When working with Oracle RMAN (Recovery Manager), you may encounter frustrating errors while setting up or restoring an auxiliary database—especially during duplicate or standby database creation.
One common scenario is:
RMAN-04006: error from auxiliary database:
ORA-01017: invalid username/password; logon deniedAt first glance, this looks like a credential issue (wrong username or password). But in many cases, the real problem is not the credentials—instead, it’s related to how Oracle connects to the auxiliary database through tnsnames.ora.
Why This Happens
During an RMAN duplicate or Data Guard setup, RMAN tries to connect to the auxiliary instance using the TNS entry.
If the (UR=A) (Use for Recovery = Always) parameter is missing in the connection string, Oracle fails to properly establish the connection for recovery operations, which triggers the misleading ORA-01017 invalid username/password error.
The Solution
To fix this, you need to modify your tnsnames.ora entries and include (UR=A) under CONNECT_DATA.
Example
Prim =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST =primhost.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME =prim)
(UR = A) -- << Important!
)
)
Standby =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = standbyhost.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME =standby)
(UR = A) -- << Important!
)
)