CNDBA社区
Oracle 11.2.0.4 的Data Guard 环境,主库用户被锁,解锁后,备库用户还是锁定状态,无法登陆。
在MOS上有几篇这个错误的描述。
该问题的2个方法如下:
1.主库解锁用户,手工切换归档,检查DG同步情况。
2.重启备库实例。
官方对该问题的描述:
Note 1600401.1: ORA-28000 "the account is locked" in the standby database, even after the account was unlocked in the primary
Noticed one user account was locked in primary and its Active Data Guard instances. It was fine Primary Database after unlocking the User, but at the Active Data Guard Standby Database, it was showing ORA-28000 that the account is still locked. Followed
Note 1600401.1: ORA-28000 "the account is locked" in the standby database, even after the account was unlocked in the primary
but it is still unlocked and user can not connect to standby database. Here is log:
SQL> select name,database_role , open_mode from v$database ;
NAME DATABASE_ROLE OPEN_MODE
--------- ---------------- --------------------
ELFVRFI1 PHYSICAL STANDBY READ ONLY
SQL> select username,account_status from dba_users where username = 'A472033';
USERNAME ACCOUNT_STATUS
------------------------------ --------------------------------
A472033 LOCKED(TIMED)
SQL> alter user A472033 account unlock ;
SQL> alter user A472033 account unlock
*
ERROR at line 1:
ORA-28015: Account unlocked, but the database is open for read-only access
CAUSE
This issue is detailed in
Bug 16345308: LOGGING INTO ADG STANDBY GETS ORA-28000: THE ACCOUT IS LOCKED. AND IS NOT
It is not a bug, but a limitation of an Active Data Guard READ ONLY Database
SOLUTION
Regardless of how the account becomes locked once locked it will stay locked in the Active Data Guard standby that is open read only.
You may have an account profile that sets how many times an incorrect password can be used before the account is locked.
In this case the standby instance needs to be restarted to reflect the correct status of the account again in the primary.
Or the profile may lock the account after it times out depending on the settings.
You can then unlock the account in the primary and the data dictionary is updated, but that which locks the account in memory is not.
So again you must restart the ADG standby. This is not a bug it is a limitation of a read only standby database.
The issues with applications that have Identity in the database and applications that have Identity in the front end app.
The later is not a problem for this issues. With Identity in the database it can be.
Per this note Bug 17732353 - ORA-28000 "the account is locked" attempting to log in as a remote SYSDBA user if SYS account is locked (Doc ID 17732353.8)
it is fixed in 12.1 and 12.2
版权声明:本文为博主原创文章,未经博主允许不得转载。
