Blog dedicated to Oracle Applications (E-Business Suite) Technology; covers Apps Architecture, Administration and third party bolt-ons to Apps

Monday, December 22, 2008

Underscore in hostname or domain name not allowed

Recently many Apps experts spent last two days trying to decipher why this error was coming in Apache logs whenever anyone tried to login to a new instance with new servers and new hostnames:

You have insufficient privileges for the current operation. Please contact your  System Administrator.

Strangely, this error appeared only when IE6 was the browser.  The error did not appear when Firefox 3, Mozilla, Google Chrome or Opera 9 were used to access the instance.

In the end, it was discovered that IETF (Internet Engineering Task Force) doesn't allow underscore character to be present in a hostname or domain name.  If a non-standard hostname or domain name is used which has underscore as part of the name, cookies are not saved by IE.  If IE doesn't save cookies, it results in this error.  Metalink Note 305316.1 describes this problem and some more solutions to this error:


Cookie domain is not being set correctly, or is not being recognized correctly


Follow these steps:
1a) Check you are not using an underscore character "_" in your hostname or domain name.
If so, this must be changed as is not IETF-compliant and therefore not a supported character
and is known to cause problems. Refer RFC 952 ( for more
This is also documented in Microsoft article Q275033 "Cookies Are Not Saved If the Host Name
Is Invalid", this feature was introduced from IE 5.01 SP1;en-us;275033

1b) If your domain name has two characters, then you may be running into the Microsoft IE 6 bug
"Internet Explorer Does Not Set a Cookie for Two-Letter Domains" described in Microsoft
article Q310676 (;en-us;310676)
For example you use or
The fix for this issue is described in the Microsoft article

If neither of the above situations apply to your site, then proceed with these steps:-

2) Run ADADMIN and compile of all the Menus, using the FORCE option when prompted.

3) Recompile Security
a. Logon as System Administrator
b. Navigate to Request, Run
c. Select the following request:
d. Compile Security
e. Enter "Yes" for everything parameter

4) Retest for the problem

5) Run the SQL below
If this returns a NULL value then set this to be your domain name, with a leading full stop.
For example
You need to commit this update

6) Ensure the Applications Server URL is added to "trusted sites" zone in Microsoft Internet Explorer (Refer to Note 285218.1 for specific instructions if required)

7) Retest for the problem

8) Check the value of the profile option 'Self Service Personal Home Page Mode'
Set this to "Framework Only" if not set to this already.

9) Retest for the problem

10) Set the SESSION_COOKIE_DOMAIN to be the hostname.domain of the middle tier server
For example
You need to commit this update

11) Retest for the problem

12) Set the SESSION_COOKIE_DOMAIN to a null value
For example
You need to commit this update

13) Retest for the problem

If the problem still occurs, you have not run into the problems described in this note. In this case Oracle Support would likely want to know the following information
a) Is this fresh install or upgrade ?
b) If upgraded, what was the previous version ?
c) What menus work/do not work ?
d) In 11.5.10 the function security changed, so it is possible that there was some failure loading seeded data if they system has just been upgraded. Because of this you need to check the upgrade log files for errors, and confirm if there were any noticed errors when running the upgrade, for example: any skipped jobs. Have all post upgrade steps were followed ?

No comments: