Oracle Communities

Oracle Analytics and AI

Child Item

Unable to create OAC connection to new ADW but connection from SQLDeveloper works fine

I created a new ADW instance to be the target of an OAC Data Flow. ADW creation was successful, and I can connect to the new ADW using SQLDeveloper from my on-prem machine. When I try to create the ADW connection in OAC using those same connection details/wallet file I get "Failed to save the connection. Invalid connection details were supplied."

We have a VCN, and both the OAC env and the ADW are on the same subnet within that VCN. I ran Network Analyzer and the route between the OAC private IP and the ADW private IP is valid. Running Cloud Shell from the OCI console, on the same private subnet, the ADW hostname resolves to the correct private IP. However, when I try to run sql and connect to this ADW from the shell I get "ORA-17002: I/O error: Connection reset by peer, connect lapse 3 ms, Authentication lapse 0 ms ".

I'm obviously missing a step here, we already have another ADW connected to OAC for usage tracking and I've tried to compare all the settings between the two but I don't see anything missing. Any ideas on where I can look next?

Thanks

Rhonda

Find more posts tagged with

Accepted answers

R Stonaker

Apparently I was missing adding this new ADW (using the FQDN) as a private source to the PAC for this particular OAC env. I read through at least a dozen Oracle docs and didn't see this task, but this blog pointed it out pretty clearly: https://medium.com/@ionutforlafu/oracle-analytics-cloud-private-access-channel-7399a305bad0

All comments

Gianni Ceresa

My first random guess would be to check the ACL of your ADW. In the other ADW that is working, do you have access control list enabled and configured? Do you have the same settings in your new one.

R Stonaker

Both ADWs are on the same subnet, within the same IP range, have public access disabled and neither have a Network security group selected. I'm not well-versed in the network side of OCI so I may not be looking in the right place but from what I read since we're using private endpoints, NSGs should control access instead of ACLs. Thanks for replying @Gianni Ceresa , I'll go ahead and open an SR since I know this is a pretty difficult issue to diagnose on a forum.

Ambient

This is shot in the dark:

SQL Developer can be pointed at the zip file for the wallet and it knows how to open/read it.

For the same wallet in Python, you have to extract the wallet zip to a directory and point the connection to the directory.

Example:

/wallets/ADW01.zip

/wallets/ADW01/

Worth a try…

R Stonaker

@Ambient it won't let me choose the extracted folder or the extracted cwallet.sso file when creating the connection - message says only .zip files are supported, but thanks for the suggestion.

Gianni Ceresa

The new preferred connection to ADW from Python is using TLS and doesn't need the wallet anymore at all. The wallet is only needed for mTLS and you need it extracted because the Python package needs the files directly.

OAC does use the ZIP wallet directly just like SQL Developer.

Ambient

https://community.oracle.com/products/oracleanalytics/discussion/comment/76168#Comment_76168

Agreed, but you have to config the ADW instance to use/support TLS - Not eveyone bothers.
mTLS is the "do nothing" option.

R Stonaker