4 Replies Latest reply: Mar 19, 2011 11:46 PM by 612389 RSS

    SYSMAN account locked. Other Admin accounts show invalid username/pw

    612389
      I have an 11g database on a single machine install with myself as the only admin & user. When I try to access the database via SYSMAN I get the error ORA-28000 saying that the SYSMAN account is locked. Bu when I try to sign on using the other ADMIN accounts (SYS, SYSDBA or SYSTEM) I get the error ORA-01017 Invalid username/password; login denied.

      The issue is that I'm pretty sure I'm using the correct password with these ADMIN accounts. Any suggestions for how I can reestablish admin control of my database? Note that I can access the database with 2 user accounts that have no ADMIN privileges. Thanks
        • 1. Re: SYSMAN account locked. Other Admin accounts show invalid username/pw
          612389
          I had to sign on with the username 'SYSTEM as SYSDBA'
          • 2. Re: SYSMAN account locked. Other Admin accounts show invalid username/pw
            612389
            Unfortunately, this problem keeps recurring. I just want to focus upon SYSMAN for now.

            In SQLPlus, I try to sign on using SYSMAN. It says the ACCOUNT IS LOCKED. So then I successfully sign on using 'SYSMAN as DBA'. From there I unlock the SYSMAN account and then I can successfully sign on with SYSMAN. I then close SQLPlus and wait for a few minutes. But when I try again to sign on using SYSMAN I get the same error of ACCOUNT IS LOCKED. :(

            I know that one possibility for this kind of error is that some other program has made multiple unsuccessful attempts to sign on using SYSMAN. However, there are no other programs that are using the Database in the interim. I have SQLDeveloper on the machine and I mostly use that program when I want to run code and query the database- but it is not opened for the process I describe above.

            What could be causing the SYSMAN account to keep locking?

            Thanks, John
            • 3. Re: SYSMAN account locked. Other Admin accounts show invalid username/pw
              Zoran Pavlovic
              Hi,

              You can audit create session by SYSMAN and then watch in audit_trail who is accessing: AUDIT CREATE SESSION BY SYSMAN BY ACCESS WHENEVER NOT SUCCESSFUL;

              If you want to connect to database using privileged account you can use: CONNECT / AS SYSDBA (doesn't ask you for passwd).

              Alternatively, you can create new profile for SYSMAN account and put FAILED_LOGIN_ATTEMPTS parameter to UNLIMITED. (not recommended for security reasons).

              Zoran
              • 4. Re: SYSMAN account locked. Other Admin accounts show invalid username/pw
                612389
                Zoran, thanks for the reply. I haven't done any auditing so I'm trying to read up on it. From this article [url http://www.oracle-base.com/articles/10g/Auditing_10gR2.php] http://www.oracle-base.com/articles/10g/Auditing_10gR2.php it seems that there are 3 views which hold the auditing data:

                * DBA_AUDIT_TRAIL - Standard auditing only (from AUD$).
                * DBA_FGA_AUDIT_TRAIL - Fine-grained auditing only (from FGA_LOG$).
                * DBA_COMMON_AUDIT_TRAIL - Both standard and fine-grained auditing.

                I'll examine the many fields returned and see what I can figure out and maybe come back with more questions.
                Thanks,
                John