Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,624 questions
How to get the new data factory oracle 2.0 connector to connect?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 55.00000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Blasko, Dan W
45
Reputation points
We currently connect to oracle using the 1.0 connector.
We must be moved to the new oracle 2.0 connector before end of support, 7/31/25.
I was able to get this to connect to a non encrypted database, but unable to connect to an encrypted database.
I had to add encryption client and crypto checksum client to get this to connect to our non encrypted dev.
Those changes will not work for production.
For dev, I used "accepted" for both.
For prod, i tried both accepted and required
Azure Data Factory
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 8%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator2025-05-22T14:27:13.3633333+00:00 Hi @Blasko, Dan W
The Oracle 2.0 connector in Azure Data Factory does enforce stricter security protocols compared to the legacy 1.0 connector, especially when connecting to encrypted Oracle databases.For encrypted databases, specifying the following under Additional connection properties is necessary:
-
Encryption client = required -
Crypto checksum client = required
However, if your production Oracle instance is not configured to require encryption (but only accepts it), setting both to
requiredcan lead to failures. In such cases, please try:-
Encryption client = accepted -
Crypto checksum client = required
Also, ensure the Oracle server’s
sqlnet.orafile supports the encryption settings being requested. The relevant parameters are:-
SQLNET.ENCRYPTION_SERVER -
SQLNET.CRYPTO_CHECKSUM_SERVER
If the database uses TLS or wallet-based encryption, and you're using a managed Azure IR, the connection might fail unless those configurations are accessible. In such cases, using a Self-hosted IR where Oracle client and wallet are installed may be required.
If possible, please share:
- The full error message from the failed production attempt
- The type of integration runtime used (Azure vs. Self-hosted)
- Oracle server version
This will help further troubleshoot the issue.
I hope this information helps. Please do let us know if you have any further queries.
Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.
-
-
Blasko, Dan W 45 Reputation points
2025-05-22T14:47:54.64+00:00 Here is what the production server has in the sqlnet.ora
SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES128,AES256,AES192) SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA1,SHA256)
sqlnet.encryption_client=REQUIRED
sqlnet.encryption_types_client=(AES128,AES256,AES192)
SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
sqlnet.crypto_checksum_types_client=(SHA1,SHA256)
That is the reason I tried required and required. Upper and lower case.
This is the error i get when both are set to required.
Test connection operation failed.
Failed to open the Oracle database connection.
ORA-50201: Oracle Communication: Failed to connect to server or failed to parse connect string
ORA-12650: No common encryption or data integrity algorithm
-
Blasko, Dan W 45 Reputation points
2025-05-22T15:43:44.17+00:00 Sorry...missed these questions.
Oracle is Oracle 19.3 database.
Using SHIR. Just upgraded to 5.52.9229.1
-
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator
2025-05-26T13:17:57.9033333+00:00 @Blasko, Dan W I kindly request you to provide the details mentioned in the private message so we can identify the root cause and address the issue effectively.
-
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator
2025-05-27T12:40:14.83+00:00 Hi @Blasko, Dan W
Just to clarify - the Oracle 2.0 connector in Azure Data Factory supports only TLS 1.3. If your Oracle server or the Oracle client on your Self-hosted Integration Runtime is currently configured to use TLS 1.2, this could be the reason you're encountering theORA-12650: No common encryption or data integrity algorithmerror.Could you please verify if TLS 1.3 is enabled and being used for connections between your SHIR and the Oracle database?
If the environment is still on TLS 1.2, upgrading to support TLS 1.3 would be necessary for the Oracle 2.0 connector to function as expected.
Let us know what you find - happy to assist further based on the results.
Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.
-
Blasko, Dan W 45 Reputation points
2025-05-27T13:52:43.3966667+00:00 This doesn't make much sense to me. This is coming from Microsoft site.
TLS 1.3 is supported starting in Windows 11 and Windows Server 2022. Enabling TLS 1.3 on earlier versions of Windows is not a safe system configuration.
So the only way to connect to oracle using data factory is to upgrade every one of your oracle servers to windows server 2022???
Or am i missing something?
-
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator
2025-05-27T14:47:24.3333333+00:00 @Blasko, Dan W To clarify: the TLS 1.3 requirement applies to the communication from Azure Data Factory's Oracle 2.0 connector client (i.e., the Self-hosted Integration Runtime), not the Oracle database server itself.
You're absolutely right - TLS 1.3 is only supported on Windows Server 2022 and Windows 11. So, if you're running SHIR (Self-hosted Integration Runtime) on Windows Server 2019 or earlier, it likely doesn't support TLS 1.3, which could lead to handshake or encryption negotiation issues like the
ORA-12650.In other words:
- You do not need to upgrade your Oracle servers.
But you may need to run the SHIR on a TLS 1.3–capable OS, such as Windows Server 2022, for the Oracle 2.0 connector to work properly with encrypted Oracle DBs.
Suggested Steps:
Can you confirm the OS version where the SHIR is installed?
If it's earlier than Windows Server 2022, try moving the SHIR to a machine running Windows Server 2022 or Windows 11 (for testing) and reattempt the connection.
Let us know what you find, and we can help troubleshoot further from there.
-
Blasko, Dan W 45 Reputation points
2025-05-27T14:54:24.38+00:00 IR Nodes are Server 2022.
TLS 1.3 was not listed under protocols.
Googling shows that i most likely need to do a regedit and add it. Still researching before I do the regedit.
-
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator
2025-05-27T16:04:10.75+00:00 @Blasko, Dan W Thanks for the quick update, and great to hear that your IR nodes are already running on Windows Server 2022 - that clears up the OS compatibility aspect.
You're correct: TLS 1.3 is not enabled by default on Windows Server 2022, and it typically needs to be enabled manually via the registry (
regedit) or via Group Policy if enforced centrally.Next Steps:
- Before making registry changes, we recommend reviewing the official Microsoft guidance on enabling TLS 1.3: TLS registry settings – Microsoft Docs
If you're in a production environment, ensure that:
- You back up your registry before making changes.
- Any TLS policy changes align with your organization’s security and compliance standards.
- A reboot may be required after changes to TLS settings.
Once TLS 1.3 is enabled and verified (you can confirm via tools like PowerShell or IISCrypto), retry the connection with the Oracle 2.0 connector using:
Encryption client = required Crypto checksum client = requiredLet us know how it goes or if you encounter anything unexpected - we’re happy to assist further!
-
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator
2025-05-28T09:40:48.0766667+00:00 @Blasko, Dan W We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
-
Blasko, Dan W 45 Reputation points
2025-05-28T11:39:13.7433333+00:00 I did the regedit and rebooted this morning.
I am still having issues connecting.
Trying to find a way to confirm TLS 1.3 is actually being used.
-
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator
2025-05-28T13:22:34.2766667+00:00 @Blasko, Dan W Thanks for the update. Since the issue persists post-regedit and reboot, here are quick steps to confirm TLS 1.3 is enabled and in use:
- Check registry settings via PowerShell:
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client"- Ensure
Enabled=1andDisabledByDefault=0. - Use IISCrypto to verify TLS 1.3 is enabled.
- Confirm Oracle client version supports TLS 1.3.
Let us know what you find - we’ll assist further based on that.
-
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator
2025-05-29T09:53:28.2766667+00:00 @Blasko, Dan W We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
-
Blasko, Dan W 45 Reputation points
2025-05-29T11:30:43.0166667+00:00 1.3 is enabled as well as 1.2. When I disabled 1.2 I caused issues where i was unable to connect to that server anymore using rdp or cyberark. Sysadmin had to revert back to before I screwed everything up. I did the 1.3 setup again and left 1.2 enabled. Still does not work.
You mention oracle client supports 1.3 but I do not have the oracle client installed on any of the IR nodes.
The 1.0 client has been working for a year now without the client. Does the 2.0 connector need the oracle client? It doesn't appear to need it from what i read. Just confirming.
-
Smaran Thoomu 24,110 Reputation points Microsoft External Staff Moderator
2025-05-30T14:58:37.2466667+00:00 @Blasko, Dan W Could you please check my private message and respond to it?
Sign in to comment
Sign in to answer