Here are some problems that can occur during activationdatabase managementfor Oracle Cloud Databases and possible causes and solutions.
Due to an internal error, the database management service could not be activated in the cloud database
The operation failed because the database manager cannot access the password secret
A connection to the cloud database could not be established due to an internal error
The private database management endpoint could not be provisioned. Retry the operation or contact Oracle Support.
The request cannot be processed. Contact Oracle Support or try again later.
The service name specified to connect to the cloud database was not recognized. Try again with a valid service name.
Error processing request. Contact Oracle Support to resolve the issue.
Job Request Error: The operation failed because the TCPS wallet details are incorrect
Database metrics are not collected for bare metal and virtual machine DB systems.
Activation not possibledatabase managementService in the cloud database due to an internal error
Possible causes for this problem can be divided into the following areas:
- Entry and exit rules are not set or are wrong
- cause: The inbound and outbound security rules for NSGs or security lists have not been set to allow communication on port 1521.
solution- Ensure that inbound and outbound rules are added to NSGs or security lists in the Oracle Cloud Database VCN to enable communication between thedatabase managementendpoint privado und Oracle Cloud Database.
- cause: The inbound and outbound security rules for NSGs or security lists have not been set to allow communication on port 1521.
- service name
- cause: The service name was wrong.
solution: Check and use the correct service name. You can check the service name information in the database with the following query:
Select the value from v$parameter, where name is '%service_name%'. - cause: The name of the service provided indatabase managementthe page is not registered with the listener and
gv$services.solution: Check if the service name is registered with the listener and
gv$services.See AlsoProfessional Google Cloud Network Engineer: Designing, Planning, and Prototyping a GCP Network, Part 2: PrepAway CertificationProfessional Google Cloud Network Engineer - Network Security Implementation - PrepAway CertificationROUTING GUIDELINES FOR GRAPHIC PROCESSING UNITSOracle Corporation Senior Software Engineer/Senior Technical Staff Jobs in India | glass door
- cause: The service name was wrong.
- missing guidelines
- cause: The required policies were not created.
solution: Make sure the necessary policies have been created and granted to the user pool you enableddatabase management:
The following policy is required to create a secret:
Allow the DB-MGMT-ADMIN group to manage the secret family in the tenantThe following policy is required to grant thedatabase managementservice permission to read database user's password secrets:
Let the dpd service read out the secret family in the ABC subjectIf you want to grant permission to read secrets only from a specific store, update the policy as follows:
Allow the dpd service to read the secret family in compartment ABC where target.vault.id = 'Vault OCID'The following policy is required to read database users' password secrets on usedatabase management. Note that this policy is not required if the user has permission to create a secret (first policy in this list):
Allow DB-MGMT-USER group to read secret family in ABC drawerIf you want to grant permission to read secrets only from a specific store, update the policy as follows:
Allow DB-MGMT-USER group to read secret family in compartment ABC where target.vault.id = 'Vault OCID'
For a full list of policies required for activationdatabase managementpara Oracle Cloud Databases, ConsultePermissions required to enable Database Management for Oracle Cloud Databases.
- cause: The required policies were not created.
- Wrong database user or password
- cause: Him
SYSTEMuser was used.solution: Be careful not to use
SYSTEMusername. It is recommended thatDBSNMPuser is used. - cause: The user was created at the wrong level.
solution: Make sure the user was created at the right level. For example when you activatedatabase managementfor a CDB, the user must be created at the CDB level.
- cause: Him
- Falsche TCPS-Konfiguration in sqlnet.ora
- cause– If the TCPS protocol is used and native TLS and Oracle encryption (also called Advanced Network Option (ANO) encryption) are enabled on the
sqlnet.ora, Oracle does not allow both types of encryption by default.solution: Add to
SQLNET.IGNORE_ANO_ENCRYPTION_FOR_TCPS = wahrasqlnet.orato disable native Oracle encryption when using TCPS.
- cause– If the TCPS protocol is used and native TLS and Oracle encryption (also called Advanced Network Option (ANO) encryption) are enabled on the
The operation failed because the password secret cannot be accesseddatabase management
cause: The required policies were not created.
solution: Make sure the necessary policies have been created and granted to the user pool you enableddatabase management:
The following policy is required to create a secret:
Allow the DB-MGMT-ADMIN group to manage the secret family in the tenantThe following policy is required to grant thedatabase managementservice permission to read database user's password secrets:
Let the dpd service read out the secret family in the ABC subjectIf you want to grant permission to read secrets only from a specific store, update the policy as follows:
Allow the dpd service to read the secret family in compartment ABC where target.vault.id = 'Vault OCID'The following policy is required to read database users' password secrets on usedatabase management. Note that this policy is not required if the user has permission to create a secret (first policy in this list):
Allow DB-MGMT-USER group to read secret family in ABC drawerIf you want to grant permission to read secrets only from a specific store, update the policy as follows:
Allow DB-MGMT-USER group to read secret family in compartment ABC where target.vault.id = 'Vault OCID'
A connection to the cloud database could not be established due to an internal error
cause: The correct user was not used for activationdatabase managementor the user does not have the required permissions.
solution: Be sureDBSNMPthe corresponding user is used for activationdatabase managementand that the user who activateddatabase managementhas the required permissions. For a full list of policies required for activationdatabase managementpara Oracle Cloud Databases, ConsultePermissions required to enable Database Management for Oracle Cloud Databases.
Deployment faileddatabase managementprivate device. Retry the operation or contact Oracle Support.
Possible causes for this problem can be divided into the following areas:
- Insufficient CIDR assignment (user error)
- cause: All non-reserved IP addresses from xx to xx are already taken.
solution: Adatabase managementprivate endpoint for single instance databases requires two private IP addresses and onedatabase managementThe private endpoint for RAC databases requires three private IP addresses. You must move the private endpoint to a different subnet or expose the IP addresses on the existing subnet to continue creating the private endpoint.
- cause: All non-reserved IP addresses from xx to xx are already taken.
- Insufficient private endpoint limit
- causeNote: One private endpoint has already been created for Oracle Cloud RAC databases, and only one private endpoint can be created in a tenant (per region) to connect to RAC databases.
solution: Increase private endpoint limit. To do it:
- login inOracle Cloud-InfrastrukturConsole.
- Open the navigation menu and clickGovernance and Administration. UnderRental Management, CliqueLimits, Quotas and Usage.
- About thatLimits, Quotas and Usageclick on the pagerequest a service limit increasein the introductory text.
- noRequest service limit updatesTable:
- Resource cap update (this will be your new cap): Noservice categorySelect drop down listOthersE-NoResourceSelect drop down listother borders.
- Reason for request: Enter in this fieldFeature: Private database management endpointsand provide the following information:
- Total number of private endpoints to add and whether the private endpoints are for single instance or RAC Oracle Cloud databases.
- Specify whether databases are spread across multiple VCNs. For example, if you request a limit increase to ten, your databases are likely to be spread across ten VCNs. Note that a private endpoint can manage multiple databases within the same VCN. For more information, seeCreate a private endpoint for database management.
- causeNote: One private endpoint has already been created for Oracle Cloud RAC databases, and only one private endpoint can be created in a tenant (per region) to connect to RAC databases.
The request cannot be processed. Contact Oracle Support or try again later.
cause: The necessaryOracle Cloud-InfrastrukturNo vault service policy was created.
solution- Ensure that the necessary policies have been created and granted to the user group assigned to the sharing taskdatabase management:
The following policy is required to create a secret:
Allow the DB-MGMT-ADMIN group to manage the secret family in the tenantThe following policy is required to grant thedatabase managementservice permission to read database user's password secrets:
Let the dpd service read out the secret family in the ABC subjectIf you want to grant permission to read secrets only from a specific store, update the policy as follows:
Allow the dpd service to read the secret family in compartment ABC where target.vault.id = 'Vault OCID'The following policy is required to read database users' password secrets on usedatabase management. Note that this policy is not required if the user has permission to create a secret (first policy in this list):
Allow DB-MGMT-USER group to read secret family in ABC drawerIf you want to grant permission to read secrets only from a specific store, update the policy as follows:
Allow DB-MGMT-USER group to read secret family in compartment ABC where target.vault.id = 'Vault OCID'
The service name specified to connect to the cloud database was not recognized. Try again with a valid service name.
- cause: The service name was wrong.
solution: Check and use the correct service name. You can check the service name information in the database with the following query:
Select the value from v$parameter, where name is '%service_name%'. - cause: The name of the service provided indatabase managementthe page is not registered with the listener and
gv$services.solution: Check if the service name is registered with the listener and
gv$services.
Error processing request. Contact Oracle Support to resolve the issue.
cause: The PDB activation limit has been reached.database managementcan be activated for a maximum of 10 PDBs in a CBD.
solution: Increase PDB activation limit. To do it:
- login inOracle Cloud-InfrastrukturConsole.
- Open the navigation menu and clickGovernance and Administration. UnderRental Management, CliqueLimits, Quotas and Usage.
- About thatLimits, Quotas and Usageclick on the pagerequest a service limit increasein the introductory text.
- noRequest service limit updatesTable:
- Resource cap update (this will be your new cap): Noservice categorySelect drop down listOthersE-NoResourceSelect drop down listother borders.
- Reason for request: Enter in this fieldFeature: Increase PDB activation threshold for database managementand provide the following information:
- The number of PDBs in a CBD for whichdatabase managementmust be activated.
- The OCID of the associated CBD.
Job Request Error: The operation failed because the TCPS wallet details are incorrect
- cause: Wallet content and password do not match.
solution: Make sure the wallet contents and password are correct.
- cause: Contents of wallet and DN of server certificate do not match.
solution: Make sure the contents of the wallet and the DN of the server certificate are correct.
- cause: The secret content of the wallet does not have the valid structure expected bydatabase management.
solution: Ensure that the wallet secret content has the structure expected bydatabase management. Valid structures are:
{ "walletFormat": "JKS", "keyStoreContent": "<array of bytes for KeyStore content>", "keyStorePassword": "<store keystore>", "trustStoreContent": "<array of bytes for truststore content- id>". ", "trustStorePassword": "<truststore password>", "serverCertDn":"<server cert dn>"}{ "walletFormat":"PKCS12", "keyStoreContent":"<wallet content byte array>", "keyStorePassword":"<wallet password>", "trustStoreContent":"<wallet content byte array>", " trustStorePassword": "<wallet password>", "serverCertDn":"<server cert dn>"}
Database metrics are not collected for bare metal and virtual machine DB systems.
cause: if you have activateddatabase managementFor a bare metal database system or virtual machine that uses the TCPS protocol and later also has Oracle Data Guard enabled, the Oracle Data Guard configuration process overrides the TCPS configuration.
solution: Reconfigure and enable TCPSdatabase managementon a bare metal or virtual machine DB system after you enable Oracle Data Guard.