ORA-28040: No matching authentication protocol – SQLNET.ALLOWED_LOGON_VERSION_SERVER

Ah, an old client is trying to connect to Oracle 12c (presumably)… ;)
Also “ORA-03134: Connections to this server version are no longer supported” can occur.

This actually implies that the authentication protocols use between client and server do not match. In Oracle 12c, the authentication protocol uses SHA-2 encryption algorithm by default, where older clients use SHA-1. So when an older client is used with defaults, the server will not accept the connection.

The best option would be upgrading the client, but when older dll’s are used (like ojdbc14.jar and you can not change this), this is a problem. The database instance can be told to accept older clients and use the older SHA-1 encryption algorithm.

SQLNET.ALLOWED_LOGON_VERSION_SERVER

Continue reading

SQLPlus and Easy Connect without password on the command line

The Easy Connect Naming Method allows you to connect to a database service without having to configure Net Service Names.

The most found example on internet is the one with typing the password at the command prompt when starting sqlplus:

sqlplus username/password@[//]host[:port][/service_name]
$> sqlplus system/manager@db_machine:1521/db_servicename

However, this means that the password will be stored in you history of commands (linux). This is not really secure… but sqlplus does not accept it when no password is supplied when using easy connect.

Two solutions

If you want to login with easy connect without typing the password on the command line, you have two options: Continue reading

Multiple Oracle homes on Windows, which one is used?

When having multiple Oracle homes on Windows, how is decided which Oracle home (in the registry) is used by an Oracle binary? Which NLS_LANG or TNS_ADMIN setting from the registry is used?

The answer is binary, path, oracle.key, registry… and which for Windows. Continue reading