Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Administration

Troubleshooting and Limitations

search

Please Note:

printsuggest an edit

Troubleshooting and Limitations

copy link to clipboardLimitations

#Description
1User Specified Error Replacement Value For Large Object For users without sufficient permissions to access the migrated data, CDP can be configured to return any of the following:
— Standard “insufficient permissions” error
— NULL value (not the error)
— User specified error replacement value.
For large object data types, CDP does not support the user-defined error replacement value. Standard error and Null value replacement are supported.
2User Specified Error Replacement Value is Not Supported for large CHAR and NCHAR The user specified error replacement value does not support CHAR data larger than 1022 and NCHAR larger than 512.
3Error Replacement Values The error replacement value is not supported when a select query with 'where' clause is executed on a domain indexed column.
4Running the Data Migration Process When migrating, key rotating, or unencrypting Large Object data types (BLOB and CLOB only), the batch size is 1.
5Long Raw Data Type A table containing LONG RAW data type cannot be encrypted.
6Domain Indexes Domain indexes cannot be created for large objects and VARCHAR2 of size 2000-4000 and NVARCHAR2 of size 1000-2000 data types that are converted into BLOB after migration.
7Domain Indexes Domain indexes cannot be created on columns encrypted with field-level IVs.
8On Large Objects, Domain Indexes Cannot be Created Oracle does not allow creating domain indexes on Large Object data types. So, domain indexes cannot be created on the Large Object data types in CDP.
9Large Object: BFILE The BFILE data type is used to store information such as the name and location of an external binary file. CDP encrypts the information stored in BFILE; however, it does not encrypt the actual file stored in the file system.
10Large Objects In Oracle, large objects (CLOB and BLOB) only up to 2GB are supported. Any attempt to migrate a large object (CLOB or BLOB), greater than 2GB, returns the following error:
Large Object length exceeds the maximum supported size of 2GB.
Also, any attempt to insert a BLOB file >=2GB in an encrypted table returns the following error:
ERROR at line 1:
ORA-20101: *** Specified Lob value is greater than maximum limit(2GB)
ORA-06512: at "INGRIAN.INGFASTENCRYPTBLOBBYNAME", line 40
ORA-06512: at "TESTLOB.TB_BLOB1GB_UPD_TRIG", line 1
ORA-04088: error during execution of trigger 'TESTLOB.TB_BLOB1GB_UPD_TRIG'
ORA-06512: at "TESTLOB.LOAD_LOB_FROM_FILE", line 29 ORA-06512: at line 1
11Symbolic LinksThe path entered for the log file must not include symbolic links, and it must specify a file name. On some operating systems, the use of symbolic links cause error and display the following message:
The provider has not yet been installed on this database. You must install the provider before you can map users.
12Name UDFs Name UDF (for example, ing_e_vrc_nm430) operations are not permitted while online migration/key rotation is in progress.
13Domain Index Equality The Domain Index Equality works only in the remote mode.
14Case-sensitivity Not Supported for User/Schema Names Case-sensitivity is not supported for user/schema names.
15Error Replacement Value for CHAR (512 and above) Error replacement value set for CHAR (512 and above) gives null even if error replacement value is set.

copy link to clipboardTroubleshooting

The following table provides information on how to handle problems occurring in CDP

#Description
1Oracle Listener Error While using CDP with Oracle, if the error “ORA-12505, TNS:listener does not currently know of SID given in connect Descriptor” occurs, modify the listener.ora and tnsnames.ora files.
2Upgrading to Future Software Versions After upgrading CDP, if problems occur while setting parameters in the properties file, the values can be copied from the old properties file stored in the /lib/safenet/ archive directory (\bin\archive on Windows). After the upgrade, the old properties file is archived under the /lib/safenet/ archive directory on Linux and \bin\archive\ on Windows. A new properties file is created in the installation directory. The new properties file contains new values that were entered while upgrading CDP. The remaining parameters are left with default values.
3User Mapping If a database user is unable to perform desired operations, then the user is not mapped or the Key Manager user does not have access to the key. In such cases, any cryptographic operations fail. Make sure that the database user is mapped to a CipherTrust Manager user. When a database user sends a request to the Key Manager, CDP searches its list of user mappings (contained in the ING_AUTHORIZED_USER table in the CDP metadata database). If the database user appears on the list or is a member of a mapped database role, CDP includes the associated Key Manager user and password in the request. If those credentials are valid and the Key Manager user has access to the required key, then the Key Manager performs the operation.
4Error At the Start of Online Migration/Key Rotation While starting the online migration/key rotation, if queries are being executed simultaneously, the error “ORA-00054: resource busy and acquire with NOWAIT specified or timeout expired” may appear. Click Restore Data to restore the table.
5Error in the Middle of Online Migration/Key Rotation While the online migration/key rotation is in progress, if queries are being executed simultaneously, the error “ORA-00054: resource busy and acquire with NOWAIT specified or timeout expired” may appear. Click Resume Operation to resume the operation.
6Domain Index Created on DATE Column After the domain index is created on a DATE column, performing the Select operation on this column returns the following errors:
ORA-29902: error in executing ODCIIndexStart() routine.
This an Oracle issue. To resolve this issue, contact the Oracle support.
7Unable to Select Multiple Columns Having Same Name, But in Different CasesWhile using Windows Internet Explorer, if multiple columns have the same name, but in different cases, (for example, Column1, COLUMN1, COLumn1, etc.), then the properties of multiple columns cannot be selected while performing key rotation or creating domain indexes. This is a Windows Internet Explorer issue. To work around this issue, use Mozilla Firefox or Google Chrome as the web browser on Windows.
8"certificate verify failed" Error in Logs If the "certificate verify failed" error appears in logs, verify that:
— Certificate is not expired.
— Windows OS version is as per Microsoft's recommendation for support of SHA-256 algorithms. For details, refer to: http://blogs.technet.com/b/pki/archive/2010/09/30/sha2- and-windows.aspx.
9“ORA-03113: end-of-file on communication channel error” Consider a table having some rows inserted into it using a script. Now, migrate the table and delete the old data. Perform key rotation and simultaneously insert some data using the same script. Make sure that the script is run just before the key rotation starts and it is ended before the key rotation completes. Now, again run the same script. The following error may appear:
ERROR at line 1: ORA-03113: end-of-file on communication channel Process ID: 8952 Session ID: 20 Serial number: 225
This is an Oracle issue and is fixed in Oracle 11.2.0.3.
10Illegal Key Size If Unlimited Strength Jurisdiction Policy files are not updated from Oracle site, then the following error appears:
ERROR at line 1: ORA-29532: Java call terminated by uncaught Java exception: java.sql.SQLException: Error: description [Decrypt by Name failed] message [Illegal key size] stack trace [java.security.
InvalidKeyException: Illegal key size
11ORA-06598: insufficient INHERIT PRIVILEGES privilege On Oracle 12c, While uninstalling CDP, if following error appears:
ORA-06598: insufficient INHERIT PRIVILEGES privilege
Then workaround is to Grant permission using below query and try uninstallation again.
GRANT INHERIT PRIVILEGES ON USER sys to ingrian;
12Unauthorized user accessIf an unauthorized user tries to access the encrypted data then following errors appear in CDP log file:
1401: Unknown key name or insufficient permissions The key is not valid Cannot get key for local encryption
13Group Permissions on Key If, in group permissions on key, a user is not authorized to perform Encrypt/Decrypt/Export operations then the following errors appear:
User is not authorized to perform this operation at this time for:PolicyEncrypt
User is not authorized to perform this operation at this time for: PolicyDecrypt

On this page