Site icon Narayana Tutorial

ORA-28040: No matching authentication protocol Oracle 12c

ORA-28040: No matching authentication protocol after upgrade to 12c.

From oracle 12.X, the default value for the SQLNET.ALLOWED_LOGON_VERSION parameter has been updated to 11. It defines the minimum version of authentication protocol permitted to access the database. Prior to version 12c the default setting for SQLNET.ALLOWED_LOGON_VERSION (the equivalent parameter prior to 12c) was 8. In 12c the default is now 11

Oracle old JDBC drivers like ojdbc14.jar, ojdbc14-10g.jar, ojdbc6-11g etc.. will not be able access the database because these drivers supports authentication protocol version 8. So we need to set the above parameter in the sqlnet.ora file and location would be <oracle-home>/network/admin/sqlnet.ora

Along with above parameter we need to the following parameters also.

Solution at sqlnet.ora

SQLNET.ALLOWED_LOGON_VERSION=8

SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8

SQLNET.ALLOWED_LOGON_VERSION_SERVER=8

Bug 14575666
In 12.1, the default value for the SQLNET.ALLOWED_LOGON_VERSION parameter has been updated to 11. This means that database clients using pre-11g JDBC thin drivers cannot authenticate to 12.1 database servers unless theSQLNET.ALLOWED_LOGON_VERSION parameter is set to the old default of 8.

This will cause a 10.2.0.5 Oracle RAC database creation using DBCA to fail with the ORA-28040: No matching authentication protocol error in 12.1 Oracle ASM and Oracle Grid Infrastructure environments.
Workaround: Set SQLNET.ALLOWED_LOGON_VERSION=8 in the oracle/network/admin/sqlnet.ora file.

Solution at Application level

Download ojdbc7.jar latest jar and upload to your application and remove old/other ojdbc jar files, clean and build the project and then redeploy the application and then validate, it should able to connect the database successfully.

Reference links

https://docs.oracle.com/database/121/NETRF/sqlnet.htm#NETRF2016

https://community.softwaregrp.com/t5/CMS-UCMDB-and-UD-User/ORA-28040-No-matching-authentication-protocol/td-p/253401

http://www.redstk.com/ora-28040-no-matching-authentication-protocol-after-upgrade-to-12c/