DBCA Fails with Error "TNS-04410: Directory Service Authentication Failed" after OUD Java is Upgraded to JDK 8 (Doc ID 3027688.1)

Last updated on JUNE 14, 2024

Applies to:

Symptoms

An empty wallet was configured with the root CA, following the same process previously used for the wallet of an already-registered database. With this wallet, it was possible to successfully bind to OUD (with LDAPbind or and ldapsearch, options -D -w and -W -P) from a 19.20 Oracle database home using the credentials of the OUD admin account that was used for DB registration.

However, when using DBCA (in that same Oracle database home) in an attempt to register a database while providing the same empty wallet the DBCA fails with errors and OUD reports “no cipher suites in common”. The DBCA requires the specification of a wallet and wallet password to write the OUD credentials for the newly registered database but does not read the wallet for the admin authentication to OUD.

The DBCA is run with the below syntax:

The error in the OUD access logs when trying to register a database is:

The error in the OUD access logs when trying to register a database is:

Patch 30193165 is already applied in DB $ORACLE_HOME to allow the Database to connect to OUD using stronger encryption protocols.

Removing the "3DES_EDE_CBC" cipher(s) from the java.properties file jdk.tls.legacyAlgorithms parameter along with "ANON" and "NULL" from the jdk.tls.disabledAlgorithms line fixes the problem however this is not the desired solution. The target is to keep lines in $JDK_HOME/jre/lib/security/java.security and the JDK upgrade changed these settings.

Changes

 JDK upgrade. 

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.