“TDE Keystore Password is Not Valid” When Cloning a PDB After Changing Wallet Password on EXACC
Manoj Kumar
Jun 14, 2023 10:00:00 AM
Recently I changed the sys and wallet password of CDB using this nice blog from my friend Kwame Bonsu.
Modify sys and wallet password on EXACC
But the difference this time is, that I have one existing PDB (Pluggable Database) inside this CDB, it’s not the empty shell CDB for which the above blog tested.
I tried the above blog and the password change worked and everything looks great, but when we tested to clone the existing PDB using local_clone, we received an error…
[oracle@test admin]$ dbaascli pdb local_clone --pdbname PDB_SEED_DM --target_pdbname DMTC --dbname CDBDB1
DBAAS CLI version 23.1.2.0.0
Executing command pdb local_clone --pdbname PDB_SEED_DM --target_pdbname DMTC --dbname CDBDB1
Job id: 668921cd-2762-4869-bafc-7e52c3aa91f3
Session log: /var/opt/oracle/log/CDBDB1/pdb/localClone/dbaastools_2023-06-01_04-37-56-PM_123807.log
Loading PILOT...
Session ID of the current execution is: 3446
Log file location: /var/opt/oracle/log/CDBDB1/pdb/localClone/pilot_2023-06-01_04-38-00-PM_125221
-----------------
Running Plugin_initialization job
Completed Plugin_initialization job
-----------------
Running Validate_input_params job
Completed Validate_input_params job
-----------------
Running Perform_dbca_prechecks job
Execution of Perform_dbca_prechecks failed
[FATAL] [DBAAS-60071] Operation has failed with following error message:
[FATAL] [DBT-16031] TDE keystore password is not valid
CAUSE: Unable to open the wallet using the provided TDE keystore credentials.
ACTION: Specify the correct TDE keystore credentials..
SUMMARY:
- [DBAAS-60022] Command '/var/opt/oracle/dbaastools/dbaasca/bin/dbca -silent -oui_internal -createPluggableDatabase -sourceDB CDBDB1_MCTN -pdbName DMTC -pdbAdminUserName ADMIN -createPDBFrom PDB -sourcePDB PDB_SEED_DM -skipPasswordComplexityCheck ***** -checkOnly -jreLoc /usr/java/jdk1.8.0_361-amd64/jre ' has failed on nodes [localnode].
*** Executing jobs which need to be run always... ***
******** PLUGIN EXECUTION FAILED ********
But when I checked the wallet password, everything looked fine to me.
Somehow existing PDB is not synchronized with the changed wallet password, so how to synchronize this PDB with the changed wallet password?
There is no command to do that, so what I tried is the below command…
NOTE: make sure you use the same changed wallet password in the old and new password ( we are not changing passwords here)
[oracle@test ~]$ dbaascli tde changePassword --pdbname PDB_SEED_DM --dbname CDBDB1
DBAAS CLI version 23.1.2.0.0
Executing command tde changePassword --pdbname PDB_SEED_DM --dbname CDBDB1
Job id: 31335ee2-01dc-4a86-872a-3e1a92248461
Session log: /var/opt/oracle/log/CDBDB1/tde/changePassword/dbaastools_2023-06-01_06-02-27-PM_349483.log
Enter Old keystore password:
Enter New keystore password:
Enter New keystore password (reconfirmation):
Loading PILOT...
Enter Old keystore password ******************
Enter Old keystore password (reconfirmation): *******************
Enter New keystore password ****************
Enter New keystore password (reconfirmation): *********************
Session ID of the current execution is: 3451
Log file location: /var/opt/oracle/log/CDBDB1/tde/changePassword/pilot_2023-06-01_06-02-39-PM_352160
-----------------
Running Plugin_initialization job
Completed Plugin_initialization job
-----------------
Running TDE_change_password_prechecks job
Completed TDE_change_password_prechecks job
-----------------
Running Extract_blob_in_standby job
Skipping. Job is detected as not applicable.
-----------------
Running Copy_blob_contents_in_standby job
Skipping. Job is detected as not applicable.
-----------------
Running TDE_change_password job
Completed TDE_change_password job
-----------------
Running Change_hsm_password job
Skipping. Job is detected as not applicable.
-----------------
Running Regenerate_auto_login_wallet job
Skipping. Job is detected as not applicable.
-----------------
Running Update_db_wallet job
Completed Update_db_wallet job
-----------------
Running Prepare_blob_for_standby_in_primary job
Skipping. Job is detected as not applicable.
dbaascli execution completed
[oracle@test ~]$
After this, I tried the PDB clone again and it worked!
[oracle@test ~]$ dbaascli pdb local_clone --pdbname PDB_SEED_DM --target_pdbname DMTC --dbname CDBDB1
DBAAS CLI version 23.1.2.0.0
Executing command pdb local_clone --pdbname PDB_SEED_DM --target_pdbname DMTC --dbname CDBDB1
Job id: 76735c65-f5dc-4b9f-b46d-e82ce3ff72b0
Session log: /var/opt/oracle/log/CDBDB1/pdb/localClone/dbaastools_2023-06-01_06-04-01-PM_29543.log
Loading PILOT...
Session ID of the current execution is: 3452
Log file location: /var/opt/oracle/log/CDBDB1/pdb/localClone/pilot_2023-06-01_06-04-06-PM_31288
-----------------
Running Plugin_initialization job
Completed Plugin_initialization job
-----------------
Running Validate_input_params job
Completed Validate_input_params job
-----------------
Running Perform_dbca_prechecks job
Completed Perform_dbca_prechecks job
-----------------
Running PDB_creation job
Completed PDB_creation job
-----------------
Running Load_pdb_details job
Completed Load_pdb_details job
-----------------
Running Configure_pdb_service job
Completed Configure_pdb_service job
-----------------
Running Configure_tnsnames_ora job
Completed Configure_tnsnames_ora job
-----------------
Running Set_pdb_admin_user_profile job
Completed Set_pdb_admin_user_profile job
-----------------
Running Lock_pdb_admin_user job
Completed Lock_pdb_admin_user job
-----------------
Running Register_ocids job
Skipping. Job is detected as not applicable.
-----------------
Running Prepare_blob_for_standby_in_primary job
Skipping. Job is detected as not applicable.
-----------------
Running Generate_dbsystem_details job
Completed Generate_dbsystem_details job
dbaascli execution completed
[oracle@test ~]$