-00540: SSL protocol adapter failure

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 23:08:46
Uptime                    0 days 0 hr. 13 min. 12 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=vmxdb01)(PORT=1522)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully