question

vivekmishra-1922 avatar image
0 Votes"
vivekmishra-1922 asked ChenJuYinVDOT-1667 answered

Not able to connect my application to Amazon RDS oracle db over TCPS

Hi All I am trying to connect Oracle Db from my dot net application but I am getting error:

Network Transport: SSL failure in parsing wallet location

I have all the required certificates in my windows certificate store (MCS). my connection string is :

  <appSettings>
  <add key="IMConnectionString" value="Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=abc-prod-rds-01.cvi0vpnztsiw.eu-central-1.rds.amazonaws.com)(PORT=2484))(CONNECT_DATA=(SID=abcprod)) (SECURITY = (SSL_SERVER_CERT_DN = C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Amazon RDS,CN=Amazon RDS Root 2019 CA))); Password = *****;  User ID = ****"/>

my configuration in app.config is:


 <oracle.manageddataaccess.client>
 <version number="*">
   <settings>
     <setting name="WALLET_LOCATION" value="(SOURCE = (METHOD = MCS))" />
     <setting name="TraceLevel" value="7" />
     <setting name="TraceOption" value="1" />
     <setting name="TraceFileLocation" value="C:\trace" />
   </settings>
   <dataSources>
     <dataSource alias="SampleDataSource" descriptor="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=ORCL))) " />
   </dataSources>
 </version>
  </oracle.manageddataaccess.client>

I am making db call like this:

  var queryExecutor = _executor.GetQueryExecutor(item.QueryDatabase);
  DataSet ds = queryExecutor.ExecuteQuery(item);

Please let me know what I am missing?



dotnet-csharpwindows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeilaKong-MSFT avatar image
0 Votes"
LeilaKong-MSFT answered vivekmishra-1922 edited

Hello @vivekmishra-1922 ,

Thanks for your query.

1.Please check if you used the Windows Certificate Store to hold the RDS Certificate Authority.
https://stackoverflow.com/questions/52220070/oracle-manageddataaccess-to-aws-rds-db-tcps-invalid-ssl-wallet-magic

2.Take a look at the ODP.NET trace. It should indicate which location it's looking for the wallet.
https://community.oracle.com/tech/developers/discussion/4266830/odp-net-using-tcps-in-iis

3.Connecting to Oracle Database: https://docs.oracle.com/en/database/oracle/oracle-database/18/odpnt/featConnecting.html#GUID-BCF2F215-C25F-403C-8D18-B03A69BC7104


Best regards,
Leila


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Leila,

Thanks for your inputs. I checked these links and I think I am following the similar steps. in trace files I didn't find much other than the same error:

Oracle.ManagedDataAccess.Client.OracleException (0x80004005): Network Transport: SSL failure in parsing wallet location ---> OracleInternal.Network.NetworkException (0xFFFFE700): Network Transport: SSL failure in parsing wallet location

In some of the docs I found the following comment:

Looks like the solution is to tie the wallet to the app pool user identity.

but in my case, we are using windows service. Is there any workaround for the same?




0 Votes 0 ·

On Server side I am getting following error:

22-JUN-2021 17:58:23 (ADDRESS=(PROTOCOL=tcps)(HOST=46.19.253.127)(PORT=5526)) <unknown connect data> * 542
TNS-00542: SSL Handshake failed
TNS-12560: TNS:protocol adapter error


0 Votes 0 ·
LeilaKong-MSFT avatar image
0 Votes"
LeilaKong-MSFT answered

Hello @vivekmishra-1922 ,

Thanks for your information. Please check the following links for troubleshooting:

1."When creating the wallet orapki disabled the permission inheritance of the files within the wallet, e.g. cwallet.sso and only allows the user that cerated the wallet to access those files. When allowing the Oracle Listener Service User to read this files and after that restarting the listener service, I was able to connect via SSL."
https://community.oracle.com/tech/apps-infra/discussion/4317680/oracle-12c-and-ssl-configuration

2."I configured oracle with MUTUAL authentication, however on client side haven't put the keystore, that is why received handshake exception. Need to add some parameters for java on client side (application)"
https://stackoverflow.com/questions/52985595/db-server-tls-configuration-failures-tns-00542-ssl-handshake-failed


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeilaKong-MSFT avatar image
0 Votes"
LeilaKong-MSFT answered

Hello @vivekmishra-1922 ,

We haven’t heard from you in a couple of days.
How are things going there on this issue?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChenJuYinVDOT-1667 avatar image
0 Votes"
ChenJuYinVDOT-1667 answered

We saw same error when trying to connect to Oracle 19 database in Amazon cloud from SSRS Report Builder 2016. How should we find out what to do?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.