| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: ORA-01031, Windows 2000, Ora9.2
Please allow me to provide an update:
I should have said "Local ORA_DBA" group in my original message as the local user was and is a member.
Unfortunately, while the local user is a member of the Local Administrators group, as well as the Domain Administrators group , the local user is not the Local Administrator user as that pre-defined user has been and must remain a disabled account.
Also, it is likely that the local user was used to install the Oracle DBMS software as opposed the the Local Administrator.
I was finally able to connect by doing:
DOS> sqlplus SQL> Username: sys as sysdba SQL> Password: ****
with the remote_login_passwordfile = shared in the pfile.
Also, what I meant by "locked down" is that the NSA standard templates (i.e., batch scripts) were applied to the Windows 2000 Server where the Oracle DBMS was installed.
Has anyone used these "templates" and had successful OS authentication, that is, the local user is a member of the local ORA_DBA group and the remote_login_passwordfile = none in the pfile, but who is not the pre-defined Local Administrator user.
Sorry if I did not ask clearly in my first message.
Regards,
mikejay
Sybrand Bakker wrote:
> Mike Jay <mikejay_at_mitre.org> wrote in message news:<3E557DE8.8CFA40E1_at_mitre.org>...
> > Hi guys,
> >
> > The instance I am trying to connect to using both OS or remote password
> > authentication fails with a ORA-01031 error.
> >
> > I have looked in the archives, but my question may be a bit eclectic.
> >
> > The local user is a member of the ORA_DBA group on windows, but not the
> > local Administrator user.
> >
> > The local user is a member of the:
> > Active Directory Domain Administrators group
> > Local Administrators group
> > ORA_DBA group
> >
> > I have tried with OS (remote password none in initialization file) or
> > with the ORAPWD file (remote password both shared and exclusive in
> > initialization file) and failed to connect.
> >
> > The ORADIM utility was used to make the OracleServiceMySID service.
> >
> > I cannot use dbassist as the database is for a 3rd-party product using
> > scripts to create the database.
> >
> > Most important, the computer has been "locked down" with security
> > templates doing who knows what to the Windows 2000 security policies.
> > The two other systems allow me to install and support the 3rd-party
> > application, but the "locked down" one fails.
> >
> > My failed attempts to connect include two approaches
> >
> > 1) sqlplus /nolog
> > SQL> connect / as sysdba
> >
> > 2) sqlplus "/ as sysdba"
> >
> > I have looked throughout the Windows-specific Oracle administrators
> > guide and the registry entries, oracle.key file, and user group
> > membership look correct.
> >
> > What Windows 2000 Server and Oracle9i conflict could result from
> > tweaking Local Machine Policies?
> >
> > Are any known gotchas typical? Templates mean scripts used to affect
> > security policies on the Windows 2000 Server.
> >
> > Thanks,
> > mikejay
>
> the ORA_DBA group needs to be a *LOCAL* group, NOT a *DOMAIN* group.
> The sw has to be installed using the *local* administrator.
>
> Hth
>
> Sybrand Bakker
> Senior Oracle DBA
Received on Fri Feb 21 2003 - 08:32:38 CST
 |
 |