Forum Discussion
ST_Wong
Cirrus
CirrusOracle monitor SQL encryption
Hi,
We're running BIG-IP 14.1.0.5. We tried to monitor a Oracle 18c database but keeps getting following error:
2020-02-11 05:27:33,972 [DBPinger-50] - Attempting DB connection, attempt # 3
2020-02-11 05:27:34,017 [DBPinger-50] - DB DriverManager.getConnection failed
2020-02-11 05:27:34,017 [DBPinger-50] - SQL Exception:
java.sql.SQLException: ORA-28040: No matching authentication protocol
Since the DB has SQLnet encryption enabled in sqlnet.ora:
sqlnet.encryption_client=required
sqlnet.encryption_types_client=(AES256)
sqlnet.crypto_checksum_client=requested
sqlnet.crypto_checksum_types_client=(SHA512)
Will this be the cause of problem, and how to resolve it?
Thanks a lot.
FFEmployee
Based on the error message and the version of Oracle database that you are attempting to connect, the more likely cause could be the lack of support for later versions of Oracle database. For more information, you may want to refer to K40226145: BIG-IP Oracle health monitor fails for Oracle DB version 12.2 or higher.
The recommended workaround is to use an alternative health monitor like TCP.
An alternative is to remove the profile parameter SQLNET.ALLOWED_LOGON_VERSION = 12 from the affected Oracle database. This would allow older legacy clients to connect to the database however it would also mean potential exposure to vulnerabilities such as CVE-2012-3137.
ST_WongThanks, though we're unable to update the affected Oracle database settings.
We keep using TCP health monitor instead.
Thanks and rgds