Re: TDE Wallet Management Question
Date: Fri, 10 Oct 2014 14:49:33 +0000
Message-ID: <2009070051.6614640.1412952572478.JavaMail.root_at_comcast.net>
I have been using TDE with >30 character pass phrases for the last 3 years.
I normally copy both the wallet and the auto-pen wallet from a single node instead of generating the autoopen wallet on each node. Also check your environment variables, your variable setting in sqlnet.ora and your environemnt variable setting in grid for the wallet.
- Original Message -----
From: "Stephan Uzzell" <SUzzell_at_MICROS.COM> To: "james.clarence.allen_at_census.gov" <james.clarence.allen_at_census.gov>, Oracle-L_at_freelists.org Cc: "Stephan Uzzell" <SUzzell_at_MICROS.COM> Sent: Friday, October 10, 2014 7:29:08 AM Subject: RE: TDE Wallet Management Question
Hi Jim,
You may want to take a look at MOS Doc 1294017.1 – it suggests you get behavior like this if and when you have a long/complex wallet password. I know that we fought the same thing until we backed our wallet password down to something simpler.
GL,
stephan
Stephan Uzzell | Database Administrator | HGBU Cloud Operations
Mobile: +1 443.864.1725
Oracle Hospitality
Swarthmore, PA | US
Oracle is committed to developing practices and products that help protect the environment
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of james.clarence.allen_at_census.gov
Sent: Friday, 10 October, 2014 10:21
To: Oracle-L_at_freelists.org
Subject: TDE Wallet Management Question
I am just beginning to use TDE (mandated by OIS) in a 2 server RAC environment.
I created the master key wallet for my database and created auto-logon wallet.
I copied the wallet to the second server and created an auto-logon wallet.
In instance #1 (where I created the wallet) I get:
SQL> seleinst_id,status from gv$encrypted_wallet;
INST_ID STATUS
- ------------------
1 OPEN 2 CLOSE I go over and manually open the wallet on instance #2 and check:
SQL> seleinst_id,status from gv$encrypted_wallet;
INST_ID STATUS
- ------------------
1 CLOSE 2 OPEN Problem
I couldn't get the wallet to open on both servers. When I opened the wallet
on one server it closed on the other.
Solution
My solution was to bounce the instance and let the auto-logon open the wallet.
After I stopped/started the databasesrvctl I got:
INST_ID STATUS
- ------------------
1 OPEN 2 OPEN Question
- Is this the way it is suppose to work?
- Do I have to bounce the instance each time to get the wallet
to open without closing it on the other instance?
I know, I know... The answer is 42 :-)
Sincerely,
Jim Allen
Database Support Lead, MASSDB Staff
Tel: 1-301-763-7501
Cell: 1-202-604-7286
Database Help Desk: X34944
Support Email: James.Clarence.Allen_at_census.gov
Internal Website: http://epd.econ.census.gov/offices/massdb/
--
http://www.freelists.org/webpage/oracle-l
Received on Fri Oct 10 2014 - 16:49:33 CEST