Known issues in OCI GoldenGate

Related Topics

General

Learn about general known issues that apply to the entire service and how to work around them

Oracle GoldenGate REST APIs return 302 redirects to an index page.

You can use the GoldenGate REST APIs to manage your OCI GoldenGate deployments. For those familiar with Oracle GoldenGate, note that the Service Manager is not exposed in OCI GoldenGate and any calls made to Service Manager won't be able to return.

AdminClient: Unable to negotiate with <ip-address> port 22: no matching host key type found.

When you use AdminClient in Cloud Shell to connect to your deployment, you may encounter the following message:
FIPS mode initialized.
Unable to negotiate with <ip-address> port 22: no matching host key type found. Their offer: ssh-ed25519
Action completed. Waiting until the work request has entered state: ('SUCCEEDED',)
FIPS mode initialized.
Unable to negotiate with <ip-address> port 22: no matching host key type found. Their offer: ssh-ed25519
Cannot create ssh tunnelnel

Workaround: Complete the following steps:

  1. Open a new Cloud Shell session.
  2. Create a file using the following command:
    cat .ssh/config
  3. Enter the following into the .ssh/config file, and then save it:
    HostkeyAlgorithms ssh-rsa,ssh-ed25519
PubkeyAcceptedKeyTypes ssh-ed25519,ssh-rsa
  4. If there's an existing .ssh/known_hosts file, delete it.
  5. Close the Cloud Shell session.
  6. Click Launch Admin Client on your deployment details page.

Connections

Learn about known issues related to connections and how to work around them.

Issue with Amazon S3 connections in OCI GoldenGate

If you encounter the following error when using Amazon S3 connections, then open a support ticket, share the details and error message. 

ERROR 2024-03-04 11:42:31.000505 [TaskEngine_2(FileFinalizeTask)] - Verify S3 bucket
      [ggstest] failed.com.amazonaws.SdkClientException: Unable to execute HTTP request: s3.us-east-2.amazonaws.com

You can then use the following steps as a temporary workaround.

Workaround:

  1. Connect to Cloud Shell.
  2. Create a new Amazon S3 connection using the following CLI sample:
    oci goldengate connection create-amazon-s3-connection --routing-method SHARED_SERVICE_ENDPOINT --display-name <connection_name> --compartment-id <compartment_ocid> --technology-type AMAZON_S3 --access-key-id <aws_access_key> --secret-access-key <aws_secret>
  3. Assign the connection to your deployment.
  4. Add and run a Replicat for Amazon S3.

Issue with MongoDB Test connection

You may encounter an error when using Test connection with MongoDB connections. You can ignore this error and test MongoDB connections in the OCI GoldenGate deployment console. In the deployment console, open the navigation menu for the Administration Service, click Configuration. Your MongoDB connection should be listed as a credential, where you can click Connect to <alias> to test the connection.

Create connection for Autonomous Database Dedicated must use Oracle Database type

If creating a connection for an Autonomous Database Dedicated instance, then you must select Oracle Database as the type, instead of Oracle Autonomous Database.

To create a connection for Autonomous Database Dedicated:

  1. On the Connections page, click Create connection.
  2. In the Create connections panel, enter a name for the connection, and optionally, a description.
  3. Select a compartment in which to create the connection.
  4. From the Type dropdown, select Oracle Database.
  5. Click Next.
  6. On the Connection details screen, for Database details, select Enter database information.
  7. For Database connection string, enter the TCP connection string. You can find the connection string in the tnsnames.ora file downloaded from the wallet package on the Autonomous Database Dedicated details page. Ensure you use the "_low" connection string.
  8. Enter the database username and password.
  9. Do not upload the database wallet.
  10. In the Network connectivity section:
    1. Select Dedicated endpoint.
    2. For Session mode, select Redirect.
  11. Click Create.

Action Required for Autonomous Databases that Use mTLS Authentication

When an Autonomous Database wallet is rotated, the OCI GoldenGate connection to this database must be refreshed to retrieve the latest wallet information.

For more information see, My Oracle Support (MOS) Document 2911553.1.

To refresh an Autonomous Database connection: Edit and save the connection to the Autonomous Database (Autonomous Transaction Processing or Autonomous Datawarehouse). Saving the connection automatically downloads and refreshes the wallet. No other changes to the connection is needed.

To verify:

  1. Launch the deployment console for a deployment that uses the Autonomous Database connection.
  2. In the deployment console, open the navigation menu, and then click Configuration.
  3. On the Credentials screen, observe the Autonomous Database connection string.

    Before the wallet is refreshed, the connection string looks like the following:

    ggadmin@(DESCRIPTION=(TRANSPORT_CONNECT_TIMEOUT=3)(CONNECT_TIMEOUT=60)(RECV_TIMEOUT=120)(retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.us-phoenix-1.oraclecloud.com))(CONNECT_DATA=(COLOCATION_TAG=ogginstance)(FAILOVER_MODE=(TYPE=SESSION)(METHOD=BASIC)(OVERRIDE=TRUE))(service_name=<adb-servicename>_low.adb.oraclecloud.com))(security=(MY_WALLET_DIRECTORY=“/u02/connections/ocid1.goldengateconnection.oc1.phx.<ocid>/wallet”)(SSL_SERVER_DN_MATCH=TRUE)(ssl_server_cert_dn=“CN=adwc.uscom-east-1.oraclecloud.com,
        OU=Oracle BMCS US, O=Oracle Corporation, L=Redwood City, ST=California,
        C=US”)))

    After the wallet is refreshed, the connection string is updated to look like the following:

    ggadmin@(DESCRIPTION=(TRANSPORT_CONNECT_TIMEOUT=3)(CONNECT_TIMEOUT=60)(RECV_TIMEOUT=120)(retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.us-phoenix-1.oraclecloud.com))(CONNECT_DATA=(COLOCATION_TAG=ogginstance)(FAILOVER_MODE=(TYPE=SESSION)(METHOD=BASIC)(OVERRIDE=TRUE))(service_name=<adb-servicename>_low.adb.oraclecloud.com))(security=(MY_WALLET_DIRECTORY=“/u02/connections/ocid1.goldengateconnection.oc1.phx.<ocid>/wallet”)(SSL_SERVER_DN_MATCH=TRUE)(ssl_server_dn_match=yes)))

MySQL database usernames that include an '@' symbol don't appear in Credential Alias list when creating an Extract in the OCI GoldenGate deployment console

For MySQL databases, usernames that include @ symbols are omitted from the Credential Alias list when creating Extracts in the OCI GoldenGate deployment console.

Workaround: Select a different alias from the list and then manually update the Parameter File on the next screen.

Network timeout affects database connections using private endpoints.

If you're using a private enpoint to connect to a database, then you may encounter network timeouts when starting or stopping Extract processes.

Workaround: You can do one of the following:

  • Apply the latest patches from your deployment details page. In the Deployment Information section, under GoldenGate, for Version, click Upgrade.
  • If you're unable to apply the latest patches at this time, you can update the connection string to include EXPIRE_TIME=1. By default, you may have an EZ connection string in Oracle GoldenGate. This connection string needs to be updated in the Oracle GoldenGate Credential to a long connection string as follows:
    <username>@//<hostname>:1521/<service_name>
<username> @(DESCRIPTION = (EXPIRE_TIME=1)(ADDRESS_LIST = (ADDRESS = (COMMUNITY = tcp)(PROTOCOL = TCP)(Host = <hostname>)(Port = 1521))) (CONNECT_DATA = (SERVICE_NAME = <service_name>)))

SCAN Proxy doesn't support TLS

While OCI GoldenGate supports Oracle Single Client Access Name (SCAN) hosts and IPs, the SCAN proxy does not support TLS.

Workaround: You can connect to a RAC database using the Database Node IP.

User OCID Mismatch in OCI Object Storage connection (Federated users only)

If a federated user selects Use current user when creating an OCI Object Storage connection, their OCID doesn't match the OCID picked up by the system.

Workaround: When you create an OCI Object Storage connection, ensure that you choose Specify another user, and then enter the federated user's OCID.

To find the user OCID, click Profile in the Oracle Cloud console global header, and then select the user name. On the User Details page, under User Information, click Show for OCID.

Deployment console

Deployment console fails to load

If you enter a fully qualified domain name (FQDN) whose last portion is longer than 11 characters, the deployment console fails to load.

Workaround: Keep the last portion of your FQDN under 11 characters.

The OCI GoldenGate deployment console is not compatible with Safari web browsers.

The Oracle Cloud Infrastructure GoldenGate Deployment Console will not display correctly when accessed using a Safari web browser.

Workaround: Use Chrome or FireFox browsers instead.

Connecting to a credential can take several minutes

In the deployment console's Configuration screen when you attempt to connect to a credential, it can take several minutes for it to connect successfully. Refreshing your screen will only add time to the connection process.

Workaround: This is a known issue that is resolved in GoldenGate build version oggoracle:21.8.0.0.0_221119.1258_663.

GoldenGate processes

Learn about known issues related to GoldenGate processes and how to work around them.

OCI GoldenGate deployment console cannot display custom/non-default named Discard file

Discard files, by default, follow the naming convention <process-name>.dsc. You can see all discard files in the OCI GoldenGate deployment console, unless you renamed them. The deployment console doesn't display custom named discard files.

Workaround: Use the Collect diagnostics tool on the deployment details page to access your discard files.

Replicats fail when using Trail file from MongoDB Extract with BINARY_JSON_FORMAT

When a Replicat uses a Trail file generated from a MongoDB Extract with BINARY_JSON_FORMAT in the Extract parameter file, the Replicat fails with the following error:

ERROR 2023-08-04 17:13:13.000421 [main] - Unable to decode column 0 : Input length = 1
      java.nio.charset.MalformedInputException: Input length = 1 at
      java.nio.charset.CoderResult.throwException(CoderResult.java:281) ~[?:1.8.0_311]at java.nio.charset.CharsetDecoder.decode(CharsetDecoder.java:816) ~[?:1.8.0_311] at
      oracle.goldengate.datasource.UserExitDataSource.createColumnValue(UserExitDataSource.java:1106)
      [ggdbutil-21.9.0.0.3.001.jar:21.9.0.0.3.001] Exception in thread “main”
      oracle.goldengate.util.GGException: Unable to decode column 0 : Input length = 1 at
      oracle.goldengate.datasource.UserExitDataSource.createColumnValue(UserExitDataSource.java:1203)

Workaround: When BINARY_JSON_FORMAT is removed from the Extract parameters, the Replicat runs successfully and documents are represented in Extended JSON format.

Remote change data capture Extracts fail for GTID enabled databases

When you create a Change Data Capture Extract process with the Remote option enabled for a MySQL database that uses global transaction identifiers (GTIDs), the Extract process fails and the following error is reported:
ERROR   OGG-25192  Trail file '<trail name>' is remote. Only local trail allowed for this extract.

Workaround: On the Parameter file screen of the Change Data Capture Extract, remove the line, TRANLOGOPTIONS ALTLOGDEST REMOTE.

For more information, see Using Oracle GoldenGate for MySQL.

To create Distribution Paths to send data to or pull data from Oracle Cloud Infrastructure GoldenGate, ensure that you add the root certificate to Certificate Management or your client wallet

To send data to or pull data from OCI GoldenGate, you must create a Distribution Server Path or a target initiated path on the Receiver Server in your on-premises or Marketplace Oracle GoldenGate, respectively. You must also add the OCI GoldenGate root certificate or self-signed certificate to your Oracle GoldenGate Certificate Management (Oracle GoldenGate 21c or higher) or client wallet (Oracle GoldenGate 19c). This creates a trusted connection between your Oracle GoldenGate and OCI GoldenGate deployments. Only WebSocket Secure (WSS) protocol is supported for Distribution and Receiver Server Paths between Oracle GoldenGate and OCI GoldenGate.

A change in the OCI GoldenGate root certificate will cause the Distribution Server Path or a target initiated path on the Receiver Server in your on-premises or Marketplace Oracle GoldenGate to fail and produce the following error: 

ERROR   OGG-10390  Oracle GoldenGate Receiver Service:  Generic error -1 noticed for endpoint
      wss://<deployment URL>:443/services/v2/sources?trail=<trail name>. Error description - SSL
      connection unexpectedly closed.

Workaround: To fix this issue, update the certificate in the client wallet or Service Manager's Certificate Management screen to use the OCI GoldenGate Deployment Console root certificate. In some cases, when the OCI GoldenGate deployment’s certificate is not signed directly by the root certificate but by intermediate one(s) for example, it might be necessary to also add the intermediate CA certificate(s).

Learn more:

Only Digest Authentication is currently supported

Oracle Cloud Infrastructure GoldenGate doesn't currently support certificate-based authentication when you use Oracle Cloud Infrastructure GoldenGate as the Distribution Path target.

Workaround: None.