ORA-1017 with "sqlplus / as sysdba" on Windows when AES*_SHA1 is selected for Kerberos and Network Security (Windows settings)
(Doc ID 2787121.1)
Last updated on APRIL 17, 2023
Applies to:
Oracle Database - Enterprise Edition - Version 12.2.0.1 and laterInformation in this document applies to any platform.
Symptoms
You may find the following happens (and only observed at this time on Windows 2016 with Oracle 12.2.0.1):
1. Migration to a new server (as an example, Microsoft Windows 2016), using the following method:
a) Win2016 setup groups via computer management including ora_dba
b) Install 12.2.0.1 Enterprise Edition software then apply APR2021 (Patches DB 32392089, JDK 32494298, OJVM 32427674)
c) Create service on Win2016 server - password required mixed case, number, special character
d) Set Logon to Active Directory OS Account
e) Run Command (DOS) Prompt as administrator.
f) Running "sqlplus / as sysdba" renders error:
ORA-01017: invalid username/password; logon denied.
2. However, connecting using the password works:
sqlplus sys/<pwd>@<alias> as sysdba
* This can cause issues if you need to run datapatch or CRS commands which use OS Authentication.
3. Configuration of OS Authentication was done using the directions in:
a) WIN: OS Authentication - CONNECT AS SYSDBA Without a Password (Doc ID 77665.1)
b) Authentication of Database Administrators by Using the Operating System
c) Creating Oracle Home User
4. Configuration files:
sqlnet.ora -->
SQLNET.AUTHENTICATION_SERVICES = (NONE)
SQLNET.NO_NTLM=TRUE
#SQLNET.NO_NTLM=FALSE
Changes
Installation of Oracle on a new Windows Server.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |