TNS-12599: TNS cryptographic checksum mismatch

Mehmet Salih Deveci May 8, 2020 Leave a comment

Hi,

Sometimes You can get “TNS-12599: TNS:cryptographic checksum mismatch  ” error.

 

Details of error are as follows.

TNS-12599: TNS:cryptographic checksum mismatch
Cause: The data received is not the same as the data sent.
Action: Attempt the transaction again. If error persists, check (and correct) the integrity of your physical connection.

 

 

The error relates to an internally-filed bug ( not visible in My Oracle Support), but the high-level details are:

Bug 20960881 – INTEGRITY ENABLED, SQL FAILS, GET IO ERROR INSTEAD OF ORA ERROR

PROBLEM DESCRIPTION:
——————————-
1) Establish connection enabling data integrity
2) Use the connection to execute a drop statement, drop directory TEST_DIR,
which is expected to fail for ORA-04043: object TEST_DIR does not exist.
3) then continue to use the connection to execute a select, select user from
dual

The connection should still be usable at step 3). But when data integrity
types, SHA256, SHA384 and SHA512, is enabled on a jdbc thin connection, there
is “java.sql.SQLRecoverableException: IO Error: Checksum fail” instead of ORA
error in step 2), and step 3) fails for connection is closed.

Integrity types, SHA1 and MD5 do not have this problem. Only SHA256, SHA384
and SHA512 have this problem.

Apply Patch 20960881 on top of JDBC 12.1.0.2

or

as a workaround, ensure matching values for SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = SHA1 in source and target databases used by ODI (workaround since SHA1 does not present the problem):
In Oracle DN 12.1.0.2 sqlnet.ora:

 

SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256, AES192, AES128)
SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA1)

SQLNET.ENCRYPTION_SERVER = REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128)
SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA256, SHA384, SHA512, SHA1)

 

 

Additionally, for this particular case where CONNECTION_PROPERTY_THIN_NET_CHECKSUM_LEVEL is set to an invalid value, change its value to:

CONNECTION_PROPERTY_THIN_NET_CHECKSUM_LEVEL, "REQUIRED")

Do you want to learn more details about RMAN, then read the following articles.

https://ittutorial.org/rman-backup-restore-and-recovery-tutorials-for-beginners-in-the-oracle-database/

 

About Mehmet Salih Deveci

I am Founder of SysDBASoft IT and IT Tutorial and Certified Expert about Oracle & SQL Server database, Goldengate, Exadata Machine, Oracle Database Appliance administrator with 10+years experience.I have OCA, OCP, OCE RAC Expert Certificates I have worked 100+ Banking, Insurance, Finance, Telco and etc. clients as a Consultant, Insource or Outsource.I have done 200+ Operations in this clients such as Exadata Installation & PoC & Migration & Upgrade, Oracle & SQL Server Database Upgrade, Oracle RAC Installation, SQL Server AlwaysOn Installation, Database Migration, Disaster Recovery, Backup Restore, Performance Tuning, Periodic Healthchecks.I have done 2000+ Table replication with Goldengate or SQL Server Replication tool for DWH Databases in many clients.If you need Oracle DBA, SQL Server DBA, APPS DBA,  Exadata, Goldengate, EBS Consultancy and Training you can send my email adress [email protected].-                                                                                                                                                                                                                                                 -Oracle DBA, SQL Server DBA, APPS DBA,  Exadata, Goldengate, EBS ve linux Danışmanlık ve Eğitim için  [email protected] a mail atabilirsiniz.

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by IT Tutorial | Designed by SysDBASoft IT
IT Tutorial © Copyright 2024, All Rights Reserved