Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Second request: invalid username/pswd on db-link

Re: Second request: invalid username/pswd on db-link

From: Ed Stevens <nospam_at_noway.nohow>
Date: Mon, 13 Dec 2004 15:06:15 -0600
Message-ID: <iu0sr0h05u65ftg2mdp7416fk9gf2rtdep@4ax.com>


On Mon, 13 Dec 2004 13:39:20 -0600, Ed Stevens <nospam_at_noway.nohow> wrote:

>Mark, thanks for taking time to respond. Replies embedded .... then
>some follow-up ...
>
>On Mon, 13 Dec 2004 16:02:53 GMT, Mark Bole <makbo_at_pacbell.net> wrote:
>
>>Ed Stevens wrote:
>>> Please forgive me the re-posting. I first posted this a week ago and
>>> got no bites, so thought I'd try again.
>>>
>>> Oracle 8.1.7.4 on Win2k
>>>
>>> Recently I started getting a number of OEM alerts from one particular
>>> database. The error is a ORA-01017: invalid username/password; logon
>>> denied. Since this error is showing up in the alert log, it must be
>>> happening when a db_link to a second db is accessed. That ought to be
>>> simple enough, but if I connect with SQL-Plus and issue a SELECT
>>> against the db-link, it works every time. Since the userid/pswd is a
>>> hard-coded part of the db-link definition, I would exect it to work
>>> every time or never.
>>>
>>> The app is still under development and the developer has never
>>> reported a problem. If I weren't getting the OEM alerts, we'd never
>>> know there was an issue.
>>>
>>> Ideas?
>>
>>
>>Seems you are making some assumptions that may need more checking.
>>
>>Can you describe the exact syntax of the link(s) in question (public,
>>shared, authenticated clause)?
>> There are several flavors of dblinks
>>each with its own security considerations. Be sure to include all
>>links, you might not be getting the one you think you're getting due to
>>schema object resolution rules.
>
>
>Only one link in the db:
>
>SQL > select * from dba_db_links;
>
>OWNER DB_LINK USERNAME HOST CREATED
>------ --------------- -------- ------ ---------
>PUBLIC LN_DB2P.WORLD IRMDEV DB2P 01-DEC-04
>
>SQL>
>
>
>Application refers to tables across the link via synonyms:
>
>SQL> select distinct db_link from dba_synonyms;
>
>DB_LINK
>---------------
>LN_DB2P.WORLD
>
>
>
>
>
>>
>>What are the link(s) used for? Replication? Application-specific
>>distributed transactions?
>
>Mostly home-grown replication, so to speak. The app inserts into and
>selects from 'event' and 'message queue' tables on a DB2-MVS system.
>
>>Are you using shared server or dedicated
>>server (some shared server error messages show up in alert.log)?
>Dedicated
>
>>Is the
>>link being referred to with or without the domain and connect descriptor
>>components of the name?
>
>The app acutally refers to a synonym that resolves to a table across
>the link.
>SQL> select *
> 2 from dba_synonyms
> 3 where db_link like 'LN_DB2%';
>
>OWNER SYNONYM_NAME TABLE_OW TABLE_NAME DB_LINK
>-------- ---------------------- -------- ----------------
>-------------
>NMM SY_FACILITY NMM FACILITY
>LN_DB2P.WORLD
>
>>Does the error refer to an incoming or an
>>outgoing connection attempt?
>
>Wouldn't it have to be an outgoing? An incoming wouldn't be seen as a
>database error and wouldn't generate an alert entry. I tested that
>last week to make sure.
>
>>
>>When you do your SQL*Plus test, what user are you using?
>>
>Both as system and as the app username, which is not the owner of the
>link or synonym.
>
>>What else is showing up in the alert log? (It's not clear that OEM is
>>adding any value to your troubleshooting process).
>Fri Dec 10 15:25:35 2004
>Errors in file e:\oradmin\xslp\bdump\xslpRECO.TRC:
>ORA-01017: invalid username/password; logon denied
>ORA-02063: preceding line from LN_DB2N
>
>But, I can find no references to teh 1017 in the trace file. More on
>that later ...
>
>
>
>>If the system is
>>under development it should be easy to isolate exactly what is going on
>>at the time the errors are received.
>It's in production now! Went in this weekend. Application reports no
>errors ... but we get these alerts!
>
>>Check your listener.ora file to
>>see what incoming connections are being attempted at the same time of
>>the errors.
>No issues seen in the listener log.
>>
>
>>A key phrase is "recently I started getting". What else happened in the
>>same recent time window? A server re-start? An upgrade? A new admin
>>employee on staff?
>>
>A new server. This is a warehouse shipping app. Each warehouse gets
>its own on-site server. App code is the same and some registry
>entries and a 'location' table carries the info to tell the app at
>run-time which location it is. The code-base for the app is pretty
>old. In fact, it was the last app I worked on before moving to DBA
>work, but that was at least two major releases (of the app) ago. This
>behavior shows on only one of the servers.
>
>
>Now, just to throw a monky-wrench into the works (or, for my British
>friends, throw a spanner into the works) Friday afternoon my partner
>was prepping this box to go into production. As part of the prep, he
>redefined the db-links to specify the production version of the DB2
>database, and redefined the synonyms to point to the new link.. (Yes,
>I know that could have effectively been done just by changing the TNS
>entry for the remote db, but our standards have us naming the db_link
>to indicate which db is it's target ...) Anyway, as soon has he made
>that change, the error changed from "ORA-01017 invalid username" .....
>to "ORA-2019 Connection description for remote database not found",
>but all other above comments, descriptions, definitions still apply.
>There are entries in the RECO trace file, but they don't bring any
>more info to the table:
>
>*** 2004-12-13 07:46:17.295
>ERROR, tran=6.7.482, session#=1, ose=0:
>ORA-02019: connection description for remote database not found
>
>
>
>>-Mark Bole
>>
>>

And as an update .... the alerts seem to have stopped, and we now have reason to suspect that the errors didn't come from the app itself, but from a rather careless developer poking on it with Toad .... I should be able to determine that by tomorrow. Received on Mon Dec 13 2004 - 15:06:15 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US