在ORACLE 11G OCM考試中,有EM監控的創建管理,有意思的是,在創建過程中沒有報錯提示,但是創建完成後,
從web端登陸的時候一直提示無效的用戶名和密碼,仔細排查發現創建的時候需要解鎖sysman、DBSNMP 賬號並修改密
碼,否則EM創建完成後無法正常登陸。
創建EM監控的過程:
[oracle@enmoedu1 ~]$ emca -config dbcontrol db
STARTED EMCA at May 22, 2019 5:39:31 PM
EM Configuration Assistant, Version 11.2.0.3.0 Production
Copyright (c) 2003, 2011, Oracle. All rights reserved.
Enter the following information:
Database SID: PROD1
Listener port number: 1521
Listener ORACLE_HOME [ /u01/app/oracle/product/11.2.0/dbhome_1 ]:
Password for SYS user:
Password for DBSNMP user:
Password for SYSMAN user:
Email address for notifications (optional):
Outgoing Mail (SMTP) server for notifications (optional):
-----------------------------------------------------------------
You have specified the following settings
Database ORACLE_HOME ................ /u01/app/oracle/product/11.2.0/dbhome_1
Local hostname ................ enmoedu1.example.com
Listener ORACLE_HOME ................ /u01/app/oracle/product/11.2.0/dbhome_1
Listener port number ................ 1521
Database SID ................ PROD1
Email address for notifications ...............
Outgoing Mail (SMTP) server for notifications ...............
-----------------------------------------------------------------
----------------------------------------------------------------------
WARNING : While repository is dropped the database will be put in quiesce mode.
----------------------------------------------------------------------
Do you wish to continue? [yes(Y)/no(N)]: y
May 22, 2019 5:39:50 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/cfgtoollogs/emca/PROD1/emca_2019_05_22_17_39_31.log.
May 22, 2019 5:39:51 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Dropping the EM repository (this may take a while) ...
May 22, 2019 5:42:46 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully dropped
May 22, 2019 5:42:48 PM oracle.sysman.emcp.EMReposConfig createRepository
INFO: Creating the EM repository (this may take a while) ...
May 22, 2019 5:52:01 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully created
May 22, 2019 5:52:14 PM oracle.sysman.emcp.EMReposConfig uploadConfigDataToRepository
INFO: Uploading configuration data to EM repository (this may take a while) ...
May 22, 2019 5:52:57 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Uploaded configuration data successfully
May 22, 2019 5:53:00 PM oracle.sysman.emcp.util.DBControlUtil secureDBConsole
INFO: Securing Database Control (this may take a while) ...
May 22, 2019 5:53:07 PM oracle.sysman.emcp.util.DBControlUtil secureDBConsole
INFO: Database Control secured successfully.
May 22, 2019 5:53:07 PM oracle.sysman.emcp.util.DBControlUtil startOMS
INFO: Starting Database Control (this may take a while) ...
May 22, 2019 5:53:41 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: Database Control started successfully
May 22, 2019 5:53:41 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: >>>>>>>>>>> The Database Control URL is https://enmoedu1.example.com:1158/em <<<<<<<<<<<
May 22, 2019 5:53:43 PM oracle.sysman.emcp.EMDBPostConfig invoke
WARNING:
************************ WARNING ************************
Management Repository has been placed in secure mode wherein Enterprise Manager data will be encrypted. The encryption key has been placed in the file: /u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/config/emkey.ora. Ensure this file is backed up as the encrypted data will become unusable if this file is lost.
***********************************************************
Enterprise Manager configuration completed successfully
FINISHED EMCA at May 22, 2019 5:53:43 PM
[oracle@enmoedu1 ~]$
如果沒有解鎖和修改SYSMAN的密碼會有提示:
如果忽略sysman的賬號解鎖和密碼修改,EM創建完成後將無法登陸,細心的網友會發現沒有sys角色的選項:
問題處理方法:
根據EM創建完成的提示,EM的配置文件
在:/u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/config/
首先,停止當前的EM dbconsole,否則,修改無效;如果先修改sysman賬戶,再停EM,sysman會再次被鎖:
[oracle@enmoedu1 config]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:29:38 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> alter user sysman account unlock;
User altered.
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@enmoedu1 config]$ sqlplus sysman/oracle@PROD1
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:34:59 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@enmoedu1 config]$
[oracle@enmoedu1 config]$ emctl stop dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
https://enmoedu1.example.com:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 11g Database Control ...
... Stopped.
[oracle@enmoedu1 config]$
[oracle@enmoedu1 config]$ sqlplus sysman/oracle@PROD1
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:35:41 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
ERROR:
ORA-28000: the account is locked
Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied
SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus
[oracle@enmoedu1 config]$
現在應該清楚,sysman賬戶被鎖是因爲EM啓動和關閉,重試密碼次數過多導致的。
正確重置EM賬號SYSMAN的密碼步驟:
1、關閉em dbconsole
[oracle@enmoedu1 config]$ emctl stop dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
https://enmoedu1.example.com:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 11g Database Control ...
... Stopped.
[oracle@enmoedu1 config]$
2、解鎖sysman賬號,修改sysman密碼
[oracle@enmoedu1 config]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:29:38 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> alter user sysman identified by oracle;
User altered.
SQL>
SQL> alter user sysman account unlock;
User altered.
SQL> quit
3、修改EM配置文件中SYSMAN賬號的密碼信息:
[oracle@enmoedu1 config]$ pwd
/u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/config
[oracle@enmoedu1 config]$ ll
total 124
-rw-r----- 1 oracle oinstall 11348 May 22 17:53 b64InternetCertificate.txt
-rw-r----- 1 oracle oinstall 1456 May 22 17:53 b64LocalCertificate.txt
-rw-r----- 1 oracle oinstall 233 May 22 17:53 classpath.lst
-rw-r----- 1 oracle oinstall 2041 May 22 17:53 emagentlogging.properties
-rw-r----- 1 oracle oinstall 28782 May 22 17:53 emd.properties
-rw-r--r-- 1 oracle oinstall 28764 May 22 17:53 emd.properties.tzbak
-rw-r----- 1 oracle oinstall 166 May 22 17:53 emkey.ora
-rw-r----- 1 oracle oinstall 5103 May 22 17:53 emomsintg.xml
-rw-r----- 1 oracle oinstall 1410 May 22 17:53 emomslogging.properties
-rw-r--r-- 1 oracle oinstall 1802 May 23 08:36 emoms.properties
drwxr----- 2 oracle oinstall 4096 May 22 17:53 monwallet
-rw-r----- 1 oracle oinstall 4986 May 22 17:53 OUIinventories.add
drwxr----- 2 oracle oinstall 4096 May 22 17:53 server
[oracle@enmoedu1 config]$ cat emoms.properties
#Thu May 23 08:36:05 CST 2019
oracle.sysman.emSDK.svlt.ConsoleServerName=enmoedu1.example.com\:1158_Management_Service
oracle.sysman.eml.mntr.emdRepPwd=oracle
emdrep.ping.pingCommand=/bin/ping -c 3 -w 30 <hostname>
em_oob_shutdown=false
LargeRepository=false
oracle.sysman.eml.mntr.emdRepPort=1521
oracle.sysman.eml.mntr.emdRepDBName=PROD1
EMD_URL=https\://enmoedu1.example.com\:3938/emd/main
em_email_address=%EM_EMAIL_ADDRESS%
oracle.sysman.eml.mntr.emdRepPwdSeed=7699394498072357303
oracle.sysman.emSDK.svlt.ConsoleMode=standalone
em_oob_crash=false
em.oms.dumpModules=omsThread,repos
oracle.sysman.emRep.dbConn.statementCacheSize=50
oracle.sysman.db.isqlplusUrl=http\://enmoedu1.example.com\:/isqlplus/dynamic
em_oob_startup=false
oracle.sysman.emSDK.svlt.ConsoleServerPort=1158
oracle.sysman.eml.mntr.emdRepRAC=FALSE
em_from_email_address=%EM_FROM_EMAIL_ADDRESS%
oracle.sysman.eml.mntr.emdRepPwdEncrypted=FALSE
oracle.sysman.db.isqlplusWebDBAUrl=http\://enmoedu1.example.com\:/isqlplus/dba/dynamic
oracle.sysman.emSDK.svlt.ConsoleServerHost=enmoedu1.example.com
oracle.sysman.eml.mntr.emdRepDBID=2082231315
oracle.sysman.emSDK.svlt.ConsoleServerHTTPSPort=1158
em_email_gateway=%EM_EMAIL_GATEWAY%
oracle.sysman.eml.mntr.emdRepServer=enmoedu1.example.com
oracle.sysman.eml.mntr.emdRepSID=PROD1
oracle.sysman.eml.mntr.emdRepConnectDescriptor=(DESCRIPTION\=(ADDRESS_LIST\=(ADDRESS\=(PROTOCOL\=TCP)(HOST\=enmoedu1.example.com)(PORT\=1521)))(CONNECT_DATA\=(SERVICE_NAME\=PROD1)))
oracle.sysman.emSDK.sec.ReuseLogonPassword=true
em.security.xsrf_check_enabled=false
oracle.sysman.emkeyfile=/u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/config/emkey.ora
em.ip.ui.enable=true
oracle.sysman.eml.mntr.emdRepUser=SYSMAN
oracle.sysman.emSDK.svlt.PublicServletEnabled=true
[oracle@enmoedu1 config]$
4、重新啓動EM dbconsole[oracle@enmoedu1 config]$ emctl start dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
https://enmoedu1.example.com:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 11g Database Control .... started.
------------------------------------------------------------------
Logs are generated in directory /u01/app/oracle/product/11.2.0/dbhome_1/enmoedu1.example.com_PROD1/sysman/log
[oracle@enmoedu1 config]$
5、測試sysman是否被鎖[oracle@enmoedu1 config]$ sqlplus sysman/oracle@PROD1
SQL*Plus: Release 11.2.0.3.0 Production on Thu May 23 08:35:28 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@enmoedu1 config]$
6、EM登陸測試,細心的網友會發現有sys角色的登陸可選項了
EM登陸成功!