Gen 8.5 CSE error ORA-28040 connecting to Oracle 19c database
search cancel

Gen 8.5 CSE error ORA-28040 connecting to Oracle 19c database

book

Article ID: 141252

calendar_today

Updated On:

Products

Gen Gen - Host Encyclopedia Gen - Run Time Distributed Gen - Workstation Toolset

Issue/Introduction

Gen Support testing Gen 8.5 CSE using 32-bit Oracle 11g client to connect to 64-bit Oracle 19c database.
Seeing this error at CSE startup:

MESSAGE DISPATCHER for CA Gen 8.5 Starting at 2019-11-29 13:06:37
/MDERR = C:\ProgramData\CA\Gen 8.5\logs\CSE\iefmd4.log

Log files: C:\ProgramData\CA\Gen 8.5\logs\CSE\iefmd.01 thru C:\ProgramData\CA\Gen 8.5\logs\CSE\iefmd.02

See "C:\ProgramData\CA\Gen 8.5\logs\CSE\coord1.01" for trace and error information.

Cannot connect ency@ENCYNEW to database ENCYNEW

NLS_LANG=AMERICAN_AMERICA.WE8MSWIN1252

SQL Error in function: dbconnct

SQL Communication Area

SQLCAID:        

SQLCABC: 0

SQLCODE: -28040

SQLERRML: 47

SQLERRMC: ORA-28040: No matching authentication protocol
...

Environment

Release : 8.5
Component : Gen Client Server Encyclopedia

Cause

The error "ORA-28040: No matching authentication protocol" is not CSE specific and due to a general Oracle client/server authentication protocol version compatibility problem. These Oracle 19c documentation pages cover it:
Database Error Messages > ORA-24280 to ORA-28716
===
ORA-28040: No matching authentication protocol
Cause: There was no acceptable authentication protocol for either client or server.

Action: The administrator should set the values of the SQLNET.ALLOWED_LOGON_VERSION_SERVER and SQLNET.ALLOWED_LOGON_VERSION_CLIENT parameters, on both the client and on the server, to values that match the minimum version software supported in the system
===
Database Net Services Reference > 5 Parameters for the sqlnet.ora File > 5.2.22 SQLNET.ALLOWED_LOGON_VERSION_CLIENT
Database Net Services Reference > 5 Parameters for the sqlnet.ora File > 5.2.23 SQLNET.ALLOWED_LOGON_VERSION_SERVER

In particular SQLNET.ALLOWED_LOGON_VERSION_SERVER sets the minimum authentication protocol allowed when connecting to Oracle Database instances and defaults to value 12, which corresponds to client ability O5L_NP and is only available in 11g client release 11.2.0.3 and above.
Oracle document "Client / Server Interoperability Support Matrix for Different Oracle Versions (Doc ID 207303.1)" also advises that Oracle 11.2.0.3 or 11.2.0.4 client is needed for compatibility with Oracle 19c


Resolution

To resolve the problem Gen Support set this  property in the Oracle 19c DB server ORACLE_HOME\network\admin\sqlnet.ora file:
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8

Additional Information

NOTE: Using Oracle 18c or 19c as the backend database with Gen 8.5 or 8.6 CSE is not officially certified but limited tests done by Gen Support indicates it should be successful. See KB article: Gen 8.6 applications/CSE & 8.5 CSE with Oracle Database 18c or 19c
Also see KB article: Gen 8.6 certification with Oracle 18c and 19c

Powered by Wolken Software