Nowdays every one has a busy life and you may need to handle multiple tasks all the time. There are small details we might not pay much attention on them and then as time goes by, they are just forgotten.
I was working an Oracle DataGuard setup today. The primary server has been up for quite a while. I was trying to connect to the primary using connection string “as sysdba” and it gave me the following error no matter I connected from the primary or the standby:
[oracle@ol7db02 ~]$ sqlplus sys/Test4me@PROD1 as sysdba SQL*Plus: Release 220.127.116.11.0 Production on Fri Oct 30 13:24:02 2020 Copyright (c) 1982, 2014, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied
I am sure that the password is correct because without “as sysdba” it works. The difference between without and with “as sysdba” is that password file is used or not.
Oracle has the following statement for REMOTE_LOGIN_PASSWORDFILE — “If you change REMOTE_LOGIN_PASSWORDFILE to exclusive or shared from none, then ensure that the password file is synchronized with the dictionary passwords. See Oracle Database Administrator’s Guide for more information.“
“If you change the REMOTE_LOGIN_PASSWORDFILE initialization parameter from NONE to EXCLUSIVE or SHARED, or if you re-create the password file with a different SYS password, then you must ensure that the passwords in the data dictionary and password file for the SYS user are the same.
To synchronize the SYS passwords, use the ALTER USER statement to change the SYS password. The ALTER USER statement updates and synchronizes both the dictionary and password file passwords.
To synchronize the passwords for non-SYS users who log in using the SYSDBA or SYSOPER privilege, you must revoke and then regrant the privilege to the user.”
Looks like there was a change of the parameter and it’s not sychronized to the password file. I ran “alter user sys identified by <password>” on the primary server and I am able to login “as sysdba” now.