RMAN Duplicate Failing with Transparent Data Encryption

On By taliphakanozturkIn ORA-Errors, RMAN Backup and Recovery, TDE

Hello,

RMAN Duplicate Failing with TDE “ORA-28365: wallet is not” open error.

archived log file name=/u01/app/oracle/product/19.0.0/dbhome_1/dbs/arch2_1897_1160948353.dbf thread=2 sequence=0
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of recover command at 03/28/2024 11:12:41
ORA-00283: recovery session canceled due to errors
RMAN-11003: failure during parse/execution of SQL statement: alter database recover logfile ‘/u01/app/oracle/product/19.0.0/dbhome_1/dbs/arch2_1897_1160948353.dbf’
ORA-00283: recovery session canceled due to errors
ORA-28365: wallet is not open

Let me configure AUTO_LOGIN wallet. Copy the wallet file (ewallet.p12) from source database server to new clone database server. You can check the wallet file location on source database from sqlnet.ora file.

Modify sqlnet.ora file in clone database ORACLE_HOME to reflect the location of the wallet file:


WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=(DIRECTORY= /u01/app/oracle/TESTDB/wallet/cert)))
ENCRYPTION_WALLET_LOCATION =
(SOURCE = (METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/TESTDB/wallet/cert)
)
)

You must set wallet_root parameter to above wallet root directory.

SQL> show parameter wallet
NAME TYPE VALUE
———————————— ———– ——————————
ssl_wallet string
wallet_root string
SQL> alter system set wallet_root=’/u01/app/oracle/TESTDB/wallet’

SQL> show parameter wallet
NAME TYPE VALUE
———————————— ———– ——————————
ssl_wallet string
wallet_root string /u01/app/oracle/TESTDB/wallet
SQL>

Now, invoke orapki utility on the clone database server to make the wallet auto-login:

$ orapki wallet create -wallet /u01/app/oracle/TESTDB/wallet/cert -pwd "PASS" -auto_login

If above step is successful, you should find a new file is created in the same directory called cwallet.sso

You can validate wallet password as below mkstore command.

mkstore -wrl /u01/app/oracle/TESTDB/wallet/cert -list
orapki wallet display -wallet . -pwd PASSWORD

Now, STARTUP NOMOUNT the auxiliary instance and try the duplicate command.

Leave a comment