This post is also available in:
Português
I have a Primary 11g Oracle Database with a single Physical Standby. Those days I tried to create an encrypted column inside one table for testing purposes.
I end up accidentally messing the things:
Force closing the keystore for standby rekey. Please re-copy the keystore from primary before re-open as needed. Apply redo for database master key re-key failed: new master key does not exist in the keystore MRP0: Background Media Recovery terminated with error 28374 Errors in file /u02/diag/rdbms/dwqual02/dwqual02/trace/dwqual02_pr00_37644.trc: ORA-28374: typed master key not found in wallet Managed Standby Recovery not using Real Time Apply Recovery interrupted! Recovered data files to a consistent state at change 13453232993830
My standby DB stopped receiving the redo logs because of one single encrypted column created!
The problem is that the Wallet was configured in my Primary DB only, not in the STBY. So, I proceeded with the creation of it in the STBY DB.
First, check you sqlnet.ora file to see if you are using an especific Wallet for the encryptions (the encryption wallet must be shared across the DG instances):
[oracle@blqa09bddsne001 admin]$ cat sqlnet.ora
SQLNET.WALLET_OVERRIDE = TRUE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet/normal)
)
)
ENCRYPTION_WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet/encrypt)
)
)
[oracle@blqa09bddsne001 admin]$
As you can see, in my case I have one Wallet only for DB Encryption and another Wallet for other tasks (like EUS-OUD connection integration).
If you just have the "WALLET_LOCATION" or if you don't have anything setup, then Oracle will use a single Wallet for everything. In that case, go to the default folder for Wallet (probably $ORACLE_BASE/admin/$ORACLE_SID/wallet).
You can also check where the wallet is querying in your primary instance:
SQL> set lines 1000 SQL> format col WRL_PARAMETER a40 SQL> select * from v$encryption_wallet; WRL_TYPE WRL_PARAMETER STATUS -------------------- ---------------------------------------- ------------------ file /u01/app/oracle/wallet/encrypt OPEN SQL>
All you need now is to copy (scp) the encryption wallet (or the default wallet if you are not using "ENCRYPTION_WALLET_LOCATION") from your primary to your standby database.
Don't forget to place it in the default directory or in the directory pointed by your sqlnet.ora file, if the entry is there.
After that, force the Oracle to close the Wallet running "ALTER SYSTEM SET ENCRYPTION WALLET CLOSE;" and then restart your apply process. Or just bounce your standby instance.
Great, your Data Guard may now be finally shipping redo logs again!
Have you enjoyed? Please leave a comment or give a 👍!
