Advanced Authentication start up fails with ORA-01017
search cancel

Advanced Authentication start up fails with ORA-01017


Article ID: 134015


Updated On:


CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Risk Authentication CA Advanced Authentication


On start up, CA Strong Authentication requires that the connectivity to the database using a DB username and DB password PLUS a DSN (DB Data Source Name) and DSN Password is possible. If the username and password provided for this connectivity is not correct then start up of CA Strong Authentication will not complete. The DB and DSN username and password that are presented to the back end database are stored in a encrypted file called securestore.enc.  The securestore.enc is created post the CA Strong Authentication installer is run. It can be found in location <ARCOT_HOME>\conf directory. The securestore.enc can be updated using  utility called DBUTIL (discussed in the resolution section below) 

In the arcotwebfortstartup.log file the start up error is shown as below in bold: (in this failing example the DB DSN is "ARCOTDSN" and DB User Name is "ARCOTUSER") 

Error initializing primary DB [ARCOTDSN] for user [ARCOTUSER]. Error [SQL State:28000, Native code: 3F9, ODBC code: [AA] [ODBC Oracle Wire protocol driver] [Oracle] ORA-01017: invalid username/password; logon denied]


Release :

Component : AuthMinder(Arcot WebFort)


The issue occurs because the DSN credentials  and/or DB User credentials to connect to the back end Database are incorrect in the securestore.enc file.


To correct the entries in the encrypted securestore.enc, a utility called DBUTIL is provided in location <ARCOT_HOME>/tools,  please navigate to this directory and use the following commands to store the correct DSN and DB password in the securestore.enc. 

At the command prompt, please go to <ARCOT_HOME>/tools directory. Run the following commands. The commands #1 and #2, delete the existing DSN and DB Username entries. The command #3 and #4 insert the corrected  pairs (DSN + DSN Password and DB Username + DB Password) into the securestore.enc.

Command #1  -  dbutil -pd <DBUSERNAME>   

Command #2  - dbutil -pd <DSNNAME>

Command #3 -  dbutil -pi <DSNNAME> <DBPASSWORD>

Command #4 - dbutil -pi <DBUSERNAME> <DBPASSWORD>

For more reference please visit the following -  ""

Additional Information