Sunday, February 5, 2012

Exception in thread "main" java.lang.Exception: Version mismatch

Problem Description
While disabling the Oracle database vault using dvca command "Version mismatch" error occurred like below. 
[oracle@rac1 ~]$ dvca -action disable   -oh /u01/app/oracle/product/11.2.0/dbhome_1   -service moon    -instance moon1   -dbname moon -sys_passwd sys -owner_account dv -owner_passwd Admin123# -logfile dvcalog.txt 
Exception in thread "main" java.lang.Exception: Version mismatch!
        at oracle.security.misc.C08.a(C08)
        at oracle.security.misc.Checksum.SHA(Checksum)
        at oracle.security.datval.dvca.util.StringUtil.d(StringUtil.java:521)
        at oracle.security.datval.dvca.CommandArguments.processArguments(CommandArguments.java:1093)
        at oracle.security.datval.dvca.Dvca.startCA(Dvca.java:75)
        at oracle.security.datval.dvca.Dvca.main(Dvca.java:282)


Cause of the Problem

The problem can happen if there is syntax error in dvca command. Note that, there is syntax difference in dvca command in Oracle 11gR2 and prior version. The problem also will appear if the -nodecrypt option was not specified on the command line, you must use this option if you are passing plaintext passwords to the command.



Solution of the Problem

Note that while disabling Oracle Database Vault in Oracle 11gR2 you no longer need to run dvca -action disable command rather you can follow http://arjudba.blogspot.com/2012/02/disable-and-enable-oracle-database.html in order to disable Oracle Database vault in 11.2g. However if you are disabling Oracle Database Vault prior to 11gR2 database, then add the -nodecrypt option after each user credentials needed for the command, for example:


[oracle@rac1 ~]$ dvca -action disable   -oh /u01/app/oracle/product/11.2.0/dbhome_1   -service moon    -instance moon1   -dbname moon -sys_passwd sys -nodecrypt  -owner_account dv -owner_passwd Admin123# -nodecrypt -logfile dvcalog.txt 










Posted by
Arju


at
11:53 PM


0
comments














Labels:


















Reactions: 



















Disable and enable Oracle Database Vault










By querying the V$OPTION data dictionary view you will be able to know whether Oracle database vault feature is enabled or disabled in the database. If Oracle Database Vault is enabled, the following query returns TRUE. Otherwise, it returns FALSE.

Remember that the PARAMETER column value is case sensitive. 
For example:



SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';


If Oracle Database Vault is enabled, the following output appears:



PARAMETER                     VALUE
----------------------------- -----------------------
Oracle Database Vault         TRUE


Disable Oracle Database Vault

Step 01: Stop the database, Database Control console process, and listener.

In case of UNIX system: 
- Ensure that the environment variables, ORACLE_HOME, ORACLE_SID, and PATH are correctly set. - - Log in to SQL*Plus as user SYS with the SYSDBA privilege and shut down the database. Then from the command line, stop the Database Control console process and listener.
For example:



$ sqlplus sys as sysdba
Enter password: password

SQL> SHUTDOWN IMMEDIATE

SQL> EXIT

$ emctl stop dbconsole

$ lsnrctl stop [listener_name]

For Oracle RAC installations, shut down each database instance as follows:

$ srvctl stop database -d db_name


In case of Windows machine: Stop the database, Database Control console process, and listener from the Services tool in the Control Panel. The names of Oracle Database services begin with Oracle.



Step 02:
Disable Oracle Database Vault as follows:

In case of UNIX machine, run the following commands:



$ cd $ORACLE_HOME/rdbms/lib
$ make -f ins_rdbms.mk dv_off ioracle


In case of Windows machine in the ORACLE_HOME\bin directory, rename the oradvll.dll file to another name, such as oradvll.dll.bak.



Step 03: 
Restart the database, Database Control console process, and listener.
In case of UNIX machine, log in to SQL*Plus as user SYS with the SYSDBA privilege and restart the database. Then from the command line, restart the Database Control process and listener.

For example:



$ sqlplus sys as sysdba
Enter password: password

SQL> STARTUP

SQL> EXIT

$ emctl start dbconsole

$ lsnrctl start [listener_name]

For Oracle RAC installations, restart each database instance as follows:
$ srvctl start database -d db_name


In case of Windows machine, Restart the database, Database Control console process, and listener from the Services tool in the Control Panel. The names of Oracle Database services begin with Oracle.

Note that, in case of Oracle RAC installations, repeat above three steps for each node on which the database is installed.

At this stage Oracle Database Vault is disabled. 

After you disabled Oracle Database Vault
- To correct a login or CONNECT rule set error, use the DBMS_MACADM PL/SQL package or the Oracle Database Vault Administrator interface.

- Use the SYSTEM or SYS accounts to perform tasks such as creating or changing passwords, or locking and unlocking accounts.



Enable Oracle Database Vault

Step 01: Stop the database, Database Control console process, and listener.
In case of UNIX system, ensure that the environment variables, ORACLE_HOME, ORACLE_SID, and PATH are correctly set. Log in to SQL*Plus as user SYS with the SYSDBA privilege and shut down the database. Then from the command line, stop the Database Control console process and listener.

For example:



$ sqlplus sys as sysoper
Enter password: password

SQL> SHUTDOWN IMMEDIATE

SQL> EXIT


$ emctl stop dbconsole

$ lsnrctl stop [listener_name]

For Oracle RAC installations, shut down each database instance as follows:
$ srvctl stop database -d db_name


In case of Windows machine Stop the database, Database Control console process, and listener from the Services tool in the Control Panel. The names of Oracle Database services begin with Oracle.



Step 02: Enable Oracle Database Vault as follows:
In case of UNIX system, run the following commands. The make command enables both Oracle Database Vault (dv_on) and Oracle Label Security (lbac_on). You must enable Oracle Label Security before you can use Database Vault.



$ cd $ORACLE_HOME/rdbms/lib
$ make -f ins_rdbms.mk dv_on lbac_on ioracle


In case of Windows system, in the ORACLE_HOME\bin directory, rename the backed up copy of the oradvll.dll file (for example, oradv11.dll.bak) to oradvll.dll. Ensure that the name of the Oracle Label Security executable is oralbacll.dll (and not oralbacll.dll.bak or some other backup name). You must enable Oracle Label Security before you can use Database Vault.



Step 03: Restart the database, Database Control console process, and listener.
In case of UNIX machine, log in to SQL*Plus as user SYS with the SYSDBA privilege and restart the database. Then from the command line, restart the Database Control console process and listener.
For example:



$ sqlplus sys as sysdba
Enter password: password

SQL> STARTUP

SQL> EXIT

$ emctl start dbconsole

$ lsnrctl start [listener_name]

For Oracle RAC installations, restart each database instance as follows:

$ srvctl start database -d db_name


In case of Windows system restart the database, Database Control console process, and listener from the Services tool in the Control Panel. The names of Oracle Database services begin with Oracle.

Note that, for Oracle RAC installations, repeat these steps for each node on which the database is installed.








Posted by
Arju


at
11:19 PM


0
comments














Labels:


















Reactions: 













        

      










Subscribe to:
Posts (Atom)