I am using Entity Framework 6 for Oracle to fetch some information in WCF Service, the service works well on my local machine but when i deploy my code to production environment which is on WIN 2012 which has FIPS policy enforcement then my WCF service give
me error of Oracle.ManagedDataAccess.Client.OracleException (0x000003F9): ORA-01017: invalid username/password, even i have setenforceFIPSPolicy enabled="false" under runtime tag in my web.config, but it seems
this tag doesnt work if the server enforces to use FIPS.
However when i reset the registry value for FIPS from "1" to "0" from (HKEY_LOCAL_MACHINE>System>CurrentControlSet>Lsa>FIPSAlgorithmPolicy) the ORA-01017 exception doesnt come and it returns data.
So would like to know how to disable FIPS at application level, when domain/GPO enforces it. As this has been really a challenge for me for last 2 days.
According to the error message, this is a Oracle issue. Please try the steps below, and check whether it can fix it.
Open oracle in cmd mode or open cmd and write in windows cmd “sqlplus/nolog”.
Press enter
Then write “connect sys as sysdba”
Press enter
Write the password that you have gived in the installation time of oracle, then press enter;
Write “alter user USERNAME(ur username) account unlock”
Press enter again
Write “alter user USERNAME(ur username) identified by PASSWORD(ur new password )”
With regards,
Angie
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Actually before that we tried everything we used sqlcmd to check whether the credentials are valid, even we tried from server console too, did tnsping too from server the connectivity and credentials both were all set from even server, the same piece of code
was working absolutely fine from our development machine.
Soon, i learned that as i was using MANAGED ODP.NET for EF, using 12c as client and 11g database, so there is a bug reported by Oracle,if we use Managed ODP.NET with 12c client and with 11g db if the server has FIPS policy enabled.
i beleieve FIPS enabled servers does some encryption or the 12c Managed driver does some encryption at the time of making a handshake to dabatase based on 11g.
So we used Unmanaged ODP.NET and that did solve our problem and Invalid UserName pwd issue wasnt coming.
None
0 Points
5 Posts
FIPS with Oracle using Entity Framework - ORA- 01017
Nov 10, 2015 02:35 AM|Navaidr12|LINK
I am using Entity Framework 6 for Oracle to fetch some information in WCF Service, the service works well on my local machine but when i deploy my code to production environment which is on WIN 2012 which has FIPS policy enforcement then my WCF service give me error of Oracle.ManagedDataAccess.Client.OracleException (0x000003F9): ORA-01017: invalid username/password, even i have setenforceFIPSPolicy enabled="false" under runtime tag in my web.config, but it seems this tag doesnt work if the server enforces to use FIPS.
However when i reset the registry value for FIPS from "1" to "0" from (HKEY_LOCAL_MACHINE>System>CurrentControlSet>Lsa>FIPSAlgorithmPolicy) the ORA-01017 exception doesnt come and it returns data.
So would like to know how to disable FIPS at application level, when domain/GPO enforces it. As this has been really a challenge for me for last 2 days.
Thanks.
FIPS Connection oracle WCF EntityFramework
All-Star
32817 Points
3815 Posts
Re: FIPS with Oracle using Entity Framework - ORA- 01017
Nov 12, 2015 01:17 AM|Angie xu - MSFT|LINK
Hi,
According to the error message, this is a Oracle issue. Please try the steps below, and check whether it can fix it.
Open oracle in cmd mode or open cmd and write in windows cmd “sqlplus/nolog”.
Press enter
Then write “connect sys as sysdba”
Press enter
Write the password that you have gived in the installation time of oracle, then press enter;
Write “alter user USERNAME(ur username) account unlock”
Press enter again
Write “alter user USERNAME(ur username) identified by PASSWORD(ur new password )”
With regards,
Angie
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
None
0 Points
5 Posts
Re: FIPS with Oracle using Entity Framework - ORA- 01017
Nov 16, 2015 01:45 AM|Navaidr12|LINK
Hi, Thanks for your reply.
Actually before that we tried everything we used sqlcmd to check whether the credentials are valid, even we tried from server console too, did tnsping too from server the connectivity and credentials both were all set from even server, the same piece of code was working absolutely fine from our development machine.
Soon, i learned that as i was using MANAGED ODP.NET for EF, using 12c as client and 11g database, so there is a bug reported by Oracle,if we use Managed ODP.NET with 12c client and with 11g db if the server has FIPS policy enabled.
i beleieve FIPS enabled servers does some encryption or the 12c Managed driver does some encryption at the time of making a handshake to dabatase based on 11g.
So we used Unmanaged ODP.NET and that did solve our problem and Invalid UserName pwd issue wasnt coming.
Thanks.
odp