ORA-28040: No matching authentication protocol when connecting GRLoader to a Oracle 12c database

Document ID : KB000109810
Last Modified Date : 06/08/2018
Show Technical Document Details
Error message when connecting GRLoader to a Oracle 12c database:

grloader -a -n -u ServiceDesk -p <password> -s <SDM Server> -P -tf rule_file.rul -E -dbdriver oracle.jdbc.OracleDriver -dbuser system -dbpswd <DB Password> -dburl jdbc:oracle:thin:@oracleserver:1521:orcl -cfg <Config File>

13:56:24.260 CI and Relationship Loader for CA Service Desk Manager R17.0
grJDBCrdr1500 Unable to access database url(jdbc:oracle:thin:@oracleserver:1521:orcl) userid(system) reason(ORA-28040): No matching authentication protocol
CA Service Desk Manager 17.1
CA Service Desk Manager 17.0
CA Service Desk Manager 14.1
This actually implies that the authentication protocols used between client and server do not match. In Oracle 12c, the authentication protocol uses SHA-2 encryption algorithm by default, where older clients use SHA-1. So when an older client is used with defaults, the server will not accept the connection.

GRLoader uses ojdbc14.jar:

User-added image

See GRLoader MANIFEST file below:

Manifest-Version: 1.0
Class-Path: ../classes axis-ant.jar axis.jar commons-discovery.jar com
mons-logging.jar jaxrpc.jar log4j-1.2.8.jar saaj.jar wsdl4j.jar xerce
sImpl.jar xml-apis.jar slump.jar mail.jar activation.jar rt.jar sqljd
bc.jar ojdbc14.jar
Created-By: 1.8.0_112 (Oracle Corporation)
Main-Class: com.ca.CMDB.GRLoader.GRLoader
Ask your DBA to update the sqlnet.ora file on the Oracle server machine and add the following line:


This should allow older versions of the Oracle ODBC driver to connect to Oracle server.  After restarting the Oracle server the error message should not appear again.
Additional Information:
ORA-28040: No matching authentication protocol – SQLNET.ALLOWED_LOGON_VERSION_SERVER