Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA
Date: Fri, 18 Feb 2022 14:53:49 +1100
Message-Id: <9F4377AD-24AD-4D5A-924E-98881B40BA0D_at_gmail.com>
Hi Jack,
I forgot to also mention…
If PASSWORD_VERSIONS is 10g, you may also need to reset and/or unlock the accounts
SQL> col account_status form a10
select username, account_status,expiry_date,lock_date,password_versions,authentication_type
from dba_users where password_versions='10G '
order by 1
SQL> alter user x identified by y account unlock;
I’ve been tearing my hear out with this case insensitivity for a while now too…
Cheers,
Leng.
> On 18 Feb 2022, at 2:00 pm, Jack van Zanen <jack_at_vanzanen.com> wrote:
>
> I will try that
>
> Thank you
>
>
> Jack van Zanen
>
>
> -------------------------
> This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies.
> Thank you for your cooperation
>
>
> On Thu, Feb 17, 2022 at 1:51 PM Leng Burgess <lkaing_at_gmail.com <mailto:lkaing_at_gmail.com>> wrote:
> If my understanding is correct, you’re having issues with password case insensitivity, right?
>
> https://mikedietrichde.com/2017/04/24/having-some-fun-with-sec_case_sensitive_logon-and-ora-1017/ <https://mikedietrichde.com/2017/04/24/having-some-fun-with-sec_case_sensitive_logon-and-ora-1017/>
>
>
> So I believe you need this in sqlnet.ora on the server side:
>
> SQLNET.ALLOWED_LOGON_VERSION_SERVER=11
>
> And this at the db level:
> SEC_CASE_SENSITIVE_LOGON=FALSE
>
> Cheers,
>
> Leng.
>
>> On 16 Feb 2022, at 8:11 am, Jack van Zanen <jack_at_vanzanen.com <mailto:jack_at_vanzanen.com>> wrote:
>>
>> Hi Joe,
>>
>> Password file is version 12.2.
>>
>> SQL PLus is 19.3 on my desktop that I am trying to use to connect remotely as sysdba.
>> Locally on the db server connecting as sysdba is not an issue
>>
>> I am beginning to suspect some sort of permission issue..
>>
>>
>> Jack van Zanen
>>
>>
>> -------------------------
>> This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies.
>> Thank you for your cooperation
>>
>>
>> On Wed, Feb 16, 2022 at 1:25 AM Sweetser, Joe <JSweetser_at_icat.com <mailto:JSweetser_at_icat.com>> wrote:
>> Following up on this…
>>
>>
>>
>> orapwd describe file=<orapw file>
>>
>>
>>
>> …will show you the version of the file (which I think defaults to 12.1 for 19c) and
>>
>>
>>
>> orapwd file=<orapw file> entries=10 format=12.2
>>
>>
>>
>> …will create the file with version 12.2.
>>
>>
>>
>> That said, you mentioned you had upgraded to 19.14 but the version of sqlplus shows you are using 19.3. Not sure if Windows is different than Linux, but on my Linux boxes the version of sqlplus reflects the upgraded number. Or perhaps you are simply connecting from a client with an older version? If that’s the case, I would try to connect “remotely” from the local server to see if that works. Baby steps. J
>>
>>
>>
>> $ sqlplus /nolog
>>
>>
>>
>> SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 15 07:19:49 2022
>>
>> Version 19.13.0.0.0
>>
>>
>>
>> Copyright (c) 1982, 2021, Oracle. All rights reserved.
>>
>>
>>
>> SQL>
>>
>>
>>
>> -joe
>>
>>
>>
>> From: oracle-l-bounce_at_freelists.org <mailto:oracle-l-bounce_at_freelists.org> <oracle-l-bounce_at_freelists.org <mailto:oracle-l-bounce_at_freelists.org>> On Behalf Of Andrew Kerber
>> Sent: Tuesday, February 15, 2022 6:34 AM
>> To: srcdco_at_rit.edu <mailto:srcdco_at_rit.edu>
>> Cc: jbeckstrom_at_gcrta.org <mailto:jbeckstrom_at_gcrta.org>; andysayer_at_gmail.com <mailto:andysayer_at_gmail.com>; jack_at_vanzanen.com <mailto:jack_at_vanzanen.com>; oracle-l_at_freelists.org <mailto:oracle-l_at_freelists.org>
>> Subject: Re: [EXTERNAL] RE: ORA-1017 remote login SYS as SYSDBA
>>
>>
>>
>> I am at Starbucks, and don’t have my notes. But I think you need to set the version of the password file to 12.1 or maybe 12.2. The issue has to do with password complexity and oracle version.
>>
>> Sent from my iPad
>>
>>
>>
>>
>> On Feb 15, 2022, at 07:28, Scott Canaan <srcdco_at_rit.edu <mailto:srcdco_at_rit.edu>> wrote:
>>
>>
>>
>> I know it’s basic and probably there, but did you make sure that the init.ora / spfile contains
>>
>>
>>
>> remote_login_passwordfile = EXCLUSIVE
>>
>>
>>
>> Scott Canaan ‘88
>> Sr Database Administrator
>> Information & Technology Services
>> Finance & Administration
>>
>> Rochester Institute of Technology
>> o: (585) 475-7886 | f: (585) 475-7520
>>
>> srcdco_at_rit.edu <mailto:srcdco_at_rit.edu> | c: (585) 339-8659
>>
>>
>>
>> CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.
>>
>>
>>
>> From: oracle-l-bounce_at_freelists.org <mailto:oracle-l-bounce_at_freelists.org> <oracle-l-bounce_at_freelists.org <mailto:oracle-l-bounce_at_freelists.org>> On Behalf Of Beckstrom, Jeffrey
>> Sent: Tuesday, February 15, 2022 8:24 AM
>> To: andysayer_at_gmail.com <mailto:andysayer_at_gmail.com>; jack_at_vanzanen.com <mailto:jack_at_vanzanen.com>
>> Cc: oracle-l_at_freelists.org <mailto:oracle-l_at_freelists.org>
>> Subject: [EXTERNAL] RE: ORA-1017 remote login SYS as SYSDBA
>>
>>
>>
>> We had a similar problem for a new 12.2 database we created manually. No matter what we did, we could not get remote SYS connections to work. Our solution was to drop the database and recreate it with DBCA, for some reason that made the difference. I know yours is an upgrade but just to let you know you are not alone.
>>
>>
>>
>> From: oracle-l-bounce_at_freelists.org <mailto:oracle-l-bounce_at_freelists.org> <oracle-l-bounce_at_freelists.org <mailto:oracle-l-bounce_at_freelists.org>> On Behalf Of Andy Sayer
>> Sent: Tuesday, February 15, 2022 8:10 AM
>> To: jack_at_vanzanen.com <mailto:jack_at_vanzanen.com>
>> Cc: oracle-l_at_freelists.org <mailto:oracle-l_at_freelists.org>
>> Subject: Re: ORA-1017 remote login SYS as SYSDBA
>>
>>
>>
>> Hi Jack,
>>
>>
>>
>> A couple of irrelevant things first.
>>
>> It’s weird that autoupgrade didn’t create a service for you, it had to run the upgrade somewhere so presumably it had a service at some point.
>>
>> <sid> should really be <tnsnames entry that points to appropriate listener and sid/service name>. Sid might be an appropriate name, but when you have many environments with the same DBs, this doesn’t make too much sense. If the instance is local then just set the environment parameter oracle_sid and connect without a connection string.
>>
>>
>>
>> Anyway…
>>
>> Did you make sure you are using the password you set with orapwd? Did you make sure you set the password file name correctly - people often use the wrong casing. It should be “PWDsid.ora”.
>>
>>
>>
>> Hope this helps,
>>
>> Andy
>>
>>
>>
>>
>>
>> On Tue, 15 Feb 2022 at 12:13, Jack van Zanen <jack_at_vanzanen.com <mailto:jack_at_vanzanen.com>> wrote:
>>
>> Hi All,
>>
>>
>>
>> Situation:
>>
>> Windows 2016 Oracle 19.14 (just upgraded from 18C using autoupgrade)
>>
>>
>>
>> At the end of the upgrade it needed me to use oradim to create the service as the upgrade does not do that.
>>
>> I ran the oradim command but it gave an error that the password did not meet requirements.
>>
>>
>>
>> The service was created, but no password file.
>>
>>
>>
>> No problem, stopped the database and used orapwd to create password file.
>> I can see that password file gets updated when I grant sysdba or change sys password.
>>
>> However remote logon using sysdba does not work. All settings look OK but no luck
>>
>>
>>
>> H:\>sqlplus sys/********_at_<sid> as sysdba
>>
>> SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 15 23:03:56 2022
>> Version 19.3.0.0.0
>>
>> Copyright (c) 1982, 2019, Oracle. All rights reserved.
>>
>> ERROR:
>> ORA-01017: invalid username/password; logon denied
>>
>> sec_case_sensitive_logon boolean TRUE
>> sec_max_failed_login_attempts integer 3
>> sec_protocol_error_further_action string (DROP,3)
>> sec_protocol_error_trace_action string TRACE
>> sec_return_server_release_banner boolean FALSE
>> remote_login_passwordfile string EXCLUSIVE
>> remote_os_authent boolean FALSE
>> remote_os_roles boolean FALSE
>>
>>
>>
>> Anyone have more experience on windows that understands what could possibly be happening here?
>>
>>
>>
>> Jack van Zanen
>>
>>
>>
>>
>> -------------------------
>> This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies.
>> Thank you for your cooperation
>>
>> This e-mail transmission and any attachments that accompany it may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law and is intended solely for the use of the individual's to whom it was intended to be addressed. If you have received this e-mail by mistake, or you are not the intended recipient, any disclosure, dissemination, distribution, copying or other use or retention of this communication or its substance is prohibited. If you have received this communication in error, please immediately reply to the author via e-mail that you received this message by mistake and also permanently delete the original and all copies of this e-mail and any attachments from your computer. Please note that coverage cannot be bound or altered by sending an email. You must receive written confirmation from a representative of our firm to put coverage in force or make changes to an existing policy.
>
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Feb 18 2022 - 04:53:49 CET