Troubleshoot the Oracle connector in Azure Data Factory and Azure Synapse

APPLIES TO: Azure Data Factory Azure Synapse Analytics

Tip

Try out Data Factory in Microsoft Fabric, an all-in-one analytics solution for enterprises. Microsoft Fabric covers everything from data movement to data science, real-time analytics, business intelligence, and reporting. Learn how to start a new trial for free!

This article provides suggestions to troubleshoot common problems with the Oracle connector in Azure Data Factory and Azure Synapse.

Error code: ArgumentOutOfRangeException

  • Message: Hour, Minute, and Second parameters describe an un-representable DateTime.

  • Cause: In Azure Data Factory and Synapse pipelines, DateTime values are supported in the range from 0001-01-01 00:00:00 to 9999-12-31 23:59:59. However, Oracle supports a wider range of DateTime values, such as the BC century or min/sec>59, which leads to failure.

  • Recommendation:

    To see whether the value in Oracle is in the supported range of dates, run select dump(<column name>).

    To learn the byte sequence in the result, see How are dates stored in Oracle?.

Add secure algorithms when using the self-hosted integration runtime version 5.36.8726.3 or higher

  • Symptoms: When you use the self-hosted integration runtime version 5.36.8726.3 or higher, you meet this error message: [Oracle]ORA-12650: No common encryption or data integrity algorithm.

  • Cause: The secure algorithm is not added to your Oracle server.

  • Recommendation: Update your Oracle server settings to add these secure algorithms if they are not already included:

    • For SQLNET.ENCRYPTION_TYPES_SERVER, need to add the following algorithms that are deemed as secure by OpenSSL and will be used for OAS (Oracle Advanced Security) encryption.

      • AES256
      • AES192
      • 3DES168
      • AES128
      • 3DES112
      • DES
    • For SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER, need to add the following algorithms that are deemed as secure by OpenSSL and will be used for OAS (Oracle Advanced Security) data integrity.

      • SHA256
      • SHA384
      • SHA512

      Note

      The recommended data integrity algorithms SHA256, SHA384 and SHA512 are available for Oracle 19c or higher.

Error code: UserErrorFailedToConnectOdbcSource

There are three error messages associated with this error code. Check the cause and recommendation for each error message correspondingly.

  • Message: "Cannot load trust store", or "SSL Handshake Failure reason [error:OA000086:SSL routines::certificate verify failed]"

  • Cause: The truststore is not appropriate for OpenSSL 3.0, as the truststore file is generated using weak ciphers like RC4, MD5 and SHA1.

  • Recommendation: You need to re-create the truststore using the strong ciphers like AES256. Refer to this section for details about setting up the TLS connection using truststore.


  • Message:
    SSL Handshake Failure reason[Unknown SSL Error]
    SSL Handshake Failure reason [error:OA000410:SSL routines::sslv3 alert handshake failure]

  • Cause: The server is not configured with strong ciphers for SSL communication. OpenSSL 3.0 should use either TLS 1.0 and higher as it deprecated SSL protocol versions. For example, the server might accept connections with TLS protocol versions until TLS 1.0.

  • Recommendation: Revise the server configuration to use stronger TLS versions.


  • Message: SSL Handshake Failure reason [error:0A00014D:SSL routines::legacy sigalg disallowed or unsupported].

  • Cause: CryptoProtocolVersion is set to use deprecated TLS protocol versions with OpenSSL 3.0.

  • Recommendation: Specify the connection string property CryptoProtocolVersion=TLSv1.2.

For more troubleshooting help, try these resources: