AppWorx, Dollar Universe and Sysload Community

Hi everyone, thank you for the help on this.

We recently moved two of our Banner 12.2 databases from Oracle Linux to our Oracle Exadata appliance.

Both of the Banner agents start successfully, the jdbc@, and ProgramConnect@ logins used by the agents
are working.

I then tested the type ORACLE logins, and did a connection check. I get a AwE-5001 ORA-12650 error,
and related Java snap. I worked with our DBA who told me the ORA-12650 is an encryption error. I found
this article on it. Oracle database 12.2 is recommended to use SHA256 or higher.

https://support.oracle.com/knowledge/Middleware/2396891_1.html

The DBA told me these are the SQLNET parameters they are using. The DBA commented the Exadata has a
higher level of encryption it requires.

SQLNET.ENCRYPTION_SERVER = required

SQLNET.CRYPTO_CHECKSUM_SERVER = required

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)

SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128)

SQLNET.EXPIRE_TIME = 10
SSL_VERSION = 1.2


So then I tried searching the Applications Manager site, and found this great document. I know this
related to the Appman Master, but thought it might pertain to logins. This tells me if we move
a Appman database to the new device, we would most likely hit this issue. The encryption defaults
do not seem compatible with the Exadata requirements.

https://knowledge.broadcom.com/external/article/85049/oracle-error-ora12650-when-starting-mast.html


The current defaults for the two parameters is the following. They are not in the awenv.ini file.

net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56


The document mentions you can fix this by adding the following parameters to the awenv.ini file.
My first thought was will these append too, or replace the existing defaults.

I updated the master, and remote agent awenv.ini file with these parameters.

net.crypto_checksum_types_client=SHA256
net.encryption_types_client=AES256


When I start the master, and remote agent I see how it is using AES 256.
I cleared the logs before startup. I now see the following in the master, and remote agent logs.

net.crypto_checksum_types_client = SHA256
net.encryption_types_client = AES256

It is interesting how I still see a few of the older parameters showing up even after making the changes.
This is making me wonder if the older logins I tested still use it, or need it. But I am not sure.

net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56


I then tried testing the ORACLE type logins for BANFAID, and BANUPGD. I got the same error AwE-5001
with the ORA-12650. The interesting thing is this error AwE-5001 ORA-12650 does not show up in the
host logs. I found the messages on my PC AM_Client\logs\<instance>_client.log file.

As a side note I tested the client side with Oracle Java 1.8.0_231, and OpenJDK 11. Both have the issue.
This is from my AMUPGD_Client.log file.

17:27:50.39 AWT-EventQueue-0: .B$3: javax.swing.JButton:ActionEvent Check
17:27:50.39 AWT-EventQueue-0: .ClientSocketManager: sendRequest isifu601.is.colostate.edu/129.82.127.121:1100
SeqNo 49 Agent 129.82.127.121:1100 Master Client service clientServices sessionID 18 Meth
od checkLoginConnection
[jobprd@banfaid banfaid.infosys.colostate.edu @banfaid ORACLE dbbanfaid.is.colost]
17:27:50.70 CSM:read1-isifu601.is.colostate.edu: .SocketManager$1: got Response 49 18 null java.sql.SQLException: Oracle
Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun 0 49 18 null java.sql.SQLException: Oracle Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun done 0 49 18 null java.sql.SQLException: Oracle Error ORA-
17:27:50.70 AWT-EventQueue-0: .ClientSocketManager: sendRequest: java.sql.SQLException: Oracle Error ORA-12650
17:27:50.86 AWT-EventQueue-0: .ErrorMsg: Error #: AwE-5001
17:27:50.88 AWT-EventQueue-0: .AxOptions: NoErrorMsgProperties=false
ErrorMsg: AwE-5001 Database Query Error (7/2/20, 5:27 PM)
Details: null
java.sql.SQLException: Oracle Error ORA-12650


I thought maybe it would help if I added parameters to the sqlnet.ora file on this system. AMUPGD is
using a 12.2.0 Oracle client. I added these SQLNET client parameters, and recycled AMUPGD. I still get
the same error. I removed the parameters after testing, and recycled.

SQLNET.ENCRYPTION_CLIENT - required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA1)
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256, AES192, AES128)


I am not sure what else to try at this point.

Thank you, I appreciate the help.

Rich

Hi everyone,   Well I have something new to report. We just tried running some jobs to the two databases which get the connection check AwE-5001/ORA-12650 error on the client. From what the Automation team told me the jobs worked, and files were written the the orautl correctly.

This sounds like we have an issue with the GUI  possibly connecting to the databases with the logins.

Thank you

Rich
Original Message:
Sent: 07-06-2020 09:21 AM
From: Richard Blumlein
Subject: ORACLE type login Check AwE-5001 ORA-12650 encrypton error.

Hi everyone, thank you for the help on this.

We recently moved two of our Banner 12.2 databases from Oracle Linux to our Oracle Exadata appliance.

Both of the Banner agents start successfully, the jdbc@, and ProgramConnect@ logins used by the agents
are working.

I then tested the type ORACLE logins, and did a connection check. I get a AwE-5001 ORA-12650 error,
and related Java snap. I worked with our DBA who told me the ORA-12650 is an encryption error. I found
this article on it. Oracle database 12.2 is recommended to use SHA256 or higher.

https://support.oracle.com/knowledge/Middleware/2396891_1.html

The DBA told me these are the SQLNET parameters they are using. The DBA commented the Exadata has a
higher level of encryption it requires.

SQLNET.ENCRYPTION_SERVER = required

SQLNET.CRYPTO_CHECKSUM_SERVER = required

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)

SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128)

SQLNET.EXPIRE_TIME = 10
SSL_VERSION = 1.2


So then I tried searching the Applications Manager site, and found this great document. I know this
related to the Appman Master, but thought it might pertain to logins. This tells me if we move
a Appman database to the new device, we would most likely hit this issue. The encryption defaults
do not seem compatible with the Exadata requirements.

https://knowledge.broadcom.com/external/article/85049/oracle-error-ora12650-when-starting-mast.html


The current defaults for the two parameters is the following. They are not in the awenv.ini file.

net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56


The document mentions you can fix this by adding the following parameters to the awenv.ini file.
My first thought was will these append too, or replace the existing defaults.

I updated the master, and remote agent awenv.ini file with these parameters.

net.crypto_checksum_types_client=SHA256
net.encryption_types_client=AES256


When I start the master, and remote agent I see how it is using AES 256.
I cleared the logs before startup. I now see the following in the master, and remote agent logs.

net.crypto_checksum_types_client = SHA256
net.encryption_types_client = AES256

It is interesting how I still see a few of the older parameters showing up even after making the changes.
This is making me wonder if the older logins I tested still use it, or need it. But I am not sure.

net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56


I then tried testing the ORACLE type logins for BANFAID, and BANUPGD. I got the same error AwE-5001
with the ORA-12650. The interesting thing is this error AwE-5001 ORA-12650 does not show up in the
host logs. I found the messages on my PC AM_Client\logs\<instance>_client.log file.

As a side note I tested the client side with Oracle Java 1.8.0_231, and OpenJDK 11. Both have the issue.
This is from my AMUPGD_Client.log file.

17:27:50.39 AWT-EventQueue-0: .B$3: javax.swing.JButton:ActionEvent Check
17:27:50.39 AWT-EventQueue-0: .ClientSocketManager: sendRequest isifu601.is.colostate.edu/129.82.127.121:1100
SeqNo 49 Agent 129.82.127.121:1100 Master Client service clientServices sessionID 18 Meth
od checkLoginConnection
[jobprd@banfaid banfaid.infosys.colostate.edu @banfaid ORACLE dbbanfaid.is.colost]
17:27:50.70 CSM:read1-isifu601.is.colostate.edu: .SocketManager$1: got Response 49 18 null java.sql.SQLException: Oracle
Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun 0 49 18 null java.sql.SQLException: Oracle Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun done 0 49 18 null java.sql.SQLException: Oracle Error ORA-
17:27:50.70 AWT-EventQueue-0: .ClientSocketManager: sendRequest: java.sql.SQLException: Oracle Error ORA-12650
17:27:50.86 AWT-EventQueue-0: .ErrorMsg: Error #: AwE-5001
17:27:50.88 AWT-EventQueue-0: .AxOptions: NoErrorMsgProperties=false
ErrorMsg: AwE-5001 Database Query Error (7/2/20, 5:27 PM)
Details: null
java.sql.SQLException: Oracle Error ORA-12650


I thought maybe it would help if I added parameters to the sqlnet.ora file on this system. AMUPGD is
using a 12.2.0 Oracle client. I added these SQLNET client parameters, and recycled AMUPGD. I still get
the same error. I removed the parameters after testing, and recycled.

SQLNET.ENCRYPTION_CLIENT - required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA1)
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256, AES192, AES128)


I am not sure what else to try at this point.

Thank you, I appreciate the help.

Rich

Hi everyone, I have new information on this problem. 

I mentioned yesterday how we ran Banner  jobs that used the logins, and they worked successfully. They jobs were able to successfully complete, and 
write the orautl files.  

We noticed the orautl files had the local Mountain time that matched the Appman systems. But the contents of the files, and reports shows the wrong time. 
I connected to the Exadata DB server and saw how it was using UTC time, not Mountain which explains the reason for the time differences. 

Later I found out the Automation team told me sql derived subvars using the Exadata database logins are getting the AwE-5001/ORA-12650 error. 
Jobs that use sql derived subvars and Exadata database logins get the ORA-12650 error. Testing SQL subvars against Exadata database logins get the AwE-5001/ORA-12650 error

I have the two encryption parameters in place on the master, and remote agent and this is not helping. This is making me think maybe it could be related to the Appman system running local mountain time, and the database system running  UTC which is 6 hours ahead. 

Thank you everyone. If anyone has thoughts on this, it would be great.   

Thank you
Rich 





Original Message:
Sent: 07-06-2020 04:53 PM
From: Richard Blumlein
Subject: ORACLE type login Check AwE-5001 ORA-12650 encrypton error.

Hi everyone,   Well I have something new to report. We just tried running some jobs to the two databases which get the connection check AwE-5001/ORA-12650 error on the client. From what the Automation team told me the jobs worked, and files were written the the orautl correctly.

This sounds like we have an issue with the GUI  possibly connecting to the databases with the logins.

Thank you

Rich
Original Message:
Sent: 07-06-2020 09:21 AM
From: Richard Blumlein
Subject: ORACLE type login Check AwE-5001 ORA-12650 encrypton error.

Hi everyone, thank you for the help on this.

We recently moved two of our Banner 12.2 databases from Oracle Linux to our Oracle Exadata appliance.

Both of the Banner agents start successfully, the jdbc@, and ProgramConnect@ logins used by the agents
are working.

I then tested the type ORACLE logins, and did a connection check. I get a AwE-5001 ORA-12650 error,
and related Java snap. I worked with our DBA who told me the ORA-12650 is an encryption error. I found
this article on it. Oracle database 12.2 is recommended to use SHA256 or higher.

https://support.oracle.com/knowledge/Middleware/2396891_1.html

The DBA told me these are the SQLNET parameters they are using. The DBA commented the Exadata has a
higher level of encryption it requires.

SQLNET.ENCRYPTION_SERVER = required

SQLNET.CRYPTO_CHECKSUM_SERVER = required

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)

SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128)

SQLNET.EXPIRE_TIME = 10
SSL_VERSION = 1.2


So then I tried searching the Applications Manager site, and found this great document. I know this
related to the Appman Master, but thought it might pertain to logins. This tells me if we move
a Appman database to the new device, we would most likely hit this issue. The encryption defaults
do not seem compatible with the Exadata requirements.

https://knowledge.broadcom.com/external/article/85049/oracle-error-ora12650-when-starting-mast.html


The current defaults for the two parameters is the following. They are not in the awenv.ini file.

net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56


The document mentions you can fix this by adding the following parameters to the awenv.ini file.
My first thought was will these append too, or replace the existing defaults.

I updated the master, and remote agent awenv.ini file with these parameters.

net.crypto_checksum_types_client=SHA256
net.encryption_types_client=AES256


When I start the master, and remote agent I see how it is using AES 256.
I cleared the logs before startup. I now see the following in the master, and remote agent logs.

net.crypto_checksum_types_client = SHA256
net.encryption_types_client = AES256

It is interesting how I still see a few of the older parameters showing up even after making the changes.
This is making me wonder if the older logins I tested still use it, or need it. But I am not sure.

net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56


I then tried testing the ORACLE type logins for BANFAID, and BANUPGD. I got the same error AwE-5001
with the ORA-12650. The interesting thing is this error AwE-5001 ORA-12650 does not show up in the
host logs. I found the messages on my PC AM_Client\logs\<instance>_client.log file.

As a side note I tested the client side with Oracle Java 1.8.0_231, and OpenJDK 11. Both have the issue.
This is from my AMUPGD_Client.log file.

17:27:50.39 AWT-EventQueue-0: .B$3: javax.swing.JButton:ActionEvent Check
17:27:50.39 AWT-EventQueue-0: .ClientSocketManager: sendRequest isifu601.is.colostate.edu/129.82.127.121:1100
SeqNo 49 Agent 129.82.127.121:1100 Master Client service clientServices sessionID 18 Meth
od checkLoginConnection
[jobprd@banfaid banfaid.infosys.colostate.edu @banfaid ORACLE dbbanfaid.is.colost]
17:27:50.70 CSM:read1-isifu601.is.colostate.edu: .SocketManager$1: got Response 49 18 null java.sql.SQLException: Oracle
Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun 0 49 18 null java.sql.SQLException: Oracle Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun done 0 49 18 null java.sql.SQLException: Oracle Error ORA-
17:27:50.70 AWT-EventQueue-0: .ClientSocketManager: sendRequest: java.sql.SQLException: Oracle Error ORA-12650
17:27:50.86 AWT-EventQueue-0: .ErrorMsg: Error #: AwE-5001
17:27:50.88 AWT-EventQueue-0: .AxOptions: NoErrorMsgProperties=false
ErrorMsg: AwE-5001 Database Query Error (7/2/20, 5:27 PM)
Details: null
java.sql.SQLException: Oracle Error ORA-12650


I thought maybe it would help if I added parameters to the sqlnet.ora file on this system. AMUPGD is
using a 12.2.0 Oracle client. I added these SQLNET client parameters, and recycled AMUPGD. I still get
the same error. I removed the parameters after testing, and recycled.

SQLNET.ENCRYPTION_CLIENT - required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA1)
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256, AES192, AES128)


I am not sure what else to try at this point.

Thank you, I appreciate the help.

Rich

Hi everyone, 

I was able to solve this problem with the ORA-1265. 

I looked at the DBA parameters. 

SQLNET.ENCRYPTION_SERVER = required
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)
SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128)
SQLNET.EXPIRE_TIME = 10
SSL_VERSION = 1.2


I made the two parameters match what the server side was.

This is what the knowledge base article said.

https://knowledge.broadcom.com/external/article/85049/oracle-error-ora12650-when-starting-mast.html

net.encryption_types_client=AES256
net.crypto_checksum_types_client=SHA256


This is what I had to change it too. It had to match the server side. And it did not like (), I had to remove those.
net.crypto_checksum_types_client=SHA1
net.encryption_types_client=AES256,AES192,AES128


The oracle logins now work, and sql derived subvars also work. 

This confused me.

Thank you everyone,

Rich







Original Message:
Sent: 07-07-2020 09:56 AM
From: Richard Blumlein
Subject: ORACLE type login Check AwE-5001 ORA-12650 encrypton error.

Hi everyone, I have new information on this problem.

I mentioned yesterday how we ran Banner  jobs that used the logins, and they worked successfully. They jobs were able to successfully complete, and
write the orautl files.

We noticed the orautl files had the local Mountain time that matched the Appman systems. But the contents of the files, and reports shows the wrong time.
I connected to the Exadata DB server and saw how it was using UTC time, not Mountain which explains the reason for the time differences.

Later I found out the Automation team told me sql derived subvars using the Exadata database logins are getting the AwE-5001/ORA-12650 error.
Jobs that use sql derived subvars and Exadata database logins get the ORA-12650 error. Testing SQL subvars against Exadata database logins get the AwE-5001/ORA-12650 error

I have the two encryption parameters in place on the master, and remote agent and this is not helping. This is making me think maybe it could be related to the Appman system running local mountain time, and the database system running  UTC which is 6 hours ahead.

Thank you everyone. If anyone has thoughts on this, it would be great.

Thank you
Rich





Original Message:
Sent: 07-06-2020 04:53 PM
From: Richard Blumlein
Subject: ORACLE type login Check AwE-5001 ORA-12650 encrypton error.

Hi everyone,   Well I have something new to report. We just tried running some jobs to the two databases which get the connection check AwE-5001/ORA-12650 error on the client. From what the Automation team told me the jobs worked, and files were written the the orautl correctly.

This sounds like we have an issue with the GUI  possibly connecting to the databases with the logins.

Thank you

Rich
Original Message:
Sent: 07-06-2020 09:21 AM
From: Richard Blumlein
Subject: ORACLE type login Check AwE-5001 ORA-12650 encrypton error.

Hi everyone, thank you for the help on this.

We recently moved two of our Banner 12.2 databases from Oracle Linux to our Oracle Exadata appliance.

Both of the Banner agents start successfully, the jdbc@, and ProgramConnect@ logins used by the agents
are working.

I then tested the type ORACLE logins, and did a connection check. I get a AwE-5001 ORA-12650 error,
and related Java snap. I worked with our DBA who told me the ORA-12650 is an encryption error. I found
this article on it. Oracle database 12.2 is recommended to use SHA256 or higher.

https://support.oracle.com/knowledge/Middleware/2396891_1.html

The DBA told me these are the SQLNET parameters they are using. The DBA commented the Exadata has a
higher level of encryption it requires.

SQLNET.ENCRYPTION_SERVER = required

SQLNET.CRYPTO_CHECKSUM_SERVER = required

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)

SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128)

SQLNET.EXPIRE_TIME = 10
SSL_VERSION = 1.2


So then I tried searching the Applications Manager site, and found this great document. I know this
related to the Appman Master, but thought it might pertain to logins. This tells me if we move
a Appman database to the new device, we would most likely hit this issue. The encryption defaults
do not seem compatible with the Exadata requirements.

https://knowledge.broadcom.com/external/article/85049/oracle-error-ora12650-when-starting-mast.html


The current defaults for the two parameters is the following. They are not in the awenv.ini file.

net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56


The document mentions you can fix this by adding the following parameters to the awenv.ini file.
My first thought was will these append too, or replace the existing defaults.

I updated the master, and remote agent awenv.ini file with these parameters.

net.crypto_checksum_types_client=SHA256
net.encryption_types_client=AES256


When I start the master, and remote agent I see how it is using AES 256.
I cleared the logs before startup. I now see the following in the master, and remote agent logs.

net.crypto_checksum_types_client = SHA256
net.encryption_types_client = AES256

It is interesting how I still see a few of the older parameters showing up even after making the changes.
This is making me wonder if the older logins I tested still use it, or need it. But I am not sure.

net.crypto_checksum_types_client=MD5
net.encryption_types_client=DES40C, DES56C, RC4_40, RC4_56


I then tried testing the ORACLE type logins for BANFAID, and BANUPGD. I got the same error AwE-5001
with the ORA-12650. The interesting thing is this error AwE-5001 ORA-12650 does not show up in the
host logs. I found the messages on my PC AM_Client\logs\<instance>_client.log file.

As a side note I tested the client side with Oracle Java 1.8.0_231, and OpenJDK 11. Both have the issue.
This is from my AMUPGD_Client.log file.

17:27:50.39 AWT-EventQueue-0: .B$3: javax.swing.JButton:ActionEvent Check
17:27:50.39 AWT-EventQueue-0: .ClientSocketManager: sendRequest isifu601.is.colostate.edu/129.82.127.121:1100
SeqNo 49 Agent 129.82.127.121:1100 Master Client service clientServices sessionID 18 Meth
od checkLoginConnection
[jobprd@banfaid banfaid.infosys.colostate.edu @banfaid ORACLE dbbanfaid.is.colost]
17:27:50.70 CSM:read1-isifu601.is.colostate.edu: .SocketManager$1: got Response 49 18 null java.sql.SQLException: Oracle
Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun 0 49 18 null java.sql.SQLException: Oracle Error ORA-12650
17:27:50.70 CSM5: .ClientSocketManager$RequestWorker: doRun done 0 49 18 null java.sql.SQLException: Oracle Error ORA-
17:27:50.70 AWT-EventQueue-0: .ClientSocketManager: sendRequest: java.sql.SQLException: Oracle Error ORA-12650
17:27:50.86 AWT-EventQueue-0: .ErrorMsg: Error #: AwE-5001
17:27:50.88 AWT-EventQueue-0: .AxOptions: NoErrorMsgProperties=false
ErrorMsg: AwE-5001 Database Query Error (7/2/20, 5:27 PM)
Details: null
java.sql.SQLException: Oracle Error ORA-12650


I thought maybe it would help if I added parameters to the sqlnet.ora file on this system. AMUPGD is
using a 12.2.0 Oracle client. I added these SQLNET client parameters, and recycled AMUPGD. I still get
the same error. I removed the parameters after testing, and recycled.

SQLNET.ENCRYPTION_CLIENT - required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA1)
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256, AES192, AES128)


I am not sure what else to try at this point.

Thank you, I appreciate the help.

Rich