Home » RDBMS Server » Enterprise Manager » VNI-2015
VNI-2015 [message #67879] Fri, 21 June 2002 16:08 Go to next message
Milton
Messages: 6
Registered: May 2002
Junior Member
I am getting this error message when I try to backup my database. "VNI-2015:authentication error" I am logging into OEM as an administrator. Oracle 8.1.5 is running on an NT 4.0 machine. I have already setup the preferred credentials using the same ID/password as the OEM administrator. Please me solve this dilemma.

Thank you.
Re: VNI-2015 [message #67881 is a reply to message #67879] Sat, 22 June 2002 07:43 Go to previous message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Hi, VN-2015 error occurs becuase of mismatch of the required privilges
of the user. It all depends on the OS and type of USER.
for a unix/solaris based OEM configuration please refer to other posting
RE:VNI-2015
if the OS is MS-NT, please follow the procedure. for windows2000 the procedure
differs narrowly.
If you are a DOMAIN user then
CREATE/MODIFY AN NT DOMAIN USER
NOTE: Use this step if the Intelligent Agent is installed on an NT Domain Server
1. Open the NT User Manager tool:
	a. Click on Start => Programs => Administrative Tools => User Manager 
		for Domain
	b. Highlight an Administrator's account and copy it. 
	c. Type in a new username and password for the Intelligent Agent to 
		use. For example: magdba / magdba
	d. Verify the password.
   Verify that the only checked box is: Password never expires
   If a Domain account and a Local account exist with the same name, 
   the passwords must be identical 
   Passwords are case sensitive 
   The local account takes precedence 
   The Username should not contain an underscore or special character

2. Add "Logon as Batch Job" privilege:

   Domain users ARE supported but you MUST grant the DOMAIN user the 
   "log on as batch job" privilege on the machine where the agent is running. 
   It is NOT sufficient to grant this privilege on the Domain Controller 
   for the entire domain. 
   Connect as a local user who is a member of the groups 
   Domain Administrator and Administrators ONLY.
	a. Highlight the user that was just created. 
	b. Click on Policies => User Rights. 
	c. Click on the box next to Show advanced user rights. 
	d. Click on the drop down list (Rights) and choose LOGON AS A 
	   BATCH JOB. If any account has been granted this permission, the 
	   "Grant to" box will contain the name of that account. 
	e. Click on ADD. Verify the LIST NAMES FROM box 
	   contains the domain name. 
	f. Click on Show Users. Find the domain user account that was just 
	   created and Click ADD. This should move the account to the bottom of 
	   the Add Names box. Verify the name is correct and click OK. This will 
	   add the user to the Grant To: box. Then Click OK to close this dialog 
	   box. Close User Manager utility. 

NOTE: On a Primary Domain Controller (PDC), if the account that has 
"LOGON AS A BATCH JOB" privilege is not a member of the 
local Administrators group, you will also need to grant 
LOGON LOCALLY. This privilege is granted from the Policy window 
just like "LOGON AS A BATCH JOB". 


If you are a local NT user then
CREATE / MODIFY A LOCAL NT USER
 
1. Run User Manager. 
	a. Start => Programs => Administrative Tools => User Manager 
	   For Domains. 
	b. Verify that the title bar of the window (USER MANAGER - DOMAIN NAME.) 
	   looks like:
	       USER MANAGER - \ <machine name> 
NOTE: If it has domain name, click User>Select Domain...type in "\<server name>" 
(ie.\magpc) 
	c. Highlight on the Administrator's account and copy it. 
	d. Type in a new username and password for the Intelligent Agent to use. 
		For example: magdba / magdba
	e. Verify the only box checked is: "Password never expires". Click on ADD. 

NOTE: If a Domain account and a Local account exist with the same name on this domain, 
the passwords must be identical. Passwords are case sensitive. The local account takes precedence. 

2. Add "Logon as Batch Job" privilege:
	a. Highlight the user that was just created. 
	b. Click on Policies->User Rights. (From the MAIN MENU) Verify that 
	   Computer: has the local PC name. 
	c. Click on the box next to Show advanced user rights. 
	d. Click on the drop down list (Rights) and choose 
	   LOGON AS A BATCH JOB. If any account has been granted this permission, 
	   the "Grant to" box will contain the name of that account. 
	e. Click on ADD, Click on LIST NAMES FROM. Verify this name is the LOCAL 
	   server name and not the domain name. 
	f. Click on Show Users. Find the local user account that was just created 
	   and click ADD. This should move the account to the bottom of the Add 
	   Names box. Verify the name is correct and click OK. This will add the user
	   to the Grant To: box. Then Click OK to close the dialog box. Close User Manager utility. 

Once you are done with above, do the following
SET DIRECTORY AND EM LOGON PERMISSIONSM
1.  Verify the OS file system type (FAT or NTFS) 
	a. Click on START => PROGRAMS => WINDOWS NT EXPLORER. Highlight the 
	   ORACLE_HOME where the Agent is installed. Right click. Several tabs will 
	   appear on the screen. 
           If the tab on the right says SECURITY, then this drive is formatted as 
	   NTFS (Microsoft Windows NT Secure File System). This means that 
	   LOCAL FILE and DIRECTORY permissions exist on that system. 

	b. If the file system is NTFS, click on the SECURITY tab, then click 
	   on PERMISSIONS. 
        c. If "Everyone" is listed with "full control" this should be enough. 
	   To explicitly grant full control to a user:
		Click on ADD => Verify in the LIST NAMES FROM field that the correct
		name of the server is there (PDC/BDC/Stand alone Server). 
	d. Click on the SHOW USERS button. 
	e. Select the same account as was granted LOGON AS A BATCH JOB. 
	f. Click on ADD. 
	g. Change the TYPE OF ACCESS to FULL CONTROL. Click OK. 
	h. Click both check boxes on. Then click OK. This will grant full control 
	   of the %ORACLEHOME% subdirectories and files to the EM user attempting to 
	   logon locally to this box. 

2. LOGOFF the system

If these changes were just made to the same account that is logged onto NT currently, the user must logoff and then log back on. Otherwise the permissions will not change for that user until the next login. 

3. Verify the Intelligent Agent's startup account is the default SYSTEM:

Go to Control Panel / Services
Highlight the Oracle<OracleHome>Agent service
Click on the Startup button
"Log On As" must be set to the local NT SYSTEM Account (not another account)
Restart the Agent service
Previous Topic: Backup Management...
Next Topic: IA discovery
Goto Forum:
  


Current Time: Fri Mar 29 01:12:59 CDT 2024