ORA-28040: No matching authentication protocol error

ORA-28040: No matching authentication protocol error

SQLNET parameters ALLOWED_LOGON_VERSION_CLIENT & ALLOWED_LOGON_VERSION_SERVER issue in Oracle 12c.
Set the value to the minimum authentication protocol allowed while making connection to Oracle Database instances.

Note: Version refer to the authentication protocol its not mean that oracle release version.

Error:

Caused by: java.sql.SQLException: ORA-28040: No matching authentication protocol”
ORA-28040: No matching authentication protocol error
ORA-03134: Connections to this server version are no longer supported error.

Solution:
1. Set the following value in SQLNET.ora file in Oracle database Server and client both:

SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8

Note: value permit all most values for authentication protocol.

2. You can also check DBA_USERS table.

select username,password_versions from DBA_USERS
--Password Version has value 10G, 11G, and 12C

Example:
Suppose application is using client version 9i then for connectivity need to set following parameters as follows:

SQLNET.ORA FILE : SQLNET.ALLOWED_LOGON_VERSION_SERVER value to 8.
DBA_USERS table have column PASSWORD VERSION its value should be 8.

SQLNET.ALLOWED_LOGON_VERSION_CLIENT
minimum authentication protocol allowed for clients and used when a server is acting as a client.

Example:
If ORacle database 12c has database link to Oracle 10g database for some information then need to set the paremeter in sqlnet.ora of oracle 12c because it act as client of oracle 10g database.
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=10

Note: Version refer to the authentication protocol its not mean that oracle release version.

Value of Parameter

12a for Oracle Database 12c 12.1.0.2 or later
12 for the critical patch updates CPUOct2012 and later Oracle Database 11g authentication protocols
11 for Oracle Database 11g authentication protocols ----- (default)
10 for Oracle Database 10g authentication protocols
8 for Oracle8i authentication protocol

Example:

Solution:

Set these parameters at the lowest version level that is required in your environment. For example:  All clients at version 10 or higher would require this setting:

SQLNET.ALLOWED_LOGON_VERSION_SERVER=10
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=10

Following are the setting for using lower version. Set at both side Server or Client:

--Set 8 for Password Versions 10G, 11G and 12c
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8 or 11
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8 or 11
---Set 12 for the 11G and 12c password Versions
SQLNET.ALLOWED_LOGON_VERSION_SERVER=12
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=12
---Set the 12c for the only 12c Password Versions
SQLNET.ALLOWED_LOGON_VERSION_SERVER=12a
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=12a

Note:
Keep the SEC_CASE_SENSITIVE_LOGON=TRUE in a 12.2 instance
if the sqlnet.ora file set the following parameter:
SQLNET.ALLOWED_LOGON_VERSION_SERVER=12 or 12a (12.2 default is 12)

4 thoughts on “ORA-28040: No matching authentication protocol error

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.