cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Oracle monitor SQL encryption

ST_Wong
Altostratus
Altostratus

Hi,

 

We're running BIG-IP 14.1.0.5. We tried to monitor a Oracle 18c database but keeps getting following error:

 

2020-02-11 05:27:33,972 [DBPinger-50] - Attempting DB connection, attempt # 3

2020-02-11 05:27:34,017 [DBPinger-50] - DB DriverManager.getConnection failed

2020-02-11 05:27:34,017 [DBPinger-50] - SQL Exception:

java.sql.SQLException: ORA-28040: No matching authentication protocol

 

Since the DB has SQLnet encryption enabled in sqlnet.ora:

 

sqlnet.encryption_client=required

sqlnet.encryption_types_client=(AES256)

sqlnet.crypto_checksum_client=requested

sqlnet.crypto_checksum_types_client=(SHA512)

 

Will this be the cause of problem, and how to resolve it?

Thanks a lot.

2 REPLIES 2

FF
F5 Employee
F5 Employee

Based on the error message and the version of Oracle database that you are attempting to connect, the more likely cause could be the lack of support for later versions of Oracle database. For more information, you may want to refer to K40226145: BIG-IP Oracle health monitor fails for Oracle DB version 12.2 or higher.

 

The recommended workaround is to use an alternative health monitor like TCP.

 

An alternative is to remove the profile parameter SQLNET.ALLOWED_LOGON_VERSION = 12 from the affected Oracle database. This would allow older legacy clients to connect to the database however it would also mean potential exposure to vulnerabilities such as CVE-2012-3137.

 

Thanks, though we're unable to update the affected Oracle database settings.

We keep using TCP health monitor instead.

 

Thanks and rgds