ADADMIN, FNDCPASS NOT WORKING,ERP IS NOT OPENING

Issue - ERP is not opening and giving 500 Internal Server Error, adadmin, FNDCPASS not working
because of password corruption, autoconfig not completing successfully, Connecting to
database with apps and applsys, but not able to work on adutiliites

Sequence followed

1. As ERP is not opening and showing internal error, checked error and access log files of Apache and
opmn error log files, application.log files.

2. Compiled Jsps manually, Thinking java classes have been corrupt

3. Made some changes in configuration files to collect debug information, a we have not found any
thing in log files from application, access, error and opmn and ran autoconfig, autoconfig did not
completed successfully. Checked autoconfig log files

4. Made aolj.test

5. Tried to disable maintainence mode, but adadmin is not working and throwing error

AD Administration error:
DCPW null for "APPLSYS" [0]

AD Administration error:
Failed getting PDI list for product 'fnd'

AD Administration error:
aipspv(): Error setting up PDI list for upgrade

6. Tried to change password of apps and applsys through FNDCPASS, but it also showed error

FNDCPASS was not able to decrypt password for user 'ANONYMOUS' during applsys password
change.
FNDCPASS was not able to decrypt password for user 'AUTOINSTALL' during applsys password
change.
FNDCPASS was not able to decrypt password for user 'CONCURRENT MANAGER' during applsys
password change.
FNDCPASS was not able to decrypt password for user 'GUEST' during applsys password change.
......
......
FNDCPASS was not able to decrypt password for user 'ODM' during applsys password change.
FNDCPASS was not able to decrypt password for user 'APPS' during applsys password change.
FNDCPASS was not able to decrypt password for user 'APPLSYS' during applsys password change.

---------------------------------------------------------------------------
Concurrent request completed successfully

Referred -
Changing APPS Password Using FNDCPASS Gives 'not able to decrypt password' Message [ID
733427.1]
Tried To Change Apps Password And A "Not Able To Decrypt" Message Came Up [ID 459601.1]
FNDCPASS Was Not Able To Decrypt Password For Applsyspub When Changing Apps Password [ID
454299.1]
Solution -

1. Clear all credentials

2. Re - establish basic accounts for runtime :
SYS,SYSTEM,APPLSYSPUB,APPLSYS,APPS + GUEST,SYSADMIN
3.Prepare scripts for setting additional passwords
4.Assign new passwords to all database users not managed with EBS
5. Assign new passwords to all database users managed with EBS
6. Change applsyspub password to pub
7. Additional steps

All application tier processes must be stopped during this procedure.

Steps 1 through 4 are run on the database server running as the Operating System user, "oracle",
using "sqlplus" connected as the "SYS" or "APPS" database user

Step 5 is run as the Operating System user "applmgr" on an application tier and uses
the "FNDCPASS" command line utility.

Step - 1
$ export ORACLE_SID=<sid>
$ export ORACLE_HOME=<db-oraclehome>
$ export PATH=$ORACLE_HOME/bin
$ unset TWO_TASK

oracle$ sqlplus / as sysdba

To clear all credentials run this script

REM --- step1.sql

spool step1.lst

REM Start the database clone for the first time

startup restrict

REM Clear all production credentials from the cloned database

update SYS.user$ set

password = translate(password,'0123456789ABCDEF','0000000000000000')

where type#=1 and length(password) = 16

/
update APPLSYS.FND_ORACLE_USERID set
ENCRYPTED_ORACLE_PASSWORD='INVALID'
/

update APPLSYS.FND_USER set

ENCRYPTED_FOUNDATION_PASSWORD='INVALID',
ENCRYPTED_USER_PASSWORD='INVALID'
/
commit;

REM Shutdown the database

shutdown
exit

REM end of script

At this point database is free from credentials, . The database was shut down by the script in order for
the unusual way of clearing the database user (schema) passwords to take effect. You will need to
restart the database in preparation for next steps

oracle$ echo startup | sqlplus '/ as sysdba'

Step 2 - Re establish credentials

The database at the moment has no credentials

Here is the script for step 2, including inline comments which explains what is done.
REM --- step2.sql
spool step2.lst

REM Set a new password for a few initial database users

alter user SYS identified by CLONE;

alter user SYSTEM identified by CLONE;
alter user APPLSYSPUB identified by CLONE;
alter user APPLSYS identified by CLONE;
alter user APPS identified by CLONE;

REM Provide boot-strap info for FNDCPASS...

update APPLSYS.FND_ORACLE_USERID set
ENCRYPTED_ORACLE_PASSWORD='CLONE'
where ORACLE_USERNAME = 'APPLSYSPUB'
/

update APPLSYS.FND_ORACLE_USERID set

ENCRYPTED_ORACLE_PASSWORD='ZG' ||
'B27F16B88242CE980EF07605EF528F9391899B09552FD89FD' ||
'FF43E4DDFCE3972322A41FBB4DDC26DDA46A446582307D412'
where ORACLE_USERNAME = 'APPLSYS'
/

update APPLSYS.FND_ORACLE_USERID set

ENCRYPTED_ORACLE_PASSWORD='ZG' ||
'6CC0BB082FF7E0078859960E852F8D123C487C024C825C0F9' ||
'B1D0863422026EA41A6B2B5702E2299B4AC19E6C1C23333F0'
where ORACLE_USERNAME = 'APPS'
/
commit;

REM We run as SYS, now connect as APPS to run some plsql

connect APPS/CLONE

REM Every EBS database needs a GUEST user

select APPS.fnd_web_sec.change_guest_password( 'CLONE', 'CLONE' ) "RES"
from dual;
commit;

REM Set GUEST credential in site level profile option

set serveroutput on
declare
dummy boolean;
begin
dummy := APPS.FND_PROFILE.SAVE('GUEST_USER_PWD', 'GUEST/CLONE', 'SITE');
if not dummy then
dbms_output.put_line( 'Error setting GUEST_USER_PWD profile' );
end if;
end;
/
commit;

REM One more time for luck (avoid session caching of profiles)
connect APPS/CLONE
REM Set SYSADMIN password
select APPS.fnd_web_sec.change_password('SYSADMIN','CLONE') "RES"
from dual;
commit;
exit

The expected output from step 2 is as follows:

User altered.
User altered.
User altered.
User altered.
User altered.
1 row updated.
1 row updated.
1 row updated.
Commit complete.
Connected.
RES
------
Y
Commit complete.
PL/SQL procedure successfully completed.
Commit complete.
Connected.
RES
------
Y
Commit complete.

It is important to verify that no errors are reported and that the 2

returned "RES" values are both "Y", which indicates success.

Step 3 -
Prepare steps for setting additional scripts
In this step scripts are prepared to assign passwords to the other database users which were disabled
in Step 1. Dynamically generated scripts are used to accomplish this because the set of database users
may differ between instances of EBS. Create the script below and run it as the Operating System user
"oracle":

oracle$ sqlplus '/ as sysdba'

The comments in script below explains what is done in step 3.

REM --- step3.sql

REM Prepare SQL and SHELL scripts to set more passwords later
spool step3.lst

REM Generate a sql script to set password for db users not managed with EBS

select 'alter user "'|| USERNAME ||'" identified by CLONE; '

from SYS.DBA_USERS
where USERNAME not in (select ORACLE_USERNAME from
APPLSYS.FND_ORACLE_USERID)
and USERNAME not in ('SYS','SYSTEM');

REM Generate a shell script to set password for all base product schemas

select 'FNDCPASS apps/clone 0 Y system/clone ALLORACLE clone' from dual;

REM Generate a shell script to set password for non-EBS db users managed
with EBS
select 'FNDCPASS apps/clone 0 Y system/clone ORACLE "' ||
replace(ORACLE_USERNAME,'$','\$') || '" clone'
from APPLSYS.FND_ORACLE_USERID
where READ_ONLY_FLAG = 'X'
and ORACLE_USERNAME in (select USERNAME from SYS.DBA_USERS);

REM Generate a shell script to set password for APPS/APPLSYS/APPM_mrc db

users

select 'FNDCPASS apps/clone 0 Y system/clone SYSTEM APPLSYS clone' from

dual;

REM Generate scripts for steps 4 & 5

spool off

HOST grep '^alter user ' step3.lst > dbusers4.sql

HOST grep '^FNDCPASS ' step3.lst > dbusers5.sh

exit

REM End of Script

Step 4 -
Assign new passwords to all database users not managed with EBS
This Step runs the SQL script, "dbusers4.sql", generated in Step 3.

Sample content of "dbusers4.sql" listed below for illustration purposes only, you must run the
one you generated on your system

NOTE: "dbusers4.sql", for example purposes only!

alter user "OLAPSYS" identified by CLONE;
...
alter user "MDSYS" identified by CLONE;
alter user "ORDPLUGINS" identified by CLONE;
alter user "ORDSYS" identified by CLONE;
alter user "DBSNMP" identified by CLONE;
alter user "OUTLN" identified by CLONE;
alter user "AD_MONITOR" identified by CLONE;
alter user "EM_MONITOR" identified by CLONE;

Connect as sysdba

sqlplus / as sysdba

Now run the "dbusers4.sql" file:

sql>spool step4.lst
sql>dbusers4.sql
sql>exit

The output spool file should show many output lines stating "User altered.". No error messages
(ORA-nnnnn) should appear.

At this point, the database should be started and running. Stop and restart the database at this time. To
ensure that the application tier code can access the database for Step 5, you must also ensure that the
database TNS-listener service is running.

$ echo shutdown | sqlplus '/ as sysdba'

$ echo startup | sqlplus '/as sysdba'
$ lsnrctl start <listener name>
Step 5 -
Assign new passwords to all schemas managed with EBS
This step uses the "FNDCPASS" command to set the passwords for all the EBS managed schemas and
all the base product schemas. The "FNDCPASS" must be run from an application tier node.(Any node
with an APPL_TOP file system.)

You will need to locate and copy the "dbusers5.sh" script from the directory where it was created
in Step 3. Again, as with any dynamcially generated scripts that you run on your system, you should
review the contents of the file before running it.

 To run "FNDCPASS" you also need a number of environment variables set, at a minimum
ensure that:
"FNDCPASS" is in the "$PATH" ("$ which FNDCPASS" will tell you if it is.)

 The "ORACLE_HOME" environment variable points to the "Tools" ORACLE_HOME (8.0.6

on 11i, 10.1.2 on R12)

 The "TWO_TASK" environment variable is set to a value that can be resolved via
the "$TNS_ADMIN/tnsnames.ora file", in order to access the clone target database.

# Verify that the Oracle client environment is set to correct database (as
"applmgr" OS user)

applmgr$ sqlplus -s apps/clone <<eof

select SYSDATE,NAME from v\$DATABASE;
EOF

SYSDATE NAME
--------- ---------
25-JUL-07 PRD12

applmgr$ mkdir ~/s5 ;

cd ~/s5 # create new directory to hold output files
applmgr$ sh dbusers5.sh # Run the FNDCPASS shell script</eof

The following is sample content of a "dbusers5.sh" file is listed below for illustration purposes
only, run the one you generated on your system

FNDCPASS apps/clone 0 Y system/clone ALLORACLE clone

FNDCPASS apps/clone 0 Y system/clone ORACLE "OWAPUB" clone
FNDCPASS apps/clone 0 Y system/clone ORACLE "ODM" clone
FNDCPASS apps/clone 0 Y system/clone ORACLE "CTXSYS" clone
FNDCPASS apps/clone 0 Y system/clone SYSTEM APPLSYS clone
Each run of "FNDCPASS" will generate output an output/log file in the current working directory, you
should review these log files (example "L2763902.log") for errors.

To verify that you have assigned passwords to all the database users, run the following query and
ensure that it does not return any rows:

SQL> select USERNAME,PASSWORD from DBA_USERS where

PASSWORD='0000000000000000';
This concludes the clearing and re-establishment of account credentials

What remains to be done is to set new passwords for additional applications users or the creation of
new test users, depending on your needs. Changing passwords for applications users can be done using
the "Define User" form (logged on as "SYSADMIN/CLONE") or by running "FNDCPASS" with the
below syntax from an "applmgr" applications shell environment.
applmgr$ FNDCPASS apps/clone 0 Y system/clone USER <username> <password>

Step 6 -

Change applsyspub password to pub

Step 7 -

Change all front end passwords

Run Autoconfig

Lastly, run autoconfig and make sure it is successful.