Troubleshooting

Oracle error messages may sometimes show error symptoms rather than the root cause. If you see an error you have not encountered before, search for further information online before attempting to resolve the error. If you remain unable to resolve the error, contact Oracle support.

If you edit an Oracle configuration file, use a simple text editor running on the host. Do not cut and paste the file contents from another file using a formatting editor, as it may insert hidden characters that are difficult to detect and which can stop the file from working. Entrust also suggests you avoid copying files onto a UNIX host via a Windows intermediary (this includes library files).

An SQL command is run, and there is no output, or an unexpected output or error occurs

  1. Try reconnecting to the database.

  2. If that does not work, try bouncing the database.

After a change to a configuration file, no resultant change in the database behavior is observed

  1. Try reconnecting to the database.

  2. If that does not work, try bouncing the database.

ORA-28367: wallet does not exist

  1. Check that you have correctly installed and configured the Entrust PKCS#11 library.

  2. Try reconnecting to the database.

  3. Try bouncing the database.

  4. Try restarting the Entrust hardserver.

ORA-28367: cannot find PKCS11 library

  1. Ensure that you have correct permissions to use the /opt/oracle/extapi/… directory.

  2. Check that you are using a library for the correct local architecture (32/64).

  3. Check that you are using the appropriate Java version (32/64).

  4. Refer to advice given above about editing Oracle files, or copying them.

  5. Try reconnecting to the database.

  6. Recopy the libcknfast.so library file to /opt/oracle/extapi/.

  7. In the ORACLE_BASE/extapi directory, create a link named libcknfast.so to the actual NFAST_HOME/toolkits/pkcs11/libcknfast.so file.

ORA-28353: failed to open wallet

  1. Check that you have set up your cknfastrc file with the correct contents.

  2. Ensure that the HSM wallet pass phrase is correct.

  3. Ensure that if OCS/Softcard key protection is used, the name and passphrase are correct and are separated by a | or a :.

  4. If you have migrated from an Oracle wallet to an HSM wallet, you must update the passphrase.

ORA-00600: internal error code

arguments: [kzthsmgmk: C_GenerateKey], [6], [],[], [], [], [], []

  1. Ensure that you have added the oracle user to the nfast group. In some cases, you may have to re-login with the oracle user for this to take effect.

  2. Ensure that if a FIPS 140 Level 3 Security World is in use, an OCS card is inserted in the HSM slot.

ORA-12162: TNS: net service name is incorrectly specified

  1. Check that you have correctly set the value for ORACLE_SID in your local environment.