standby DB not in sync with Primary after TDE setup
Issue: Standby DB not in sync with Primary after enabling TDE on Primary
Errors:
ORA-28374: typed master key not found in wallet —> in standby alertlog file
ORA-16086: Redo data cannot be written to the standby redo log —-> query o/p in Primary
Details:
Primary DB: TEST
Secondary DB : RTEST
ORA-28374: typed master key not found in wallet ==>Errors found in the alert log of standby
ORA-16086: Redo data cannot be written to the standby redo log ===> verified at primary with below command .
SQL> select distinct error from v$archive_dest_status;
These errors found after setting up Transparent Data Encryption on Primary database.
How it’s resolved ? |
1) moved all keys to temporary location on Standby
2) copied the keys from primary site to standby
3) shutdown and mount the standby DB
Verify setup At Standby |
SQL> set lines 200 pages 9999
col wrl_parameter for a45
col wrl_type for a8
col status for a19
col wallet_type for a15
select * from v$encryption_wallet;SQL>
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID
——– ——————————————— ——————- ————— ——— ——– ——— ———-
FILE /u01/app/odaorahome/oracle/wallet/TEST/tde/ OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE NONE UNDEFINED 0
[oracle@ODA_SRVR ~]$ cd $ORACLE_HOME
[oracle@ODA_SRVR dbhome_1]$ cd network/admin/
[oracle@ODA_SRVR admin]$ cat sqlnet.ora
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=11
SQLNET.ALLOWED_LOGON_VERSION_SERVER=11
WALLET_LOCATION =
(SOURCE=
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY=/u01/app/odaorabase/oracle/wallet/TEST/tde)
))
Verify setup At primary site |
SQL> select distinct error from v$archive_dest_status;
ERROR
—————————————————————–
ORA-16086: Redo data cannot be written to the standby redo log
SQL> show parameter log_archive_dest_1
NAME TYPE VALUE
———————————— ——————————– ——————————
log_archive_dest_1 string location=use_db_recovery_file_
dest valid_for=(all_logfiles,a
ll_roles) db_unique_name=RTEST
[oracle@ODA_SRVR admin]$ cd /u01/app/odaorahome/oracle/wallet/TEST/tde/
[oracle@ODA_SRVR tde]$ ls -lrt
-rw——- 1 oracle oinstall 3995 Apr 4 00:33 ewallet.p12
-rw——- 1 oracle oinstall 2555 Apr 4 00:33 ewallet_2023033017420079.p12
-rw——- 1 oracle oinstall 4040 Apr 4 00:33 cwallet.sso
[oracle@ODA_SRVR tde]$
1)Move all keys to temporary location in Standby |
[oracle@ODA_SRVR tde]$ mkdir KEYS
oracle@ODA_SRVR tde]$ ls -lrt
total 64
drwxr-xr-x 2 oracle oinstall 20480 Apr 4 00:31 KEYS
-rw——- 1 oracle oinstall 3995 Apr 4 00:33 ewallet.p12
-rw——- 1 oracle oinstall 2555 Apr 4 00:33 ewallet_2023033017420079.p12
-rw——- 1 oracle oinstall 4040 Apr 4 00:33 cwallet.sso
[oracle@ODA_SRVR tde]$
[oracle@ODA_SRVR tde]$ mv ewalle* KEYS/
[oracle@ODA_SRVR tde]$ ls -lrt
drwxr-xr-x 2 oracle oinstall 20480 Apr 4 00:31 KEYS
2) From primary copy the all keys to standby site |
[oracle@ODA_SRVR tde]$ scp * oracle@STDBY_SRVR’s:/u01/app/odaorahome/oracle/wallet/TEST/tde
FIPS mode initialized
oracle@STDBY_SRVR’s password:
cwallet.sso 100% 4040 213.7KB/s 00:00
ewallet_2023033017420079.p12 100% 2555 135.3KB/s 00:00
ewallet.p12 100% 3995 211.9KB/s 00:00
[oracle@ODA_SRVR tde]$ cd
3) Shutdown and mount the standby DB |
[oracle@ODA_SRVR tde]$
SQL> recover managed standby database disconnect from session;
Media recovery complete.
SQL>
shutdown the database
SQL> shu immediate
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
SQL> exit
Mount the Database
Enter user-name: /as sysdba
Connected to an idle instance.
SQL> startup mount
ORACLE instance started.
——–
—–
Database mounted.
SQL>
See Also