适用范围 Oracle Database 12.2+ 问题概述 Oracle数据库日志每天23点报ORA-17503 ORA-27300 ORA-27301 ORA-27302 ORA-01017。 问题原因 数据库服务器上非oinstall组的用户连接数据库执行定时任务用户密码错误。 解决方案 在应用定时任务中修改正确用户密码。 分析过程 1、数据库日志
... 2026-01-20T23:00:00.+08:00 Errors in file/u01/app/oracle/diag/rdbms/xfdb/xfdb1/trace/xfdb1_ora_186547.trc: ORA-17503: ksfdopn:2 Failed to open file +DATADG/xfdb/PASSWORD/pwdxfdb ORA-27300: OS system dependent operation:open failed with status: 13 ORA-27301: OS failure message: Permission denied ORA-27302: failure occurred at: sskgmsmr_7 ORA-01017: invalid username/password; logon denied ...
从数据库日志中可以看到ORA-17503:ksfdopn:2 Failed to open file +DATADG/xfdb/PASSWORD/pwdxfdb打开ASM磁盘组中的密码文件失败,12.2之后密码文件可以自动同步到ADG备库,所以RAC环境密码文件建议放在共享存储中。ORA-27300:OS system dependent operation:open failed with status: 13 ,数据库在执行底层操作时被操作系统拒绝了,状态码 13 对应 Permission denied。这类问题多与文件权限、用户组配置或系统资源限制有关。ORA-27302: failure occurred at: sskgmsmr_7调用内部函数sskgmsmr_7出错。ORA-27300,ORA-27301,ORA-27302我们客户认为是同一类型的报错。ORA-01017是用户密码不正确。 2、trace日志
Trace file /u01/app/oracle/diag/rdbms/xfdb/xfdb1/trace/xfdb1_ora_186547.trc Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production Build label: RDBMS_12.2.0.1.0_AIX.PPC_170125.170330 ORACLE_HOME: /u01/app/oracle/product/12.2.0/db_1 System name: AIX Node name: xfdb01 Release: 1 Version: 7 Machine: 812c00 Instance name: xfdb1 Redo thread mounted by this instance: 1 Oracle process number: 71 Unix process pid: 286424, image: oracle@xfdb1 (TNS V1-V3) *** 2026-01-20T23:00:10.+08:00 (CDB$ROOT(1)) *** SESSION ID:(44.52374) 2026-01-20T23:00:10+08:00 *** CLIENT ID:() 2026-01-20T23:00:10.+08:00 *** SERVICE NAME:(SYS$USERS) 2026-01-20T23:00:10.+08:00 *** MODULE NAME:(ude@xfdb1 (TNS V1-V3)) 2026-01-20T23:00:10.+08:00 *** ACTION NAME:() 2026-01-20T23:00:10.+08:00 *** CLIENT DRIVER:() 2026-01-20T23:00:10.+08:00 *** CONTAINER ID:(1) 2026-01-20T23:00:10.+08:00 SUCCESS: retrieved DB password file location:+DATADG/xfdb/PASSWORD/pwdxfdb 2026-01-20 23:00:10 : [ GPNP][ GPNP]clsgpnpkwf_initwfloc: [at clsgpnpkwf.c:496] Result: (7) CLSGPNP_IO. (:GPNP01002:)Fatal: Cannot open neither PEER nor PRDR GPnP wallet. No more wallets to verify GPnP configuration (profile). Check GPnP configuration: wallet(s) either missing or do not have access privileges. statres: -8, Wallet home: /u01/12.2.0/grid/gpnp/xfdb1/wallets/ 2026-01-20 23:00:10 : [ GPNP][ GPNP]clsgpnpkwf_initwfloc: [at clsgpnpkwf.c:517] Result: (66) CLSGPNP_WALLET_NONE. (:GPNP01003:)Failed to find peer wallet dir in either OCR_CRS_HOME, or ORACLE_HOME locations. 2026-01-20 23:00:10 : [ GPNP][ GPNP]clsgpnp_InitCKProviders: [at clsgpnp0.c:5225] Result: (66) CLSGPNP_WALLET_NONE. (:GPNP00254:)Error initializing gpnp security key provider: file wallet (LSKP-FSW). 2026-01-20 23:00:10 : [ GPNP][ GPNP]clsgpnp_getCK: [at clsgpnp0.c:2879] (:GPNP00233:)Fatal error: failed to get local gpnp security keys (wallet). Gpnp profiles cannot be verified. ***LOCAL GPNP SETUP INVALID***.> 2026-01-20 23:00:10 : [ GPNP][ GPNP]clsgpnp_InitIdSetCtxCK: [at clsgpnp0.c:5612] Result: (66) CLSGPNP_WALLET_NONE. (:GPNP00267:)Cannot get stored certkey for id=1 2026-01-20 23:00:10 : [ GPNP][ GPNP]clsgpnp_Init: [at clsgpnp0.c:1063] Result: (66) CLSGPNP_WALLET_NONE. (:GPNP00211:)Error getting certkeys. 2026-01-20 23:00:10 : [ GPNP][ GPNP]clsgpnp_Init init failed. Error: CLSGPNP_ERR (1) . 2026-01-20 23:00:10 : [ default][ default](:CLSUG0001:)Failed to initialize clsgpnp context grv CLSGPNP_ERR (1). Return GPNP [12] 2026-01-20 23:00:10 : [ GPNP][ GPNP][at clsgpnp_dbms.c:263] (:GPNPD01786:)Failed to get gpnp global profile. Returned: GPNP (12) ORA-17503: ksfdopn:2 Failed to open file +DATADG/xfdb/PASSWORD/pwdxfdb ORA-27300: OS system dependent operation:open failed with status: 13 ORA-27301: OS failure message: Permission denied ORA-27302: failure occurred at: sskgmsmr_7 ORA-01017: invalid username/password; logon denied ...
trace文件中的信息与alert中ORA-类报错一致。trace中多了GPNP(grid plug and play)相关报错。gpnp组件是由gpnp wallet和gpnp profile组成; (:GPNP01002:)Fatal: Cannot open neither PEER nor PRDR GPnP wallet. No more wallets to verify GPnP configuration (profile). Check GPnP configuration: wallet(s) either missing or do not have access privileges. statres: -8信息也是和权限相关。gpnp wallet 的功能是保存需要访问 gpnp profile 文件的客户签名信息,当客户访问 gpnp profile 时通过 wallet 中的签名信息进行验证,以确保只有指定的客户能够访问profile文件。 3、检查定时任务
$crontab -l 0 23 * * * sh /home/hfxf/scripts/***.sh
定时任务是连接数据库后跑批的任务。脚本中用户密码不正确。 hfxf用户下23点定时任务。 4、验证定时任务用户登录
[hfxf@xfdb01~]$id uid=1002(hfxf) gid=1002(hfxf) groups=1002(hfxf) [hfxf@xfdb01~]$ $DB_HOME/bin/sqlplus Enter user-name: hfxf Enter password: ********* 输入一个错误的密码
通过应用用户输入错误密码验证,数据库日志和trace均报ORA-17503 ORA-27300 ORA-27301 ORA-27302 ORA-01017,场景复现。 【小结】1、数据库业务用户按照管理要求定期修改密码后,所有应用程序都应该同步修改;2、对于数据库服务器上定时任务要统计梳理,做好变更,下线等日常工作,防止遗漏造成生产问题。 -the end-
**MyBologs:**
https://www.myhfxf.com
https://www.xiaofeihuangfu.com
CSDN: https://blog.csdn.net/xfhuangfu
ITPUB: https://blog.itpub.net/28373936/
微信公众号:xfhuangfu
