Recovering from lost sys password using OS authentication on Unix.
#1. make sure that the OS user that is logged on is member of the dba group. If the dba group is not known, check the file:
$ORACLE_HOME/rdbms/lib/config.c (or config.s)
#2. make sure that the sqlnet.ora file does not contain the:
sqlnet.authentication_services
parameter. If this parameter exist, it should be commented.
#3. check the ORACLE_HOME, ORACLE_SID and PATH parameters. They must correspond to the parameters of the Oracle instance where the sys password has been lost.
If the instance is already started, use the note:
Note 373303.1 How to Check the Environment Variables for an Oracle Process
to determine the environment variables that were used when the instance was started.
#4. connect to the instance using:
sqlplus /nolog
connect / as sysdba
#5. change the sys password using:
alter user sys identified by
If a passwordfile is in use, the command would update the password file as well, so there is no need to recreate this file.
Recovering the lost sys password using passwordfile authentication on Unix
If the sys password is not known and the OS authentication is not an option, this method can be used. This method assumes that the sys account is not accessible, hence an abrupt shutdown for the database could be needed.
#1. make sure that the initialization parameter REMOTE_LOGIN_PASSWORDFILE is set to SHARED or EXCLUSIVE.
#2. disable OS authentication, if it is enabled for some reason, by setting:
sqlnet.authentication_services=(none)
in the sqlnet.ora file.
#3. go to the OS destination for the passwordfile:
cd $ORACLE_HOME/dbs
#4. make a backup of the previous passwordfile:
cp orapw
#5. recreate the passwordfile using the orapwd command:
orapwd file=orapw
#6. try to connect using the new password.
sqlplus /nolog
connect sys as sysdba
#7. as an additional check, if the above is successful, query:
select * from v$pwfile_users;
If it returns at least one line, then everything is ok and the new passwordfile is in use.
#8. change the sys password in the data dictionary using:
alter user sys identified by
Of course, the new password must match the new password of the passwordfile, if that password is to be kept, or it can be set to something else, if the initial password is to be changed. This command would update the passwordfile as well.
#9. if the test in step does not succeed, the instance must be restarted. It could be that, if no sysdba or sysoper access are possible, that the instance must be brought down abruptly, either by:
+ killing a background process
+ removing the shared memory resources using ipcrm
#10. after restarting the instance, check if the sys password is operational and if there is at least one entry in v$pwfile_users.
Recovering from lost sys password using NTS authentication on Windows
1. make sure that the OS user that is logged on is member of the ora_dba group.
#2. make sure that the sqlnet.ora file has the following line:
sqlnet.authentication_services = (nts)
#3. connect to the instance using:
sqlplus /nolog
connect / as sysdba
#4. change the sys password using:
alter user sys identified by
If a passwordfile is in use, the command would update the password file as well, so there is no need to recreate this file.
Recovering the lost sys password using passwordfile authentication on Windows
If the sys password is not known and the OS authentication is not an option, this method can be used. This method assumes that the sys account is not accessible, hence a shutdown for the database could be needed.
#1. make sure that the initialization parameter REMOTE_LOGIN_PASSWORDFILE is set to SHARED or EXCLUSIVE.
#2. disable OS authentication, if it is enabled for some reason, by setting:
sqlnet.authentication_services=(none)
in the sqlnet.ora file
#3. go to the OS destination for the passwordfile:
cd $ORACLE_HOME/database
#4. make a backup of the previous passwordfile:
cp pwd
#5. recreate the passwordfile using the orapwd command:
orapwd file=orapw
#6. try to connect using the new password.
sqlplus /nolog
connect sys as sysdba
#7. as an additional check, if the above is successful, query:
select * from v$pwfile_users;
If it returns at least one line, then everything is ok and the new passwordfile is in use.
#8. change the sys password in the data dictionary using:
alter user sys identified by
Of course, the new password must match the new password of the passwordfile, if that password is to be kept, or it can be set to something else, if the initial password is to be changed. This command would update the passwordfile as well.
#9. if the test in step does not succeed, the instance must be restarted. This can be done by restarting the service.
#10. after restarting the instance, check if the sys password is operational and if there is at least one entry in v$pwfile_users.