After Applying October 2018 CPU/PSU, Auto-Login Wallet Stops Working For TDE With FIPS Mode Enabled
(Doc ID 2474806.1)
Last updated on SEPTEMBER 21, 2022
Applies to:
Advanced Networking Option - Version 11.2.0.4 to 11.2.0.4 [Release 11.2]Information in this document applies to any platform.
Symptoms
After applying the October 2018 Critical Patch Update to 11.2.0.4, the auto-login wallet (cwallet.sso) stops working, and the database can no longer automatically open the encryption (TDE) wallet. As a result, the database hits "ORA-28365: wallet is not open" errors. Often times, the alert log contains messages such as "kcbztek_get_tbskey: decrypting encrypted key for tablespace 1 without opening the wallet".
The errors stop if the encryption (TDE) wallet is manually opened; however, this does not address the underlying issue with the auto-login wallet.
Rolling back the October 2018 CPU/PSU, or disabling FIPS mode operation, allows the database to once again open the encryption wallet automatically.
Changes
The October 2018 PSU was applied to Oracle Database 11.2.0.4, and Transparent Data Encryption (TDE) was previously implemented.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |