Oracle listener state blocked after setting SQLNET.ALLOWED_LOGON_VERSION

Question

This is a rather specific problem.

I'm doing some work in a Java project that uses a database access framework, originally designed to work with Oracle DB 9i.

To work on this project I needed an Oracle DB on my Mac, running OSX Mountain Lion, and the only apparent solution was to run it in a VM. Therefore I downloaded the OTN Developer Day VM from here which comes complete with an Oracle DB 12c instance.

After jumping through various hoops, I have gotten my Eclipse/Tomcat/Servlets setup to talk to the 12c database with the jdbc7 driver, which I downloaded from the Oracle site. Everything works as expected, and as a note, Oracle SQL Developer connects to it just fine.

Here's the connection string I'm using: jdbc:oracle:thin:@localhost:1521/pdb1 I can log on as local users I have created within the default pluggable DB, or by using the connection string jdbc:oracle:thin:@localhost:1521:orcl I can log on as any of the common users that are set up.

---

Now, the trick is when I want to use the Java DB access framework, designed for use with a 9i DB. I get the error: ORA-28040: No matching authentication protocol.

Based on what I could find, such as this Oracle thread, my 12c database is not configured to allow 9i-style authentication (due to security holes in 9i). So to fix this, I need to set my DB to allow this by going to this file:

/u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora

And adding the line:

SQLNET.ALLOWED_LOGON_VERSION=(9)

(Note that I have also tried (8), as well as (12,11,10,9,8,7) and other such oddities, and I still experience the following. I've also seen SQLNET_ALLOWED..., the underscore instead of the period, but I think that's for older Oracle DB versions.)

When I do this, and reboot the VM, I can no longer connect to the DB. When I attempt to connect to pdb1 I get:

An error was encountered performing the requested operation:

IO Error: The Network Adapter could not establish the connection

Vendor code 17002

And when I attempt to connect to orcl I get:

An error was encountered performing the requested operation:

Listener refused the connection with the following error:
ORA-12528, TNS:listener: all appropriate instances are blocking new connections 

Vendor code 12528

When I go into the terminal in the VM and check the status of the service with lsnrctl (something I found with a bit of Googling) this happens:

Services Summary...
Service "orcl" has 1 instance(s).
  Instance "orcl", status BLOCKED, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL> 

Unfortunately, I am quite the lightweight on Oracle DB and DB administration in general; I would prefer to simply code stuff and have the DB just work, but I do need to get this DB access framework to work, and I only have a copy of Oracle 12c, not 9i, so I'm in a bind.

Answer 1

Wow, simply, wow.

First of all, at a rough guess, the reason why I could no longer access the DB after adjusting the sqlnet.ora file is that the settings that I put into that file were invalid, and prevented the DB from starting up at all.

Secondly, the basic problem here is that I saw this message:

https://community.oracle.com/message/10155459#10155459

And then assumed that the syntax was this:

SQLNET.ALLOWED_LOGON_VERSION=(8)

And, that you could potentially put multiple numbers, separated by commas, inside the parentheses. This assumption merely comes from me knowing nothing about Oracle DBs or how you would set variables in .ora files. I don't know if the parentheses are valid in some cases, but apparently not in this case.

By removing the parentheses, the DB starts up again as normal:

SQLNET.ALLOWED_LOGON_VERSION=8

Rebooting the DB with the above setting, all connections work fine. However, my 9i-based DB-access-library still returns the same error.

Further searching reveals that ALLOWED_LOGON_VERSION, described here for Oracle DB 11, and mentioned in pretty much any post regarding the ORA-28040: No matching authentication protocol, is deprecated in 12c, replaced by ALLOWED_LOGON_VERSION_CLIENT and ALLOWED_LOGON_VERSION_SERVER (the latter detailed here).

Setting both of these to 8 solved my problem, and enabled my 9i-based library to connect to my 12c database! Yay!

Specifically, the lines to add to the sqlnet.ora file are:

SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8

Answer 2

Mac, Java 8 and Oracle 12c require following entry in the "sqlnet.ora"

SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8