Monday, January 6, 2014

EBS -- Error: FNDCPASS was not able to decrypt password for user

Changing password, especially Apps user's password is one of the security routines in Apps Dba's Life.
We periodically change the Apps user passwords in our Production Environments, as well as in UAT, TEST and DEV environments according to the securit policies.. Also, we usually change the Apps user's password before we deliver a clone environment..

To change the APPS password , we use the FNDCPASS utility, or AFPASSWD utility if Ebs version is >= R12.1.2.

The usage of FNDCPASS is as follows;
FNDCPASS logon 0 Y system/password mode username new_password
where logon is username/password[@connect]
system/password is password of the system account of that database
mode is SYSTEM/USER/ORACLE
username is the username where you want to change its password
new_password is the new password in unencrypted format
example FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS WELCOME
FNDCPASS apps/apps 0 Y system/manager ORACLE GL      GL1
FNDCPASS apps/apps 0 Y system/manager USER   VISION  WELCOME

The thing makes me write this post is, an issue that may appear while changing the APPS password..
To demonstrate ; we execute the FNDCPASS command to change the apps password as below;
FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS APPS

And here it is , look what we see in the log file;

Working...
FNDCPASS was not able to decrypt password for user 'ERMAN1' during applsys
password change.
FNDCPASS was not able to decrypt password for user 'ERMAN2' during applsys
password change.
FNDCPASS was not able to decrypt password for user 'APPLSYSPUB' during applsys
password change.
+---------------------------------------------------------------------------+
Concurrent request completed successfully
Current system time is 06-JAN-2014 10:47:53

So, by looking to above messages; we can say that FNDCPASS could not actually change the passwords of the application users :ERMAN1,ERMAN2 and the APPLSYSPUB user..
Maybe we can ignore ERMAN1 and ERMAN2, but we cant ignore APPLSYSPUB, as Oracle applications connect uses APPLSYSPUB in the login phase.

The cause of the issue seems a logical corruption or inconsistency in the fnd_user table.
As a solution, we need to reset the passwords of these problematic users beforehand.. This action will fix the unacceptable data related to our users..

Here is the action plan / solution :

Executed following commands;

FNDCPASS apps/apps 0 Y system/manager USER ERMAN1 ERMAN1
FNDCPASS apps/apps 0 Y system/manager USER ERMAN2 ERMAN2
FNDCPASS apps/apps 0 Y system/manager ORACLE APPLSYSPUB PUB


Now, lets change the APPS password again. Note that this time; the command produces a clean log:)

FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS APPS

+---------------------------------------------------------------------------+
Application Object Library: Version : 11.5.0

Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.

 module:
+---------------------------------------------------------------------------+

Current system time is 06-JAN-2014 13:54:18

+---------------------------------------------------------------------------+

Working...


+---------------------------------------------------------------------------+
Concurrent request completed successfully
Current system time is 06-JAN-2014 13:54:26

+---------------------------------------------------------------------------+


No comments :

Post a Comment