ORA-40365 SYS account lock 12C PDB

-

 Background

Was trying to lock sys user on 12.2 RAC cluster which runs 5 CDB databases. On the first db, lock operation was successful but on the second database sys lock operation was failed with ORA-40365 as below,

 SQL> alter user sys account lock;  
 alter user sys account lock  
 *  
 ERROR at line 1:  
 ORA-40365: The SYS user cannot be locked while the password file is in its  
 current format.  
 SQL>

Next step was to check the differences in password file configured between the databases. From the results, it was observed that in the database where lock operation was successful, password file format was 12.2 where as in the failing database password file was format 12.

 ora12c@racaprdb1:~$ srvctl config database -d OBDB | grep -i password  
 Password file: +OBDATADG/OBDB/PASSWORD/orapwobdb  
 ora12c@racaprdb1:~$  
 ora12c@racaprdb1:~$ orapwd describe file='+OBDATADG/OBDB/PASSWORD/orapwobdb';  
 Password file Description : format=12.2  
 ora12c@racaprdb1:~$  
 ora12c@racaprdb1:~$  
 ora12c@racaprdb1:~$ srvctl config database -d MOBCDB | grep -i password  
 Password file: +MOBDATADG/MOBCDB/PASSWORD/pwdmobcdb.256.989493863  
 ora12c@racaprdb1:~$  
 ora12c@racaprdb1:~$ orapwd describe file='+MOBDATADG/MOBCDB/PASSWORD/pwdmobcdb.256.989493863'  
 Password file Description : format=12  
 ora12c@racaprdb1:~$

Below steps were taken to change the password file format to 12.2. This was RAC primary database with single instances standby.

RAC primary new password file creation

Use the input_file option to get the config copied from the existing password file.

 ora12c@racaprdb1:~$ orapwd file='+MOBDATADG/MOBCDB/NEWPASSWORD/orapwmobcdb' format=12.2 input_file='+MOBDATADG/MOBCDB/PASSWORD/pwdmobcdb.256.989493863' dbuniquename=MOBCDB  
 OPW-00010: Could not create the password file. This resource has a Password File.  
 ora12c@racaprdb1:~$  
 ora12c@racaprdb1:~$--Remove the password file reference from the database,  
 ora12c@racaprdb1:~$ srvctl modify database -d MOBCDB -pwfile ''   
 ora12c@racaprdb1:~$ srvctl config database -d OBDB | grep -i password  
 Password file:  
 ora12c@racaprdb1:~$  
 ora12c@racaprdb1:~$ orapwd file='+MOBDATADG/MOBCDB/NEWPASSWORD/orapwmobcdb' format=12.2 input_file='+MOBDATADG/MOBCDB/PASSWORD/pwdmobcdb.256.989493863' dbuniquename=MOBCDB  
 ora12c@racaprdb1:~$ srvctl config database -d MOBCDB | grep -i password  
 Password file: +MOBDATADG/MOBCDB/NEWPASSWORD/orapwmobcdb  
 ora12c@racaprdb1:~$  
 ora12c@racaprdb1:~$ orapwd describe file='+MOBDATADG/MOBCDB/NEWPASSWORD/orapwmobcdb'  
 Password file Description : format=12.2  
 ora12c@racaprdb1:~$

Since we have used the input_file option and all attributes remained the same, it was not required to copy the new password file to standby side. Dataguard sync was not impacted. Coming back to the initial issue, with password file format set to version 12.2, sys lock operation was successful.

 ora12c@racaprdb1:~$ sqlplus sys as sysdba  
 SQL*Plus: Release 12.2.0.1.0 Production on Thu Sep 17 14:01:23 2020  
 Copyright (c) 1982, 2016, Oracle. All rights reserved.  
 Enter password:  
 Connected to:  
 Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production  
 SQL>  
 SQL>  
 SQL> show pdbs;  
   CON_ID CON_NAME            OPEN MODE RESTRICTED  
 ---------- ------------------------------ ---------- ----------  
      2 PDB$SEED            READ ONLY NO  
      3 MOBPDB             READ WRITE NO  
 SQL> alter session set container=MOBPDB;  
 Session altered.  
 SQL> alter user sys account lock;  
 User altered.  
 SQL>  
 SQL> select username, account_status, lock_date from dba_users where username='SYS';  
 USERNAME                                                             ACCOUNT_STATUS          LOCK_DATE  
 -------------------------------------------------------------------------------------------------------------------------------- -------------------------------- ---------  
 SYS                                                               LOCKED              17-SEP-20  
 SQL>

Comments

Post a Comment

Popular posts from this blog

ORA-16433: The database or pluggable database must be opened in read/write

-
Image
ORA-16433 is an error returned when a database cannot be opened. This can be a result of multiple conditions including, The inconsistency of the database Physical corruption Loss of dependent files or access issues etc.. More often than not the solution is to recover from available backups, but there can be situations where backups are not available, specially on UAT or Test setups. Although not the ideal scenario, in this type of situation you might want to open the databases even with inconsistency.  In Comes --> _ALLOW_RESETLOGS_CORRUPTION First, if you are in a position to use _ALLOW_RESETLOGS_CORRUPTION=TRUE, that means it has to be a critical moment, and when you come across more ora- errors while you are trying to reopen the databsae, that can be annoying. Note - _ALLOW_RESETLOGS_CORRUPTION=TRUE must only be used after Oracle support confirmation as a last resort. Also make sure to take cold backup before proceeding. Basic steps to be followed to resolve ORA 16433 after
Read more

Oracle Multitenant - Create new service for PDB using DBMS_SERVICE

-
Image
When an Oracle PDB is created it starts up a default service with the PDB name. For direct connections to    PDB this service can be used. But there are situations where new service name is required in PDB level, common example is after a PDB restoration/clone, in order to enable application connections without changes in connection string. Setting service_names parameter in PDB level is not possible hence it is not an option in multitenant setup. How to create a new PDB service on Oracle 12C Check the current services, here only the default service is running, SQL> show pdbs; CON_ID CON_NAME OPEN MODE RESTRICTED ---------- ------------------------------ ---------- ---------- 3 NFACTORPDB READ WRITE NO SQL> select service_id, name, pdb from dba_Services; SERVICE_ID NAME PDB ---------- ---------------------------------------- ---------- 7 nfactorpdb NFACTORPDB SQL> Create
Read more

Wait for unread message on broadcast channel - Blocking Sessions

-
Image
What is Wait for unread message on broadcast channel wait event? Wait for unread message on broadcast channel is a wait event where source destination communication is involved and the database is waiting for a reply from remote party. Mostly this wait is seen related to data pump export (expdp) or import (impdp) operations. Although categorized in idle wait class "Wait for unread message on broadcast channel" can become the blocking session for some other sessions. Common causes for stuck sessions waiting on this wait event includes, Broken databases links, where remote database is not responding. Abnormally killed remote processes causing the sessions to wait. When a session is waiting on "Wait for unread message on broadcast channel" it can become a blocking session for dependent sessions. Most probably these sessions will be waiting on "library cache pin" or related concurrency wait events. The blocking_session column of (g)v$session view
Read more