Tuesday, October 18, 2016

Issue-with-applsys-and-apps-password

Issue-with-applsys-and-apps-password


We faced a major issue while upgrading from 11.2.0.4 to 12.1.0.2 .
at steps we were upgrading we need to apply a patch in downtime mode at application level.
As we are applying the patch.Suddenly patch got failed and Passwords not working for APPS and APPLSYS.

This was a nightmare to fix the issue.
Taken help from Oracle . Metalinks docs but nothing information .I was getting .

Note:-
Always take backup of save point before apply any patch.

Found a good article on net 
http://www.innovateitindia.com/issue-with-applsys-and-apps-password/

Followed the steps .
----------------------
Issue 1:
As you know that apps and applsys password should be in synch and should be changed using FNDCPASS.
There can be situation where a novice user changes applsys password from the backend database. In that case when you try to start the services it will show following error
APP-FND-01496: Cannot access application ORACLE password
Cause: Application Object Library was unable access your ORACLE password.
You can even reproduce this issue (ofcourse after taking the backup of FND_USER and FND_ORACLE_USERID table) using the following steps
1. Use the ALTER USER command to change the APPLSYS password
2. Try to run the adstrall.sh script to start Apps services.
3. You will get an error “Cannot complete applications logon. You may have entered an invalid applications password, or there may have been a database connect error.”
4. Then try FNDCPASS to fix password and you will get the error the APP-FND-01496 error.
If this situation happens then you cannot access the application. Infact the services even wont start.
Resolution to such problem is to rollback the 2 tables FND_USER and FND_ORACLE_USERID. Once you rollback the tables, apps and applsys passwords will be in synch and password will be older one. You can then run FNDCPASS and change the password.
Issue 2:
Some times when you run FNDCPASS, you get following error
APP-FND-01502: Cannot encrypt application ORACLE password
Cause: Application Object Library was unable encrypt your ORACLE password.
Action: Contact your support representative. (ORACLEUSER=APPS_SERV)
The error comes because the table fnd_oracle_userid contain rows for schemas that does not exist. Those rows must be deleted from the table.
Use the following query to get the details of the schema that doest not exists
select * from fnd_oracle_userid
where oracle_username not in
(select username from all_users);
The rows returned by this query can be deleted from FND_ORACLE_USERID table. This will resolve this issue.
Issue 3:
There can be situation where users has update APPLSYS password using ALTER command in database directly and also you dont have backup of those tables. Under such situation, it is very difficult to recover the application and make it working. Still following methodology is proposed which might help you to restore the password back and make your application work fine.
For this to work you should have some other application (may be debug or UAT) which is having the same passwords or default passwords for schemas. If you have such application the following the below steps in the application which is affected by password mismatch.
This method is for resetting apps and applsys passwords. Below are the SQL statements that will help you reset the APPS and APPLSYS passwords to APPS, the APPLSYSPUB password to PUB, and the SYSADMIN password to SYSADMIN.
WARNING: This procedure will cause all user passwords to become invalid. ALL users passwords will need to be reset through the sysadmin responsibility.
Step 1) Reset the Oracle User IDs
Open a SQL*Plus as SYSTEM and reset the passwords for the APPS, APPLSYS, and the APPLSYSPUB Oracle user ID:
ALTER USER apps IDENTIFIED BY apps;
ALTER USER applsys IDENTIFIED BY apps;
ALTER USER applsyspub IDENTIFIED BY pub;
Step 2) Backup the FND_ORACLE_USERID and FND_USER tables (even though these tables are right now corrupted, do take a backup. You can restore the same when ever you want).
Open a SQL*Plus session as APPLSYS and backup the tables:
create table FND_ORACLE_USERID_BAK as (select * from FND_ORACLE_USERID);
create table FND_USER_BAK as (select * from FND_USER);
Step 3) Reset the APPS and APPLSYS application encrypted passwords
Open a SQL*Plus session as APPLSYS and update the FND_ORACLE_USERID table.
update FND_ORACLE_USERID
set ENCRYPTED_ORACLE_PASSWORD = ‘ZGA34EA20B5C4C9726CC95AA9D49EA4DBA8EDB705CB7673E645EED570D5447161491D78D444554655B87486EF537ED9843C8′
where ORACLE_USERNAME in (‘APPS’, ‘APPLSYS’);
commit;
This encrypted string we are updating is the default encrypted string for apps. So if your application is having apps password the encrypted string will look like this. We are updating this encrypted string here directly.
Verify the table update:
select ENCRYPTED_ORACLE_PASSWORD
from FND_ORACLE_USERID
where ORACLE_USERNAME IN (‘APPS’, ‘APPLSYS’);
Step 4) Reset the APPLSYSPUB application encrypted password
Open a SQL*Plus session as APPLSYS and update the FND_ORACLE_USERID table.
update FND_ORACLE_USERID
set ENCRYPTED_ORACLE_PASSWORD = ‘ZG31EC3DD2BD7FB8AD2628CE87DDDF148C1D2F248BE88BE987FDF82830228A88EF44BC78BC7A9FAD4BFB8F09DAD49DF7280E’
where ORACLE_USERNAME = (‘APPLSYSPUB’);
commit;
The above encrypted string is the encrypted string for password pub. If your applsyspub password is pub then the encrypted string in FND_ORACLE_USERID will look like this.
Verify the table update:
select ENCRYPTED_ORACLE_PASSWORD
from FND_ORACLE_USERID
where ORACLE_USERNAME = ‘APPLSYSPUB’;
Once these updates are done, try your luck by running FNDCPASS and it should work fine.
References
Metalink note ID 445153.1
Metalink note ID 429244

No comments: