Skip to content

Wallet_Type Shows “UNKNOWN” for all PDBs After Changing Wallet Password on ExaCC

Manoj Kumar Jun 22, 2023 6:00:00 AM
Wallet_Type Shows “UNKNOWN” for all PDBs After Changing Wallet Password on ExaCC – Eclipsys
2:35

Recently I changed the sys and wallet password of CDB using this nice blog from my friend Kwame Bonsu. 

Modify sys and wallet password on EXACC

After changing the sys and wallet password, when I checked the wallet status for all containers, I found that wallet_type is UNKNOWN for all PDBs.

SQL> set linesize 200
SQL> col wallet_dir for a50
SQL> col status for a21
SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

CON_ID STATUS WALLET_DIR WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
1 OPEN /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/ AUTOLOGIN
2 OPEN AUTOLOGIN
5 OPEN UNKNOWN
6 OPEN UNKNOWN
7 OPEN UNKNOWN

The Wallet type should be AUTOLOGIN for all PDBSs.

CAUSE: This is happening because we used mkstore utility to modify wallet credentials.

Solution: 1. Disable auto-login by renaming the .sso file

[oracle@hostname tde]$ mv cwallet.sso cwallet.sso.bkp

2. Close auto-login keystore

SQL> alter system set wallet close;

System altered.

SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

CON_ID STATUS WALLET_DIR WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
1 CLOSED /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/ UNKNOWN
2 CLOSED UNKNOWN
5 CLOSED UNKNOWN
6 CLOSED UNKNOWN
7 CLOSED UNKNOWN

3. Open Password Protected Wallet

SQL> administer key management set keystore open identified by wallet_password;

keystore altered.

4. Re-enable Autologin Keystore

SQL> administer key management create auto_login keystore from keystore identified by wallet_password;

keystore altered.

5. Close the password-protected wallet. (Since we have recreated the auto-login wallet back, we can close the password-protected keystore to implicitly enable the auto-login wallet.)

SQL> administer key management set keystore close identified by wallet_password;

keystore altered.

6. Now verify if the wallet type is autologin or not

SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

CON_ID STATUS WALLET_DIR WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
1 OPEN /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/ AUTOLOGIN
2 OPEN AUTOLOGIN
5 OPEN AUTOLOGIN
6 OPEN AUTOLOGIN
7 OPEN AUTOLOGIN

And it’s BACK! wallet_type shows AUTOLOGIN for all PDBs now.

Leave a Comment