Tuesday, April 12, 2016

EMCA Fails With "Invalid username/password" for DBSNMP or SYSMAN user when Creating DBConsole

EMCA Fails With "Invalid username/password" for DBSNMP or SYSMAN user when Creating DBConsole 

Error:

The command emca fails with Invalid username/password for DBSNMP or for SYSMAN.

When you enter the password for SYSMAN or DBSNMP, you get the error message Invalid username/password.

[oracle@ldb009 10.2.0]$ emca -config dbcontrol db -repos create
STARTED EMCA at Sep 27, 2005 2:08:57 PM
EM Configuration Assistant, Version 10.2.0.1.0 Production
Copyright (c) 2003, 2005, Oracle.  All rights reserved.
Enter the following information:
Database SID: ldb009
Listener port number: 1523
Password for SYS user:
Password for DBSNMP user:
Invalid username/password.
Password for DBSNMP user:
Invalid username/password.
Password for DBSNMP user:
Invalid username/password.
Password for DBSNMP user:
Invalid username/password.

LOG FILE
----------
emca_2005-09-28_10-09-54-AM.log

Sep 28, 2005 10:13:40 AM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: ldb009, oracleHome: /oracle/app/10.2.0, and user: SYS
Sep 28, 2005 10:13:40 AM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Sep 28, 2005 10:13:40 AM oracle.sysman.emcp.DatabaseChecks validateUserCredentials
CONFIG: Failed to update account status.
oracle.sysman.assistants.util.sqlEngine.SQLFatalErrorException: ORA-01034: ORACLE not available

 at oracle.sysman.assistants.util.sqlEngine.SQLEngine.executeImpl(SQLEngine.java:1467)
 at oracle.sysman.assistants.util.sqlEngine.SQLEngine.executeQuery(SQLEngine.java:694)
 at oracle.sysman.emcp.DatabaseChecks.updateAccountStatus(DatabaseChecks.java:1040)
 at oracle.sysman.emcp.DatabaseChecks.validateUserCredentials(DatabaseChecks.java:1013)
 at oracle.sysman.emcp.ParamsManager.validatePassword(ParamsManager.java:2694)
 at oracle.sysman.emcp.EMConfigAssistant.promptForData(EMConfigAssistant.java:583)
 at oracle.sysman.emcp.EMConfigAssistant.promptForParams(EMConfigAssistant.java:2231)
 at oracle.sysman.emcp.EMConfigAssistant.displayWarnsAndPromptParams(EMConfigAssistant.java:2257)
 at oracle.sysman.emcp.EMConfigAssistant.getDisplayAndPromptWarnsParms(EMConfigAssistant.java:2284)
 at oracle.sysman.emcp.EMConfigAssistant.performConfiguration(EMConfigAssistant.java:928)
 at oracle.sysman.emcp.EMConfigAssistant.statusMain(EMConfigAssistant.java:463)
 at oracle.sysman.emcp.EMConfigAssistant.main(EMConfigAssistant.java:412)

Similar errors about SYSMAN account can be encountered when running emca only for building the configuration files (SYSMAN and MGMT_VIEW exists and only "emca -config dbcontrol db" is being used).

Cause:

This error is mainly due to profile limits which prevent emca to reset the password for any of the following:

SYSMAN
DBSNMP
MGMT_VIEW
In Release 10.1, emca resets the password with the one provided at prompt:

SYSMAN => Always
DBSNMP=> Always
MGMT_VIEW=> Always
In Release 10.2, emca resets the password with the one provided at prompt:

SYSMAN => If password expired
DBSNMP=> If password expired
MGMT_VIEW=> Always

If the user has a profile limit for the resource type PASSWORD which is violated by the password provided, then emca will fail with the error "Invalid username/password".

In Release 11G, emca will prompt for the password only if the account is EXPIRED & LOCKED or if the account does not exist.
If the password is required, and if the password provided does not meet the password policy for the user profile, the error message will clearly state that there is a policy violation.

Solution:

In order to fix the Invalid username/password message

-Check the profile limit for the users SYSMAN, DBSNMP and MGMT_VIEW

select u.username, u.profile, p.resource_name, p.limit
from dba_profiles p, dba_users u
where p.profile=u.profile
and u.username in ('SYS', 'SYSMAN','DBSNMP','MGMT_VIEW')
and p.resource_type = 'PASSWORD'
order by u.username, p.resource_name;

-If the value of LIMIT for PASSWORD_VERIFY_FUNCTION is not NULL:
-Change the password so that it meets the function requirements.
-If the value of LIMIT for PASSWORD_REUSE_MAX is not UNLIMITED:

Change the password so that it is different from a password that has already been used the number of times set in PASSWORD_REUSE_MAX.
Or
Change the value of LIMIT for PASSWORD_REUSE_MAX to UNLIMITED for the profile.
Note: If SYSMAN and MGMT_VIEW user do not exist yet (repository was not created with -repos create option in emca), ensure that the password policies described above are met for those as well.

Reference metalink Doc ID 337260.1

No comments:

Post a Comment