Cry about...
Oracle Troubleshooting

ORA-01017: Invalid username/password

Symptom:

When attempting to connect to Oracle the following error is returned:

ORA-01017: invalid username/password; login denied

Possible Causes and Remedies:

• Normally this error indicates that either the username is not a recognised username or that the password is incorrect.

• If this error is encountered when no username or password have been specified (i.e. when trying to use operating system authentication) then operating system authentication may not have been set-up correctly. In this case:

1. Consult the notes for ORA-01004: default username feature not supported.

2. The user is not set-up to use operating system authentication.

• Check that the prefix used when defining the Oracle account is the same as that specified by ‘OS_AUTHENT_PREFIX’ in the init-ora file. The default is ‘OPS$’.

• Check the value of the registry key ‘OSAUTH_PREFIX_DOMAIN’. In Oracle 7 this is located at ‘HKEY_LOCAL_MACHINE\ SOFTWARE\ ORACLE’, and for Oracle 8 at ‘HKEY_LOCAL_MACHINE\ SOFTWARE\ ORACLE\ HOMEn’. If this parameter does not exist in the registry the default is ‘FALSE’ in Oracle prior to 8.1.x, from 8.1.x onwards the deafult is ‘TRUE’. If set ‘TRUE’ then ensure that the user name defined using Oracle security manager is of the form ‘OPS$<DOMAIN>\<Username>’. If the registry key is not set then it should be of the form ‘OPS$<Username>’. If the key ‘OSAUTH_PREFIX_DOMAIN’ does not exist and you wish to create it, it should be created of type ‘REG_EXPAND_SZ’.

3. Check that the initialisation parameter ‘REMOTE_OS_AUTHET’ has been explicity set ‘TRUE’.

4. Less likely to be a cause, but check also that the server and client are both running the same version of Oracle.

5. Some tools do not support the use of operating system authentication. This includes the Oracle GUI tools. If a connection can be made using operating system authentication with the command line server manager (svrmgr30) then it is likely to be that the tool does not support it. Some possibilities to try (none of these are guaranteed to work, but each has been found to work with some tools):

• enter ‘@<service>’ as the username.

• enter ‘/’ as the username and do not provide a password. Some applications (possibly depending on the version of Oracle connecting to) may require a space before and after the slash.

• enter ‘/@<service>’ as the username and do not provide a password.

• If this error is encountered when a username and/or password have been specified then the cause is likely to be one of the following:

1. Check that an Oracle account has been created for the specified username.

2. Check that the Oracle account is not ‘OPS$...’. If it is then Oracle is using operating system authentication for the account. Try logging in specifying no username or password. In this case the NT account name must be the same as the Oracle account name (less the ‘OPS$’).

3. If the Oracle account exists and the account is not named 'OPS$...’ then the password must be incorrect.

• If this error is encountered whilst trying to connect to Oracle as SYSOPER (but connecting as NORMAL works fine) then the account lacks the SYSOPER privilege. To obtain SYSOPER privilege run Oracle security manager and grant the system privilege SYSOPER to the Oracle account. Note:

• The database must not be running in parallel server mode and the password file must not be shared.

• If the database is running in parallel server mode or the password file is shared then only SYS or INTERNAL can have SYSOPER privilege.