ORA-28365
There're several possibilities about Transparent Data Encryption (TDE) that throw ORA-28365.
- Wallet is not configured.
- Wallet is not open.
- Wallet is not the right one.
- Decryption password is not set.
You should configure a wallet for your database.
You should open the wallet for your database.
You should copy the right one for your database.
You should set the password for decryption in RMAN.
In this post, I have 2 cases for this error.
Cloning PDB
In this case, when we tried to clone a Pluggable Database (PDB) from another Container Database (CDB), we got ORA-28365.
SQL> create pluggable database ORCLPDB2 from ORCLPDB2@ORCLPDB2_LK storage unlimited tempfile reuse file_name_convert=('ORCLCDB1','ORCLCDB2') parallel 16;
create pluggable database ORCLPDB2 from ORCLPDB2@ORCLPDB2_LK storage unlimited tempfile reuse file_name_convert=('ORCLCDB1','ORCLCDB2') parallel 16
*
ERROR at line 1:
ORA-28365: wallet is not open
ORA-28365 means that the remote CDB is configured with wallet, so the local CDB should also open wallet in order to copy data files. The error may also imply that the local CDB does not have wallet, you should configure the wallet in the database before cloning PDB.
Solution to ORA-28365
To solve the problem, you should open the local wallet. The best way to open wallet is to use auto-login keystore for your database, it will open the wallet whenever you need it.
Or open the password-protected keystore directly.
SQL> administer key management set keystore open keystore identified by welcome1 container=all;
keystore altered.
Additionally, you should specify the credential of remote wallet in the statement.
SQL> create pluggable database ORCLPDB2 from ORCLPDB2@ORCLPDB2_LK storage unlimited tempfile reuse file_name_convert=('ORCLCDB1','ORCLCDB2') keystore identified by "welcome1" parallel 16;
Restoring DB
When we tried to restore a database in a duplicated environment by RMAN, we got ORA-28365 like this:
RMAN> restore database;
...
channel ORA_DISK_16: reading from backup piece /backup/090ego1a_1_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 10/23/2021 19:00:06
ORA-19870: error while restoring backup piece /backup/090ego1a_1_1
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
Solution to ORA-28365
This is because the duplicated database server did not copy the original wallet from the source, we should take the following steps to solve it.
Shutdown the database
SQL> shutdown immediate;
Rename the original wallet directory
We'd like to backup the original wallet in this step. Conventionally, the wallet_root of the database is at:
[oracle@test ~]$ cd $ORACLE_BASE/admin/ORCLCDB/wallet/..
[oracle@test ORCLCDB]$ mv wallet wallet-original
Copy wallet from the source database server
[oracle@test ORCLCDB]$ scp -rp 10.10.10.1:$PWD/wallet ./
Startup the database to Mount
SQL> startup mount;
We can restore the database now.