I'm pretty sure that the strongest checksum-type *OEM *supports is SHA256,
hence my suggestion to check with support, and a pointer at the notes that
describe allowable options.
On Mon, Oct 31, 2022 at 4:21 PM Ilmar Kerm <ilmar.kerm@xxxxxxxxx> wrote:
I think SHA512 was added in 12.2 (including the driver).
Try adding some older checksum algorithms also, so connection would work
with older driver also:
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA512, SHA256, SHA1)
On Mon, Oct 31, 2022 at 4:38 PM Scott Canaan <srcdco@xxxxxxx> wrote:
All of the databases are on Oracle 12.1 or later, most are 19c.
I did get it to work by setting the values in the oms config file,
bouncing the oms, and changing the crypto_checksum_client/server from
REQUIRED to ACCEPTED. I don’t know why I had to do that last part, but the
JDBC would not connect with it set to REQUIRED. The oms came up and it
does connect to all of the databases now.
At this point, I’m just going to leave it that way. The first thing
Oracle support said to do was to back out the sqlnet.ora changes. I didn’t
want to do that, so this is the compromise.
*Scott Canaan ‘88*
*Sr Database Administrator *Information & Technology Services
Finance & Administration
*Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
*srcdco@xxxxxxx <srcdco@xxxxxxx>* | c: (585) 339-8659
*CONFIDENTIALITY NOTE*: The information transmitted, including
attachments, is intended only for the person(s) or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and destroy any copies of this information.
*From:* niall.litchfield@xxxxxxxxx <niall.litchfield@xxxxxxxxx>
*Sent:* Monday, October 31, 2022 11:34 AM
*To:* Scott Canaan <srcdco@xxxxxxx>
*Cc:* oracle-l@xxxxxxxxxxxxx
*Subject:* Re: Cloud Control Issue
Hi Scott
I think you'll need to follow both
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2376633.1 for
the repository and
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2782968.1 for
the targets. I'd also check that SHA512 is supported.
On Mon, Oct 31, 2022 at 1:56 PM Scott Canaan <srcdco@xxxxxxx> wrote:
In trying to follow the request from Oracle support to reproduce the
error with tracing turned on, I discovered that the oms won’t even start.
The log shows:
java.sql.SQLException: Oracle Error ORA-12650
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:855)
at
oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:924)
at
oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:58)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:760)
at
oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:435)
at
oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:306)
at
oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:221)
at
oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:149)
at
oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:92)
at
oracle.jdbc.pool.OracleImplicitConnectionCache.makeCacheConnection(OracleImplicitConnectionCache.java:1745)
at
oracle.jdbc.pool.OracleImplicitConnectionCache.makeOneConnection(OracleImplicitConnectionCache.java:628)
at
oracle.jdbc.pool.OracleImplicitConnectionCache.getCacheConnection(OracleImplicitConnectionCache.java:577)
at
oracle.jdbc.pool.OracleImplicitConnectionCache.getConnection(OracleImplicitConnectionCache.java:454)
at
oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:542)
at
oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:510)
at
oracle.sysman.emSDK.core.util.jdbc.ConnectionCache._getConnection(ConnectionCache.java:433)
at
oracle.sysman.emSDK.core.util.jdbc.ConnectionCache._getConnection(ConnectionCache.java:394)
at
oracle.sysman.emSDK.core.util.jdbc.ConnectionCache.getUnwrappedConnection(ConnectionCache.java:814)
at
oracle.sysman.emSDK.svc.conn.FGAConnectionCache.getFGAConnection(FGAConnectionCache.java:212)
at
oracle.sysman.emSDK.svc.conn.ConnectionService.getPrivateConnection(ConnectionService.java:1279)
at
oracle.sysman.emSDK.svc.conn.ConnectionService.getPrivateConnection(ConnectionService.java:1294)
at
oracle.sysman.core.pbs.gcloader.PostloadJobExecutor.doWork(PostloadJobExecutor.java:327)
at
oracle.sysman.core.pbs.gcloader.PostloadJobExecutor.executeCommand(PostloadJobExecutor.java:177)
at
oracle.sysman.core.pbs.gcloader.LoaderjobWorker.doWork(LoaderjobWorker.java:285)
at oracle.sysman.core.common.workmanager.Work.call(Work.java:274)
at oracle.sysman.core.common.workmanager.Work.call(Work.java:50)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
There are many of these. I’m guessing there’s a configuration file
somewhere that needs to be adjusted to accommodate the new sqlnet.ora
settings, but I have no idea where it is.
*Scott Canaan ‘88 *
*Sr Database Administrator *Information & Technology Services
Finance & Administration
*Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
*srcdco@xxxxxxx <srcdco@xxxxxxx>* | c: (585) 339-8659
*CONFIDENTIALITY NOTE*: The information transmitted, including
attachments, is intended only for the person(s) or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and destroy any copies of this information.
*From:* oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> *On
Behalf Of *Scott Canaan
*Sent:* Monday, October 31, 2022 9:26 AM
*To:* 'oracle-l@xxxxxxxxxxxxx' <oracle-l@xxxxxxxxxxxxx>
*Subject:* Cloud Control Issue
On Saturday, we updated all the sqlnet.ora files on all the database
servers to be more secure. The changes were to make both encryption and
the crypto-checksum required and to set the crypto-checksum value to SHA512
only. This was also done on the cloud control server. Now, cloud control
can’t connect to any database. It gets an ORA-12650: No common encryption
or data integrity algorithm.
We are on cloud control 13.5 on Red Hat 8 and it is patched through
August, 2022. I found an old metalink document about a bug, 28527508, but
when I try to apply it, I get an error saying that we aren’t at the correct
version. I expect it’s too old as it is from 2018.
Any ideas on how to fix this? I’m trying to open an SR, but they want a
ton of logs and files and I don’t really have the time to go back and forth
with them.
*Scott Canaan ‘88 *
*Sr Database Administrator *Information & Technology Services
Finance & Administration
*Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
*srcdco@xxxxxxx <srcdco@xxxxxxx>* | c: (585) 339-8659
*CONFIDENTIALITY NOTE*: The information transmitted, including
attachments, is intended only for the person(s) or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and destroy any copies of this information.
--
Niall Litchfield
Oracle DBA
http://www.orawin.info
--
Ilmar Kerm
