This is one of the strangest things I've ever seen.
Database Server: 11.2.0.4 (Windows 2012)
IIS Server: 11.2.0.4 ODBC
Client: IE 11
I have a directory in IIS configured for anonymous authentication. The following Classic ASP code is in the directory. It's just trying to make a connection to the database.
<%
Dim objConn 'Connection object
Dim mstrConString 'Connection string
Dim objRS 'Recordset object
mStrConString = "DSN=FGICDSN;UID=intranet;pwd=xxxxxxxx"
Set objConn = Server.CreateObject("ADODB.CONNECTION")
objConn.ConnectionString = mstrConString
Response.Write "string: " & objConn.ConnectionString & "<hr>"
objConn.Open
Set objRS = objConn.Execute("SELECT USER FROM DUAL")
Response.Write objRS("user")
%>
I get the following error on objConn.Open when loading the page:
[Oracle][ODBC][Ora]ORA-28547: connection to server failed, probable Oracle Net admin error
I'm using Kerberos authentication in my environment. But this directory must be anonymous (it's a requirement for a third party app).
The sqlnet.ora file on the IIS server includes the following:
-------------------------------------------------------------------------------------
SQLNET.AUTHENTICATION_SERVICES = (BEQ,KERBEROS5)
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = oracle
SQLNET.KERBEROS5_REALMS = D:\krb5\krb5.realms
SQLNET.KERBEROS5_CONF = D:\krb5\krb5.conf
SQLNET.KERBEROS5_CONF_MIT = TRUE
SQLNET.KERBEROS5_CC_NAME = OSMSFT://
SQLNET.FALLBACK_AUTHENTICATION = TRUE
#TRACE_LEVEL_CLIENT=16
-------------------------------------------------------------------------------------
Here's the problem. This works perfectly fine when I uncomment out TRACE_LEVEL_CLIENT=16. And it fails when I comment it out or remove it. How can that be????
Why in the world would this have any effect on authentication? I certainly can't leave tracing on.
This is an issue on Windows 2012 (IIS 8.5). It does not happen on Windows 2003 (IIS 6). I'm trying to move from 2003 to 2012.