Hi everyone, thank you for the help on this.
We recently moved two of our Banner 12.2 databases from Oracle Linux to our Oracle Exadata appliance.
Both of the Banner agents start successfully, the jdbc@, and ProgramConnect@ logins used by the agents
are working.
I then tested the type ORACLE logins, and did a connection check. I get a AwE-5001 ORA-12650 error,
and related Java snap. I worked with our DBA who told me the ORA-12650 is an encryption error. I found
this article on it. Oracle database 12.2 is recommended to use SHA256 or higher.
https://support.oracle.com/knowledge/Middleware/2396891_1.htmlThe DBA told me these are the SQLNET parameters they are using. The DBA commented the Exadata has a
higher level of encryption it requires.
SQLNET.ENCRYPTION_SERVER = required
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)
SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128)
SQLNET.EXPIRE_TIME = 10
SSL_VERSION = 1.2
So then I tried searching the Applications Manager site, and found this great document. I know this
related to the Appman Master, but thought it might pertain to logins. This tells me if we move
a Appman database to the new device, we would most likely hit this issue. The encryption defaults
do not seem compatible with the Exadata requirements.
https://knowledge.broadcom.com/external/article/85049/oracle-error-ora12650-when-starting-mast.htmlThe current defaults for the two parameters is the following. They are not in the awenv.ini file.
net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56
The document mentions you can fix this by adding the following parameters to the awenv.ini file.
My first thought was will these append too, or replace the existing defaults.
I updated the master, and remote agent awenv.ini file with these parameters.
net.crypto_checksum_types_client=SHA256
net.encryption_types_client=AES256
When I start the master, and remote agent I see how it is using AES 256.
I cleared the logs before startup. I now see the following in the master, and remote agent logs.
net.crypto_checksum_types_client = SHA256
net.encryption_types_client = AES256
It is interesting how I still see a few of the older parameters showing up even after making the changes.
This is making me wonder if the older logins I tested still use it, or need it. But I am not sure.
net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56
I then tried testing the ORACLE type logins for BANFAID, and BANUPGD. I got the same error AwE-5001
with the ORA-12650. The interesting thing is this error AwE-5001 ORA-12650 does not show up in the
host logs. I found the messages on my PC AM_Client\logs\<instance>_client.log file.
As a side note I tested the client side with Oracle Java 1.8.0_231, and OpenJDK 11. Both have the issue.
This is from my AMUPGD_Client.log file.
17:27:50.39 AWT-EventQueue-0: .B$3: javax.swing.JButton:ActionEvent Check
17:27:50.39 AWT-EventQueue-0: .ClientSocketManager: sendRequest isifu601.is.colostate.edu/129.82.127.121:1100
SeqNo 49 Agent 129.82.127.121:1100 Master Client service clientServices sessionID 18 Meth
od checkLoginConnection
[jobprd@banfaid banfaid.infosys.colostate.edu @banfaid ORACLE dbbanfaid.is.colost]
17:27:50.70 CSM:read1-isifu601.is.colostate.edu: .SocketManager$1: got Response 49 18 null java.sql.SQLException: Oracle
Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun 0 49 18 null java.sql.SQLException: Oracle Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun done 0 49 18 null java.sql.SQLException: Oracle Error ORA-
17:27:50.70 AWT-EventQueue-0: .ClientSocketManager: sendRequest: java.sql.SQLException: Oracle Error ORA-12650
17:27:50.86 AWT-EventQueue-0: .ErrorMsg: Error #: AwE-5001
17:27:50.88 AWT-EventQueue-0: .AxOptions: NoErrorMsgProperties=false
ErrorMsg: AwE-5001 Database Query Error (7/2/20, 5:27 PM)
Details: null
java.sql.SQLException: Oracle Error ORA-12650
I thought maybe it would help if I added parameters to the sqlnet.ora file on this system. AMUPGD is
using a 12.2.0 Oracle client. I added these SQLNET client parameters, and recycled AMUPGD. I still get
the same error. I removed the parameters after testing, and recycled.
SQLNET.ENCRYPTION_CLIENT - required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA1)
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256, AES192, AES128)
I am not sure what else to try at this point.
Thank you, I appreciate the help.
Rich