Technical Note: ORA-28017: The password file is in the legacy format


When I tried to change the password for SYS, I got an ORA-28017 error message. This was caused by a manual DB upgrade to 12C without upgrading the password file as well.

Problem Description

The way I encountered this error was when I was unable to logon remotely to a database instance with SYS AS SYSDBA. I tried to change the password directly using a bequeath connection and got the following error:

SQL> alter user sys identified by "****************";
alter user sys identified by "****************"
*
ERROR at line 1:
ORA-28017: The password file is in the legacy format.

Error Description

The Oracle error lookup tool, oerr ora 28017, shows:

28017, 00000, "The password file is in the legacy format."
// *Cause:    There are multiple possibilities for the cause of the error:
//
//              * An attempt was made to grant SYSBACKUP, SYSDG or SYSKM.
//              * These administrative privileges could not be granted unless
//                the password file used a newer format ("12" or higher).
//              * An attempt was made to grant a privilege to a user who
//                has a large password hash which cannot be stored in
//                the password file unless the password file uses a newer
//                format ("12" or higher).
//              * An attempt was made to grant or revoke a common administrative
//                privilege in a CDB
// *Action:   Regenerate the password file in the newer format ("12" or higher).
//            Use the newer password file format ("12" or higher) if you need to
//            grant a user the SYSBACKUP, SYSDG or SYSKM administrative
//            privileges, or if you need to grant a privilege to a user
//            who has a large password hash value.
//

Investigation

I found the following Oracle Support document:

As advised in Doc ID 2112456.1, I used the following command to examine the password file:

orapwd describe file=${ORACLE_HOME}/dbs/orapw${ORACLE_SID}

The result was:

Password file Description : format=LEGACY ignorecase=N

Remediation

Instead of migrating the password, I just overwrote it with desired password values:

orapwd file=${ORACLE_HOME}/dbs/orapw${ORACLE_SID} force=

I verified the result as follows:

orapwd describe file=${ORACLE_HOME}/dbs/orapw${ORACLE_SID}

The result was:

Password file Description : format=12 ignorecase=N

Note

This problem only affects databases with compatible=’12.1.0′ or higher. Leaving the compatible parameter at 11.2 does not cause a problem with the password file.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s