重庆思庄Oracle、Redhat认证学习论坛

标题: EM 由于认证失败导致登录失败 [打印本页]
作者: 郑全    时间: 2019-9-21 15:53
标题: EM 由于认证失败导致登录失败
本帖最后由 郑全 于 2022-9-29 09:32 编辑

Applies to:  
Enterprise Manager Base Platform - Version 12.1.0.5.0 and later

Information in this document applies to any platform.


Symptoms


Cannot login to EM with SYSMAN etc. accounts.
The EM Console login errors with:


User Name: sysman
Password: xxxxx

Authentication failed. If problem persists, contact your system administrator.

Using EMCLI we get:
./emcli login -username=sysman -password=xxxxxxx
Error: Login failed


File = emoms.trc in DEBUG shows:

2019-09-05 13:44:57,281 [[ACTIVE] ExecuteThread: '76' for queue: 'weblogic.kernel.Default (self-tuning)'] INFO auth.EMRepLoginFilter doFilter.276 - RepLoginFilter Entry. Request URI = /em [isEMCLI = false] [req.remoteUser = SYSMAN] [header.Proxy-Remote-User = null] [req.userPrincipal = SYSMAN]
2019-09-05 13:44:57,282 [[ACTIVE] ExecuteThread: '76' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG auth.EMLoginService isReposUser.378 - Determining if user is repos user? :Subject:
Principal: SYSMAN
Principal: EMUSER
Principal: EMREPOSUSER
Principal: EMBIPAdministrators
Principal: Administrators

2019-09-05 13:44:57,297 [[ACTIVE] ExecuteThread: '76' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG conn.FGAConnection _setConnContext.362 - connection obj=1732154369 trueUserName=SYSMAN operation=1 emKey is NULL =false auditSessionGuid=null auditSessionGuidType=null
2019-09-05 13:44:57,416 [[ACTIVE] ExecuteThread: '76' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG auth.EMLoginService _performLogin.1266 - Error
java.sql.SQLException: ORA-14400: inserted partition key does not map to any partition
ORA-06512: at "SYSMAN.MGMT_AUDIT", line 919
ORA-06512: at "SYSMAN.MGMT_AUDIT", line 417
ORA-06512: at "SYSMAN.EM_USER_MODEL_UI", line 1683
ORA-06512: at line 1

2019-09-05 13:44:57,421 [[ACTIVE] ExecuteThread: '76' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG conn.FGAConnection fgaClose.320 - Connection object closed: 1585085884
2019-09-05 13:44:57,423 [[ACTIVE] ExecuteThread: '76' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG auth.EMLoginService _performLogin.1283 - Exit: Fail
2019-09-05 13:44:57,424 [[ACTIVE] ExecuteThread: '76' for queue: 'weblogic.kernel.Default (self-tuning)'] WARN auth.EMRepLoginFilter doFilter.454 - InvalidEMUserException caught in EMRepLoginFilter: Failed to login using repository authentication for user: SYSMAN
oracle.sysman.emSDK.sec.auth.InvalidEMUserException: Failed to login using repository authentication for user: SYSMAN

THINGS CHECKED:
A)
SYSMAN password Working with:
-SQLPLUS connection with SYSMAN is working with repository connect string (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=<HOST>)(PORT=1521)))(LOAD_BALANCE=ON)(CONNECT_DATA=(SERVICE_NAME=EMREP)))
-EMCTL accepts the SYSMAN password for command that require it such as "emctl status oms -details"

No password changes were done before the login issue started to happen.

B)
Also ruled out:
Doc ID 1493151.1: EM 12c, EM 13c: Login to Enterprise Manager Cloud Control with the Correct Password Fails with Error: Authentication failed.



Changes



Cause

Audit partitions were not existing or created.
This can sometimes happen if DB templates were used.

The Dependency on the audit partitions and this same error discussed in the following internal bug:
BUG 18307758 - AUDIT PARTITIONS NOT CREATED ON EM INSTALL, WHEN DB TEMPLATE IS USED

Solution

Connect to repository database via SQLPLUS with the SYSMAN account and then run the following commands:

exec gc_interval_partition_mgr.partition_maintenance;
exec mgmt_audit_admin.add_audit_partition;
commit;

Afterwards retest the login.
作者: 郑全    时间: 2020-2-22 13:24
这个增加的分区可以通过以下语句查询 :


select table_name,partition_name,partition_position from dba_tab_partitions
where table_owner='SYSMAN' and TABLE_NAME='MGMT_AUDIT_LOGS'



欢迎光临 重庆思庄Oracle、Redhat认证学习论坛 (http://bbs.cqsztech.com/) Powered by Discuz! X3.2