C Troubleshooting Oracle Key Vault
Oracle provides checklists and tips for commonly encountered errors that will help you install and deploy Oracle Key Vault.
- Oracle Key Vault Pre-Installation Checklist
The pre-installation checklist covers all the requirements to successfully install Key Vault. - Integrating Oracle Key Vault with Oracle Audit Vault and Database Firewall
You can consolidate audits between Oracle Audit Vault and Database Firewall (AVDF) with Oracle Key Vault. - RESTful Services Troubleshooting Help
The Oracle Key Vault log files capture all the error messages sent by the server. - Error: Cannot Open Keystore Message
TheCannot Open Keystore
error can appear when you try to upload a Java keystore to the Oracle Key Vault server. - KMIP Error: Invalid Field
TheInvalid Field
KMIP error can occur when you are trying to upload Oracle wallets to virtual wallets on multiple endpoints. - WARNING: Could Not Store Private Key Errors
If you upload two keystores with the same file name but different contents, aWARNING: Could not store private key
error appears. - Errors After Upgrading Oracle Key Vault
Some errors that appear after the upgrade can be ignored. - Error: Failed to Open Wallet
AnFailed to Open Wallet
error can appear if you attempt to use an online master key. - Transaction Check Error: Diagnostics Generation Utility
If you are trying to perform an upgrade of Oracle Key Vault, a transaction check error may appear. - Fast-Start Failover (FSFO) Suspended (ORA-16818)
AnORA-16818: Fast-Start Failover suspended
error can appear as a result of a fast start failover operation failing. - SSH Tunnel Add Failure
While you are configuring the SSH tunnel, aFailed to establish SSH tunnel. Refer to Oracle documentation error
may appear. - Error: Provision Command Fails if /usr/bin/java Does Not Exist
The RESTful service command to provision an endpoint fails if the soft link/usr/bin/java
does not exist or points to an incorrect Java directory. - TDE Endpoint Integration Issues
Several issues related to Transparent Data Encryption (TDE) endpoint integration problems can arise. - Failover Situations in Primary-Standby Mode
Failover situations can occur with or without read-only restricted mode or during a planned shutdown operation for both primary and standby servers. - Performing a Planned Shutdown
A user who has the System Administrator role can perform planned shutdowns during an upgrade or a maintenance window.
C.1 Oracle Key Vault Pre-Installation Checklist
The pre-installation checklist covers all the requirements to successfully install Key Vault.
Table C-1 Oracle Key Vault Pre-Installation Checklist
Item# | Check | Task |
---|---|---|
1. [ x ] |
System requirements |
Confirm that you have enough CPU, memory, and disk as described in System Requirements. |
2. [ x ] |
Open all the required network ports in your firewall |
For details on network ports, see Network Port Requirements. |
3. [ x ] |
Supported endpoint platforms |
|
4. [ x ] |
Set the |
Guidance for setting this parameter for Oracle Database 11.2.0.0 and later is in Supported Endpoint Platforms. |
5. [ x ] |
Get a fixed IP address, network mask, and gateway address from your network administrator. |
You will need this information for Step 9 in Installing the Oracle Key Vault Appliance Software |
Parent topic: Troubleshooting Oracle Key Vault
C.2 Integrating Oracle Key Vault with Oracle Audit Vault and Database Firewall
You can consolidate audits between Oracle Audit Vault and Database Firewall (AVDF) with Oracle Key Vault.
- Step 1: Check the Environment
Before you begin the integration, you should ensure that the required components are all in place. - Step 2: Register Oracle Key Vault as a Secured Target with AVDF
You must register the Oracle Key Vault server as a secured target on the Oracle Audit Vault and Database Firewall server. - Step 3: Register Oracle Key Vault as a Host with AVDF
Next, you must register the Oracle Key Vault server as a host on the Audit Vault and Database Firewall server. - Step 4: Download the AVDF Agent and Upload it to Oracle Key Vault
You must next download the Oracle Audit Vault and Database Firewall agent and then upload it to the Oracle Key Vault server. - Step 5: Install the AVDF agent.jar File on the Oracle Key Vault Server
At this stage, you are ready to install theagent.jar
file on the Oracle Key Vault server. - Step 6: Add the Oracle Key Vault Audit Trail to AVDF
Next, you can add the audit trail to Oracle Audit Vault and Database Firewall. - Step 7: View Oracle Key Vault Audit Data Collected by AVDF
After you have completed the integration and are collecting data, you can view data collected by Oracle Audit Vault and Database Firewall.
Parent topic: Troubleshooting Oracle Key Vault
C.2.1 Step 1: Check the Environment
Before you begin the integration, you should ensure that the required components are all in place.
C.2.2 Step 2: Register Oracle Key Vault as a Secured Target with AVDF
You must register the Oracle Key Vault server as a secured target on the Oracle Audit Vault and Database Firewall server.
C.2.3 Step 3: Register Oracle Key Vault as a Host with AVDF
Next, you must register the Oracle Key Vault server as a host on the Audit Vault and Database Firewall server.
C.2.4 Step 4: Download the AVDF Agent and Upload it to Oracle Key Vault
You must next download the Oracle Audit Vault and Database Firewall agent and then upload it to the Oracle Key Vault server.
- Log in to the Oracle Audit Vault Server console as an administrator (
avadmin
). - Select the Agent tab, and then select Agent Release.
- Select the agent, which should be the first item in the list of agents.
- Save this item as
agent.jar
. - Use
scp
to uploadagent.jar
to the Oracle Key Vault server.
C.2.5 Step 5: Install the AVDF agent.jar File on the Oracle Key Vault Server
At this stage, you are ready to install the agent.jar
file on the Oracle Key Vault server.
C.2.6 Step 6: Add the Oracle Key Vault Audit Trail to AVDF
Next, you can add the audit trail to Oracle Audit Vault and Database Firewall.
C.2.7 Step 7: View Oracle Key Vault Audit Data Collected by AVDF
After you have completed the integration and are collecting data, you can view data collected by Oracle Audit Vault and Database Firewall.
- Log in to the Oracle Audit Vault Server console as an auditor (
avauditor
). - Select the Reports tab.
- Select All Activity.
- Select All Activity Report.
C.3 RESTful Services Troubleshooting Help
The Oracle Key Vault log files capture all the error messages sent by the server.
/var/log/messages
file. The first debugging step is to read the messages
file.
Parent topic: Troubleshooting Oracle Key Vault
C.4 Error: Cannot Open Keystore Message
The Cannot Open Keystore
error can appear when you try to upload a Java keystore to the Oracle Key Vault server.
To remedy this problem, try the following solutions:
Parent topic: Troubleshooting Oracle Key Vault
C.5 KMIP Error: Invalid Field
The Invalid Field
KMIP error can occur when you are trying to upload Oracle wallets to virtual wallets on multiple endpoints.
The steps that result in this error are as follows:
- You configure two or more endpoints (for example, Endpoint A and Endpoint B) to share a wallet (Oracle Wallet C), and hence also share the wallet keys.
- You register Endpoints A and B with Oracle Key Vault.
- You create a default wallet (Virtual Wallet A) for Endpoint A and then a default wallet (Virtual Wallet B) for Endpoint B. Each virtual wallet is accessible only to the corresponding endpoint. For example, Endpoint B has no access to Virtual Wallet A.
- You upload Oracle Wallet C into Virtual Wallet A on Endpoint A.
- You attempt to upload Oracle Wallet C from Endpoint B into Virtual Wallet B Endpoint B.
The KMIP error occurs because there are two copies of the same key being created and Endpoint B does not have visibility for both. If Endpoint A tries to upload the first key again, Oracle Key Vault detects this action and accounts for it. But because in Step 5, Endpoint B is not allowed to see the first key, Oracle Key Vault is unable to perform the necessary harmonization for the two Oracle wallets.
This is expected behavior. To avoid the Invalid Field
, create an endpoint group so that you can share the wallet with multiple endpoints.
Related Topics
Parent topic: Troubleshooting Oracle Key Vault
C.6 WARNING: Could Not Store Private Key Errors
If you upload two keystores with the same file name but different contents, a WARNING: Could not store private key
error appears.
-alias slserver
) in each keytool
command. When you download two such keystores that have the same alias, the okvutil download
process ignores the second one because the JKS aliases must be unique.
- To remedy this problem, download the second keystore using a unique alias.
Related Topics
Parent topic: Troubleshooting Oracle Key Vault
C.7 Errors After Upgrading Oracle Key Vault
Some errors that appear after the upgrade can be ignored.
After you perform an upgrade of Oracle Key Vault on an standalone server, ORA-1109: database does not open
, ORA-00313: open failed for members
, and ORA-00312: online log 3 thread 1
error messages may appear in the /var/log/messages
log file.
You can safely ignore these messages. Error messages also appear in the /var/log/debug
file.
Parent topic: Troubleshooting Oracle Key Vault
C.8 Error: Failed to Open Wallet
An Failed to Open Wallet
error can appear if you attempt to use an online master key.
If you are attempting to use an online master key (previously called TDE direct connect) and encounter this error, then first check your environment variable ORACLE_BASE
. In an Oracle Real Application Clusters environment, you must perform this step on all database instances.
You must also set the ORACLE_SID
, ORACLE_HOME
, and OKV_HOME
environment variables needed by the PKCS #11 library as follows:
C.9 Transaction Check Error: Diagnostics Generation Utility
If you are trying to perform an upgrade of Oracle Key Vault, a transaction check error may appear.
For example:
file /usr/local/dbfw/etc/dbfw-diagnostics-package.yml from install of appliance-18.3.0.0.0-52_190425.2253.d.x86_64 conflicts with file from package okv-diagnostic-12.2.0.8.0-40_181013.1730.x86_64
The problem is that the diagnostic generation utility interferes with the upgrade process. You must remove the diagnostic generation utility before you can perform the upgrade.
Parent topic: Troubleshooting Oracle Key Vault
C.10 Fast-Start Failover (FSFO) Suspended (ORA-16818)
An ORA-16818: Fast-Start Failover suspended
error can appear as a result of a fast start failover operation failing.
If the primary server was shut down gracefully in a controlled way, such as by clicking a Power Off button instead of manually turning off the computer, then a fast start failover cannot be performed and the ORA-16818: Fast-Start Failover suspended
error appears. In a graceful shutdown operation, the primary server's failover status goes into a suspended state with the standby waiting indefinitely for the primary server to be available. This is the expected behavior for a fast-start failover (FSFO) operation, as defined by Oracle Data Guard avoid a split brain scenario. By design, a fast-start failover operation error occurs only when the primary server shuts down unexpectedly. If you perform a SHUTDOWN IMMEDIATE
or SHUTDOWN NORMAL
command in SQL*Plus, then the FSFO does not occur because the database shuts down gracefully.
Parent topic: Troubleshooting Oracle Key Vault
C.11 SSH Tunnel Add Failure
While you are configuring the SSH tunnel, a Failed to establish SSH tunnel. Refer to Oracle documentation error
may appear.
You might get the following error message while trying to set up the SSH tunnel:
The failure may be due to one or more of the following problems:
-
The following settings may be invalid:
- Invalid IP address
- Invalid port
- Invalid user name
-
The public SSH Oracle Key Vault key was not copied to the
authorized_keys
file of theokv
user on the Database as a Service instance. -
The Database as a Service instance is not reachable because of network overload.
To remedy this problem, check your input values and connection and retry.
Parent topic: Troubleshooting Oracle Key Vault
C.12 Error: Provision Command Fails if /usr/bin/java Does Not Exist
The RESTful service command to provision an endpoint fails if the soft link /usr/bin/java
does not exist or points to an incorrect Java directory.
ln -s Java_home_directory/bin/java /usr/bin/java
Parent topic: Troubleshooting Oracle Key Vault
C.13 TDE Endpoint Integration Issues
Several issues related to Transparent Data Encryption (TDE) endpoint integration problems can arise.
Common Transparent Data Encryption (TDE) endpoint integration problems caused by installation errors, svrctl
misuse, and the mismanagement of security objects in a primary-standby environment can arise.
- Installing the Oracle Key Vault library: You must run
root.sh
to install the Oracle Key Vault library only once on a computer that has multiple Oracle databases. During an upgrade you must upgrade the library only after you have shut down all the associated endpoints. Oracle Key Vault servers are backward compatible with endpoint libraries. - Using
svrctl
to manage the database: If you use thesvrctl
utility to manage the database, remember thatsvrctl
can set theORACLE_BASE
environment variable toNULL
. Oracle recommends that you setORACLE_BASE
toORACLE_HOME
ifORACLE_BASE
is not used in your environment. - Managing security objects the same way in a primary-standby environment: In a primary-standby configuration, ensure that both the primary and standby servers use the same mechanism to manage security objects. These servers should either both use a wallet or both use Oracle Key Vault.
Parent topic: Troubleshooting Oracle Key Vault
C.14 Failover Situations in Primary-Standby Mode
Failover situations can occur with or without read-only restricted mode or during a planned shutdown operation for both primary and standby servers.
- About Failover Situations in Primary-Standby Mode
Failover situations in primary-standby node can occur with read-only restricted mode disabled, and with read-only restricted mode enabled. - Failover Situations Without Read-Only Restricted Mode
If read-only restricted mode is not used, then various failover situations may occur in Oracle Key Vault. - Failover Situations with Read-Only Restricted Mode
The use read-only restricted mode affects failover operations in Oracle Key Vault.
Parent topic: Troubleshooting Oracle Key Vault
C.14.1 About Failover Situations in Primary-Standby Mode
Failover situations in primary-standby node can occur with read-only restricted mode disabled, and with read-only restricted mode enabled.
The types of failover situations are as follows:
-
Planned shutdown of the primary server: A system administrator shuts down the primary server during an upgrade or maintenance window.
-
Planned shutdown of the standby server: A system administrator shuts down the standby server during an upgrade or maintenance window.
-
Unplanned shutdown of the primary server: The primary server is offline due to unforeseen circumstances such as power loss or network failure.
-
Unplanned shutdown of the standby server: The standby server is offline due to unforeseen circumstances such as power loss or network failure.
Parent topic: Failover Situations in Primary-Standby Mode
C.14.2 Failover Situations Without Read-Only Restricted Mode
If read-only restricted mode is not used, then various failover situations may occur in Oracle Key Vault.
- Primary Server: Planned Shutdown During an Upgrade
In a failover, the use of read-only restricted mode affects a planned shutdown of a primary server during an upgrade. - Primary Server: Planned Shutdown During Maintenance
In a failover, not using read-only restricted mode affects the planned shutdown of a primary server during maintenance. - Standby Server: Planned Shutdown
In a failover, not using read-only restricted mode affects a planned shutdown in a standby server. - Primary Server: Unplanned Shutdown
In a failover, not using read-only restricted mode affects an unplanned shutdown in a primary server. - Standby Server: Unplanned Shutdown
In a failover, not using read-only restricted mode affects a standby server during an unplanned shutdown.
Parent topic: Failover Situations in Primary-Standby Mode
C.14.2.1 Primary Server: Planned Shutdown During an Upgrade
In a failover, the use of read-only restricted mode affects a planned shutdown of a primary server during an upgrade.
If read-only restricted mode is not used, when the primary server goes offline during an upgrade, then the standby server waits in read-only mode for the primary server to return online. During the upgrade, you cannot access the Oracle Key Vault management console.
- Recovery process: When the primary server is back online after the upgrade the standby server will automatically synchronize with the primary server. The primary and standby servers retain their earlier roles, and both servers will continue to operate in primary-standby mode.
- Primary server state: Down
- Standby server state: Up
- Does failover occur? No
Parent topic: Failover Situations Without Read-Only Restricted Mode
C.14.2.2 Primary Server: Planned Shutdown During Maintenance
In a failover, not using read-only restricted mode affects the planned shutdown of a primary server during maintenance.
If read-only restricted mode is not used, when the primary server is powered off or restarted during maintenance, then the standby server takes over from the primary server.
- Recovery process: The standby server is now the new primary server. When the old primary server is back online after maintenance, it will automatically synchronize with the new primary server and take over the role of standby server. Both servers will continue to operate in primary-standby mode. Be aware that when the primary server is offline, data replication is disabled. If the new primary server goes offline before synchronizing with the new standby server, it may cause a loss of critical data.
- Primary server state: Down
- Standby server state: Up
- Does failover occur? Yes
Parent topic: Failover Situations Without Read-Only Restricted Mode
C.14.2.3 Standby Server: Planned Shutdown
In a failover, not using read-only restricted mode affects a planned shutdown in a standby server.
If read-only restricted mode is not used, when the standby server is powered off during upgrade or maintenance, the primary server continues operating as the primary server. Read and write operations are allowed.
- Recovery process: When the standby server is back online post-upgrade or post-maintenance, the primary server will automatically synchronize with the standby server. The primary and standby servers retain their earlier roles, and both servers will continue to operate in primary-standby mode. Be aware that when the standby server is offline, data replication is disabled. If the primary server goes offline before synchronizing with the standby server, then it may cause a loss of critical data.
- Primary server state: Up
- Standby server state: Down
- Does failover occur? No
C.14.2.4 Primary Server: Unplanned Shutdown
In a failover, not using read-only restricted mode affects an unplanned shutdown in a primary server.
If read-only restricted mode is not used, when the primary server goes offline because of power loss, network failure, or hardware failure, the standby server waits for the duration specified in the Fast Start Failover Threshold field on the Configure High Availability page in the Oracle Key Vault management console. If the primary server cannot be reached after the specified duration has elapsed, then the standby server takes over from the primary server.
- Recovery process: The standby server is now the new primary server. Rectify the failure that affected the primary server by restarting the server or restoring network connectivity. When the primary server is back online, it will automatically synchronize with the new primary server and take over the role of standby server.
- Primary server state: Down
- Standby server state: Up
- Does failover occur? Yes
Parent topic: Failover Situations Without Read-Only Restricted Mode
C.14.2.5 Standby Server: Unplanned Shutdown
In a failover, not using read-only restricted mode affects a standby server during an unplanned shutdown.
If read-only restricted mode is not used, when the standby server goes offline because of power loss, network failure, or hardware failure, then the primary server becomes unavailable. All operations are disabled.
- Recovery process: Rectify the failure that affected the standby server by restarting the server or restoring network connectivity. When the standby server is back online, it will automatically synchronize with the primary server. You cannot re-establish synchronization or network connectivity between the primary and standby servers, contact Oracle Support.
- Primary server state: Up
- Standby server state: Down
- Does failover occur? No
Parent topic: Failover Situations Without Read-Only Restricted Mode
C.14.3 Failover Situations with Read-Only Restricted Mode
The use read-only restricted mode affects failover operations in Oracle Key Vault.
- Primary Server: Planned Shutdown During an Upgrade
In a failover, not using read-only restricted mode affects a planned shutdown of a primary server during an upgrade - Primary Server: Planned Shutdown During Maintenance
In a failover, using read-only restricted mode affects the planned shutdown of a primary server during maintenance. - Standby Server: Planned Shutdown
In a failover, using read-only restricted mode affects a planned shutdown in a standby server. - Primary Server: Unplanned Shutdown
In a failover, using read-only restricted mode affects an unplanned shutdown in a primary server. - Standby Server: Unplanned Shutdown
In a failover, using read-only restricted mode affects a standby server during an unplanned shutdown.
Parent topic: Failover Situations in Primary-Standby Mode
C.14.3.1 Primary Server: Planned Shutdown During an Upgrade
In a failover, not using read-only restricted mode affects a planned shutdown of a primary server during an upgrade
When the primary server goes offline during an upgrade, the standby server enters read-only restricted mode and waits for the primary server to come back online. During the upgrade, you cannot access the Oracle Key Vault management console.
- Recovery process: When the primary server is back online post-upgrade, the standby server will automatically synchronize with the primary server. The primary and standby servers retain their earlier roles, and both servers will continue to operate in primary-standby mode.
- Primary server state: Down
- Standby server state: Up
- Does failover occur? No
Parent topic: Failover Situations with Read-Only Restricted Mode
C.14.3.2 Primary Server: Planned Shutdown During Maintenance
In a failover, using read-only restricted mode affects the planned shutdown of a primary server during maintenance.
When the primary server is powered off or restarted during maintenance, the standby server enters read-only restricted mode, and takes over from the primary server. The Oracle Key Vault management console displays a warning.
- Recovery process: The standby server is now the new primary server. When the old primary server is back online after maintenance, it will automatically synchronize with the new primary server and take over the role of standby server. Both servers will continue to operate in primary-standby mode.
- Primary server state: Down
- Standby server state: Up
- Does failover occur? Yes
Parent topic: Failover Situations with Read-Only Restricted Mode
C.14.3.3 Standby Server: Planned Shutdown
In a failover, using read-only restricted mode affects a planned shutdown in a standby server.
When the standby server is powered off during upgrade or maintenance, the primary server enters read-only restricted mode, and continues operating as the primary server. The Oracle Key Vault management console displays a warning.
- Recovery process: When the standby server is back online post-upgrade or after maintenance, the primary server will automatically synchronize with the standby server. The primary and standby servers retain their earlier roles, and both servers will continue to operate in primary-standby mode.
- Primary server state: Up
- Standby server state: Down
- Does failover occur? No
C.14.3.4 Primary Server: Unplanned Shutdown
In a failover, using read-only restricted mode affects an unplanned shutdown in a primary server.
When the primary server goes offline because of power loss, network failure, or hardware failure, then the standby server waits for the duration specified in the Fast Start Failover Threshold field on the Configure Primary-Standby page in the Oracle Key Vault management console. If the primary server is not reachable after the specified duration has elapsed, then the standby server enters read-only restricted mode, and takes over from the primary server.
- Recovery process: The standby server is now the new primary server. Rectify the failure that affected the primary server by restarting the server or restoring network connectivity. When the primary server is back online, it will automatically synchronize with the new primary server and take over the role of standby server.
- Primary server state: Down
- Standby server state: Up
- Does failover occur? Yes
Parent topic: Failover Situations with Read-Only Restricted Mode
C.14.3.5 Standby Server: Unplanned Shutdown
In a failover, using read-only restricted mode affects a standby server during an unplanned shutdown.
When the standby server goes offline because of power loss, network failure, or hardware failure, the primary server waits for the duration specified in the Fast Start Failover Threshold field on the Configure Primary-Standby page of the Oracle Key Vault management console. If the standby server is not reachable after the specified duration has elapsed, the primary server enters read-only restricted mode, and continues operating as the primary server.
- Recovery process: Rectify the failure that affected the standby server by restarting the server or restoring network connectivity. When the standby server is back online, it will automatically synchronize with the primary server. If you cannot re-establish synchronization or network connectivity between the primary and standby servers, then contact Oracle Support.
- Primary server state: Up
- Standby server state: Down
- Does failover occur? No
Parent topic: Failover Situations with Read-Only Restricted Mode
C.15 Performing a Planned Shutdown
A user who has the System Administrator role can perform planned shutdowns during an upgrade or a maintenance window.
- Primary Server Planned Shutdown
A user who has the System Administrator role can plan a shutdown of the primary server during an upgrade or a maintenance window. - Standby Server Planned Shutdown
A user who has the System Administrator role can plan a shutdown of the primary server during an upgrade or a maintenance window.
Parent topic: Troubleshooting Oracle Key Vault
C.15.1 Primary Server Planned Shutdown
A user who has the System Administrator role can plan a shutdown of the primary server during an upgrade or a maintenance window.
- Performing a Primary Server Planned Shutdown During an Upgrade
You must upgrade both servers in a pair when you perform a primary server shutdown. - Performing a Primary Server Planned Shutdown During Maintenance
To perform a primary server planned shutdown during maintenance, power off or restart Oracle Key Vault.
Parent topic: Performing a Planned Shutdown
C.15.1.1 Performing a Primary Server Planned Shutdown During an Upgrade
You must upgrade both servers in a pair when you perform a primary server shutdown.
- To perform a primary upgrade, upgrade both of the Oracle Key Vault server pair used in the primary-standby configuration.
Parent topic: Primary Server Planned Shutdown
C.15.1.2 Performing a Primary Server Planned Shutdown During Maintenance
To perform a primary server planned shutdown during maintenance, power off or restart Oracle Key Vault.
Parent topic: Primary Server Planned Shutdown
C.15.2 Standby Server Planned Shutdown
A user who has the System Administrator role can plan a shutdown of the primary server during an upgrade or a maintenance window.
During upgrade, the standby server shuts down automatically, and no manual steps are necessary.
- Performing a Standby Server Planned Shutdown During an Upgrade
You must upgrade both servers in a pair when you perform a standby server shutdown. - Performing a Standby Server Planned Shutdown During Maintenance
You can perform a standby server planned shutdown during maintenance from the standby server using SSH.
Parent topic: Performing a Planned Shutdown
C.15.2.1 Performing a Standby Server Planned Shutdown During an Upgrade
You must upgrade both servers in a pair when you perform a standby server shutdown.
- To perform a standby upgrade, upgrade both of the Oracle Key Vault server pair used in the primary-standby configuration.
Parent topic: Standby Server Planned Shutdown
C.15.2.2 Performing a Standby Server Planned Shutdown During Maintenance
You can perform a standby server planned shutdown during maintenance from the standby server using SSH.
Parent topic: Standby Server Planned Shutdown