Skip to Main Content
  • Questions
  • In order to connect to 12C DB, do we have to change our client version to 11.2.0.3(or above)?

Breadcrumb

May 4th

Question and Answer

Connor McDonald

Thanks for the question, Joe.

Asked: March 08, 2017 - 1:34 am UTC

Last updated: April 13, 2018 - 2:47 am UTC

Version: 12.2.0.1

Viewed 50K+ times! This question is

You Asked

Hi Team,
We've installed a latest Oracle Database 12C Release 2 on OEL6.8. And found that we could not connect to our DB unless using client which version is above 11.2.0.3(included)!

Here's our senario:
First, we tried to connect to DB using 11.2.0.1 client, but got an error ORA-28040: No matching authentication protocol.
Then we tried to set the SQLNET.ALLOWED_LOGON_VERSION=8 on server-side sqlnet.ora, but another error returned: ORA-01017: invalid username/password; logon denied

The password is totally correct, since we could logon database via 11.2.0.3 (or above version) client.

Here's my questions:
We want to upgrade our DB from 11gR2 to 12cR2, do we have to change our instant client from elder version to newer one? Considering that we have plenty of clients with version 11.2.0.1, that would be a big action.

Any advice is appreciated!

and Connor said...

You can work around this with some SQL Net configuration

https://docs.oracle.com/database/121/NETRF/sqlnet.htm#NETRF2010


Rating

  (2 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Joe Huang, March 13, 2017 - 3:11 am UTC

Thanks Connor,
that's of great help!

Found another issue

Nikhil Mehta, April 12, 2018 - 6:47 pm UTC

Thanks Tom and Team for the help.

Just to add more point.

Today, we migrated a Database from AIX(11.2.0.4) to Unix(12.2.0.1). User was facing same issue ORA-28040: No matching authentication protocol and later invalid username/password after setting the SQLNET.ALLOWED_LOGON_VERSION=8.

Interesting thing was when passing the password in UPPERCASE, user was able to connect.

I fired alter user username password "same_password" account unlock and things started working.

The only things which I find relevant from oracle doc is
"The server has been configured with SEC_CASE_SENSITIVE_LOGON set to FALSE, so that it can only authenticate users who have a 10G case-insensitive password version."
Connor McDonald
April 13, 2018 - 2:47 am UTC

Yeah, things are/were a bit fluid in this area.

We introduced SEC_CASE_SENSITIVE_LOGON in 11g, and then got rid of it again in 12c, where "got rid of" means it is now deprecated.

https://docs.oracle.com/database/121/REFRN/GUID-F464653A-0D43-4A70-8F05-0274A12C8578.htm#REFRN10299

https://docs.oracle.com/database/121/DBSEG/authentication.htm#DBSEG3225