SQLNET.AUTHENTICATION_SERVICES
I Singh, September 10, 2002 - 1:59 pm UTC
My database server and the client are on two different domains.(no trust between them) I have SQLNET.AUTHENTICATION_SERVICES = (NTS) on the database server. This means that the client has to be authenticated.
When I have SQLNET.AUTHENTICATION_SERVICES = (NTS) on the client then I get authentication error. ORA-12638.
This makes sense since the database server domain is not able to authenticate the user at the client domain.
But when I have SQLNET.AUTHENTICATION_SERVICES = (NONE) on the client then I dont get this error and it lets me connect to the database.
Why does this work? Is the client overriding the seting on the database server ? Isnt this a security issue ?
September 10, 2002 - 2:08 pm UTC
If it isn't the right setup for you then yes, (NONE) would be wrong and you would use NTS. It is controlled 100% on the server, the default is (NTS), you have to explicitly turn this off so no -- it is not a security issue unless you make it so.
ORA-12570 TNS:packet reader failure
I Singh, September 10, 2002 - 2:24 pm UTC
I am not sure if I fully understand the answer. You have mentioned that "It is controlled 100% on the server" but regardless of the authentication value on the server the client can make changes on its side and connect ( by making authentication = NONE) which means that it is the client and not the database server which is in control.
Also could you please elaborate on "the default is (NTS), you have to explicitly turn this off...". The default value is NONE.
Thanks in advance.
September 10, 2002 - 2:33 pm UTC
You need to supply more information. show me your server setup and client setup and exactly how you are attempting to connect.
sqlnet.authentication
I Singh, September 10, 2002 - 4:48 pm UTC
client sqlnet.ora file (Client is on test.dom domain)
**********************
NAMES.DEFAULT_DOMAIN = world.com
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
TRACE_LEVEL_CLIENT = 16
server sqlnet.ora (Server is on world.com domain)
********************
NAMES.DEFAULT_DOMAIN = world.com
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
TRACE_LEVEL_CLIENT = 16
H:\>sqlplus sys/oracle@test
SQL*Plus: Release 8.1.7.0.0 - Production on Tue Sep 10 15:07:23 2002
(c) Copyright 2000 Oracle Corporation. All rights reserved.
ERROR:
ORA-12638: Credential retrieval failed
Enter user-name:
It works fine when I change the CLIENT sqlnet.ora to
NAMES.DEFAULT_DOMAIN = world.com
SQLNET.AUTHENTICATION_SERVICES= (NONE)
NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
TRACE_LEVEL_CLIENT = 16
There is no trust between domains world.com and test.dom.
My questions are same as before.
Thanks
September 10, 2002 - 8:48 pm UTC
Ok -- but yet you have to give the password. I would only be concerned "security wise" if
sqlplus / as sysdba
worked to the remote database.
Check the client's sqlnet.ora file
Logan Palanisamy, September 11, 2002 - 4:03 pm UTC
I Singh,
Look at the names.default_domain of the client side sqlnet.ora. It says world.com not test.com as you say.
Looks to me like both the client and the servers are on the same domain (world.com)
More explanantion please ..
kumar, July 14, 2003 - 12:28 pm UTC
Tom,
I got this error while trying to connect to the DB on the same machine i am working on.
ORA-12638: Credential retrieval failed
Actually my NT account got locked after I logged on to this machine. I disabled the NTS in sqlnet.ora file and then it got connected. I would like know what this NTS does.. Does it mean that while I am connecting there is another level of authentication apart from the one done at the database level ?
Thanks
Ora-12570 TNS: packet reader failure
Pui, April 18, 2004 - 9:38 pm UTC
I got this error not when I tried to connect to the database. I had the connection and was running a package procedure which used a cursor to fetch, manipulate and insert about 1 million rows into a table. I got to about 800000 to 900000 rows and received this exception error. The same exception happened after a few repeated attempt. The Oracle documentation for this error does not seem to relate to my problem.
April 19, 2004 - 6:34 am UTC
could there be a firewall between you and the server and could you have appeared to have been idle for so long (running a long running procedure) that the firewall rules said "kill this connection".
(and please open a tar with support for something like this)
ORA-12570 TNS:packet reader failure
Jeremy, July 08, 2004 - 5:51 pm UTC
thanks Tom. They just switched us to an Active Directory architecture and I couldn't figure out for the life of me why i couldn't setup a local db on my machine.
A reader, November 26, 2005 - 2:43 am UTC
I get ORA-12631 error ...
chaman, November 27, 2007 - 11:49 am UTC
On Windows NT, I already had the backup copy of datafiles. I did the following:
Set ORACLE_SID=UTFDB
Set ORACLE_HOME=C:\Oracle10g\product\10.2.0\db_1
oradim -new -sid UTFDB -startmode a -pfile C:\Oracle10g\product\10.2.0\db_1\database\initutf.ora
C:\Oracle10g\product\10.2.0\db_1\BIN\SQLPLUS / AS SYSDBA
CREATE CONTROLFILE SET DATABASE UTFDB RESETLOGS NOARCHIVELOG
MAXLOGFILES 16
MAXLOGMEMBERS 3
MAXDATAFILES 100
MAXINSTANCES 8
MAXLOGHISTORY 292
LOGFILE
GROUP 1 'C:\UTFDB\REDO01.LOG' SIZE 50M,
GROUP 2 'C:\UTFDB\REDO02.LOG' SIZE 50M,
GROUP 3 'C:\UTFDB\REDO03.LOG' SIZE 50M
-- STANDBY LOGFILE
DATAFILE
'C:\UTFDB\SYSTEM01.DBF',
'C:\UTFDB\UNDOTBS01.DBF',
'C:\UTFDB\SYSAUX01.DBF',
'C:\UTFDB\USERS01.DBF',
'C:\UTFDB\AKP_LOBS_1.DBF'
CHARACTER SET WE8MSWIN1252;
ALTER DATABASE OPEN resetlogs;
Database altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORA-12631: Username retrieval failed
What is the reason ?
Connecting with password fails with ORA-12638
Tom, June 18, 2008 - 5:57 am UTC
I'd like to understand a bit more about how the NTS parameter works in SQLNET.ORA.
We have a remote server running oracle 10g on Windows 2003R2. It is not on a domain of any form and has SQLNET.AUTHENTICATION_SERVICES=(NTS) in sqlnet.ora
We also have local development machines running Oracle 10g on Windows XP. They are on a domain: say test.com and have
SQLNET.AUTHENTICATION_SERVICES=(NTS) in sqlnet.ora
Using this configuration I can
1. sqlplus / as sysdba on my local development box
2. remote desktop to the server and sqlplus / as sysdba
however, if I try to create a connection to the remote database using
sqlplus username/password@remote
I get ora-12638: credential retrieval failed.
Why is Oracle trying to retrieve my domain credentials when I have given it a username and password?
Obviously, I can resolve this by setting (NONE) in the sqlnet.ora but then I won't be able to use "/ as sysdba". Is there no way to allow both?
Thanks
ALL doesn't work
Tom, June 19, 2008 - 3:36 am UTC
You're not the only one who doesn't get domains!
I tried "ALL" for my sqlnet.authentication_methods and got
sqlplus / as sysdba
SQL*Plus: Release 10.1.0.5.0 - Production on Thu Jun 19 08:20:59 2008
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
NTS authentication works fine within a single domain i.e. if the database is anywhere on your network. Equally (from what I understand) if you set up a trust relationship between two domains that works as well. However
1. You can't create a trust relationship between a standalone machine and a domain (so if you have a box in a datacentre you can't get it to trust you)
2. You cannot create a trust relationship on a Small Business Server machine.
Any chance you could ask one of your network guys how they would set up authentication if they had
1. A standalone box in a data centre
2. A local development network using a domain
3. Wanted OS authentication for scripts / rman backups etc
4. Wanted to be able to connect remotely using a password
At the moment I can get one or the other!
June 19, 2008 - 10:12 am UTC
sorry, I don't really have anyone I talk to that uses windows - we are pretty much 100% unix/linux here - I'll have to forward you to either support or the otn.oracle.com discussion forums
TNS-12570: TNS:packet reader failure
Debasis Sahu, November 09, 2009 - 10:49 am UTC
async error encountered when answering new connection:
NS Primary Error: TNS-12570: TNS:packet reader failure
NS Secondary Error: TNS-12560: TNS:protocol adapter error
NT Generic Error: TNS-00509: Buffer overflow
I am getting above error in oracle 10g 10.2.0.4 window 2003 server . Could you please suggest a solution
November 11, 2009 - 2:29 pm UTC
solution: please contact support for something like this
ORA-12570 TNS:packet reader failure
abdul, November 13, 2014 - 6:19 am UTC
ORA-12570 TNS:packet reader failure
I Restarted my database listener and this error was resolved.
solution :
lsnrctl stop/start
I Restart my database listener and the error not resolved
ahmed, July 27, 2019 - 5:39 am UTC
Hello Tom,
I have the following error:
ORA-29273:HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1324 ORA-12570: TNS:packet reader failure.
may you help me.
July 30, 2019 - 3:20 am UTC
Unfortunately, when UTL_HTTP gets this its a fairly generic error, ie, we tried to reach out over the network and something failed. The most common reason I see for that a firewall blocking the traffic, so check with your network admins.
The next step is to enable a sqlnet trace, via the following in your sqlnet.ora
DIAG_ADR_ENABLED=NO
TRACE_LEVEL_CLIENT=16
TRACE_DIRECTORY_CLIENT=<directory_path_trace_file>
TRACE_FILE_CLIENT=<trace_file_name>
You might need to then provide that trace file to Support for diagnosis.