Wallet_type shows "UNKNOWN" for all PDBs after changing wallet password on ExaCC

Recently I changed the sys and wallet password of CDB using this nice blog from my friend Kwame. 


After changing sys and wallet password, when I checked wallet status for all containers, I found wallet_type is UNKNOWN for all PDB's. 

SQL> set linesize 200
SQL> col wallet_dir for a50
SQL> col status for a21
SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

    CON_ID STATUS                WALLET_DIR                                         WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
         1 OPEN                  /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/   AUTOLOGIN
         2 OPEN                                                                     AUTOLOGIN
         5 OPEN                                                                     UNKNOWN
         6 OPEN                                                                     UNKNOWN
         7 OPEN                                                                     UNKNOWN
The Wallet type should be AUTOLOGIN for all PDBS's.

CAUSE: This is happening because we used mkstore utility to modify wallet credentials.

Solution: 1. Disable auto-login by renaming the .sso file 

[oracle@hostname tde]$ mv cwallet.sso cwallet.sso.bkp
2. Close auto-login keystore 

SQL> alter system set wallet close;

System altered.

SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

    CON_ID STATUS                WALLET_DIR                                         WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
         1 CLOSED                /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/   UNKNOWN
         2 CLOSED                                                                   UNKNOWN
         5 CLOSED                                                                   UNKNOWN
         6 CLOSED                                                                   UNKNOWN
         7 CLOSED                                                                   UNKNOWN
3. Open password protected wallet 

SQL> administer key management set keystore open identified by wallet_password;

keystore altered.
4. Re-enable autologin keystore 

SQL> administer key management create auto_login keystore from keystore identified by wallet_password;

keystore altered.
5. Close password protected wallet. (Since we have recreated auto-login wallet back, we can close password-protected keystore to implicitly enable auto-login wallet.) 

SQL> administer key management set keystore close identified by wallet_password;

keystore altered.
6. Now Verify if wallet type is autologin or not 

SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

    CON_ID STATUS                WALLET_DIR                                         WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
         1 OPEN                  /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/   AUTOLOGIN
         2 OPEN                                                                     AUTOLOGIN
         5 OPEN                                                                     AUTOLOGIN
         6 OPEN                                                                     AUTOLOGIN
         7 OPEN                                                                     AUTOLOGIN
And it's BACK! wallet_type shows AUTOLOGIN for all PDB's now.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How To Disable Automatic Database Backups Using DBAASCLI on ExaCC

  In this blog post I will show you how to disable Automatic database backups on ExaCC using dbaascli.