Oracle released a new version of its “Oracle Update Advisor”. This tool is part of Oracle AI Database 26ai, allows to anyone to check if their Oracle installation is up to date and download a new Gold Image updated to the latest version.
When using it with Oracle 19c, you need to download the tool “dbcactl“, which complements existing Database Creation Assistant – dbca – with the “managePatches” option – this is the Oracle Update Advisor.
To download dcbactl, you need to go to https://updates.oracle.com/download/6789999.html . While latest available version visible is 26.2.1, it is not downloadable. I did my tests using the version 25.4.1.
The old patches are kept in a folder “.patch_storage”, for the needs of rollback. Vulnerability tools are picky and find it as potentially dangerous. The latest OPatch versions have a “util obfuscate” which will change the name and a little the contents of the files, so vulnerability tools do not find it. I blogged about it two years ago: Opatch now obfuscates its own backups – the new “opatch util Obfuscate” option explained
Below how I “cleanup” the vulnerabilities at my customer VM. This instructions are for java version 1.8.0_481, latest certified for Oracle in January 2026 :
Important to notice is, The DocID number were changed. For instance, to find the following note: ”How to add an Additional Listener in RAC setup (Doc ID 2456650.1)”
You need to look for the title. The document has now a new ID, starting with KB (Knowledge Base):
The links from Google are still not updated and do not work.
The solution is to search for the title in the new Oracle Support site.
The client has also configured a small Swap mountpoint, when looking at all memory available on the server. Oracle documentation says this:
The VM has 116GB memory, and 32GB reserved for HugePages. The actual swap mountpoint is 4GB big and, based on the Oracle Server Configuration Checklist for 19c, the swap mountpoint should be in this case 16GB.
I’m using Oracle Linux 9, xfs filesystems. I’ll increase the swap mountpoint online, with the databases running.
I did script the TDE wallet configuration for my client.
Script 1 – Set the static parameters TABLESPACE_ENCRYPTION and WALLET_ROOT in the spfile.
Script 2 – Restart the database
Script 3 – Create the wallet, open the wallet, set the Masterkey, create the autologin wallet.
When running this 3rd script on a database it failed on the second command:
SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY "wallet_password";
keystore altered.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "wallet_password";
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "wallet_password"
*
ERROR at line 1:
ORA-28353: failed to open wallet
The client plugged a non-encrypted PDB into a CDB with TDE Encryption Wallet enabled. All works fine, we can read the data. However when trying to create a tablespace we get:
CDB1 SQL> create tablespace TBS_NEW;
Error starting at line : 1 in command -
create tablespace t1
Error report -
ORA-28374: typed master key not found in wallet
28374. 0000 - "typed master key not found in wallet"
*Cause: You attempted to access encrypted tablespace or redo logs with a typed master key not existing in the wallet.
*Action: Copy the correct Oracle Wallet from the instance where the tablespace was created.
Some programs are part of Oracle ISV – Independent Software Vendors – program and include various types of Oracle licenses. This allows to install the application database in various Oracle configurations. At my customer, the software includes Advance Security Option Oracle license. This was the reason we decided, even before moving to the cloud, to encrypt the database.
Here is a summary on how to perform full online encryption (TDE) of a database. The process is quite simple, but there are known surprises you might want to avoid.
TDE – Transparent Data Encryption – is the Oracle solution for protecting data at rest. This refers, protecting data that is stored in one file or one disk. This data will be encrypted. Only after the database is open and the wallet password is given, you can query the data and see it.
Recently I’ve been working more with ExaCC and migrating databases from on-premises to the Cloud. Took quite some days to get into TDE and sometimes confusing terms used in the documentation and on the web.
This post summarizes all the concepts to have in mind when working with Oracle encrypted databases, which is the default in the Cloud and Exadata systems.
My customer has five standby databases in the same 2-node RAC cluster. Today, after an ASM data diskgroup full, several databases had to recover quite some archivelogs.
The load on the first node immediately went to the roof when I restarted the redo apply, after adding space to the diskgroup.
This because, by default, the redo apply starts on the first available instance of the RAC cluster, which in this case was the first instance for all DBs.
