Home -> Mailing Lists -> Oracle-L -> Re: Cloud Control Issue

Re: Cloud Control Issue

From: <niall.litchfield_at_gmail.com>
Date: Mon, 31 Oct 2022 16:35:28 +0000
Message-ID: <CABe10sa7Z1n79qH_desNFG0pTk3oskJU7ppQez2hg8O8wAaGaQ_at_mail.gmail.com> 








I'm pretty sure that the strongest checksum-type *OEM *supports is SHA256,
hence my suggestion to check with support, and a pointer at the notes that
describe allowable options.



On Mon, Oct 31, 2022 at 4:21 PM Ilmar Kerm <ilmar.kerm_at_gmail.com> wrote:



> I think SHA512 was added in 12.2 (including the driver).


> Try adding some older checksum algorithms also, so connection would work

> with older driver also:

> SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA512, SHA256, SHA1)


>

> On Mon, Oct 31, 2022 at 4:38 PM Scott Canaan <srcdco_at_rit.edu> wrote:

>

>> All of the databases are on Oracle 12.1 or later, most are 19c.

>>

>>

>>

>> I did get it to work by setting the values in the oms config file,

>> bouncing the oms, and changing the crypto_checksum_client/server from

>> REQUIRED to ACCEPTED.  I don’t know why I had to do that last part, but the

>> JDBC would not connect with it set to REQUIRED.  The oms came up and it

>> does connect to all of the databases now.

>>

>>

>>

>> At this point, I’m just going to leave it that way.  The first thing

>> Oracle support said to do was to back out the sqlnet.ora changes.  I didn’t

>> want to do that, so this is the compromise.

>>

>>

>>

>> *Scott Canaan ‘88*

>>

>> *Sr Database Administrator *Information & Technology Services

>> Finance & Administration

>>

>>

>> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520

>>

>> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659

>>

>> *CONFIDENTIALITY NOTE*: The information transmitted, including

>> attachments, is intended only for the person(s) or entity to which it is

>> addressed and may contain confidential and/or privileged material. Any

>> review, retransmission, dissemination or other use of, or taking of any

>> action in reliance upon this information by persons or entities other than

>> the intended recipient is prohibited. If you received this in error, please

>> contact the sender and destroy any copies of this information.

>>

>>

>>

>> *From:* niall.litchfield_at_gmail.com <niall.litchfield_at_gmail.com>

>> *Sent:* Monday, October 31, 2022 11:34 AM

>> *To:* Scott Canaan <srcdco_at_rit.edu>

>> *Cc:* oracle-l_at_freelists.org

>> *Subject:* Re: Cloud Control Issue

>>

>>

>>

>> Hi Scott

>>

>> I think you'll need to follow both

>> https://support.oracle.com/epmos/faces/DocumentDisplay?id=2376633.1 for

>> the repository and

>> https://support.oracle.com/epmos/faces/DocumentDisplay?id=2782968.1 for

>> the targets. I'd also check that SHA512 is supported.

>>

>>

>>

>> On Mon, Oct 31, 2022 at 1:56 PM Scott Canaan <srcdco_at_rit.edu> wrote:

>>

>> In trying to follow the request from Oracle support to reproduce the

>> error with tracing turned on, I discovered that the oms won’t even start.

>> The log shows:

>>

>>

>>

>> java.sql.SQLException: Oracle Error ORA-12650

>>

>>         at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:855)

>>

>>         at

>> oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:924)

>>

>>         at

>> oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:58)

>>

>>         at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:760)

>>

>>         at

>> oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:435)

>>

>>         at

>> oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:306)

>>

>>         at

>> oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:221)

>>

>>         at

>> oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:149)

>>

>>         at

>> oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:92)

>>

>>         at

>> oracle.jdbc.pool.OracleImplicitConnectionCache.makeCacheConnection(OracleImplicitConnectionCache.java:1745)

>>

>>         at

>> oracle.jdbc.pool.OracleImplicitConnectionCache.makeOneConnection(OracleImplicitConnectionCache.java:628)

>>

>>         at

>> oracle.jdbc.pool.OracleImplicitConnectionCache.getCacheConnection(OracleImplicitConnectionCache.java:577)

>>

>>         at

>> oracle.jdbc.pool.OracleImplicitConnectionCache.getConnection(OracleImplicitConnectionCache.java:454)

>>

>>         at

>> oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:542)

>>

>>         at

>> oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:510)

>>

>>         at

>> oracle.sysman.emSDK.core.util.jdbc.ConnectionCache._getConnection(ConnectionCache.java:433)

>>

>>         at

>> oracle.sysman.emSDK.core.util.jdbc.ConnectionCache._getConnection(ConnectionCache.java:394)

>>

>>         at

>> oracle.sysman.emSDK.core.util.jdbc.ConnectionCache.getUnwrappedConnection(ConnectionCache.java:814)

>>

>>         at

>> oracle.sysman.emSDK.svc.conn.FGAConnectionCache.getFGAConnection(FGAConnectionCache.java:212)

>>

>>         at

>> oracle.sysman.emSDK.svc.conn.ConnectionService.getPrivateConnection(ConnectionService.java:1279)

>>

>>         at

>> oracle.sysman.emSDK.svc.conn.ConnectionService.getPrivateConnection(ConnectionService.java:1294)

>>

>>         at

>> oracle.sysman.core.pbs.gcloader.PostloadJobExecutor.doWork(PostloadJobExecutor.java:327)

>>

>>         at

>> oracle.sysman.core.pbs.gcloader.PostloadJobExecutor.executeCommand(PostloadJobExecutor.java:177)

>>

>>         at

>> oracle.sysman.core.pbs.gcloader.LoaderjobWorker.doWork(LoaderjobWorker.java:285)

>>

>>         at oracle.sysman.core.common.workmanager.Work.call(Work.java:274)

>>

>>         at oracle.sysman.core.common.workmanager.Work.call(Work.java:50)

>>

>>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)

>>

>>         at

>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

>>

>>         at

>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

>>

>>         at java.lang.Thread.run(Thread.java:748)

>>

>>

>>

>> There are many of these.  I’m guessing there’s a configuration file

>> somewhere that needs to be adjusted to accommodate the new sqlnet.ora

>> settings, but I have no idea where it is.

>>

>>

>>

>>

>> *Scott Canaan ‘88 *

>> *Sr Database Administrator *Information & Technology Services

>> Finance & Administration

>>

>>

>> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520

>>

>> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659

>>

>> *CONFIDENTIALITY NOTE*: The information transmitted, including

>> attachments, is intended only for the person(s) or entity to which it is

>> addressed and may contain confidential and/or privileged material. Any

>> review, retransmission, dissemination or other use of, or taking of any

>> action in reliance upon this information by persons or entities other than

>> the intended recipient is prohibited. If you received this in error, please

>> contact the sender and destroy any copies of this information.

>>

>>

>>

>> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On

>> Behalf Of *Scott Canaan

>> *Sent:* Monday, October 31, 2022 9:26 AM

>> *To:* 'oracle-l_at_freelists.org' <oracle-l_at_freelists.org>

>> *Subject:* Cloud Control Issue

>>

>>

>>

>> On Saturday, we updated all the sqlnet.ora files on all the database

>> servers to be more secure.  The changes were to make both encryption and

>> the crypto-checksum required and to set the crypto-checksum value to SHA512

>> only.  This was also done on  the cloud control server.  Now, cloud control

>> can’t connect to any database.  It gets an ORA-12650: No common encryption

>> or data integrity algorithm.

>>

>>

>>

>> We are on cloud control 13.5 on Red Hat 8 and it is patched through

>> August, 2022.  I found an old metalink document about a bug, 28527508, but

>> when I try to apply it, I get an error saying that we aren’t at the correct

>> version.  I expect it’s too old as it is from 2018.

>>

>>

>>

>> Any ideas on how to fix this?  I’m trying to open an SR, but they want a

>> ton of logs and files and I don’t really have the time to go back and forth

>> with them.

>>

>>

>>

>>

>> *Scott Canaan ‘88 *

>> *Sr Database Administrator *Information & Technology Services

>> Finance & Administration

>>

>>

>> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520

>>

>> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659

>>

>> *CONFIDENTIALITY NOTE*: The information transmitted, including

>> attachments, is intended only for the person(s) or entity to which it is

>> addressed and may contain confidential and/or privileged material. Any

>> review, retransmission, dissemination or other use of, or taking of any

>> action in reliance upon this information by persons or entities other than

>> the intended recipient is prohibited. If you received this in error, please

>> contact the sender and destroy any copies of this information.

>>

>>

>>

>>

>>

>>

>> --

>>

>> Niall Litchfield

>> Oracle DBA

>> http://www.orawin.info

>>

>

>

> --

> Ilmar Kerm

>




-- 
Niall Litchfield
Oracle DBA
http://www.orawin.info

--
http://www.freelists.org/webpage/oracle-l


Received on Mon Oct 31 2022 - 17:35:28 CET












Original text of this message