ORA-28000: the account is locked-的解决办法

SQL>conn /as sysdba

Connected.

SQL> desc dba_profiles;
名称 是否为空? 类型
----------------------------------------- -------- --------------

PROFILE NOT NULL VARCHAR2(30)
RESOURCE_NAME NOT NULL VARCHAR2(32)
RESOURCE_TYPE VARCHAR2(8)
LIMIT VARCHAR2(40)

SQL> select resource_name,limit from dba_profiles where resource_name='FAILED_LOGIN_ATTEMPTS';

RESOURCE_NAME LIMIT
-------------------------------- ----------------------------------------
FAILED_LOGIN_ATTEMPTS 10

 

SQL> alter user yesusr account unlock;

User altered.

SQL> exit

 

 option 2:

ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS  UNLIMITED;


Cause is as belows

Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

yictepu:/home/oracle [yesinuat] $oerr ora 28000

28000, 00000, "the account is locked"

// *Cause:   The user has entered wrong password consequently for maximum

//           number of times specified by the user's profile parameter

//           FAILED_LOGIN_ATTEMPTS, or the DBA has locked the account

// *Action:  Wait for PASSWORD_LOCK_TIME or contact DBA

 

FAILED_LOGIN_ATTEMPTS is 10

 

如果是备库的话。可能需要重启备库实例。

 

 

### sample

thanks techgoeasy

How to solve ORA-28000 the account is locked

May 26, 2019 by techgoeasy Leave a Comment

 

We often come across the error ORA-28000 the account is locked

ORA-28000 the account is locked

Reasons

This can happen due to multiple reasons

a. Oracle DBA has purposely locked the account

 
alter user <username> account lock;

select status from dba_users where username='&1';

b. Wrong password has been attempted many times resulting in locking. The number of FAILED_LOGIN_ATTEMPTS  can be found using the below query

select profile from dba_users where username='&1';

select * from dba_profiles
where profile='&1' and resource_name='FAILED_LOGIN_ATTEMPTS';

We can also found where all failed login attempt happened by enabling auditing

audit session whenever not successful;

select OS_USERNAME,USERNAME,USERHOST,to_char(timestamp,'MM-DD-YYYY HH24:MI:SS'), returncode
from dba_audit_trail
where returncode > 0

 

Solution

Unlock the account using below command

alter user <username> account unlock;

Before executing above query  make sure reason for the error is sorted out.Otherwise again the error will happen.

Hope you like this post on ORA-28000 the account is locked and it will help in your day to day activities

Related Articles

ORA-01017: invalid username/password; logon denied Tips

How to login as user without changing the password in Oracle database

How to Create User in Oracle and Assign privileges

 

How to create Users and Roles in Oracle database 12c

 
 

Filed Under: OracleOracle Database

 

 

####HOW TO DELETE AUD$  sample

-- 取消所有已配置的审计项目

NOAUDIT ALL PRIVILEGES;

NOAUDIT ALL STATEMENTS;

NOAUDIT CREATE SESSION BY user1;

NOAUDIT CREATE SESSION BY dbDATA;

NOAUDIT CREATE SESSION BY dbOPR;

NOAUDIT PUBLIC SYNONYM;

NOAUDIT DATABASE LINK;

NOAUDIT ROLE;

NOAUDIT PROFILE;

NOAUDIT DIRECTORY;

NOAUDIT SYSTEM GRANT;

NOAUDIT EXEMPT ACCESS POLICY;

 

-- 确认已没有审计项目

select * from DBA_PRIV_AUDIT_OPTS;

select * from DBA_STMT_AUDIT_OPTS;

 

-- 删除已有的审计记录

CREATE TABLE backup_aud AS SELECT * from sys.aud$;

truncate table aud$;

 

-- 配置登录失败审计

audit create session by access whenever not successful;

audit connect by access whenever not successful;

audit insert table, delete table, update table by user1 by session whenever successful;

 

 

###sample  standby 碰到 ora-28000

 

感谢allappsdba/ora-28000-account-is-locked-in-standby

 

ORA-28000 “the account is locked” in the standby database

Scenario:
=======

The user attempts to logon and gets an error ORA-28000 “the account is locked” in the primary database which is configure with Dataguard.  The database administrator unlock this user’s account in the primary database.  Still, the user cannot connect to the standby, getting the same error ORA-28000 for the particular user, But the account status shows open in the standby.
 
In Standby :
=========
 
SYS@DOYEN > conn SARAVANA/saravana123123
ERROR:
ORA-28000: the account is locked
 
Warning: You are no longer connected to ORACLE.
 
SYS@DOYEN > select username,account_status from dba_users where username=’SARAVANA’;
 
USERNAME                                                                                   ACCOUNT_STATUS
—————————————————————————————— 
SARAVANA                                                                                               OPEN
 
 
SYS@DOYEN > @check_db
 
                                                                                                                 Remote
       DbId Name      Log Mode     Open Mode            Database Role    Created             Resetlogs           Archive
———– ——— ———— ——————– —————- ——————- ——————- ——–
  603299473 DOYEN   ARCHIVELOG   READ ONLY WITH APPLY PHYSICAL STANDBY 11/16/2013 20:16:17 07/22/2014 03:54:21 ENABLED



Solution :
=======


 This is because the standby is open read-only and cannot update any tables.  When a user’s account has to be locked on the standby database, it is locked only in memory there.


 

A privileged user (sysdba, the database administrator) must logon to the standby and unlock the account there.  A message ORA-28015 “Account unlocked, but the database is open for read-only access” confirms that the account is now unlocked in the standby database.  From then on, the user can logon to the standby database without getting any error.

 

SYS@DOYEN > ALTER USER SARAVANA ACCOUNT UNLOCK;
ALTER USER SARAVANA ACCOUNT UNLOCK
*
ERROR at line 1:
ORA-28015: Account unlocked, but the database is open for read-only access
 
SYS@DOYEN > conn SARAVANA/saravana123123
Connected.



Reference :
========
 
ORA-28000 “the account is locked” in the standby database, even after the account was unlocked in the primary. (Doc ID 1600401.1)
 
 
###sample  only pyhcical standby  report ora-28000
 


CIS-企业征信系统 ecis 58.2.101.144 异常 -1 2020-02-25-06-05-01


这个问题出在,user1 备库的账号及时解锁,也没办法登录: 返回的结果变成 ORA-28000


有异常的被DG 库
后继有问题可以用如下方法查询
每运行5次,就会出现问题,提示user1 被锁

以下脚本 连续登录五次触发问题ORA-28000: the account is locked。

perl check_oracle_dg 58.2.101.144 1528 aa user dd1234DBA

 


正常的dg 库没有这个问题:
perl check_oracle_dg 58.2.101.23 1528 dd user dd1234DBA

 

 

sqlplus user1/user1ecis11@58.2.101.144:1528/aa
ERROR:
ORA-28000: the account is locked

临时fix:
直接登录standby:

A privileged user (sysdba, the database administrator) must logon to the standby and unlock the account there. A message ORA-28015 “Account unlocked, but the database is open for read-only access” confirms that the account is now unlocked in the standby database. From then on, the user can logon to the standby database without getting any error.


SYS@DOYEN > ALTER USER user1 ACCOUNT UNLOCK;
ALTER USER SARAVANA ACCOUNT UNLOCK
*
ERROR at line 1:
ORA-28015: Account unlocked, but the database is open for read-only access

SYS@DOYEN > conn user1/user1ecis11
Connected.

 

永久fix: more info:
修改脚本
##change user user1 to dbmon, because two stadnby db meet ora-28000,

 

 

 
 
posted @ 2017-02-27 16:39  feiyun8616  阅读(1051)  评论(0编辑  收藏  举报