As part of the password change policy, we have to change the password of sys user. This can be difficult at times if we do not do it correctly.
One of the scenario is as below:
- Database type: RAC two nodes on primary with one node dataguard
- Location of password file on primary: under ASM (+data/tst1ap/password/pwdtst1ap.8124.1248539452)
- Location of password file on DR: file system (/u01/app/oracle/product/22.214.171.124/dbs/orapwtst1ad1)
- Primary Nodes: rac01n01 and rac01n02
- DR Node: racdr01n01
- Primary database unique name: TST1AP
- DR database unique name: TST1AD
- New password unique name: P4ssworD
1. Check the name of the password file currently in use on primary side.
2. Create new password file.
-- racn01 as oracle srvctl config database -d TST1AP orapwd file='+DATA' dbuniquename=tst1ap entries=10 force=y ignorecase=y
-- racn01 as grid ASMCMD> pwcopy pwdtst1ap.459.475125462 /tmp/orapwtst1ap1 copying +data/TST1AP/PASSWORD/pwdtst1ap.459.475125462 -> /tmp/orapwtst1ap1 ASMCMD>
-- rac01n01 as grid -- Remove old passwordfile ASMCMD> rm +data/tst1ap/password/pwdtst1ap.8124.1248539452
3. Copy the new password file to DR.
-- rac01n01 as oracle srvctl config database -d TST1AP scp -p /tmp/orapwtst1ap1 racdr01n01:/u01/app/oracle/product/126.96.36.199/dbs/orapwtst1ad1 srvctl config database -d TST1AP
4. alter sys user on primary.
-- rac01n01 as oracle alter user sys identified by P4ssworD;
-- racdr01n01 as oracle $ srvctl config database -d TST1AD $ ls -lah /u01/app/oracle/product/188.8.131.52/dbs/orapwtst1ad1
5. grant sysdba to rman (or any other user which had sysdba access).
-- rac01n01 on Primary as oracle select * from v$pwfile_users; grant sysdba to rman; select * from v$pwfile_users;