Oracle Wallet Installed & Windows NTS / OS Authentication = FAIL!

  • From: "Taylor, Chris David" <ChrisDavid.Taylor@xxxxxxxxxxxxxxx>
  • To: 'oracle-l-freelists' <oracle-l@xxxxxxxxxxxxx>
  • Date: Thu, 18 Feb 2010 08:34:56 -0600

(
This is on Windows XP Client with SQLNET.ORA SQLNET.AUTHENTICATION_SERVICES = 
(NTS) for OS authentication.
)

I ran into an issue a few days ago that has taken me till this morning to have 
resolved and I wanted to see if anyone had run into this.

I installed Oracle 10.2.0.1 Client and couldn't OS authenticate to remote 
databases on the initial connection.  If I tried 2 times in a row, the second 
attempt would authenticate.

After tracing the Oracle calls, I discovered that the client (on the 1st 
connection) was getting the following errors/warnings:

nnflgetnlpactx: NLPA context successfuly initialized
nnflgetnlpactx: exit
nzgblinitialize: entry
nzumalloc: entry
nzdcpig_init_global: entry
nzumalloc: entry
nzucpget_parameter: entry
nzdycs1_start: entry
nzdycs1_start: exit
nzucpget_parameter: parameter "oss.default_file_directory" does not exist.
nzucpget_parameter: exit
nzupawp_apply_wrl_policy: entry
nzupgew_get_environ_wrl: entry
nzupgew_get_environ_wrl: Environment Variable not found or empty value.
nzupgew_get_environ_wrl:  returning error: 28781

On the 2nd attempt, these messages weren't present and the client connects 
correctly.

After doing some digging I realized that this is specific to Oracle Wallet 
and/or Oracle security.  So, on the client side, I followed this article:

http://www.oracle-base.com/articles/10g/SecureExternalPasswordStore_10gR2.php

Voila! I can now connect to my database using OS authentication.

Now, here's the issue.  I installed Oracle Wallet as part of the Client install 
using "Custom" options but I never set it up.

It appears that just by having it installed, that Oracle tries to authenticate 
using configurations stored in the Wallet (when using OS auth) and then returns 
"Invalid Username/Password".  It seems counter-intuitive to me that just by 
having it installed, it would cause the Oracle client to fail the handshake on 
the initial connection, but successfully resolve on the second attempt.

Some other trace info that showed up which led me sort of down a rabbit trail:

nioqrc:  found a break marker..
nioqrc:  Recieve: returning error: 3111
nioqrc: exit
nioqrs: entry
nioqrs:  state = interrupted (1)
nscontrol: entry
nscontrol: cmd=1, lcl=0x0
nscontrol: normal exit
nioqrs:  state = interrupted (1)
nioqrs: nioqrs: sending reset marker...

Solutions:

1.)    Configure Oracle Wallet for databases you wish to OS authenticate to

2.)    Uninstall Oracle client and reinstall without Oracle Wallet/Advanced 
Security where its not needed (unverified)


Probably what I should do is completely uninstall the Oracle Client and 
reinstall without the Oracle Wallet/Advanced Security options.

So, anyone else experienced anything like this?


Chris Taylor
Sr. Oracle DBA
Ingram Barge Company
Nashville, TN 37205
Office: 615-517-3355
Cell: 615-354-4799
Email: chris.taylor@xxxxxxxxxxxxxxx<mailto:chris.taylor@xxxxxxxxxxxxxxx>

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and 
may also be privileged. If you are not the named recipient, please notify the 
sender immediately and delete the contents of this message without disclosing 
the contents to anyone, using them for any purpose, or storing or copying the 
information on any medium.

Other related posts: