Finding the source of failed login attempts.
(Doc ID 352389.1)
Last updated on MAY 17, 2024
Applies to:
Oracle Database - Enterprise Edition - Version 11.2.0.4 and later Information in this document applies to any platform.
Oracle Server Enterprise Edition - Version: 9.0.1.4 to 11.2.0.4
Purpose
This troubleshooting guide is aimed at providing information on how to trace suspect logins that have failed with ora-1017, logon denied during database authentication. Note that a malicious origin is in most cases not the cause of an unsuccessful login. It can be simply a typo in the username or password, a cron job with an invalid password in it or even an Oracle client program that was badly configured (for example see referenced note 267401.1). Anyway these unsuccessful connect attempts can be a nuisance, especially when a password management policy is in place that has a limit on failed_login_attempts and cause the ora-28000 "the account is locked" error.
Troubleshooting Steps
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!