5
Jun

Change APPS password in EBS R12.2.x Delta 7 or above

Author: Shakeeb Petkar | Category: EBS 12.2.x, TroubleshootingComments Off on Change APPS password in EBS R12.2.x Delta 7 or above | Tags: , , , , , , , , , , , ,

Important: These steps must be carried out on the run file system. The FND_USER and FND_ORACLE_USERID tables should be backed up before any passwords are changed. Remove the backups after you have confirmed that the changes are successfully completed. Passwords for all the 3 schemas, APPS, APPLSYS and APPS_NE will be changed together while changing APPLSYS password.

1. Shut down the application tier services using the below script:

$INST_TOP/admin/scripts/adstpall.sh

2. Change the APPLSYS password using

 
There are 2 ways to change the APPLSYS password:

 
A. FNDCPASS:
 
[applmgr@erpapp01 ~]$ FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS apps_pwd
Log filename : L7909719.log
 
Report filename : O7909719.out

[applmgr@erpapp01 ~]$ cat L7909719.log
+---------------------------------------------------------------------------+
Application Object Library: Version : 12.2

Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.

FNDCPASS:
+---------------------------------------------------------------------------+

Current system time is 27-AUG-2017 15:46:25

+---------------------------------------------------------------------------+

Working...
FNDCPASS completed successfully.

+---------------------------------------------------------------------------+
Concurrent request completed successfully
Current system time is 27-AUG-2017 15:46:30

+---------------------------------------------------------------------------+


B. AFPASSWD:
 
AFPASSWD is an enhanced version of FNDCPASS, and includes the following features:
 

  • AFPASSWD only prompts for passwords required for the current operation, allowing separation of duties between applications administrators and database administrators. This also improves interoperability with Oracle Database Vault. In contrast, the FNDCPASS utility currently requires specification of the APPS and the SYSTEM usernames and corresponding passwords, preventing separation of duties between applications administrators and database administrators.

    •  

  • When changing a password with AFPASSWD, the user is prompted to enter the new password twice to confirm.

    •  

  • In Oracle E-Business Suite Release 12.2.3 and higher, you can also use the AFPASSWD utility to migrate Oracle E-Business Suite user passwords to a password hashing scheme.

    • Syntax for using AFPASSWD:
    AFPASSWD [-c [@]] -s
     
    [applmgr@erpapp01 ~]$ AFPASSWD -c apps@ERPUPG -s APPLSYS
    Enter the ORACLE password of Application Object Library 'APPSUSER':
    Connected successfully to APPS.
    Enter the password for your 'SYSTEM' ORACLE schema:
    Connected successfully to SYSTEM.
    Log file: AFPWD_ERPUPG_943215.log
    Enter new password for user:
    Verify new password for user:
    AFPASSWD completed successfully.
     
    NOTE: The steps 3 to 7 are mandatory for both FNDCPASS and AFPASSWD and are only applicable when changing the APPLSYS password. They are not applicable when changing passwords for product schemas like PO, GL etc or the SYSTEM schema.

    3. Run autoconfig on the application tier with the newly changed APPS password.


    4. Start AdminServer. Do not start any other application tier services.

     
    [applmgr@erpapp01 ~]$ adadminsrvctl.sh start

    You are running adadminsrvctl.sh version 120.10.12020000.10

    Enter the WebLogic Admin password:
    Enter the APPS Schema password:
    Starting WLS Admin Server...
    Refer /u02/oracle/ERPUPG/fs1/inst/apps/ERPUPG_ERPUPGapp-01/logs/appl/admin/log/adadminsrvctl.txt for details

    AdminServer logs are located at /u02/oracle/ERPUPG/fs1/FMW_Home/user_projects/domains/EBS_domain_ERPUPG/servers/AdminServer/logs

    adadminsrvctl.sh: exiting with status 0

    adadminsrvctl.sh: check the logfile /u02/oracle/ERPUPG/fs1/inst/apps/ERPUPG_ERPUPGapp-01/logs/appl/admin/log/adadminsrvctl.txt for more information ...
     
    [applmgr@erpapp01 ~]$ adadminsrvctl.sh status

    You are running adadminsrvctl.sh version 120.10.12020000.10

    Enter the WebLogic Admin password:
    Enter the APPS Schema password:

    The AdminServer is running

    AdminServer logs are located at /u02/oracle/ERPUPG/fs1/FMW_Home/user_projects/domains/EBS_domain_ERPUPG/servers/AdminServer/logs

    adadminsrvctl.sh: exiting with status 0

    adadminsrvctl.sh: check the logfile /u02/oracle/ERPUPG/fs1/inst/apps/ERPUPG_ERPUPGapp-01/logs/appl/admin/log/adadminsrvctl.txt for more information ...

    5. Change the APPS password in WLS Data Source by running the following script as shown:

     

    $ perl $FND_TOP/patch/115/bin/txkManageDBConnectionPool.pl

    When prompted, select 'updateDSPassword' to change the APPS password in the WLS Datasource.

    [applmgr@erpapp01 scripts]$ perl $FND_TOP/patch/115/bin/txkManageDBConnectionPool.pl
    Please select from list of valid options
    updateDSPassword - Update WebLogic Datasource Password
    updateDSJdbcUrl - Update WebLogic Datasource Connection String
    Enter Your Choice : updateDSPassword
    Enter the full path of Applications Context File [DEFAULT - /u01/oracle/erpprod/fs1/inst/apps/erpprod_erpupgapp-01/appl/admin/erpprod_erpupgapp-01.xml]:
    Enter weblogic admin server password:
    Enter the APPS user password:

    ---------------------------------------------
    Performing Steps for option=updateDSPassword
    ---------------------------------------------

    Updating WLS DataSource Password
    --------------------------------

    Initializing WebLogic Scripting Tool (WLST) ...

    Welcome to WebLogic Server Administration Scripting Shell

    Type help() for help on available commands

    Connecting to t3://erpapp01.dbaarena.com:7008 with userid weblogic ...
    Successfully connected to Admin Server 'AdminServer' that belongs to domain 'EBS_domain_erpprod'.

    Warning: An insecure protocol was used to connect to the
    server. To ensure on-the-wire security, the SSL port or
    Admin port should be used instead.

    Domain Update successful
    ------------------------

    6. Start Oacore managed server:

     
    [applmgr@erpapp01 scripts]$ admanagedsrvctl.sh start oacore_server1


    7. Verify the WLS Datasource changes as follows:

     
    a. Log in to WLS Administration Console.
     
    b. In the Domain Structure tree, expand Services, then select Data Sources.
     
    c. On the "Summary of JDBC Data Sources" page, select EBSDataSource.
     
    d. On the "Settings for EBSDataSource" page, select Monitoring > Testing.
     
    e. Select "oacore_server1".
     
    f. Click Test DataSource
     
    g. Look for the message “Test of EBSDataSource on server oacore_server1 was successful”.

    8. Stop the Oacore managed server:

    [applmgr@erpapp01 scripts]$ admanagedsrvctl.sh stop oacore_server1
    [applmgr@erpapp01 scripts]$ adnodemgrctl.sh stop

    9. Start all the application tier services using the below script:



    In the next prepare phase after the password change, adop will invoke EBS Domain Configuration to ensure that the WLS data source on the patch file system will be synchronized with the new APPS password.

    Back to Top