ORA-1017 with "sqlplus / as sysdba" on Windows when AES*_SHA1 is selected for Kerberos and Network Security (Windows settings)
(Doc ID 2787121.1)
Last updated on JUNE 27, 2021
Applies to:Oracle Database - Enterprise Edition - Version 188.8.131.52 and later
Information in this document applies to any platform.
You may find the following happens (and only observed at this time on Windows 2016 with Oracle 184.108.40.206):
1. Migration to a new server (as an example, Microsoft Windows 2016), using the following method:
a) Win2016 setup groups via computer management including ora_dba
b) Install 220.127.116.11 Enterprise Edition software then apply APR2021 (Patches DB 32392089, JDK 32494298, OJVM 32427674)
c) Create service on Win2016 server - password required mixed case, number, special character
d) Set Logon to Active Directory OS Account
e) Run Command (DOS) Prompt as administrator.
f) Running "sqlplus / as sysdba" renders error:
ORA-01017: invalid username/password; logon denied.
2. However, connecting using the password works:
sqlplus sys/<pwd>@<alias> as sysdba
* This can cause issues if you need to run datapatch or CRS commands which use OS Authentication.
3. Configuration of OS Authentication was done using the directions in:
a) WIN: OS Authentication - CONNECT AS SYSDBA Without a Password (Doc ID 77665.1)
b) Authentication of Database Administrators by Using the Operating System
c) Creating Oracle Home User
4. Configuration files:
SQLNET.AUTHENTICATION_SERVICES = (NONE)
Installation of Oracle on a new Windows Server.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document