Password Authority Outage: java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion
book
Article ID: 130687
calendar_today
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)PAM SAFENET LUNA HSMCA Privileged Access Manager (PAM)
Issue/Introduction
An issue with Cloakware Password Authority which causes an outage. The account summary list is not presented to the users.
The catalina.out file has the following error:
SEVERE: AnsiSQLSummaryDAO.getAccountSummaryList sql exception java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion (actual: 4021, maximum: 4000) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:395) at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:802)
Cause
A field in the database exceeded the 4000 characters allowed for a CLOB
Environment
Password Authority 4.5.3 using Oracle for the repository cspm database.
Resolution
Run the following SQL query commands to find the problem record in the database:
-- 1. Identify all objects that have attributes that are > 4000 characters select classid, objectid, name, length(value), value from attribute where length(value) > 4000; -- 2. Run one of the following 3 queries depending on the classid returned from the above query. Note that you will have to change '<objectid> to the object id returned by the previous query. If the query in 1 returns multiple results please repeat this step for each. -- 2a. classid='c.cw.m.ac': select accountusername, name, hostname from account inner join targetapplication on targetapplication.targetapplicationid = account.targetapplicationid inner join targetserver on targetapplication.targetserverid = targetserver.targetserverid where accountid=<objectId>; -- 2b. classid='c.cw.m.tp': select name, hostname from targetapplication inner join targetserver on targetapplication.targetserverid = targetserver.targetserverid where targetapplicationid=<objectId>; -- 2c. classid='c.cw.m.ts': select hostname from targetserver where targetserverid=<objectid>; --3. remove characters from the problem field
Additional Information
Sometimes the descriptor 2 field of a target server is used to store a lot of data. This has been the reason the last two times this outage has happened.