在Oracle 11g OCM考试中,有EM监控的创建管理,有意思的是,在创建过程中没有报错提示,但是创建完成后,从web端登陆的时候一直提示无效的用户名和密码,仔细排查发现创建的时候需要解锁sysman、 DBSNMP 账号并修改密码,否则EM创建完成后无法正常登陆。
创建EM监控的过程:
[oracle@enmoedu1 ~]$ emca -config dbcontrol db
STARTED EMCA at May 22, 2019 5:39:31 PM
EM Configuration Assistant, Version 11.2.0.3.0 Production
Copyright (c) 2003, 2011, Oracle. All rights reserved.
Enter the following information:
Database SID: PROD1
Listener port number: 1521
Listener ORACLE_HOME [ /u01/app/oracle/product/11.2.0/dbhome_1 ]:
Password for SYS user:
Password for DBSNMP user:
Password for SYSMAN user:
Email address for notifications (optional):
Outgoing Mail (SMTP) server for notifications (optional):
-----------------------------------------------------------------
You have specified the following settings
Database ORACLE_HOME ................ /u01/app/oracle/product/11.2.0/dbhome_1
Local hostname ................ enmoedu1.example.com
Listener ORACLE_HOME ................ /u01/app/oracle/product/11.2.0/dbhome_1
Listener port number ................ 1521
Database SID ................ PROD1
Email address for notifications ...............
Outgoing Mail (SMTP) server for notifications ...............
-----------------------------------------------------------------
----------------------------------------------------------------------
WARNING : While repository is dropped the database will be put in quiesce mode.
----------------------------------------------------------------------
Do you wish to continue? [yes(Y)/no(N)]: y
May 22, 2019 5:39:50 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/cfgtoollogs/emca/PROD1/emca_2019_05_22_17_39_31.log.
May 22, 2019 5:39:51 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Dropping the EM repository (this may take a while) ...
May 22, 2019 5:42:46 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully dropped
May 22, 2019 5:42:48 PM oracle.sysman.emcp.EMReposConfig createRepository
INFO: Creating the EM repository (this may take a while) ...
May 22, 2019 5:52:01 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully created
May 22, 2019 5:52:14 PM oracle.sysman.emcp.EMReposConfig uploadConfigDataToRepository
INFO: Uploading configuration data to EM repository (this may take a while) ...
May 22, 2019 5:52:57 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Uploaded configuration data successfully
May 22, 2019 5:53:00 PM oracle.sysman.emcp.util.DBControlUtil secureDBConsole
INFO: Securing Database Control (this may take a while) ...
May 22, 2019 5:53:07 PM oracle.sysman.emcp.util.DBControlUtil secureDBConsole
INFO: Database Control secured successfully.
May 22, 2019 5:53:07 PM oracle.sysman.emcp.util.DBControlUtil startOMS
INFO: Starting Database Control (this may take a while) ...
May 22, 2019 5:53:41 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: Database Control started successfully
May 22, 2019 5:53:41 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: >>>>>>>>>>> The Database Control URL is https://enmoedu1.example.com:1158/em <<<<<<<<<<<
May 22, 2019 5:53:43 PM oracle.sysman.emcp.EMDBPostConfig invoke
WARNING:
************************ WARNING ************************
Management Repository has been placed in secure mode wherein Enterprise Manager data will be encrypted. The encryption key has been placed in the file: /u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/config/emkey.ora. Ensure this file is backed up as the encrypted data will become unusable if this file is lost.
***********************************************************
Enterprise Manager configuration completed successfully
FINISHED EMCA at May 22, 2019 5:53:43 PM
[oracle@enmoedu1 ~]$
如果没有解锁和修改 SYSMAN的密码会有提示:
如果忽略sysman的账号解锁和密码修改,EM创建完成后将无法登陆,细心的网友会发现没有sys角色的选项:
问题处理方法:
根据EM创建完成的提示,EM的配置文件
在:/u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/config/
首先,停止当前的EM dbconsole,否则,修改无效;如果先修改sysman账户,再停EM,sysman会再次被锁:
[oracle@enmoedu1 config]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:29:38 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> alter user sysman account unlock;
User altered.
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@enmoedu1 config]$ sqlplus sysman/oracle@PROD1
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:34:59 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@enmoedu1 config]$
[oracle@enmoedu1 config]$ emctl stop dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
https://enmoedu1.example.com:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 11g Database Control ...
... Stopped.
[oracle@enmoedu1 config]$
[oracle@enmoedu1 config]$ sqlplus sysman/oracle@PROD1
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:35:41 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
ERROR:
ORA-28000: the account is locked
Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied
SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus
[oracle@enmoedu1 config]$
现在应该清楚,sysman账户被锁是因为EM启动和关闭,重试密码次数过多导致的。
正确重置EM账号SYSMAN的密码步骤:
1、关闭em dbconsole
[oracle@enmoedu1 config]$ emctl stop dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
https://enmoedu1.example.com:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 11g Database Control ...
... Stopped.
[oracle@enmoedu1 config]$
2、解锁sysman账号,修改sysman密码
[oracle@enmoedu1 config]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:29:38 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> alter user sysman identified by oracle;
User altered.
SQL>
SQL> alter user sysman account unlock;
User altered.
SQL> quit
3、修改EM配置文件中SYSMAN账号的密码信息:
[oracle@enmoedu1 config]$ pwd
/u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/config
[oracle@enmoedu1 config]$ ll
total 124
-rw-r----- 1 oracle oinstall 11348 May 22 17:53 b64InternetCertificate.txt
-rw-r----- 1 oracle oinstall 1456 May 22 17:53 b64LocalCertificate.txt
-rw-r----- 1 oracle oinstall 233 May 22 17:53 classpath.lst
-rw-r----- 1 oracle oinstall 2041 May 22 17:53 emagentlogging.properties
-rw-r----- 1 oracle oinstall 28782 May 22 17:53 emd.properties
-rw-r--r-- 1 oracle oinstall 28764 May 22 17:53 emd.properties.tzbak
-rw-r----- 1 oracle oinstall 166 May 22 17:53 emkey.ora
-rw-r----- 1 oracle oinstall 5103 May 22 17:53 emomsintg.xml
-rw-r----- 1 oracle oinstall 1410 May 22 17:53 emomslogging.properties
-rw-r--r-- 1 oracle oinstall 1802 May 23 08:36 emoms.properties
drwxr----- 2 oracle oinstall 4096 May 22 17:53 monwallet
-rw-r----- 1 oracle oinstall 4986 May 22 17:53 OUIinventories.add
drwxr----- 2 oracle oinstall 4096 May 22 17:53 server
[oracle@enmoedu1 config]$ cat emoms.properties
#Thu May 23 08:36:05 CST 2019
oracle.sysman.emSDK.svlt.ConsoleServerName=enmoedu1.example.com:1158_Management_Service
oracle.sysman.eml.mntr.emdRepPwd=oracle
emdrep.ping.pingCommand=/bin/ping -c 3 -w 30 <hostname>
em_oob_shutdown=false
LargeRepository=false
oracle.sysman.eml.mntr.emdRepPort=1521
oracle.sysman.eml.mntr.emdRepDBName=PROD1
EMD_URL=https://enmoedu1.example.com:3938/emd/main
em_email_address=%EM_EMAIL_ADDRESS%
oracle.sysman.eml.mntr.emdRepPwdSeed=7699394498072357303
oracle.sysman.emSDK.svlt.ConsoleMode=standalone
em_oob_crash=false
em.oms.dumpModules=omsThread,repos
oracle.sysman.emRep.dbConn.statementCacheSize=50
oracle.sysman.db.isqlplusUrl=http://enmoedu1.example.com:/isqlplus/dynamic
em_oob_startup=false
oracle.sysman.emSDK.svlt.ConsoleServerPort=1158
oracle.sysman.eml.mntr.emdRepRAC=FALSE
em_from_email_address=%EM_FROM_EMAIL_ADDRESS%
oracle.sysman.eml.mntr.emdRepPwdEncrypted=FALSE
oracle.sysman.db.isqlplusWebDBAUrl=http://enmoedu1.example.com:/isqlplus/dba/dynamic
oracle.sysman.emSDK.svlt.ConsoleServerHost=enmoedu1.example.com
oracle.sysman.eml.mntr.emdRepDBID=2082231315
oracle.sysman.emSDK.svlt.ConsoleServerHTTPSPort=1158
em_email_gateway=%EM_EMAIL_GATEWAY%
oracle.sysman.eml.mntr.emdRepServer=enmoedu1.example.com
oracle.sysman.eml.mntr.emdRepSID=PROD1
oracle.sysman.eml.mntr.emdRepConnectDescriptor=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=enmoedu1.example.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=PROD1)))
oracle.sysman.emSDK.sec.ReuseLogonPassword=true
em.security.xsrf_check_enabled=false
oracle.sysman.emkeyfile=/u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/config/emkey.ora
em.ip.ui.enable=true
oracle.sysman.eml.mntr.emdRepUser=SYSMAN
oracle.sysman.emSDK.svlt.PublicServletEnabled=true
[oracle@enmoedu1 config]$
4、重新启动EM dbconsole [oracle@enmoedu1 config]$ emctl start dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
https://enmoedu1.example.com:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 11g Database Control .... started.
------------------------------------------------------------------
Logs are generated in directory /u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/log
[oracle@enmoedu1 config]$
5、测试sysman是否被锁 [oracle@enmoedu1 config]$ sqlplus sysman/oracle@PROD1
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:35:28 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@enmoedu1 config]$
6、EM登陆测试,细心的网友会发现有sys角色的登陆可选项了
EM登陆成功!