ORA-28040: No matching authentication protocol when connecting GRLoader to a Oracle 12c database

Document ID : KB000109810
Last Modified Date : 06/08/2018
Show Technical Document Details
Issue:
Error message when connecting GRLoader to a Oracle 12c database:

grloader -a -n -u ServiceDesk -p <password> -s <SDM Server> -P -tf rule_file.rul -E -dbdriver oracle.jdbc.OracleDriver -dbuser system -dbpswd <DB Password> -dburl jdbc:oracle:thin:@oracleserver:1521:orcl -cfg <Config File>

13:56:24.260 CI and Relationship Loader for CA Service Desk Manager R17.0
grJDBCrdr1500 Unable to access database url(jdbc:oracle:thin:@oracleserver:1521:orcl) userid(system) reason(ORA-28040): No matching authentication protocol
Environment:
CA Service Desk Manager 17.1
CA Service Desk Manager 17.0
CA Service Desk Manager 14.1
Cause:
This actually implies that the authentication protocols used between client and server do not match. In Oracle 12c, the authentication protocol uses SHA-2 encryption algorithm by default, where older clients use SHA-1. So when an older client is used with defaults, the server will not accept the connection.

GRLoader uses ojdbc14.jar:

User-added image

See GRLoader MANIFEST file below:

Manifest-Version: 1.0
Class-Path: ../classes axis-ant.jar axis.jar commons-discovery.jar com
mons-logging.jar jaxrpc.jar log4j-1.2.8.jar saaj.jar wsdl4j.jar xerce
sImpl.jar xml-apis.jar slump.jar mail.jar activation.jar rt.jar sqljd
bc.jar ojdbc14.jar
Created-By: 1.8.0_112 (Oracle Corporation)
Main-Class: com.ca.CMDB.GRLoader.GRLoader
Resolution:
Ask your DBA to update the sqlnet.ora file on the Oracle server machine and add the following line:

SQLNET.ALLOWED_LOGON_VERSION=8

This should allow older versions of the Oracle ODBC driver to connect to Oracle server.  After restarting the Oracle server the error message should not appear again.
Additional Information: