ORA-01017: invalid username/password; logon denied Tips

ORA-01017  is one of the common error seen while connecting to oracle database.

Here is what documentation says about this error

ORA-01017 invalid username/password

Here are the checklist to run to resolve the ORA-01017: invalid username/password

  1. The main issue with an ORA-01017 error is an invalid user ID and passwords combination.  You have to make sure ,you are entering the right password

In-case the target system is 11g, the password can be Case sensitive

You can check the parameter in the system

SQL> SHOW PARAMETER SEC_CASE_SENSITIVE_LOGON
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
sec_case_sensitive_logon             boolean     TRUE
SQL>

When the above parameter is set to true, the case sensitivity is on, You may disable it and check the connection again

SQL> ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = FALSE;

System altered.

And the try connecting. If it works , then you know the case sensitivity is the problem, you may want to alter the user password  and write it somewhere to remember the case -sensitive password and then again enable the system parameter

SQL> ALTER user test identified by TEST1;

User altered.
SQL> ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = TRUE;

System altered.

All Reads

2) It may be that the user ID is invalid for the target system . Check if the  user ID exists as the username column in the dba_users view.

select username from dba_users where username ='<user name>';

3) Check your $ORACLE_SID  or $TWO_TASK environmental parameter. If your $ORACLE_SID is set to the wrong database then you may get a ORA-01017 error because you are connecting to the wrong oracle database.

4) Check your tnsnames.ora to ensure that the TNS service is pointing to right database. You can use tnsping command to check that also

TNS Ping Utility for Linux: Version 11.2.0.4.0 - Production on 22-JUNE-2016 23:01:06

Copyright (c) 1997, 2014, Oracle.  All rights reserved.

Used parameter files:
/oracle/product/11.2.0.4/network/admin/sqlnet.ora

Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = techgoeasy.com)(PORT = 1521))
(CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = TEST)))
OK (0 msec)

 

4) You may get ORA-01017 error in dataguard environment and standby environment also

Make sure SYS user password is same on both the Primary and standby side.  Create the orapwd file with same password on both the primary and standby side

With Oracle database 12c, in case Primary RAC database,we need to have password file at shared  location

orapwd file='+DATA/TEST/PASSWORDFILE/oraTEST' entries=10 dbuniquename=TEST password=<sys pass>

5) Sometimes ,there could be other reason for the error and ORA-01017 is misleading error.

You can trace the call stack by using truss or trace command

Linux:
strace -o /tmp/strace_user.output -cfT sqlplus Scott/tiger@test

AIX, Solaris:
truss -fea -o /tmp/truss_user.output sqlplus scott/tiger@test

HP-UX:
tusc -afpo /tmp/tusc_user.output -aef sqlplus scott/tiger@test

6) This error can be encountered during active duplication also

 Cause The SYS password is not the same between the original/source database and auxiliary/duplicate database. 
SOLUTION Perform the following steps:
 1) Copy the password file from the original/source database to the auxiliary/duplicate database. 
 2) Run the following OS command "cksum" to check whether the password files are the same on both the original/source database and auxiliary/duplicate database. 
cksum {password_file_name}

 

  1. Case-Insensitive Passwords and ORA-1017 Invalid Username or Password

The Oracle Database 12c release 2 (12.2) default authentication protocol is 12 (Exclusive Mode). This protocol requires case-sensitive passwords for authentication. Review your options if you have earlier release password versions.

Starting with Oracle Database 12c release 2 (12.2), the default value for the SQLNET.ORA parameter ALLOWED_LOGON_VERSION_SERVER is changed to 12. This parameter refers to the logon authentication protocol used for the server, not the Oracle Database release.

By default, Oracle no longer supports case-insensitive password-based authentication; only the new password versions (11G and 12C) are allowed. The case-insensitive 10G password version is no longer generated.

If you have accounts that require 10G password versions, then to prevent accounts using that password version from being locked out of the database, you can change from an Exclusive Mode to a more permissive authentication protocol.

Password version can be checked as

select username,password_version from dba_users;

Log in as an administrator.

Edit the SQLNET.ORA file to change the SQLNET.ALLOWED_LOGON_VERSION_SERVER setting from the default, 12, to 11 or lower. For example:

SQLNET.ALLOWED_LOGON_VERSION_SERVER=11

8.   ORA-01017 using “sqlplus / as sysdba”

This can happen if the OS user where you are trying to use the above command is not member of dba group.

Make sure the OS user is part of DBA group.

Also check the sqlnet.ora  .if you have  sqlnet.authentication_services=none ,then also you may get this error

Hope you like the content on ORA-01017 invalid username/password

Related articles
ORA-00911: invalid character Common Issues and Resolution

How to resolve ORA-29913 with external tables

How to resolve the ORA-00257 error in Oracle database

Oracle 12.2 Documentation

How to login as user without changing the password in Oracle database

How to solve ORA-28000 the account is locked

Leave a Reply