ORA-01017 is one of the common errors seen while connecting to the Oracle database.
Here is what the documentation says about this error
Here is the checklist to run to resolve the ORA-01017: invalid username/password
(1)The main issue with an ORA-01017 error is an invalid user ID and password combination. You have to make sure,you are entering the right password
In case the target system is 11g, the password can be Case sensitive
You can check the parameter in the system
SQL> SHOW PARAMETER SEC_CASE_SENSITIVE_LOGON NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ sec_case_sensitive_logon boolean TRUE SQL>
When the above parameter is set to true, the case sensitivity is on, You may disable it and check the connection again
SQL> ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = FALSE; System altered.
And then try connecting. If it works, then you know the case sensitivity is the problem, you may want to alter the user password and write it somewhere to remember the case -sensitive password and then again enable the system parameter
SQL> ALTER user test identified by TEST1; User altered. SQL> ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = TRUE; System altered.
(2) It may be that the user ID is invalid for the target system. Check if the user ID exists as the username column in the dba_users view.
select username from dba_users where username ='<user name>';
(3) Check your $ORACLE_SID or $TWO_TASK environmental parameter. If your $ORACLE_SID is set to the wrong database then you may get an ORA-01017 error because you are connecting to the wrong Oracle database.
(4) Check your “tnsnames.ora” to ensure that the TNS service is pointing to the right database. You can use tnsping command to check that it also
TNS Ping Utility for Linux: Version 11.2.0.4.0 - Production on 22-JUNE-2016 23:01:06 Copyright (c) 1997, 2014, Oracle. All rights reserved. Used parameter files: /oracle/product/11.2.0.4/network/admin/sqlnet.ora Used TNSNAMES adapter to resolve the alias Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = techgoeasy.com)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = TEST))) OK (0 msec)
(5) You may get an ORA-01017 error in the dataguard environment and standby environment also
Make sure the SYS user password is the same on both the Primary and standby sides. Create the Oracle password file using orapwd with the same password on both the primary and standby side
With Oracle database 12c, in the case Primary RAC database, we need to have a password file at a shared location
orapwd file='+DATA/TEST/PASSWORDFILE/oraTEST' entries=10 dbuniquename=TEST password=<sys pass>
(6) Sometimes, there could be other reasons for the error and ORA-01017 is a misleading error.
You can trace the call stack by using the truss or trace command
Linux: strace -o /tmp/strace_user.output -cfT sqlplus Scott/tiger@test AIX, Solaris: truss -fea -o /tmp/truss_user.output sqlplus scott/tiger@test HP-UX: tusc -afpo /tmp/tusc_user.output -aef sqlplus scott/tiger@test
(7) This error can be encountered during RMAN active duplication also
Cause The SYS password is not the same between the original/source database and auxiliary/duplicate database.
SOLUTION Perform the following steps:
1) Copy the password file from the original/source database to the auxiliary/duplicate database.
2) Run the following OS command "cksum" to check whether the password files are the same on both the original/source database and auxiliary/duplicate database.
cksum {password_file_name}
(8) Case-Insensitive Passwords and ORA-1017 Invalid Username or Password
The Oracle Database 12c release 2 (12.2) default authentication protocol is 12 (Exclusive Mode). This protocol requires case-sensitive passwords for authentication. Review your options if you have earlier release password versions.
Starting with Oracle Database 12c release 2 (12.2), the default value for SQLNET.ORA parameter ALLOWED_LOGON_VERSION_SERVER is changed to 12. This parameter refers to the login authentication protocol used for the server, not the Oracle Database release.
By default, Oracle no longer supports case-insensitive password-based authentication; only the new password versions (11G and 12C) are allowed. The case-insensitive 10G password version is no longer generated.
If you have accounts that require 10G password versions, then to prevent accounts using that password version from being locked out of the database, you can change from an Exclusive Mode to a more permissive authentication protocol.
Password version can be checked as
select username,password_version from dba_users;
Log in as an administrator.
Edit the SQLNET.ORA file to change the SQLNET.ALLOWED_LOGON_VERSION_SERVER setting from the default, 12, to 11 or lower. For example:
SQLNET.ALLOWED_LOGON_VERSION_SERVER=11
(9) ORA-01017 using “sqlplus / as sysdba”
This can happen if the OS user where you are trying to use the above command is not member of dba group.
Make sure the OS user is part of DBA group.
Also check the sqlnet.ora .if you have sqlnet.authentication_services=none ,then also you may get this error
Hope you like the content on ORA-01017 invalid username/password
Related articles
ORA-00911 : This post is for common causes of ORA-00911: invalid character in oracle with examples and resolution to help you complete the job
ORA-29913 :troubleshooting tips for the ORA errors like ora-29913: error in executing odciexttableopen callout, ora-29913: error in executing odciexttablefetch callout
ORA-00257 :Learn how to troubleshoot for ORA-00257 archiver error. Connect internal only error.Various resolution and example provided in step by step manner.
alter user identified by values : Learn about Oracle password ,stored in database, algorithm , how to login as user without changing the oracle password using alter user identified by values
ORA-28000 :ORA-28000 the account is locked is very common error. Check out this post on how to solve it step by step easily without any issues
ORA-00904 :This post for the description and possible solutions of ORA-00904: invalid identifier.troubleshooting tips is also provided
ORA-28002 :This post in on how to resolve ORA-28002 the password will expire. What can be done to altogether avoid it by creating new profile
password versions in Oracle
Oracle 12.2 Documentation