Upgrade Function domain - keytab

Contributor

Current we are using keytab to configure authenticate oracle 12c and windows AD 2012 R2 (Domain and Forest function level to 2008 r2) and all working normal . But when we upgrade only Domain and Forest Function level to 2012 r2 then login to client access oralce (sqlplus /@db2) show error Ora-12631: Username retrieval failed. after we try reissue keytab "ktpass -princ oracle/db2@TEST.LOCAL -mapuser db2 -pass password -crypto all -out C:\Scripts\db2.keytab" then all working normal . Here so when upgrade function level then need reissue keytab ?

3 Replies

Might try them over here in dedicated forums.

General Database Discussions — oracle-tech

 

 

Hello,

Normally no, your upgrade is not major, like from 2k8 to 2k19 or 22 which mostly affect the encryption.
Check the following link from Microsoft and keep in mind the attributes of "-crypto all". I have facing issues, when I upgrade from 2k12 to 2k19 and I have enable the gpo for the crypto AES and above.
Before you change anything create a small dev/test environment. Also klist command i very helpful for debugging or else wireshark.
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ktpass
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/klist?source=recomm...
Thanks , I am know problem , because keytab file difference version between AD and Oracle DB . This can because we generate keytab again that not copy to Oracle DB after upgrade Function level in Test and error should things upgrade Function Level make error . Confirm is upgrade Function level not effect to Keytab kerbeross