Server Side Solutions to ORA-28040
If you have the right to change the network configuration on the server side, then you have chances to solve ORA-28040 for all users in minutes. As a matter of fact, most developers do not have the right.
Scenario 1: New Database is Acting as a Server
Oracle 9i Clients to 12c Server
When your users refused to upgrade their old clients to connect a higher version of database, say 12c, ORA-28040 would become a frequent and typical error in your daily job.
Said clients could be an Oracle 9i server which acts as a client to connect to an Oracle 12c database server like below. ORA-28040 was thrown by sqlplus as usual:
ORA-28040 SQL*Plus Connect from 9i to 12c
After searching for some other solutions, I found an Oracle documentation about "Parameters for the sqlnet.ora File" is very helpful to explain ORA-28040. In which, it explains in what situation we should use SQLNET.ALLOWED_LOGON_VERSION_SERVER to be compatible with both ends of authentication protocol.
PurposeTo set the minimum authentication protocol allowed when connecting to Oracle Database instances.
Usage NotesThe term VERSION in the parameter name refers to the version of the authentication protocol, not the Oracle Database release.
If the client version does not meet or exceed the value defined by this parameter, then authentication fails with an ORA-28040: No matching authentication protocol error or an ORA-03134: Connections to this server version are no longer supported error.
Here is my solution to ORA-28040: Adding SQLNET.ALLOWED_LOGON_VERSION_SERVER=8 to sqlnet.ora in 12.1 database server (not the old client).
[oracle@test ~]$ vi $ORACLE_HOME/network/admin/sqlnet.ora
...
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
Please note that, you should use sqlnet.ora at database-level, not grid-level if you're in a RAC environment according to MOS Doc ID 562589.1. And I have confirmed that.
As for taking effect, you don't have to restart listener, the new incoming connections will apply the new values. Just make sure the setting is correct.
This time, our connections have no ORA-28040 shown up. Moreover, we can migrate data from 9i to 12c over a database link.
Tidak ada komentar:
Posting Komentar