Skip to Main Content

DevOps, CI/CD and Automation

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

sqlnet.ora setting TRACE_LEVEL_CLIENT=16 affecting ODBC authentication in IIS

NBSep 8 2017 — edited Sep 8 2017

This is one of the strangest things I've ever seen.

Database Server: 11.2.0.4 (Windows 2012)

IIS Server: 11.2.0.4 ODBC

Client: IE 11

I have a directory in IIS configured for anonymous authentication.  The following Classic ASP code is in the directory.  It's just trying to make a connection to the database.

<%

Dim objConn         'Connection object

Dim mstrConString   'Connection string

Dim objRS           'Recordset object

mStrConString = "DSN=FGICDSN;UID=intranet;pwd=xxxxxxxx"

Set objConn = Server.CreateObject("ADODB.CONNECTION")

objConn.ConnectionString = mstrConString

Response.Write "string: " & objConn.ConnectionString & "<hr>"

objConn.Open

Set objRS = objConn.Execute("SELECT USER FROM DUAL")

Response.Write objRS("user")

%>

I get the following error on objConn.Open when loading the page:

[Oracle][ODBC][Ora]ORA-28547: connection to server failed, probable Oracle Net admin error

I'm using Kerberos authentication in my environment.  But this directory must be anonymous (it's a requirement for a third party app).

The sqlnet.ora file on the IIS server includes the following:

-------------------------------------------------------------------------------------

SQLNET.AUTHENTICATION_SERVICES = (BEQ,KERBEROS5)

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = oracle

SQLNET.KERBEROS5_REALMS = D:\krb5\krb5.realms

SQLNET.KERBEROS5_CONF = D:\krb5\krb5.conf

SQLNET.KERBEROS5_CONF_MIT = TRUE

SQLNET.KERBEROS5_CC_NAME = OSMSFT://

SQLNET.FALLBACK_AUTHENTICATION = TRUE

#TRACE_LEVEL_CLIENT=16

-------------------------------------------------------------------------------------

Here's the problem.  This works perfectly fine when I uncomment out TRACE_LEVEL_CLIENT=16.  And it fails when I comment it out or remove it.  How can that be????

Why in the world would this have any effect on authentication?  I certainly can't leave tracing on.

This is an issue on Windows 2012 (IIS 8.5).  It does not happen on Windows 2003 (IIS 6).  I'm trying to move from 2003 to 2012.

Comments

NB

The insanity continues.

So I tried all the values for TRACE_LEVEL_CLIENT from 0 to 16.  Values 0 to 5 cause the error, and values 6 to 16 do not cause the error.

1 - 1
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Oct 6 2017
Added on Sep 8 2017
1 comment
1,480 views