Home » RDBMS Server » Security » ORA-01017: invalid username/password; logon denied (Oracle12c)
ORA-01017: invalid username/password; logon denied [message #649321] Tue, 22 March 2016 12:52 Go to next message
shrinika
Messages: 306
Registered: April 2008
Senior Member
Hello,

I am trying to connect sys with right password. It is not working..

sys@usben1> connect sys/password as sysdba
Connected.
sys@usben1> connect system/password
Connected.
system@usben1> connect system/password@usben
Connected.
system@usben1> connect sys/password@usben as sysdba
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
system@usben1>


What am i missing here? Any one has gone through similar issue?

Here is the tnsentry
system@usben1> !
[oracle@RACTEST1 admin]$ cat tnsnames.ora
usbendg =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.211)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = usbendg.localdomain)
    )
  )

usben =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.101)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = usben.localdomain)
    )
  )
[oracle@RACTEST1 admin]$



Here is the tnsping result.

[oracle@RACTEST1 admin]$

[oracle@RACTEST1 admin]$ tnsping usben

TNS Ping Utility for Linux: Version 12.1.0.2.0 - Production on 22-MAR-2016 13:42:22

Copyright (c) 1997, 2014, Oracle.  All rights reserved.

Used parameter files:
/ora/app/oracle/product/12.1.0.1/db_1/network/admin/sqlnet.ora

Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.101)(PORT = 1521)) 
(CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = usben.localdomain)))
OK (0 msec)
[oracle@RACTEST1 admin]$


I am trying to set up the standby database and try to connect from remote host
and has same issue. Then i tried in the same host and also same issue.

It would be great help if any one share the input..

[Updated on: Tue, 22 March 2016 12:53]

Report message to a moderator

Re: ORA-01017: invalid username/password; logon denied [message #649322 is a reply to message #649321] Tue, 22 March 2016 12:59 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
>What am i missing here?
You are missing the correct password.

>Any one has gone through similar issue?
Many, many others have posted this problem.
GOOGLE is your friend.

IMO, connecting sys/password@remote as sysdba
is a security hole that should be avoided & not allowed to succeed.
Re: ORA-01017: invalid username/password; logon denied [message #649323 is a reply to message #649321] Tue, 22 March 2016 13:08 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
You do not have the correct password for SYS. The fact that this worked,
Quote:
sys@usben1> connect sys/password as sysdba
Connected.
proves nothing as your client will have reverted to operating system authentication:
orclz> conn sys/garbage as sysdba
Connected.
orclz> conn sys/rubbish as sysdba
Connected.
orclz> select sys_context('userenv','authentication_method') from dual;

SYS_CONTEXT('USERENV','AUTHENTICATION_METHOD')
--------------------------------------------------------------------------------------------------------------
OS

orclz>

Re: ORA-01017: invalid username/password; logon denied [message #649326 is a reply to message #649323] Tue, 22 March 2016 13:19 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
What is the password for SYS?
[oracle@localhost ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.2.0 Production on Tue Mar 22 11:15:54 2016

Copyright (c) 1982, 2010, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> show user
USER is "SYS"
SQL> connect sys/password as sysdba
Connected.
SQL> show user
USER is "SYS"
SQL> connect sys/DoesNotMatter as sysdba
Connected.
SQL> show user
USER is "SYS"
SQL> connect sys/FuBaR as sysdba
Connected.
SQL> show user
USER is "SYS"
SQL> 


do the exact same on your DB.
You do NOT know the correct password for SYS
Re: ORA-01017: invalid username/password; logon denied [message #649359 is a reply to message #649321] Wed, 23 March 2016 06:59 Go to previous messageGo to next message
EdStevens
Messages: 1376
Registered: September 2013
Senior Member
shrinika wrote on Tue, 22 March 2016 12:52


What am i missing here? Any one has gone through similar issue?




What you are missing is the difference between OS authentication and password file authentication for SYSDBA. But as others have said, remote authentication for SYSDBA is really a security hole that should be avoided.
Re: ORA-01017: invalid username/password; logon denied [message #649361 is a reply to message #649359] Wed, 23 March 2016 11:23 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
Quote:
remote authentication for SYSDBA is really a security hole that should be avoided.
Try using Data Guard without it Smile

Re: ORA-01017: invalid username/password; logon denied [message #649362 is a reply to message #649361] Wed, 23 March 2016 11:40 Go to previous messageGo to next message
gazzag
Messages: 1118
Registered: November 2010
Location: Bedwas, UK
Senior Member
Argh! DataGuard is a security hole? Shocked
Smile
Re: ORA-01017: invalid username/password; logon denied [message #649363 is a reply to message #649362] Wed, 23 March 2016 12:19 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

And so the usage of TCP.VALIDNODE_CHECKING and TCP.INVITED_NODES in sqlnet.ora to fill up the hole.

Re: ORA-01017: invalid username/password; logon denied [message #649411 is a reply to message #649321] Thu, 24 March 2016 14:24 Go to previous messageGo to next message
shrinika
Messages: 306
Registered: April 2008
Senior Member
I truly appreciate every one input! I thank for every ones time!

My whole plan to restore the database from different host. I getting this error when
i try to connect from remote host.

$ORACLE_HOME/bin/rman msglog=${LOG_FILE} <<EOF
connect target sys/password@usben
connect auxiliary sys/password@usdup
run{
allocate channel t1 type disk;
allocate auxiliary channel a1 device type disk;
release channel t1;
}


However, I get the same issue at local machine. Let me try to fix in local host before
i go further go down.

[oracle@RACTEST1 admin]$ hostname -i
192.168.56.101
[oracle@RACTEST1 admin]$


As you said, i also thought, the password is incorrect. Let me change the password.

sys@usben1> alter user sys identified by password
  2  /

User altered.

sys@usben1>


sys@usben1> connect sys/password@usben as sysdba
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
sys@usben1>


Based on google search, there are tons of people had this issue..
But every body suspect that remote_login_passwordfile should be EXCLUSIVE and
remote_os_authent should be FALSE.

But my database has correct values.

sys@usben1>  select name,value from v$parameter where name like '%remote%';

NAME                                     VALUE
---------------------------------------- ------------------------------------------------------------
remote_os_authent                        FALSE
remote_os_roles                          FALSE
remote_login_passwordfile                EXCLUSIVE
remote_listener                           RACTEST-scan:1521
remote_dependencies_mode                 TIMESTAMP
result_cache_remote_expiration           0
sys@usben1>


I also tried to change the password as below on both node.. but no luck.
orapwd file=orapwusben  entries=5 password=password force=y


FYI : I am facing this in RAC database. it is three node RAC and usben1 is one of the instance.

I have stand alone database and able to connect sys account from the same RAC node.

[oracle@RACTEST1 admin]$ cat tnsnames.ora
usbendg =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.211)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = usbendg.localdomain)
    )
  )

usben =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.101)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = usben.localdomain)
    )
  )

usben1 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.210)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = usben.localdomain)
    )
  )
[oracle@RACTEST1 admin]$ sqlplus sys/password@usben1 as sysdba

SQL*Plus: Release 12.1.0.2.0 Production on Thu Mar 24 15:14:21 2016

Copyright (c) 1982, 2014, Oracle.  All rights reserved.


Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

sys@usben>

sys@usben1> exit
[oracle@RACTEST1 admin]$ sqlplus / as sysdba

SQL*Plus: Release 12.1.0.2.0 Production on Thu Mar 24 15:18:31 2016

Copyright (c) 1982, 2014, Oracle.  All rights reserved.


Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
Advanced Analytics and Real Application Testing options

sys@usben1> connect sys/password@usben as sysdba
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
sys@usben1>



[Updated on: Thu, 24 March 2016 14:26]

Report message to a moderator

Re: ORA-01017: invalid username/password; logon denied [message #649412 is a reply to message #649411] Thu, 24 March 2016 14:32 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
You might have mentioned that it is RAC before. As you are using release 12.x, your password file should be on a shared device, probably an ASM disk group. So where is your password file?
srvctl config database -db usben
Re: ORA-01017: invalid username/password; logon denied [message #649413 is a reply to message #649412] Thu, 24 March 2016 15:21 Go to previous messageGo to next message
shrinika
Messages: 306
Registered: April 2008
Senior Member
hmm.... thank you for your guidance. It is in local file system..

Let me move the password file to ASK disk and try again.

Re: ORA-01017: invalid username/password; logon denied [message #649414 is a reply to message #649413] Thu, 24 March 2016 22:56 Go to previous message
shrinika
Messages: 306
Registered: April 2008
Senior Member
Thank you every one! The issue resolved after moving the password file to ASM disk!

[oracle@RACTEST1 dbs]$ orapwd file='+DATA/USBEN/PASSWORDFILE/orapwusben' entries=10 dbuniquename=usben password=admin123
[oracle@RACTEST1 dbs]$



[oracle@RACTEST4 ~]$ sqlplus sys/admin123@usben as sysdba

SQL*Plus: Release 12.1.0.2.0 Production on Thu Mar 24 23:48:48 2016

Copyright (c) 1982, 2014, Oracle.  All rights reserved.


Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
Advanced Analytics and Real Application Testing options

SQL>
Previous Topic: Role-based Sensitive Column Masking by VPD (ORA-28112)
Next Topic: SOX compliance
Goto Forum:
  


Current Time: Thu Mar 28 13:58:44 CDT 2024