Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA

From: Jack van Zanen <jack_at_vanzanen.com>
Date: Tue, 22 Feb 2022 22:28:08 +1100
Message-ID: <CAFeFPA_qyrHQmOnT1Ngvncgyukz19HVU7RKfoNoXSPo+U2fuhA_at_mail.gmail.com>

Well this was weird

I recreated the password file again and this time used a longer more complex password and now it works.

Makes no sense as the format was 12 and not 12.2

Jack van Zanen

This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies. Thank you for your cooperation

On Fri, Feb 18, 2022 at 2:54 PM Leng Burgess <lkaing_at_gmail.com> wrote:

> Hi Jack,
>
> I forgot to also mention…
>
> If PASSWORD_VERSIONS is 10g, you may also need to reset and/or unlock the
> accounts
>
> SQL> col account_status form a10
>
> select username,
> account_status,expiry_date,lock_date,password_versions,authentication_type
> from dba_users where password_versions='10G '
> order by 1
>
> SQL> alter user x identified by y account unlock;
>
> I’ve been tearing my hear out with this case insensitivity for a while now
> too…
>
> Cheers,
>
> Leng.
>
> On 18 Feb 2022, at 2:00 pm, Jack van Zanen <jack_at_vanzanen.com> wrote:
>
> I will try that
>
> Thank you
>
>
> Jack van Zanen
>
>
> -------------------------
> This e-mail and any attachments may contain confidential material for the
> sole use of the intended recipient. If you are not the intended recipient,
> please be aware that any disclosure, copying, distribution or use of this
> e-mail or any attachment is prohibited. If you have received this e-mail in
> error, please contact the sender and delete all copies.
> Thank you for your cooperation
>
>
> On Thu, Feb 17, 2022 at 1:51 PM Leng Burgess <lkaing_at_gmail.com> wrote:
>
>> If my understanding is correct, you’re having issues with password case
>> insensitivity, right?
>>
>>
>> https://mikedietrichde.com/2017/04/24/having-some-fun-with-sec_case_sensitive_logon-and-ora-1017/
>>
>>
>> So I believe you need this in sqlnet.ora on the server side:
>>
>> SQLNET.ALLOWED_LOGON_VERSION_SERVER=11
>>
>> And this at the db level:
>> SEC_CASE_SENSITIVE_LOGON=FALSE
>> Cheers,
>>
>> Leng.
>>
>> On 16 Feb 2022, at 8:11 am, Jack van Zanen <jack_at_vanzanen.com> wrote:
>>
>> Hi Joe,
>>
>> Password file is version 12.2.
>>
>> SQL PLus is 19.3 on my desktop that I am trying to use to connect
>> remotely as sysdba.
>> Locally on the db server connecting as sysdba is not an issue
>>
>> I am beginning to suspect some sort of permission issue..
>>
>>
>> Jack van Zanen
>>
>>
>> -------------------------
>> This e-mail and any attachments may contain confidential material for the
>> sole use of the intended recipient. If you are not the intended recipient,
>> please be aware that any disclosure, copying, distribution or use of this
>> e-mail or any attachment is prohibited. If you have received this e-mail in
>> error, please contact the sender and delete all copies.
>> Thank you for your cooperation
>>
>>
>> On Wed, Feb 16, 2022 at 1:25 AM Sweetser, Joe <JSweetser_at_icat.com> wrote:
>>
>>> Following up on this…
>>>
>>>
>>>
>>> orapwd describe file=<orapw file>
>>>
>>>
>>>
>>> …will show you the version of the file (which I think defaults to 12.1
>>> for 19c) and
>>>
>>>
>>>
>>> orapwd file=<orapw file> entries=10 format=12.2
>>>
>>>
>>>
>>> …will create the file with version 12.2.
>>>
>>>
>>>
>>> That said, you mentioned you had upgraded to 19.14 but the version of
>>> sqlplus shows you are using 19.3. Not sure if Windows is different than
>>> Linux, but on my Linux boxes the version of sqlplus reflects the upgraded
>>> number. Or perhaps you are simply connecting from a client with an older
>>> version? If that’s the case, I would try to connect “remotely” from the
>>> local server to see if that works. Baby steps. J
>>>
>>>
>>>
>>> $ sqlplus /nolog
>>>
>>>
>>>
>>> SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 15 07:19:49 2022
>>>
>>> Version 19.13.0.0.0
>>>
>>>
>>>
>>> Copyright (c) 1982, 2021, Oracle. All rights reserved.
>>>
>>>
>>>
>>> SQL>
>>>
>>>
>>>
>>> -joe
>>>
>>>
>>>
>>> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
>>> Behalf Of *Andrew Kerber
>>> *Sent:* Tuesday, February 15, 2022 6:34 AM
>>> *To:* srcdco_at_rit.edu
>>> *Cc:* jbeckstrom_at_gcrta.org; andysayer_at_gmail.com; jack_at_vanzanen.com;
>>> oracle-l_at_freelists.org
>>> *Subject:* Re: [EXTERNAL] RE: ORA-1017 remote login SYS as SYSDBA
>>>
>>>
>>>
>>> I am at Starbucks, and don’t have my notes. But I think you need to set
>>> the version of the password file to 12.1 or maybe 12.2. The issue has to do
>>> with password complexity and oracle version.
>>>
>>> Sent from my iPad
>>>
>>>
>>>
>>> On Feb 15, 2022, at 07:28, Scott Canaan <srcdco_at_rit.edu> wrote:
>>>
>>> 
>>>
>>> I know it’s basic and probably there, but did you make sure that the
>>> init.ora / spfile contains
>>>
>>>
>>>
>>> remote_login_passwordfile = EXCLUSIVE
>>>
>>>
>>>
>>> *Scott Canaan ‘88*
>>>
>>> *Sr Database Administrator *Information & Technology Services
>>> Finance & Administration
>>>
>>>
>>> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585)
>>> 475-7520
>>>
>>> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>>>
>>>
>>> *CONFIDENTIALITY NOTE*: The information transmitted, including
>>> attachments, is intended only for the person(s) or entity to which it is
>>> addressed and may contain confidential and/or privileged material. Any
>>> review, retransmission, dissemination or other use of, or taking of any
>>> action in reliance upon this information by persons or entities other than
>>> the intended recipient is prohibited. If you received this in error, please
>>> contact the sender and destroy any copies of this information.
>>>
>>>
>>>
>>> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
>>> Behalf Of *Beckstrom, Jeffrey
>>> *Sent:* Tuesday, February 15, 2022 8:24 AM
>>> *To:* andysayer_at_gmail.com; jack_at_vanzanen.com
>>> *Cc:* oracle-l_at_freelists.org
>>> *Subject:* [EXTERNAL] RE: ORA-1017 remote login SYS as SYSDBA
>>>
>>>
>>>
>>> We had a similar problem for a new 12.2 database we created manually. No
>>> matter what we did, we could not get remote SYS connections to work. Our
>>> solution was to drop the database and recreate it with DBCA, for some
>>> reason that made the difference. I know yours is an upgrade but just to let
>>> you know you are not alone.
>>>
>>>
>>>
>>> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
>>> Behalf Of *Andy Sayer
>>> *Sent:* Tuesday, February 15, 2022 8:10 AM
>>> *To:* jack_at_vanzanen.com
>>> *Cc:* oracle-l_at_freelists.org
>>> *Subject:* Re: ORA-1017 remote login SYS as SYSDBA
>>>
>>>
>>>
>>> Hi Jack,
>>>
>>>
>>>
>>> A couple of irrelevant things first.
>>>
>>> It’s weird that autoupgrade didn’t create a service for you, it had to
>>> run the upgrade somewhere so presumably it had a service at some point.
>>>
>>> <sid> should really be <tnsnames entry that points to appropriate
>>> listener and sid/service name>. Sid might be an appropriate name, but when
>>> you have many environments with the same DBs, this doesn’t make too much
>>> sense. If the instance is local then just set the environment parameter
>>> oracle_sid and connect without a connection string.
>>>
>>>
>>>
>>> Anyway…
>>>
>>> Did you make sure you are using the password you set with orapwd? Did
>>> you make sure you set the password file name correctly - people often use
>>> the wrong casing. It should be “PWDsid.ora”.
>>>
>>>
>>>
>>> Hope this helps,
>>>
>>> Andy
>>>
>>>
>>>
>>>
>>>
>>> On Tue, 15 Feb 2022 at 12:13, Jack van Zanen <jack_at_vanzanen.com> wrote:
>>>
>>> Hi All,
>>>
>>>
>>>
>>> Situation:
>>>
>>> Windows 2016 Oracle 19.14 (just upgraded from 18C using autoupgrade)
>>>
>>>
>>>
>>> At the end of the upgrade it needed me to use oradim to create the
>>> service as the upgrade does not do that.
>>>
>>> I ran the oradim command but it gave an error that the password did not
>>> meet requirements.
>>>
>>>
>>>
>>> The service was created, but no password file.
>>>
>>>
>>>
>>> No problem, stopped the database and used orapwd to create password file.
>>> I can see that password file gets updated when I grant sysdba or change
>>> sys password.
>>>
>>> However remote logon using sysdba does not work. All settings look OK
>>> but no luck
>>>
>>>
>>>
>>> H:\>sqlplus sys/********_at_<sid> as sysdba
>>>
>>> SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 15 23:03:56 2022
>>> Version 19.3.0.0.0
>>>
>>> Copyright (c) 1982, 2019, Oracle. All rights reserved.
>>>
>>> ERROR:
>>> ORA-01017: invalid username/password; logon denied
>>>
>>> sec_case_sensitive_logon boolean TRUE
>>> sec_max_failed_login_attempts integer 3
>>> sec_protocol_error_further_action string (DROP,3)
>>> sec_protocol_error_trace_action string TRACE
>>> sec_return_server_release_banner boolean FALSE
>>> remote_login_passwordfile string EXCLUSIVE
>>> remote_os_authent boolean FALSE
>>> remote_os_roles boolean FALSE
>>>
>>>
>>>
>>> Anyone have more experience on windows that understands what could
>>> possibly be happening here?
>>>
>>>
>>> Jack van Zanen
>>>
>>>
>>>
>>>
>>> -------------------------
>>> This e-mail and any attachments may contain confidential material for
>>> the sole use of the intended recipient. If you are not the intended
>>> recipient, please be aware that any disclosure, copying, distribution or
>>> use of this e-mail or any attachment is prohibited. If you have received
>>> this e-mail in error, please contact the sender and delete all copies.
>>> Thank you for your cooperation
>>>
>>> This e-mail transmission and any attachments that accompany it may
>>> contain information that is privileged, confidential or otherwise exempt
>>> from disclosure under applicable law and is intended solely for the use of
>>> the individual's to whom it was intended to be addressed. If you have
>>> received this e-mail by mistake, or you are not the intended recipient, any
>>> disclosure, dissemination, distribution, copying or other use or retention
>>> of this communication or its substance is prohibited. If you have received
>>> this communication in error, please immediately reply to the author via
>>> e-mail that you received this message by mistake and also permanently
>>> delete the original and all copies of this e-mail and any attachments from
>>> your computer. Please note that coverage cannot be bound or altered by
>>> sending an email. You must receive written confirmation from a
>>> representative of our firm to put coverage in force or make changes to an
>>> existing policy.
>>>
>>
>>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Feb 22 2022 - 12:28:08 CET

This message: [ Message body ]
Next message: Andy Sayer: "Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA"
Previous message: Mark W. Farnham: "RE: Plan change with OR expansion"
In reply to: Leng Burgess: "Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA"
In reply to Leng Burgess: "Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA"
Next in thread: Andy Sayer: "Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA"
Reply: Andy Sayer: "Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA"
Reply: Andrew Kerber: "Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message