Re: [EXTERNAL] ORA-1017 remote login SYS as SYSDBA

MIght have been the sqlnet.ora settings for allowed logon version then.

On Tue, Feb 22, 2022 at 5:28 AM Jack van Zanen <jack_at_vanzanen.com> wrote:

> Well this was weird
>
>
> I recreated the password file again and this time used a longer more
> complex password and now it works.
>
> Makes no sense as the format was 12 and not 12.2
>
>
> Jack van Zanen
>
>
> -------------------------
> This e-mail and any attachments may contain confidential material for the
> sole use of the intended recipient. If you are not the intended recipient,
> please be aware that any disclosure, copying, distribution or use of this
> e-mail or any attachment is prohibited. If you have received this e-mail in
> error, please contact the sender and delete all copies.
> Thank you for your cooperation
>
>
> On Fri, Feb 18, 2022 at 2:54 PM Leng Burgess <lkaing_at_gmail.com> wrote:
>
>> Hi Jack,
>>
>> I forgot to also mention…
>>
>> If PASSWORD_VERSIONS is 10g, you may also need to reset and/or unlock the
>> accounts
>>
>> SQL> col account_status form a10
>>
>> select username,
>> account_status,expiry_date,lock_date,password_versions,authentication_type
>> from dba_users where password_versions='10G '
>> order by 1
>>
>> SQL> alter user x identified by y account unlock;
>>
>> I’ve been tearing my hear out with this case insensitivity for a while
>> now too…
>>
>> Cheers,
>>
>> Leng.
>>
>> On 18 Feb 2022, at 2:00 pm, Jack van Zanen <jack_at_vanzanen.com> wrote:
>>
>> I will try that
>>
>> Thank you
>>
>>
>> Jack van Zanen
>>
>>
>> -------------------------
>> This e-mail and any attachments may contain confidential material for the
>> sole use of the intended recipient. If you are not the intended recipient,
>> please be aware that any disclosure, copying, distribution or use of this
>> e-mail or any attachment is prohibited. If you have received this e-mail in
>> error, please contact the sender and delete all copies.
>> Thank you for your cooperation
>>
>>
>> On Thu, Feb 17, 2022 at 1:51 PM Leng Burgess <lkaing_at_gmail.com> wrote:
>>
>>> If my understanding is correct, you’re having issues with password case
>>> insensitivity, right?
>>>
>>>
>>> https://mikedietrichde.com/2017/04/24/having-some-fun-with-sec_case_sensitive_logon-and-ora-1017/
>>>
>>>
>>> So I believe you need this in sqlnet.ora on the server side:
>>>
>>> SQLNET.ALLOWED_LOGON_VERSION_SERVER=11
>>>
>>> And this at the db level:
>>> SEC_CASE_SENSITIVE_LOGON=FALSE
>>> Cheers,
>>>
>>> Leng.
>>>
>>> On 16 Feb 2022, at 8:11 am, Jack van Zanen <jack_at_vanzanen.com> wrote:
>>>
>>> Hi Joe,
>>>
>>> Password file is version 12.2.
>>>
>>> SQL PLus is 19.3 on my desktop that I am trying to use to connect
>>> remotely as sysdba.
>>> Locally on the db server connecting as sysdba is not an issue
>>>
>>> I am beginning to suspect some sort of permission issue..
>>>
>>>
>>> Jack van Zanen
>>>
>>>
>>> -------------------------
>>> This e-mail and any attachments may contain confidential material for
>>> the sole use of the intended recipient. If you are not the intended
>>> recipient, please be aware that any disclosure, copying, distribution or
>>> use of this e-mail or any attachment is prohibited. If you have received
>>> this e-mail in error, please contact the sender and delete all copies.
>>> Thank you for your cooperation
>>>
>>>
>>> On Wed, Feb 16, 2022 at 1:25 AM Sweetser, Joe <JSweetser_at_icat.com>
>>> wrote:
>>>
>>>> Following up on this…
>>>>
>>>>
>>>>
>>>> orapwd describe file=<orapw file>
>>>>
>>>>
>>>>
>>>> …will show you the version of the file (which I think defaults to 12.1
>>>> for 19c) and
>>>>
>>>>
>>>>
>>>> orapwd file=<orapw file> entries=10 format=12.2
>>>>
>>>>
>>>>
>>>> …will create the file with version 12.2.
>>>>
>>>>
>>>>
>>>> That said, you mentioned you had upgraded to 19.14 but the version of
>>>> sqlplus shows you are using 19.3. Not sure if Windows is different than
>>>> Linux, but on my Linux boxes the version of sqlplus reflects the upgraded
>>>> number. Or perhaps you are simply connecting from a client with an older
>>>> version? If that’s the case, I would try to connect “remotely” from the
>>>> local server to see if that works. Baby steps. J
>>>>
>>>>
>>>>
>>>> $ sqlplus /nolog
>>>>
>>>>
>>>>
>>>> SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 15 07:19:49 2022
>>>>
>>>> Version 19.13.0.0.0
>>>>
>>>>
>>>>
>>>> Copyright (c) 1982, 2021, Oracle. All rights reserved.
>>>>
>>>>
>>>>
>>>> SQL>
>>>>
>>>>
>>>>
>>>> -joe
>>>>
>>>>
>>>>
>>>> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
>>>> Behalf Of *Andrew Kerber
>>>> *Sent:* Tuesday, February 15, 2022 6:34 AM
>>>> *To:* srcdco_at_rit.edu
>>>> *Cc:* jbeckstrom_at_gcrta.org; andysayer_at_gmail.com; jack_at_vanzanen.com;
>>>> oracle-l_at_freelists.org
>>>> *Subject:* Re: [EXTERNAL] RE: ORA-1017 remote login SYS as SYSDBA
>>>>
>>>>
>>>>
>>>> I am at Starbucks, and don’t have my notes. But I think you need to set
>>>> the version of the password file to 12.1 or maybe 12.2. The issue has to do
>>>> with password complexity and oracle version.
>>>>
>>>> Sent from my iPad
>>>>
>>>>
>>>>
>>>> On Feb 15, 2022, at 07:28, Scott Canaan <srcdco_at_rit.edu> wrote:
>>>>
>>>> 
>>>>
>>>> I know it’s basic and probably there, but did you make sure that the
>>>> init.ora / spfile contains
>>>>
>>>>
>>>>
>>>> remote_login_passwordfile = EXCLUSIVE
>>>>
>>>>
>>>>
>>>> *Scott Canaan ‘88*
>>>>
>>>> *Sr Database Administrator *Information & Technology Services
>>>> Finance & Administration
>>>>
>>>>
>>>> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585)
>>>> 475-7520
>>>>
>>>> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>>>>
>>>>
>>>> *CONFIDENTIALITY NOTE*: The information transmitted, including
>>>> attachments, is intended only for the person(s) or entity to which it is
>>>> addressed and may contain confidential and/or privileged material. Any
>>>> review, retransmission, dissemination or other use of, or taking of any
>>>> action in reliance upon this information by persons or entities other than
>>>> the intended recipient is prohibited. If you received this in error, please
>>>> contact the sender and destroy any copies of this information.
>>>>
>>>>
>>>>
>>>> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
>>>> Behalf Of *Beckstrom, Jeffrey
>>>> *Sent:* Tuesday, February 15, 2022 8:24 AM
>>>> *To:* andysayer_at_gmail.com; jack_at_vanzanen.com
>>>> *Cc:* oracle-l_at_freelists.org
>>>> *Subject:* [EXTERNAL] RE: ORA-1017 remote login SYS as SYSDBA
>>>>
>>>>
>>>>
>>>> We had a similar problem for a new 12.2 database we created manually.
>>>> No matter what we did, we could not get remote SYS connections to work. Our
>>>> solution was to drop the database and recreate it with DBCA, for some
>>>> reason that made the difference. I know yours is an upgrade but just to let
>>>> you know you are not alone.
>>>>
>>>>
>>>>
>>>> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
>>>> Behalf Of *Andy Sayer
>>>> *Sent:* Tuesday, February 15, 2022 8:10 AM
>>>> *To:* jack_at_vanzanen.com
>>>> *Cc:* oracle-l_at_freelists.org
>>>> *Subject:* Re: ORA-1017 remote login SYS as SYSDBA
>>>>
>>>>
>>>>
>>>> Hi Jack,
>>>>
>>>>
>>>>
>>>> A couple of irrelevant things first.
>>>>
>>>> It’s weird that autoupgrade didn’t create a service for you, it had to
>>>> run the upgrade somewhere so presumably it had a service at some point.
>>>>
>>>> <sid> should really be <tnsnames entry that points to appropriate
>>>> listener and sid/service name>. Sid might be an appropriate name, but when
>>>> you have many environments with the same DBs, this doesn’t make too much
>>>> sense. If the instance is local then just set the environment parameter
>>>> oracle_sid and connect without a connection string.
>>>>
>>>>
>>>>
>>>> Anyway…
>>>>
>>>> Did you make sure you are using the password you set with orapwd? Did
>>>> you make sure you set the password file name correctly - people often use
>>>> the wrong casing. It should be “PWDsid.ora”.
>>>>
>>>>
>>>>
>>>> Hope this helps,
>>>>
>>>> Andy
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, 15 Feb 2022 at 12:13, Jack van Zanen <jack_at_vanzanen.com> wrote:
>>>>
>>>> Hi All,
>>>>
>>>>
>>>>
>>>> Situation:
>>>>
>>>> Windows 2016 Oracle 19.14 (just upgraded from 18C using autoupgrade)
>>>>
>>>>
>>>>
>>>> At the end of the upgrade it needed me to use oradim to create the
>>>> service as the upgrade does not do that.
>>>>
>>>> I ran the oradim command but it gave an error that the password did not
>>>> meet requirements.
>>>>
>>>>
>>>>
>>>> The service was created, but no password file.
>>>>
>>>>
>>>>
>>>> No problem, stopped the database and used orapwd to create password
>>>> file.
>>>> I can see that password file gets updated when I grant sysdba or change
>>>> sys password.
>>>>
>>>> However remote logon using sysdba does not work. All settings look OK
>>>> but no luck
>>>>
>>>>
>>>>
>>>> H:\>sqlplus sys/********_at_<sid> as sysdba
>>>>
>>>> SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 15 23:03:56 2022
>>>> Version 19.3.0.0.0
>>>>
>>>> Copyright (c) 1982, 2019, Oracle. All rights reserved.
>>>>
>>>> ERROR:
>>>> ORA-01017: invalid username/password; logon denied
>>>>
>>>> sec_case_sensitive_logon boolean TRUE
>>>> sec_max_failed_login_attempts integer 3
>>>> sec_protocol_error_further_action string (DROP,3)
>>>> sec_protocol_error_trace_action string TRACE
>>>> sec_return_server_release_banner boolean FALSE
>>>> remote_login_passwordfile string EXCLUSIVE
>>>> remote_os_authent boolean FALSE
>>>> remote_os_roles boolean FALSE
>>>>
>>>>
>>>>
>>>> Anyone have more experience on windows that understands what could
>>>> possibly be happening here?
>>>>
>>>>
>>>> Jack van Zanen
>>>>
>>>>
>>>>
>>>>
>>>> -------------------------
>>>> This e-mail and any attachments may contain confidential material for
>>>> the sole use of the intended recipient. If you are not the intended
>>>> recipient, please be aware that any disclosure, copying, distribution or
>>>> use of this e-mail or any attachment is prohibited. If you have received
>>>> this e-mail in error, please contact the sender and delete all copies.
>>>> Thank you for your cooperation
>>>>
>>>> This e-mail transmission and any attachments that accompany it may
>>>> contain information that is privileged, confidential or otherwise exempt
>>>> from disclosure under applicable law and is intended solely for the use of
>>>> the individual's to whom it was intended to be addressed. If you have
>>>> received this e-mail by mistake, or you are not the intended recipient, any
>>>> disclosure, dissemination, distribution, copying or other use or retention
>>>> of this communication or its substance is prohibited. If you have received
>>>> this communication in error, please immediately reply to the author via
>>>> e-mail that you received this message by mistake and also permanently
>>>> delete the original and all copies of this e-mail and any attachments from
>>>> your computer. Please note that coverage cannot be bound or altered by
>>>> sending an email. You must receive written confirmation from a
>>>> representative of our firm to put coverage in force or make changes to an
>>>> existing policy.
>>>>
>>>
>>>
>>

-- 
Andrew W. Kerber

'If at first you dont succeed, dont take up skydiving.'


--
http://www.freelists.org/webpage/oracle-l