ORA-28353: failed to open wallet

Problem Description:

While configuring TDE, I created a new Keystore for an 18c database on Windows, but when I tried to open it, I received the following error:
administer key management set keystore open identified by “oracle” container=all
*
ERROR at line 1:ORA-28353: failed to open wallet

Procedure:

Create folder: D:\app\db183\WINDOWS.X64_180000_db_home\network\admin\ORCL\wallet
Edit sqlnet.ora and add:

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=D:\app\db183\WINDOWS.X64_180000_db_home\network\admin\ORCL\wallet)))

— Create and open the TDE Wallet (Keystore):

sqlplus / as syskm
SQL> administer key management create keystore ‘D:\app\db183\WINDOWS.X64_180000_db_home\network\admin\ORCL\wallet’ identified by “oracle”;
keystore altered.

A file ewallet.p12 was created under the wallet location

Now, let us try to open the keystore:

SQL> administer key management set keystore open identified by “oracle” container=all;administer key management set keystore open identified by “oracle” container=all
*
ERROR at line 1:ORA-28353: failed to open wallet

SQL> select * from v$encryption_wallet;
no rows selected

so, although the wallet file was created physically, but oracle didn’t consider/see it

After some research, I found that the above error may be due to:
1- Wrong password, or
2- non- proper format or indentation of the sqlnet.ora file, or
3- wrong sqlnet.ora file location
All of these reasons are not valid in my case.

Some trial solutions:

1- I changed the wallet location to: “D:\app\db183\admin\orcl\wallet”, and recreated the wallet again ==> same issue.
2- I tried to use a more complex password, but the issue is still there.
3- I tried to use the database global name “ORCL.XPS.COM.EG” instead of the SID “ORCL” in the wallet location, so as to be ‘D:\app\db183\admin\ORCL.XPS.COM.EG\wallet’ instead of ‘D:\app\db183\admin\orcl\wallet’, no luck.
4- I tried to restart the database, didn’t fix the issue.
After many other trials, I reached the magic trick. If you updated the sqlnet.ora file, you must (in this version) restart the database before creating the keystore.

Final Solution:

1- Delete the D:\app\db183\admin\ORCL.XPS.COM.EG folder
2- Change the ENCRYPTION_WALLET_LOCATION in the sqlnet.ora to D:\app\db183\admin
3- Restart the database
4- Create the keystore and open it without issues.

So, I added the following entry to the sqlnet.ora file:
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=D:\app\db183\admin)))

I restarted the database:
shutdown immediate
startup

I created the keystore:
administer key management create keystore ‘D:\app\db183\admin’ identified by “oracle”;
keystore altered.

Now, let us open the keystore:

administer key management set keystore open identified by “oracle” container=all;
keystore altered.

Let us add a master key:

SQL> administer key management set key identified by “oracle” with backup container=all;
keystore altered.

This fixed my issue.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s