Re: Cloud Control Issue

I think SHA512 was added in 12.2 (including the driver). Try adding some older checksum algorithms also, so connection would work with older driver also:
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA512, SHA256, SHA1) On Mon, Oct 31, 2022 at 4:38 PM Scott Canaan <srcdco_at_rit.edu> wrote:

> All of the databases are on Oracle 12.1 or later, most are 19c.
>
>
>
> I did get it to work by setting the values in the oms config file,
> bouncing the oms, and changing the crypto_checksum_client/server from
> REQUIRED to ACCEPTED. I don’t know why I had to do that last part, but the
> JDBC would not connect with it set to REQUIRED. The oms came up and it
> does connect to all of the databases now.
>
>
>
> At this point, I’m just going to leave it that way. The first thing
> Oracle support said to do was to back out the sqlnet.ora changes. I didn’t
> want to do that, so this is the compromise.
>
>
>
> *Scott Canaan ‘88*
>
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>
> *From:* niall.litchfield_at_gmail.com <niall.litchfield_at_gmail.com>
> *Sent:* Monday, October 31, 2022 11:34 AM
> *To:* Scott Canaan <srcdco_at_rit.edu>
> *Cc:* oracle-l_at_freelists.org
> *Subject:* Re: Cloud Control Issue
>
>
>
> Hi Scott
>
> I think you'll need to follow both
> https://support.oracle.com/epmos/faces/DocumentDisplay?id=2376633.1 for
> the repository and
> https://support.oracle.com/epmos/faces/DocumentDisplay?id=2782968.1 for
> the targets. I'd also check that SHA512 is supported.
>
>
>
> On Mon, Oct 31, 2022 at 1:56 PM Scott Canaan <srcdco_at_rit.edu> wrote:
>
> In trying to follow the request from Oracle support to reproduce the error
> with tracing turned on, I discovered that the oms won’t even start. The
> log shows:
>
>
>
> java.sql.SQLException: Oracle Error ORA-12650
>
> at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:855)
>
> at
> oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:924)
>
> at
> oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:58)
>
> at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:760)
>
> at
> oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:435)
>
> at
> oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:306)
>
> at
> oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:221)
>
> at
> oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:149)
>
> at
> oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:92)
>
> at
> oracle.jdbc.pool.OracleImplicitConnectionCache.makeCacheConnection(OracleImplicitConnectionCache.java:1745)
>
> at
> oracle.jdbc.pool.OracleImplicitConnectionCache.makeOneConnection(OracleImplicitConnectionCache.java:628)
>
> at
> oracle.jdbc.pool.OracleImplicitConnectionCache.getCacheConnection(OracleImplicitConnectionCache.java:577)
>
> at
> oracle.jdbc.pool.OracleImplicitConnectionCache.getConnection(OracleImplicitConnectionCache.java:454)
>
> at
> oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:542)
>
> at
> oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:510)
>
> at
> oracle.sysman.emSDK.core.util.jdbc.ConnectionCache._getConnection(ConnectionCache.java:433)
>
> at
> oracle.sysman.emSDK.core.util.jdbc.ConnectionCache._getConnection(ConnectionCache.java:394)
>
> at
> oracle.sysman.emSDK.core.util.jdbc.ConnectionCache.getUnwrappedConnection(ConnectionCache.java:814)
>
> at
> oracle.sysman.emSDK.svc.conn.FGAConnectionCache.getFGAConnection(FGAConnectionCache.java:212)
>
> at
> oracle.sysman.emSDK.svc.conn.ConnectionService.getPrivateConnection(ConnectionService.java:1279)
>
> at
> oracle.sysman.emSDK.svc.conn.ConnectionService.getPrivateConnection(ConnectionService.java:1294)
>
> at
> oracle.sysman.core.pbs.gcloader.PostloadJobExecutor.doWork(PostloadJobExecutor.java:327)
>
> at
> oracle.sysman.core.pbs.gcloader.PostloadJobExecutor.executeCommand(PostloadJobExecutor.java:177)
>
> at
> oracle.sysman.core.pbs.gcloader.LoaderjobWorker.doWork(LoaderjobWorker.java:285)
>
> at oracle.sysman.core.common.workmanager.Work.call(Work.java:274)
>
> at oracle.sysman.core.common.workmanager.Work.call(Work.java:50)
>
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>
> at java.lang.Thread.run(Thread.java:748)
>
>
>
> There are many of these. I’m guessing there’s a configuration file
> somewhere that needs to be adjusted to accommodate the new sqlnet.ora
> settings, but I have no idea where it is.
>
>
>
>
> *Scott Canaan ‘88 *
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>
> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
> Behalf Of *Scott Canaan
> *Sent:* Monday, October 31, 2022 9:26 AM
> *To:* 'oracle-l_at_freelists.org' <oracle-l_at_freelists.org>
> *Subject:* Cloud Control Issue
>
>
>
> On Saturday, we updated all the sqlnet.ora files on all the database
> servers to be more secure. The changes were to make both encryption and
> the crypto-checksum required and to set the crypto-checksum value to SHA512
> only. This was also done on the cloud control server. Now, cloud control
> can’t connect to any database. It gets an ORA-12650: No common encryption
> or data integrity algorithm.
>
>
>
> We are on cloud control 13.5 on Red Hat 8 and it is patched through
> August, 2022. I found an old metalink document about a bug, 28527508, but
> when I try to apply it, I get an error saying that we aren’t at the correct
> version. I expect it’s too old as it is from 2018.
>
>
>
> Any ideas on how to fix this? I’m trying to open an SR, but they want a
> ton of logs and files and I don’t really have the time to go back and forth
> with them.
>
>
>
>
> *Scott Canaan ‘88 *
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>
>
>
>
> --
>
> Niall Litchfield
> Oracle DBA
> http://www.orawin.info
>

-- 
Ilmar Kerm

--
http://www.freelists.org/webpage/oracle-l