Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Re: Second request: invalid username/pswd on db-link

Re: Second request: invalid username/pswd on db-link

From: Ed Stevens <nospam_at_noway.nohow>
Date: Mon, 13 Dec 2004 13:39:20 -0600
Message-ID: <>

Mark, thanks for taking time to respond. Replies embedded .... then some follow-up ...

On Mon, 13 Dec 2004 16:02:53 GMT, Mark Bole <> wrote:

>Ed Stevens wrote:
>> Please forgive me the re-posting. I first posted this a week ago and
>> got no bites, so thought I'd try again.
>> Oracle on Win2k
>> Recently I started getting a number of OEM alerts from one particular
>> database. The error is a ORA-01017: invalid username/password; logon
>> denied. Since this error is showing up in the alert log, it must be
>> happening when a db_link to a second db is accessed. That ought to be
>> simple enough, but if I connect with SQL-Plus and issue a SELECT
>> against the db-link, it works every time. Since the userid/pswd is a
>> hard-coded part of the db-link definition, I would exect it to work
>> every time or never.
>> The app is still under development and the developer has never
>> reported a problem. If I weren't getting the OEM alerts, we'd never
>> know there was an issue.
>> Ideas?
>Seems you are making some assumptions that may need more checking.
>Can you describe the exact syntax of the link(s) in question (public,
>shared, authenticated clause)?
> There are several flavors of dblinks
>each with its own security considerations. Be sure to include all
>links, you might not be getting the one you think you're getting due to
>schema object resolution rules.

Only one link in the db:

SQL > select * from dba_db_links;

OWNER DB_LINK USERNAME HOST CREATED ------ --------------- -------- ------ --------- PUBLIC LN_DB2P.WORLD IRMDEV DB2P 01-DEC-04 SQL> Application refers to tables across the link via synonyms:

SQL> select distinct db_link from dba_synonyms;


>What are the link(s) used for? Replication? Application-specific
>distributed transactions?

Mostly home-grown replication, so to speak. The app inserts into and selects from 'event' and 'message queue' tables on a DB2-MVS system.

>Are you using shared server or dedicated
>server (some shared server error messages show up in alert.log)?

>Is the
>link being referred to with or without the domain and connect descriptor
>components of the name?

The app acutally refers to a synonym that resolves to a table across the link.
SQL> select *
  2 from dba_synonyms
  3 where db_link like 'LN_DB2%';


-------- ---------------------- -------- ----------------
NMM      SY_FACILITY            NMM      FACILITY
>Does the error refer to an incoming or an
>outgoing connection attempt?

Wouldn't it have to be an outgoing? An incoming wouldn't be seen as a database error and wouldn't generate an alert entry. I tested that last week to make sure.

>When you do your SQL*Plus test, what user are you using?

Both as system and as the app username, which is not the owner of the link or synonym.

>What else is showing up in the alert log? (It's not clear that OEM is
>adding any value to your troubleshooting process).
Fri Dec 10 15:25:35 2004
Errors in file e:\oradmin\xslp\bdump\xslpRECO.TRC: ORA-01017: invalid username/password; logon denied ORA-02063: preceding line from LN_DB2N

But, I can find no references to teh 1017 in the trace file. More on that later ...

>If the system is
>under development it should be easy to isolate exactly what is going on
>at the time the errors are received.

It's in production now! Went in this weekend. Application reports no errors ... but we get these alerts!

>Check your listener.ora file to
>see what incoming connections are being attempted at the same time of
>the errors.

No issues seen in the listener log.

>A key phrase is "recently I started getting". What else happened in the
>same recent time window? A server re-start? An upgrade? A new admin
>employee on staff?

A new server. This is a warehouse shipping app. Each warehouse gets its own on-site server. App code is the same and some registry entries and a 'location' table carries the info to tell the app at run-time which location it is. The code-base for the app is pretty old. In fact, it was the last app I worked on before moving to DBA work, but that was at least two major releases (of the app) ago. This behavior shows on only one of the servers.

Now, just to throw a monky-wrench into the works (or, for my British friends, throw a spanner into the works) Friday afternoon my partner was prepping this box to go into production. As part of the prep, he redefined the db-links to specify the production version of the DB2 database, and redefined the synonyms to point to the new link.. (Yes, I know that could have effectively been done just by changing the TNS entry for the remote db, but our standards have us naming the db_link to indicate which db is it's target ...) Anyway, as soon has he made that change, the error changed from "ORA-01017 invalid username" ..... to "ORA-2019 Connection description for remote database not found", but all other above comments, descriptions, definitions still apply. There are entries in the RECO trace file, but they don't bring any more info to the table:

>-Mark Bole
Received on Mon Dec 13 2004 - 13:39:20 CST

Original text of this message