Password Authority Outage: java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion
Article ID: 130687
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
PAM SAFENET LUNA HSM
CA Privileged Access Manager (PAM)
Issue/Introduction
An issue with Cloakware Password Authority which causes an outage. The account summary list is not presented to the users.
The catalina.out file has the following error:
SEVERE: AnsiSQLSummaryDAO.getAccountSummaryList sql exception java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion (actual: 4021, maximum: 4000) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:395) at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:802)
The catalina.out file has the following error:
SEVERE: AnsiSQLSummaryDAO.getAccountSummaryList sql exception java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion (actual: 4021, maximum: 4000) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:395) at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:802)
Cause
A field in the database exceeded the 4000 characters allowed for a CLOB
Environment
Password Authority 4.5.3 using Oracle for the repository cspm database.
Resolution
Run the following SQL query commands to find the problem record in the database:
-- 1. Identify all objects that have attributes that are > 4000 characters
select classid, objectid, name, length(value), value from attribute where length(value) > 4000;
-- 2. Run one of the following 3 queries depending on the classid returned from the above query. Note that you will have to change '<objectid> to the object id returned by the previous query. If the query in 1 returns multiple results please repeat this step for each.
-- 2a. classid='c.cw.m.ac':
select accountusername, name, hostname from account
inner join targetapplication on targetapplication.targetapplicationid = account.targetapplicationid
inner join targetserver on targetapplication.targetserverid = targetserver.targetserverid
where accountid=<objectId>;
-- 2b. classid='c.cw.m.tp':
select name, hostname from targetapplication
inner join targetserver on targetapplication.targetserverid = targetserver.targetserverid
where targetapplicationid=<objectId>;
-- 2c. classid='c.cw.m.ts':
select hostname from targetserver where targetserverid=<objectid>;
--3. remove characters from the problem field
-- 1. Identify all objects that have attributes that are > 4000 characters
select classid, objectid, name, length(value), value from attribute where length(value) > 4000;
-- 2. Run one of the following 3 queries depending on the classid returned from the above query. Note that you will have to change '<objectid> to the object id returned by the previous query. If the query in 1 returns multiple results please repeat this step for each.
-- 2a. classid='c.cw.m.ac':
select accountusername, name, hostname from account
inner join targetapplication on targetapplication.targetapplicationid = account.targetapplicationid
inner join targetserver on targetapplication.targetserverid = targetserver.targetserverid
where accountid=<objectId>;
-- 2b. classid='c.cw.m.tp':
select name, hostname from targetapplication
inner join targetserver on targetapplication.targetserverid = targetserver.targetserverid
where targetapplicationid=<objectId>;
-- 2c. classid='c.cw.m.ts':
select hostname from targetserver where targetserverid=<objectid>;
--3. remove characters from the problem field
Additional Information
Sometimes the descriptor 2 field of a target server is used to store a lot of data. This has been the reason the last two times this outage has happened.
Feedback
Powered by
