SQLNET.ALLOWED_LOGON_VERSION_SERVER must be set to 11 or lower

  • KM03686059
  • 23-Jul-2020
  • 29-Apr-2021

Summary

If the "SQLNET.ALLOWED_LOGON_VERSION_SERVER" parameter is added to the "sqlnet.ora" of the Oracle database, it must be set to 11 or lower. If it is set to 12 or higher, then installing Server Automation will fail when using the ADM component.

Error

There are at least two types of root error message that can occur.  One is the "account is locked" error below:
 
WARNING: an error was detected while running an external
command or script.  The output follows:
Baseline ADM: '/opt/opsware/da/webapps/arm/WEB-INF/baselineData.sh  -targets'
22 Jul 2020 01:08:26,099 INFO  BaselineOptions - Using options: saServer='localhost' saPort='1026' saUser='detuser' useSSL='false' dmaServer='localhost' dmaProtocol='http' dmaPort=7080 noDeviceGroupMirror='false' hasTargets='true' xmlFile='/opt/opsware/da/webapps/arm/WEB-INF/classes/daData.xml'
22 Jul 2020 01:08:30,380 INFO  DAConfiguration - Read configuration information from '/etc/opt/opsware/da/da.conf'
22 Jul 2020 01:08:30,417 INFO  DAConfiguration - Read configuration information from '/etc/opt/opsware/da/da_custom.conf'
22 Jul 2020 01:08:30,418 INFO  DAConfiguration - Read config property 'truth.tnsdir': '/var/opt/oracle'
22 Jul 2020 01:08:30,418 INFO  DAConfiguration - Read config property 'truth.port': 'XXXX'
22 Jul 2020 01:08:30,419 INFO  DAConfiguration - Read config property 'truth.servicename': 'truth'
22 Jul 2020 01:08:30,419 INFO  DAConfiguration - Read config property 'truth.host': 'XXXXXXXXXXXXX'
22 Jul 2020 01:08:30,419 INFO  DAConfiguration - Read config property 'truth.sid': 'truth'
22 Jul 2020 01:08:30,829 INFO  HibernateConnectionUrl - OracleDatabaseSource url='jdbc:oracle:thin:@truth'
22 Jul 2020 01:08:30,830 INFO  HibernateConnectionUrl - Using hibernate connection url jdbc:oracle:thin:@truth
22 Jul 2020 01:09:19,182 WARN  BasicResourcePool$AcquireTask - com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@6c3647e5 -- Acquisition Attempt Failed!!! Clearing pending acquires. While trying to acquire a needed new resource, we failed to succeed more than the maximum number of allowed acquisition attempts (30). Last acquisition attempt exception:
java.sql.SQLException: ORA-28000: the account is locked
 
During install, the ADM component will attempt to log into the database 30 times.  In the above example, the "TWIST" schema user had a policy setup to automatically lock the account after 10 failed login attempts.  As a result, the final error reported indicates the account being locked.
 
If the account did not get locked, then the final error reported would be "ORA-01017: invalid username/password; logon denied".

Cause

The ADM component uses an older 11.2.0.1.0 version of ojdbc6.jar to connect to the database.  If the "SQLNET.ALLOWED_LOGON_VERSION_SERVER" parameter of "sqlnet.ora" is set to 12 or higher, then the user can receive a login failure message.
 
In previous versions of Oracle, this kind of login protocol version mixup would throw one of the following two errors:
 
ORA-28040: No matching authentication protocol error
ORA-03134: Connections to this server version are no longer supported
 

Fix

To resolve this problem involves the following steps:
 
(1) Change the "SQLNET.ALLOWED_LOGON_VERSION_SERVER" parameter in "sqlnet.ora" to 11 or lower.
 
(2) Restart the database.
 
(3) Reset the schema user "TWIST" password.  (You can use the "sqlplus" command "password twist".)
 
This 3rd step is required because when the schema user TWIST is initially created while "SQLNET.ALLOWED_LOGON_VERSION_SERVER" is set to "12" or higher, then the password will be stored without the "10G" version.
 
You can check the versions of the password using the following query:
 
# /opt/opsware/support/bin/sql "select password_versions from dba_users where username='TWIST'"
 
Query #1 on Facility_id 2 (SA1060B):
PASSWORD_VERSIONS
-----------------
11G 12C
 
The above example is missing the "10G" version.  After the "SQLNET.ALLOWED_LOGON_VERSION_SERVER" is set back to "11" or lower, the database is restarted, and then the schema user TWIST password is reset, the output of the above query should look like the following:
 
# /opt/opsware/support/bin/sql "select password_versions from dba_users where username='TWIST'"
 
Query #1 on Facility_id 2 (SA1060B):
PASSWORD_VERSIONS
-----------------
10G 11G 12C