Upload
dharmendra-k-bhogireddy
View
475
Download
5
Tags:
Embed Size (px)
Citation preview
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 122
FNDCPASS Troubleshooting Guide For Login and Changing Applications Passwords [ID13069381]
Modified Mar 27 2013 Type HOWTO Status PUBLISHED Priority 1
In this Document
Goal
Fix
1 Error Starting Application Services After Changing APPS Password Using FNDCPASS
2 Log In Fails With You Dont Have Permission To Access plsfnd_icx_launchlaunch On This Server
3 APP-FND-01564 ORACLE Error 6550 In changepassword With PortalLogin ServerSSO After Patch
4 FNDCPASS Not Able To Decrypt Password For APPLSYSPUB When Changing The APPS Password
5 Changing APPS Password Using FNDCPASS Gives not able to decrypt password Message
6 FNDCPASS Fails Changing Database Password APP-FND-02704 APP-FND-01564 ORA-01403
7 FNDCPASS Fails With ORA-01017 invalid usernamepassword logon denied
8 adpatch Errors The Given ORACLE Password Is Not The Correct Password
9 APP-FND-01496 Received When Changing The APPLSYS Password With FNDCPASS
10 Using FNDCPASS With The ALLORACLE Option Why Doesnt It Change All User Passwords
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
16 FNDCPASS-CANNOT DECRYPT For Some Users
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
21 Why arent users forced to changereset passwords during next login after running FNDCPASS
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS Password Change
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS password change
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
27 Signon Password Failure Limit Is Reached Unlocking Queries
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User Username DuringApplsys Password Change
31 APP-FND-01564 ORACLE error 6502 in changepassword
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Diagnostics amp Utilities Community
References
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 222
Applies to
Oracle Application Object Library - Version 1159 to 1213 [Release 115 to 121]Information in this document applies to any platform
Goal
This is a consolidation of Top Documents to provide a Single Source for troubleshooting common problems withFNDCPASS
Fix
1 Error Starting Application Services After Changing APPS Password Using FNDCPASS
ErrorCannot complete applications logon You may have entered an invalid applications password or there may havebeen a database connect error
From the error its confirmed that the APPS password did not change correctly Sometimes when changing the APPSpassword using FNDCPASS with a new APPS password if able to log into SQLPLUS as the apps user then its thoughtthat the password has changed correctly In every scenario this is not true If able to connect th SQLPLUS with thenew APPS password then it doesnt verify new APPS password completely It is just one test for new APPS passwordsIf able to start application services successfully then one can confirm that the APPS password has changedsuccessfully
Points to keep in mind when changing the APPS password using the FNDCPASS utility
Point 1 Changing APPS password using an alter user command is not supported and should not be used forchanging the apps password in any case
Point 2 Always use FNDCPASS to change the APPS password For an improved solution to FNDCPASS as ofR1212 click here
Point 3 Before changing APPS password it is strongly recommended to take a backup of FND_USER andFND_ORACLE_USERID
Point 4 Always check FNDCPASS log for any kind of error If there is any error in the FNDCPASS log then DONOT run autoconfig or try to change configuration file manually Until and unless FNDCPASS log has no errorplease do not run autoconfig as you will get problem while logging in oracle application
Point 5 If getting any error in the FNDCPASS log then either replace from an original backup with FND_USER andFND_ORACLE_USERID to log into Applications or raise an SR to support with the FNDCPASS log
1 If autoconfig was not run did not make any change in configuration file manually and also have a valid backup ofFND_USER and FND_ORACLE_USERID table then recover from the original backup Start application services
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 322
If a valid backup of the FND_USER and FND_ORACLE_USERID table does not exist then an exportimport of tableFND_USER and FND_ORACLE_USERID from a Instance that has the same patchset level must be used becauseautoconfig was not run If the patchset level is not same then the exportimport of the tables will not work Forexample If facing the issue on a newly cloned instance then exportimport the source instance from which the cloneinstance was made
2 If a valid backup of FND_USER and FND_ORACLE_USERID table exists but have already run autoconfig then theapplication services cannot be started Once autoconfig is run then replacing the original backup of FND_USER andFND_ORACLE_USERID table will not work
In this case a backup of the FND_USER and FND_ORACLE_USERID table is not valid because autoconfig was alreadyrun and hence only two options left
A Follow the procedure mentioned in the below note to remove database credentials
Note 4194751 Removing Credentials from a Cloned EBS Production Database
B Do a fresh clone (In case the issue exists in a test instance)
4 One should able to start application services without any error If able to start the application services without anyerror but still are not able to log in then check a direct forms log in
For Release 11i httplthostnamegtltportgtdev60cgif60cgiFor Release 12 httplthostnamegtltportgtformsfrmservletFor direct forms logging below parameter in CONTEXT file should be set to OFF If it is not set to OFF then makebelow changes and run autoconfig
ltappserverid_authentication oa_var=s_appserverid_authenticationgtOFFltappserverid_authenticationgt
5 Once able to log in in forms mentioned in step 4 but still personal home page log in is not working then itsconfirmed that the issue is now with personel home page log in only and no issue with the APPS password
Run AOLJ Test Use below URL to run AOLJ Test httplthostnamegtltportgtOA_HTMLjspfndaoljtestjsp
2 Log In Fails With You Dont Have Permission To Access plsfnd_icx_launchlaunch On ThisServer
The apps account is locked from repeatedly running FNDCPASS or logging into sqlplus as apps using the wrongpassword
To implement the solution execute the following steps
1 Log-in as system owner and run
SQLgt alter profile DEFAULT limit failed_login_attempts unlimited
SQLgt alter user apps account unlock
The first line (optional) results in preventing repeated failed log in attempts from locking the accountThe second line (required) simply unlocks the apps account
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 422
2 Restart the services
3 APP-FND-01564 ORACLE Error 6550 In changepassword With PortalLogin ServerSSO AfterPatch
APP-FND-01564 ORACLE error 6550 in changepasswordCause changepassword failed due to ORA-06550 line 1 column 7PLS-00201 identifier FND_SSO_REGISTRATIONIS_OPERATION_ALLOWED must be declaredORA-06550 line 1 column 7PLSQL Statement ignored
ORA-06512 at APPSFND_LDAP_WRAPPER line 1190
To implement the solution execute the following step
1 For instances integrated with Portal 309 from ATG_PFHRUP3 and above the profile option Applications SSO LDAPSynchronization (APPS_SSO_LDAP_SYNC) needs to be set to Disabled
4 FNDCPASS Not Able To Decrypt Password For APPLSYSPUB When Changing The APPSPassword
The APPS password appears to have been successfully updated and Autoconfig runs without issueHowever Discoverer users have authentication problems
The issue is caused by a data corruption issue in the fnd_user table
To implement the solution execute the following steps
1 Use FNDCPASS to reset the APPLSYSPUB password
eg FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE APPLSYSPUB PUB
2 Retest for the issue
5 Changing APPS Password Using FNDCPASS Gives not able to decrypt password Message
Found in log
FNDCPASS was not able to decrypt password for lttestuser1gt during applsys password changeFNDCPASS was not able to decrypt password for lttestuser2gt during applsys password change
The profile option Applications SSO Login Types is set to SSO
Because the profile Applications SSO Login Types is set to SSO the password is maintained by Oracle InternetDirectory - OID and not Applications FNDCPASS cannot update the OID data directly
The FND_USER table record has the value EXTERNAL in the encrypted password columns
This can be confirmed using the following SQL
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 522
select user_id encrypted_foundation_password encrypted_user_passwordfrom fnd_userwhere user_name = User Name from FNDCPASS log
To implement the solution execute the following steps
1 Set the profile Applications SSO Login Types to Both or LocalThen change the identified User password using the Security User Define form
2 Ignore the message and remember that the password is managed externally
NoteAs long as the table value is EXTERNAL the FNDCPASS utility will display the messages in the log
6 FNDCPASS Fails Changing Database Password APP-FND-02704 APP-FND-01564 ORA-01403
Note It has been reported that the error may occur if the password starts with a number
FNDCPASS apps 0 Y system ORACLE HR HRAPP-FND-02704 Unable to alter user HR to change passwordAPP-FND-01564 ORACLE error 1403 in changepassword
Cause changepassword failed due to ORA-01403 no data found
The SQL statement being executed at the time of the error was and was executed from thefile ampERRFILE
The database profile DEFAULT was changed for the resource PASSWORD_REUSE_MAX
To implement the solution execute the following steps
1 Revert back the resource of the database profile DEFAULT as
FAILED_LOGIN_ATTEMPTS to UNLIMITEDPASSWORD_REUSE_MAX to UNLIMITEDPASSWORD_LOCK_TIME to UNLIMITEDPASSWORD_GRACE_TIME to UNLIMITEDPASSWORD_VERIFY_FUNCTION to NULL
2 Re-run FNDCPASS
NOTE The issue is not always with DEFAULT profile It depends on the profile assigned to the user where thecommand is failing Check this with
select profile from dba_users where username=ltuser with the errorgt
Ex
select profile from dba_users where username=HR
After finding the profile one should set the options for this profile to UNLIMITED AS it is not always the DEFAULT
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 622
profile
7 FNDCPASS Fails With ORA-01017 invalid usernamepassword logon denied
Upgraded to Applications release 120 and database from 10202 to 11106
The database SEC_CASE_SENSITIVE_LOGON parameter defaults to TRUE When this occurs the passwordsensitivity conversion does not occur Passwords that are input as lower case are automatically updated as uppercase
To implement the solution execute the following steps
1 For Applications 11i with database 11g Patch 6372396 is needed which is included in 11iATG_PFHRUP7 (Patch6241631)
WORKAROUND
1 Set the database SEC_CASE_SENSITIVE_LOGON parameter to FALSE in the initora
2 Run autoconfig on the application tiers and bounce the database
8 adpatch Errors The Given ORACLE Password Is Not The Correct Password
FNDCPASS fails with
WorkingAPP-FND-01496 Cannot access application ORACLE password
Cause Application Object Library was unable access your ORACLE password
Action Contact your support representative (USER=TWOODS)APP-FND-01496 Cannot access application ORACLE password
Issue caused by user password corruption which resulted in failure when running FNDCPASS in an attempt to re-encrypt the APPLSYS password
To implement the solution execute the following steps
1 Use FNDCPASS to update each failing User password individually
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE ltoracle usergt ltnew passwordgt
Ex FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE GL GLPASSWORD
2 Rerun FNDCPASS again to successfully alter the APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 722
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
9 APP-FND-01496 Received When Changing The APPLSYS Password With FNDCPASS
APP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The ALTER command was run manually against the APPS user before running FNDCPASS The APPS and APPLSYSuser passwords must be identical
To implement the solution execute the following steps
1 Run the ALTER command against the APPS and APPLSYS users in sqlplus to change back to the old passwords
sqlgtALTER USER APPLSYS IDENTIFIED BY XXX
sqlgtALTER USER APPS IDENTIFIED BY XXX
2 Afterwards run FNDCPASS
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
Note Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
10 Using FNDCPASS With The ALLORACLE Option Why Doesnt It Change All User Passwords
To implement the solution reference the following
Usernames must appear in the FND_USER or FND_ORACLE_USERID tables The FNDCPASS utility and ALLORACLEfunctionality was designed for applications usersschemas
The following username passwords must be manually changed
Account Name--------------------------------ABMAHMAMF
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 822
CSSCUECUNDBSNMPEAAEVMFPTIBAIMTIPDJUNK_PSMDSYSMEODMODM_MTROKBOKOOKROLAPSYSORDPLUGINSORDSYSOUTLNOWAPUBOZPOZSRHXRLASCOTTSSOSDKSYSVEHXNCXNIXNMXNS
alter user XNS identified by password
For IBA IMT IPD ODM_MTR OKB OKO OKR OLAPSYS ABM AHM VEH XNC XNI XNM XNS RHX RLA schemasare part of the 6th category FNDCPASS should not be used
Also development mentioned this
Internal Bug 5394202 ARE1207ALL SCHEMAS PASSWORD NOT GETTING CHANGED FNDCPASS The 38 users listed above do not exist in FND_ORACLE_USERID or FND_USER tables FNDCPASS is not intended to change passwords for users who do not exist in these tables
For the users which are absent in FND_ORACLE_USERID you can change the password using alter command
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 222
Applies to
Oracle Application Object Library - Version 1159 to 1213 [Release 115 to 121]Information in this document applies to any platform
Goal
This is a consolidation of Top Documents to provide a Single Source for troubleshooting common problems withFNDCPASS
Fix
1 Error Starting Application Services After Changing APPS Password Using FNDCPASS
ErrorCannot complete applications logon You may have entered an invalid applications password or there may havebeen a database connect error
From the error its confirmed that the APPS password did not change correctly Sometimes when changing the APPSpassword using FNDCPASS with a new APPS password if able to log into SQLPLUS as the apps user then its thoughtthat the password has changed correctly In every scenario this is not true If able to connect th SQLPLUS with thenew APPS password then it doesnt verify new APPS password completely It is just one test for new APPS passwordsIf able to start application services successfully then one can confirm that the APPS password has changedsuccessfully
Points to keep in mind when changing the APPS password using the FNDCPASS utility
Point 1 Changing APPS password using an alter user command is not supported and should not be used forchanging the apps password in any case
Point 2 Always use FNDCPASS to change the APPS password For an improved solution to FNDCPASS as ofR1212 click here
Point 3 Before changing APPS password it is strongly recommended to take a backup of FND_USER andFND_ORACLE_USERID
Point 4 Always check FNDCPASS log for any kind of error If there is any error in the FNDCPASS log then DONOT run autoconfig or try to change configuration file manually Until and unless FNDCPASS log has no errorplease do not run autoconfig as you will get problem while logging in oracle application
Point 5 If getting any error in the FNDCPASS log then either replace from an original backup with FND_USER andFND_ORACLE_USERID to log into Applications or raise an SR to support with the FNDCPASS log
1 If autoconfig was not run did not make any change in configuration file manually and also have a valid backup ofFND_USER and FND_ORACLE_USERID table then recover from the original backup Start application services
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 322
If a valid backup of the FND_USER and FND_ORACLE_USERID table does not exist then an exportimport of tableFND_USER and FND_ORACLE_USERID from a Instance that has the same patchset level must be used becauseautoconfig was not run If the patchset level is not same then the exportimport of the tables will not work Forexample If facing the issue on a newly cloned instance then exportimport the source instance from which the cloneinstance was made
2 If a valid backup of FND_USER and FND_ORACLE_USERID table exists but have already run autoconfig then theapplication services cannot be started Once autoconfig is run then replacing the original backup of FND_USER andFND_ORACLE_USERID table will not work
In this case a backup of the FND_USER and FND_ORACLE_USERID table is not valid because autoconfig was alreadyrun and hence only two options left
A Follow the procedure mentioned in the below note to remove database credentials
Note 4194751 Removing Credentials from a Cloned EBS Production Database
B Do a fresh clone (In case the issue exists in a test instance)
4 One should able to start application services without any error If able to start the application services without anyerror but still are not able to log in then check a direct forms log in
For Release 11i httplthostnamegtltportgtdev60cgif60cgiFor Release 12 httplthostnamegtltportgtformsfrmservletFor direct forms logging below parameter in CONTEXT file should be set to OFF If it is not set to OFF then makebelow changes and run autoconfig
ltappserverid_authentication oa_var=s_appserverid_authenticationgtOFFltappserverid_authenticationgt
5 Once able to log in in forms mentioned in step 4 but still personal home page log in is not working then itsconfirmed that the issue is now with personel home page log in only and no issue with the APPS password
Run AOLJ Test Use below URL to run AOLJ Test httplthostnamegtltportgtOA_HTMLjspfndaoljtestjsp
2 Log In Fails With You Dont Have Permission To Access plsfnd_icx_launchlaunch On ThisServer
The apps account is locked from repeatedly running FNDCPASS or logging into sqlplus as apps using the wrongpassword
To implement the solution execute the following steps
1 Log-in as system owner and run
SQLgt alter profile DEFAULT limit failed_login_attempts unlimited
SQLgt alter user apps account unlock
The first line (optional) results in preventing repeated failed log in attempts from locking the accountThe second line (required) simply unlocks the apps account
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 422
2 Restart the services
3 APP-FND-01564 ORACLE Error 6550 In changepassword With PortalLogin ServerSSO AfterPatch
APP-FND-01564 ORACLE error 6550 in changepasswordCause changepassword failed due to ORA-06550 line 1 column 7PLS-00201 identifier FND_SSO_REGISTRATIONIS_OPERATION_ALLOWED must be declaredORA-06550 line 1 column 7PLSQL Statement ignored
ORA-06512 at APPSFND_LDAP_WRAPPER line 1190
To implement the solution execute the following step
1 For instances integrated with Portal 309 from ATG_PFHRUP3 and above the profile option Applications SSO LDAPSynchronization (APPS_SSO_LDAP_SYNC) needs to be set to Disabled
4 FNDCPASS Not Able To Decrypt Password For APPLSYSPUB When Changing The APPSPassword
The APPS password appears to have been successfully updated and Autoconfig runs without issueHowever Discoverer users have authentication problems
The issue is caused by a data corruption issue in the fnd_user table
To implement the solution execute the following steps
1 Use FNDCPASS to reset the APPLSYSPUB password
eg FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE APPLSYSPUB PUB
2 Retest for the issue
5 Changing APPS Password Using FNDCPASS Gives not able to decrypt password Message
Found in log
FNDCPASS was not able to decrypt password for lttestuser1gt during applsys password changeFNDCPASS was not able to decrypt password for lttestuser2gt during applsys password change
The profile option Applications SSO Login Types is set to SSO
Because the profile Applications SSO Login Types is set to SSO the password is maintained by Oracle InternetDirectory - OID and not Applications FNDCPASS cannot update the OID data directly
The FND_USER table record has the value EXTERNAL in the encrypted password columns
This can be confirmed using the following SQL
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 522
select user_id encrypted_foundation_password encrypted_user_passwordfrom fnd_userwhere user_name = User Name from FNDCPASS log
To implement the solution execute the following steps
1 Set the profile Applications SSO Login Types to Both or LocalThen change the identified User password using the Security User Define form
2 Ignore the message and remember that the password is managed externally
NoteAs long as the table value is EXTERNAL the FNDCPASS utility will display the messages in the log
6 FNDCPASS Fails Changing Database Password APP-FND-02704 APP-FND-01564 ORA-01403
Note It has been reported that the error may occur if the password starts with a number
FNDCPASS apps 0 Y system ORACLE HR HRAPP-FND-02704 Unable to alter user HR to change passwordAPP-FND-01564 ORACLE error 1403 in changepassword
Cause changepassword failed due to ORA-01403 no data found
The SQL statement being executed at the time of the error was and was executed from thefile ampERRFILE
The database profile DEFAULT was changed for the resource PASSWORD_REUSE_MAX
To implement the solution execute the following steps
1 Revert back the resource of the database profile DEFAULT as
FAILED_LOGIN_ATTEMPTS to UNLIMITEDPASSWORD_REUSE_MAX to UNLIMITEDPASSWORD_LOCK_TIME to UNLIMITEDPASSWORD_GRACE_TIME to UNLIMITEDPASSWORD_VERIFY_FUNCTION to NULL
2 Re-run FNDCPASS
NOTE The issue is not always with DEFAULT profile It depends on the profile assigned to the user where thecommand is failing Check this with
select profile from dba_users where username=ltuser with the errorgt
Ex
select profile from dba_users where username=HR
After finding the profile one should set the options for this profile to UNLIMITED AS it is not always the DEFAULT
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 622
profile
7 FNDCPASS Fails With ORA-01017 invalid usernamepassword logon denied
Upgraded to Applications release 120 and database from 10202 to 11106
The database SEC_CASE_SENSITIVE_LOGON parameter defaults to TRUE When this occurs the passwordsensitivity conversion does not occur Passwords that are input as lower case are automatically updated as uppercase
To implement the solution execute the following steps
1 For Applications 11i with database 11g Patch 6372396 is needed which is included in 11iATG_PFHRUP7 (Patch6241631)
WORKAROUND
1 Set the database SEC_CASE_SENSITIVE_LOGON parameter to FALSE in the initora
2 Run autoconfig on the application tiers and bounce the database
8 adpatch Errors The Given ORACLE Password Is Not The Correct Password
FNDCPASS fails with
WorkingAPP-FND-01496 Cannot access application ORACLE password
Cause Application Object Library was unable access your ORACLE password
Action Contact your support representative (USER=TWOODS)APP-FND-01496 Cannot access application ORACLE password
Issue caused by user password corruption which resulted in failure when running FNDCPASS in an attempt to re-encrypt the APPLSYS password
To implement the solution execute the following steps
1 Use FNDCPASS to update each failing User password individually
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE ltoracle usergt ltnew passwordgt
Ex FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE GL GLPASSWORD
2 Rerun FNDCPASS again to successfully alter the APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 722
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
9 APP-FND-01496 Received When Changing The APPLSYS Password With FNDCPASS
APP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The ALTER command was run manually against the APPS user before running FNDCPASS The APPS and APPLSYSuser passwords must be identical
To implement the solution execute the following steps
1 Run the ALTER command against the APPS and APPLSYS users in sqlplus to change back to the old passwords
sqlgtALTER USER APPLSYS IDENTIFIED BY XXX
sqlgtALTER USER APPS IDENTIFIED BY XXX
2 Afterwards run FNDCPASS
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
Note Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
10 Using FNDCPASS With The ALLORACLE Option Why Doesnt It Change All User Passwords
To implement the solution reference the following
Usernames must appear in the FND_USER or FND_ORACLE_USERID tables The FNDCPASS utility and ALLORACLEfunctionality was designed for applications usersschemas
The following username passwords must be manually changed
Account Name--------------------------------ABMAHMAMF
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 822
CSSCUECUNDBSNMPEAAEVMFPTIBAIMTIPDJUNK_PSMDSYSMEODMODM_MTROKBOKOOKROLAPSYSORDPLUGINSORDSYSOUTLNOWAPUBOZPOZSRHXRLASCOTTSSOSDKSYSVEHXNCXNIXNMXNS
alter user XNS identified by password
For IBA IMT IPD ODM_MTR OKB OKO OKR OLAPSYS ABM AHM VEH XNC XNI XNM XNS RHX RLA schemasare part of the 6th category FNDCPASS should not be used
Also development mentioned this
Internal Bug 5394202 ARE1207ALL SCHEMAS PASSWORD NOT GETTING CHANGED FNDCPASS The 38 users listed above do not exist in FND_ORACLE_USERID or FND_USER tables FNDCPASS is not intended to change passwords for users who do not exist in these tables
For the users which are absent in FND_ORACLE_USERID you can change the password using alter command
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 322
If a valid backup of the FND_USER and FND_ORACLE_USERID table does not exist then an exportimport of tableFND_USER and FND_ORACLE_USERID from a Instance that has the same patchset level must be used becauseautoconfig was not run If the patchset level is not same then the exportimport of the tables will not work Forexample If facing the issue on a newly cloned instance then exportimport the source instance from which the cloneinstance was made
2 If a valid backup of FND_USER and FND_ORACLE_USERID table exists but have already run autoconfig then theapplication services cannot be started Once autoconfig is run then replacing the original backup of FND_USER andFND_ORACLE_USERID table will not work
In this case a backup of the FND_USER and FND_ORACLE_USERID table is not valid because autoconfig was alreadyrun and hence only two options left
A Follow the procedure mentioned in the below note to remove database credentials
Note 4194751 Removing Credentials from a Cloned EBS Production Database
B Do a fresh clone (In case the issue exists in a test instance)
4 One should able to start application services without any error If able to start the application services without anyerror but still are not able to log in then check a direct forms log in
For Release 11i httplthostnamegtltportgtdev60cgif60cgiFor Release 12 httplthostnamegtltportgtformsfrmservletFor direct forms logging below parameter in CONTEXT file should be set to OFF If it is not set to OFF then makebelow changes and run autoconfig
ltappserverid_authentication oa_var=s_appserverid_authenticationgtOFFltappserverid_authenticationgt
5 Once able to log in in forms mentioned in step 4 but still personal home page log in is not working then itsconfirmed that the issue is now with personel home page log in only and no issue with the APPS password
Run AOLJ Test Use below URL to run AOLJ Test httplthostnamegtltportgtOA_HTMLjspfndaoljtestjsp
2 Log In Fails With You Dont Have Permission To Access plsfnd_icx_launchlaunch On ThisServer
The apps account is locked from repeatedly running FNDCPASS or logging into sqlplus as apps using the wrongpassword
To implement the solution execute the following steps
1 Log-in as system owner and run
SQLgt alter profile DEFAULT limit failed_login_attempts unlimited
SQLgt alter user apps account unlock
The first line (optional) results in preventing repeated failed log in attempts from locking the accountThe second line (required) simply unlocks the apps account
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 422
2 Restart the services
3 APP-FND-01564 ORACLE Error 6550 In changepassword With PortalLogin ServerSSO AfterPatch
APP-FND-01564 ORACLE error 6550 in changepasswordCause changepassword failed due to ORA-06550 line 1 column 7PLS-00201 identifier FND_SSO_REGISTRATIONIS_OPERATION_ALLOWED must be declaredORA-06550 line 1 column 7PLSQL Statement ignored
ORA-06512 at APPSFND_LDAP_WRAPPER line 1190
To implement the solution execute the following step
1 For instances integrated with Portal 309 from ATG_PFHRUP3 and above the profile option Applications SSO LDAPSynchronization (APPS_SSO_LDAP_SYNC) needs to be set to Disabled
4 FNDCPASS Not Able To Decrypt Password For APPLSYSPUB When Changing The APPSPassword
The APPS password appears to have been successfully updated and Autoconfig runs without issueHowever Discoverer users have authentication problems
The issue is caused by a data corruption issue in the fnd_user table
To implement the solution execute the following steps
1 Use FNDCPASS to reset the APPLSYSPUB password
eg FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE APPLSYSPUB PUB
2 Retest for the issue
5 Changing APPS Password Using FNDCPASS Gives not able to decrypt password Message
Found in log
FNDCPASS was not able to decrypt password for lttestuser1gt during applsys password changeFNDCPASS was not able to decrypt password for lttestuser2gt during applsys password change
The profile option Applications SSO Login Types is set to SSO
Because the profile Applications SSO Login Types is set to SSO the password is maintained by Oracle InternetDirectory - OID and not Applications FNDCPASS cannot update the OID data directly
The FND_USER table record has the value EXTERNAL in the encrypted password columns
This can be confirmed using the following SQL
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 522
select user_id encrypted_foundation_password encrypted_user_passwordfrom fnd_userwhere user_name = User Name from FNDCPASS log
To implement the solution execute the following steps
1 Set the profile Applications SSO Login Types to Both or LocalThen change the identified User password using the Security User Define form
2 Ignore the message and remember that the password is managed externally
NoteAs long as the table value is EXTERNAL the FNDCPASS utility will display the messages in the log
6 FNDCPASS Fails Changing Database Password APP-FND-02704 APP-FND-01564 ORA-01403
Note It has been reported that the error may occur if the password starts with a number
FNDCPASS apps 0 Y system ORACLE HR HRAPP-FND-02704 Unable to alter user HR to change passwordAPP-FND-01564 ORACLE error 1403 in changepassword
Cause changepassword failed due to ORA-01403 no data found
The SQL statement being executed at the time of the error was and was executed from thefile ampERRFILE
The database profile DEFAULT was changed for the resource PASSWORD_REUSE_MAX
To implement the solution execute the following steps
1 Revert back the resource of the database profile DEFAULT as
FAILED_LOGIN_ATTEMPTS to UNLIMITEDPASSWORD_REUSE_MAX to UNLIMITEDPASSWORD_LOCK_TIME to UNLIMITEDPASSWORD_GRACE_TIME to UNLIMITEDPASSWORD_VERIFY_FUNCTION to NULL
2 Re-run FNDCPASS
NOTE The issue is not always with DEFAULT profile It depends on the profile assigned to the user where thecommand is failing Check this with
select profile from dba_users where username=ltuser with the errorgt
Ex
select profile from dba_users where username=HR
After finding the profile one should set the options for this profile to UNLIMITED AS it is not always the DEFAULT
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 622
profile
7 FNDCPASS Fails With ORA-01017 invalid usernamepassword logon denied
Upgraded to Applications release 120 and database from 10202 to 11106
The database SEC_CASE_SENSITIVE_LOGON parameter defaults to TRUE When this occurs the passwordsensitivity conversion does not occur Passwords that are input as lower case are automatically updated as uppercase
To implement the solution execute the following steps
1 For Applications 11i with database 11g Patch 6372396 is needed which is included in 11iATG_PFHRUP7 (Patch6241631)
WORKAROUND
1 Set the database SEC_CASE_SENSITIVE_LOGON parameter to FALSE in the initora
2 Run autoconfig on the application tiers and bounce the database
8 adpatch Errors The Given ORACLE Password Is Not The Correct Password
FNDCPASS fails with
WorkingAPP-FND-01496 Cannot access application ORACLE password
Cause Application Object Library was unable access your ORACLE password
Action Contact your support representative (USER=TWOODS)APP-FND-01496 Cannot access application ORACLE password
Issue caused by user password corruption which resulted in failure when running FNDCPASS in an attempt to re-encrypt the APPLSYS password
To implement the solution execute the following steps
1 Use FNDCPASS to update each failing User password individually
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE ltoracle usergt ltnew passwordgt
Ex FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE GL GLPASSWORD
2 Rerun FNDCPASS again to successfully alter the APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 722
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
9 APP-FND-01496 Received When Changing The APPLSYS Password With FNDCPASS
APP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The ALTER command was run manually against the APPS user before running FNDCPASS The APPS and APPLSYSuser passwords must be identical
To implement the solution execute the following steps
1 Run the ALTER command against the APPS and APPLSYS users in sqlplus to change back to the old passwords
sqlgtALTER USER APPLSYS IDENTIFIED BY XXX
sqlgtALTER USER APPS IDENTIFIED BY XXX
2 Afterwards run FNDCPASS
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
Note Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
10 Using FNDCPASS With The ALLORACLE Option Why Doesnt It Change All User Passwords
To implement the solution reference the following
Usernames must appear in the FND_USER or FND_ORACLE_USERID tables The FNDCPASS utility and ALLORACLEfunctionality was designed for applications usersschemas
The following username passwords must be manually changed
Account Name--------------------------------ABMAHMAMF
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 822
CSSCUECUNDBSNMPEAAEVMFPTIBAIMTIPDJUNK_PSMDSYSMEODMODM_MTROKBOKOOKROLAPSYSORDPLUGINSORDSYSOUTLNOWAPUBOZPOZSRHXRLASCOTTSSOSDKSYSVEHXNCXNIXNMXNS
alter user XNS identified by password
For IBA IMT IPD ODM_MTR OKB OKO OKR OLAPSYS ABM AHM VEH XNC XNI XNM XNS RHX RLA schemasare part of the 6th category FNDCPASS should not be used
Also development mentioned this
Internal Bug 5394202 ARE1207ALL SCHEMAS PASSWORD NOT GETTING CHANGED FNDCPASS The 38 users listed above do not exist in FND_ORACLE_USERID or FND_USER tables FNDCPASS is not intended to change passwords for users who do not exist in these tables
For the users which are absent in FND_ORACLE_USERID you can change the password using alter command
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 422
2 Restart the services
3 APP-FND-01564 ORACLE Error 6550 In changepassword With PortalLogin ServerSSO AfterPatch
APP-FND-01564 ORACLE error 6550 in changepasswordCause changepassword failed due to ORA-06550 line 1 column 7PLS-00201 identifier FND_SSO_REGISTRATIONIS_OPERATION_ALLOWED must be declaredORA-06550 line 1 column 7PLSQL Statement ignored
ORA-06512 at APPSFND_LDAP_WRAPPER line 1190
To implement the solution execute the following step
1 For instances integrated with Portal 309 from ATG_PFHRUP3 and above the profile option Applications SSO LDAPSynchronization (APPS_SSO_LDAP_SYNC) needs to be set to Disabled
4 FNDCPASS Not Able To Decrypt Password For APPLSYSPUB When Changing The APPSPassword
The APPS password appears to have been successfully updated and Autoconfig runs without issueHowever Discoverer users have authentication problems
The issue is caused by a data corruption issue in the fnd_user table
To implement the solution execute the following steps
1 Use FNDCPASS to reset the APPLSYSPUB password
eg FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE APPLSYSPUB PUB
2 Retest for the issue
5 Changing APPS Password Using FNDCPASS Gives not able to decrypt password Message
Found in log
FNDCPASS was not able to decrypt password for lttestuser1gt during applsys password changeFNDCPASS was not able to decrypt password for lttestuser2gt during applsys password change
The profile option Applications SSO Login Types is set to SSO
Because the profile Applications SSO Login Types is set to SSO the password is maintained by Oracle InternetDirectory - OID and not Applications FNDCPASS cannot update the OID data directly
The FND_USER table record has the value EXTERNAL in the encrypted password columns
This can be confirmed using the following SQL
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 522
select user_id encrypted_foundation_password encrypted_user_passwordfrom fnd_userwhere user_name = User Name from FNDCPASS log
To implement the solution execute the following steps
1 Set the profile Applications SSO Login Types to Both or LocalThen change the identified User password using the Security User Define form
2 Ignore the message and remember that the password is managed externally
NoteAs long as the table value is EXTERNAL the FNDCPASS utility will display the messages in the log
6 FNDCPASS Fails Changing Database Password APP-FND-02704 APP-FND-01564 ORA-01403
Note It has been reported that the error may occur if the password starts with a number
FNDCPASS apps 0 Y system ORACLE HR HRAPP-FND-02704 Unable to alter user HR to change passwordAPP-FND-01564 ORACLE error 1403 in changepassword
Cause changepassword failed due to ORA-01403 no data found
The SQL statement being executed at the time of the error was and was executed from thefile ampERRFILE
The database profile DEFAULT was changed for the resource PASSWORD_REUSE_MAX
To implement the solution execute the following steps
1 Revert back the resource of the database profile DEFAULT as
FAILED_LOGIN_ATTEMPTS to UNLIMITEDPASSWORD_REUSE_MAX to UNLIMITEDPASSWORD_LOCK_TIME to UNLIMITEDPASSWORD_GRACE_TIME to UNLIMITEDPASSWORD_VERIFY_FUNCTION to NULL
2 Re-run FNDCPASS
NOTE The issue is not always with DEFAULT profile It depends on the profile assigned to the user where thecommand is failing Check this with
select profile from dba_users where username=ltuser with the errorgt
Ex
select profile from dba_users where username=HR
After finding the profile one should set the options for this profile to UNLIMITED AS it is not always the DEFAULT
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 622
profile
7 FNDCPASS Fails With ORA-01017 invalid usernamepassword logon denied
Upgraded to Applications release 120 and database from 10202 to 11106
The database SEC_CASE_SENSITIVE_LOGON parameter defaults to TRUE When this occurs the passwordsensitivity conversion does not occur Passwords that are input as lower case are automatically updated as uppercase
To implement the solution execute the following steps
1 For Applications 11i with database 11g Patch 6372396 is needed which is included in 11iATG_PFHRUP7 (Patch6241631)
WORKAROUND
1 Set the database SEC_CASE_SENSITIVE_LOGON parameter to FALSE in the initora
2 Run autoconfig on the application tiers and bounce the database
8 adpatch Errors The Given ORACLE Password Is Not The Correct Password
FNDCPASS fails with
WorkingAPP-FND-01496 Cannot access application ORACLE password
Cause Application Object Library was unable access your ORACLE password
Action Contact your support representative (USER=TWOODS)APP-FND-01496 Cannot access application ORACLE password
Issue caused by user password corruption which resulted in failure when running FNDCPASS in an attempt to re-encrypt the APPLSYS password
To implement the solution execute the following steps
1 Use FNDCPASS to update each failing User password individually
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE ltoracle usergt ltnew passwordgt
Ex FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE GL GLPASSWORD
2 Rerun FNDCPASS again to successfully alter the APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 722
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
9 APP-FND-01496 Received When Changing The APPLSYS Password With FNDCPASS
APP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The ALTER command was run manually against the APPS user before running FNDCPASS The APPS and APPLSYSuser passwords must be identical
To implement the solution execute the following steps
1 Run the ALTER command against the APPS and APPLSYS users in sqlplus to change back to the old passwords
sqlgtALTER USER APPLSYS IDENTIFIED BY XXX
sqlgtALTER USER APPS IDENTIFIED BY XXX
2 Afterwards run FNDCPASS
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
Note Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
10 Using FNDCPASS With The ALLORACLE Option Why Doesnt It Change All User Passwords
To implement the solution reference the following
Usernames must appear in the FND_USER or FND_ORACLE_USERID tables The FNDCPASS utility and ALLORACLEfunctionality was designed for applications usersschemas
The following username passwords must be manually changed
Account Name--------------------------------ABMAHMAMF
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 822
CSSCUECUNDBSNMPEAAEVMFPTIBAIMTIPDJUNK_PSMDSYSMEODMODM_MTROKBOKOOKROLAPSYSORDPLUGINSORDSYSOUTLNOWAPUBOZPOZSRHXRLASCOTTSSOSDKSYSVEHXNCXNIXNMXNS
alter user XNS identified by password
For IBA IMT IPD ODM_MTR OKB OKO OKR OLAPSYS ABM AHM VEH XNC XNI XNM XNS RHX RLA schemasare part of the 6th category FNDCPASS should not be used
Also development mentioned this
Internal Bug 5394202 ARE1207ALL SCHEMAS PASSWORD NOT GETTING CHANGED FNDCPASS The 38 users listed above do not exist in FND_ORACLE_USERID or FND_USER tables FNDCPASS is not intended to change passwords for users who do not exist in these tables
For the users which are absent in FND_ORACLE_USERID you can change the password using alter command
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 522
select user_id encrypted_foundation_password encrypted_user_passwordfrom fnd_userwhere user_name = User Name from FNDCPASS log
To implement the solution execute the following steps
1 Set the profile Applications SSO Login Types to Both or LocalThen change the identified User password using the Security User Define form
2 Ignore the message and remember that the password is managed externally
NoteAs long as the table value is EXTERNAL the FNDCPASS utility will display the messages in the log
6 FNDCPASS Fails Changing Database Password APP-FND-02704 APP-FND-01564 ORA-01403
Note It has been reported that the error may occur if the password starts with a number
FNDCPASS apps 0 Y system ORACLE HR HRAPP-FND-02704 Unable to alter user HR to change passwordAPP-FND-01564 ORACLE error 1403 in changepassword
Cause changepassword failed due to ORA-01403 no data found
The SQL statement being executed at the time of the error was and was executed from thefile ampERRFILE
The database profile DEFAULT was changed for the resource PASSWORD_REUSE_MAX
To implement the solution execute the following steps
1 Revert back the resource of the database profile DEFAULT as
FAILED_LOGIN_ATTEMPTS to UNLIMITEDPASSWORD_REUSE_MAX to UNLIMITEDPASSWORD_LOCK_TIME to UNLIMITEDPASSWORD_GRACE_TIME to UNLIMITEDPASSWORD_VERIFY_FUNCTION to NULL
2 Re-run FNDCPASS
NOTE The issue is not always with DEFAULT profile It depends on the profile assigned to the user where thecommand is failing Check this with
select profile from dba_users where username=ltuser with the errorgt
Ex
select profile from dba_users where username=HR
After finding the profile one should set the options for this profile to UNLIMITED AS it is not always the DEFAULT
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 622
profile
7 FNDCPASS Fails With ORA-01017 invalid usernamepassword logon denied
Upgraded to Applications release 120 and database from 10202 to 11106
The database SEC_CASE_SENSITIVE_LOGON parameter defaults to TRUE When this occurs the passwordsensitivity conversion does not occur Passwords that are input as lower case are automatically updated as uppercase
To implement the solution execute the following steps
1 For Applications 11i with database 11g Patch 6372396 is needed which is included in 11iATG_PFHRUP7 (Patch6241631)
WORKAROUND
1 Set the database SEC_CASE_SENSITIVE_LOGON parameter to FALSE in the initora
2 Run autoconfig on the application tiers and bounce the database
8 adpatch Errors The Given ORACLE Password Is Not The Correct Password
FNDCPASS fails with
WorkingAPP-FND-01496 Cannot access application ORACLE password
Cause Application Object Library was unable access your ORACLE password
Action Contact your support representative (USER=TWOODS)APP-FND-01496 Cannot access application ORACLE password
Issue caused by user password corruption which resulted in failure when running FNDCPASS in an attempt to re-encrypt the APPLSYS password
To implement the solution execute the following steps
1 Use FNDCPASS to update each failing User password individually
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE ltoracle usergt ltnew passwordgt
Ex FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE GL GLPASSWORD
2 Rerun FNDCPASS again to successfully alter the APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 722
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
9 APP-FND-01496 Received When Changing The APPLSYS Password With FNDCPASS
APP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The ALTER command was run manually against the APPS user before running FNDCPASS The APPS and APPLSYSuser passwords must be identical
To implement the solution execute the following steps
1 Run the ALTER command against the APPS and APPLSYS users in sqlplus to change back to the old passwords
sqlgtALTER USER APPLSYS IDENTIFIED BY XXX
sqlgtALTER USER APPS IDENTIFIED BY XXX
2 Afterwards run FNDCPASS
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
Note Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
10 Using FNDCPASS With The ALLORACLE Option Why Doesnt It Change All User Passwords
To implement the solution reference the following
Usernames must appear in the FND_USER or FND_ORACLE_USERID tables The FNDCPASS utility and ALLORACLEfunctionality was designed for applications usersschemas
The following username passwords must be manually changed
Account Name--------------------------------ABMAHMAMF
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 822
CSSCUECUNDBSNMPEAAEVMFPTIBAIMTIPDJUNK_PSMDSYSMEODMODM_MTROKBOKOOKROLAPSYSORDPLUGINSORDSYSOUTLNOWAPUBOZPOZSRHXRLASCOTTSSOSDKSYSVEHXNCXNIXNMXNS
alter user XNS identified by password
For IBA IMT IPD ODM_MTR OKB OKO OKR OLAPSYS ABM AHM VEH XNC XNI XNM XNS RHX RLA schemasare part of the 6th category FNDCPASS should not be used
Also development mentioned this
Internal Bug 5394202 ARE1207ALL SCHEMAS PASSWORD NOT GETTING CHANGED FNDCPASS The 38 users listed above do not exist in FND_ORACLE_USERID or FND_USER tables FNDCPASS is not intended to change passwords for users who do not exist in these tables
For the users which are absent in FND_ORACLE_USERID you can change the password using alter command
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 622
profile
7 FNDCPASS Fails With ORA-01017 invalid usernamepassword logon denied
Upgraded to Applications release 120 and database from 10202 to 11106
The database SEC_CASE_SENSITIVE_LOGON parameter defaults to TRUE When this occurs the passwordsensitivity conversion does not occur Passwords that are input as lower case are automatically updated as uppercase
To implement the solution execute the following steps
1 For Applications 11i with database 11g Patch 6372396 is needed which is included in 11iATG_PFHRUP7 (Patch6241631)
WORKAROUND
1 Set the database SEC_CASE_SENSITIVE_LOGON parameter to FALSE in the initora
2 Run autoconfig on the application tiers and bounce the database
8 adpatch Errors The Given ORACLE Password Is Not The Correct Password
FNDCPASS fails with
WorkingAPP-FND-01496 Cannot access application ORACLE password
Cause Application Object Library was unable access your ORACLE password
Action Contact your support representative (USER=TWOODS)APP-FND-01496 Cannot access application ORACLE password
Issue caused by user password corruption which resulted in failure when running FNDCPASS in an attempt to re-encrypt the APPLSYS password
To implement the solution execute the following steps
1 Use FNDCPASS to update each failing User password individually
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE ltoracle usergt ltnew passwordgt
Ex FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt ORACLE GL GLPASSWORD
2 Rerun FNDCPASS again to successfully alter the APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 722
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
9 APP-FND-01496 Received When Changing The APPLSYS Password With FNDCPASS
APP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The ALTER command was run manually against the APPS user before running FNDCPASS The APPS and APPLSYSuser passwords must be identical
To implement the solution execute the following steps
1 Run the ALTER command against the APPS and APPLSYS users in sqlplus to change back to the old passwords
sqlgtALTER USER APPLSYS IDENTIFIED BY XXX
sqlgtALTER USER APPS IDENTIFIED BY XXX
2 Afterwards run FNDCPASS
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
Note Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
10 Using FNDCPASS With The ALLORACLE Option Why Doesnt It Change All User Passwords
To implement the solution reference the following
Usernames must appear in the FND_USER or FND_ORACLE_USERID tables The FNDCPASS utility and ALLORACLEfunctionality was designed for applications usersschemas
The following username passwords must be manually changed
Account Name--------------------------------ABMAHMAMF
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 822
CSSCUECUNDBSNMPEAAEVMFPTIBAIMTIPDJUNK_PSMDSYSMEODMODM_MTROKBOKOOKROLAPSYSORDPLUGINSORDSYSOUTLNOWAPUBOZPOZSRHXRLASCOTTSSOSDKSYSVEHXNCXNIXNMXNS
alter user XNS identified by password
For IBA IMT IPD ODM_MTR OKB OKO OKR OLAPSYS ABM AHM VEH XNC XNI XNM XNS RHX RLA schemasare part of the 6th category FNDCPASS should not be used
Also development mentioned this
Internal Bug 5394202 ARE1207ALL SCHEMAS PASSWORD NOT GETTING CHANGED FNDCPASS The 38 users listed above do not exist in FND_ORACLE_USERID or FND_USER tables FNDCPASS is not intended to change passwords for users who do not exist in these tables
For the users which are absent in FND_ORACLE_USERID you can change the password using alter command
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 722
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
9 APP-FND-01496 Received When Changing The APPLSYS Password With FNDCPASS
APP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The ALTER command was run manually against the APPS user before running FNDCPASS The APPS and APPLSYSuser passwords must be identical
To implement the solution execute the following steps
1 Run the ALTER command against the APPS and APPLSYS users in sqlplus to change back to the old passwords
sqlgtALTER USER APPLSYS IDENTIFIED BY XXX
sqlgtALTER USER APPS IDENTIFIED BY XXX
2 Afterwards run FNDCPASS
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt
Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
Note Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
10 Using FNDCPASS With The ALLORACLE Option Why Doesnt It Change All User Passwords
To implement the solution reference the following
Usernames must appear in the FND_USER or FND_ORACLE_USERID tables The FNDCPASS utility and ALLORACLEfunctionality was designed for applications usersschemas
The following username passwords must be manually changed
Account Name--------------------------------ABMAHMAMF
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 822
CSSCUECUNDBSNMPEAAEVMFPTIBAIMTIPDJUNK_PSMDSYSMEODMODM_MTROKBOKOOKROLAPSYSORDPLUGINSORDSYSOUTLNOWAPUBOZPOZSRHXRLASCOTTSSOSDKSYSVEHXNCXNIXNMXNS
alter user XNS identified by password
For IBA IMT IPD ODM_MTR OKB OKO OKR OLAPSYS ABM AHM VEH XNC XNI XNM XNS RHX RLA schemasare part of the 6th category FNDCPASS should not be used
Also development mentioned this
Internal Bug 5394202 ARE1207ALL SCHEMAS PASSWORD NOT GETTING CHANGED FNDCPASS The 38 users listed above do not exist in FND_ORACLE_USERID or FND_USER tables FNDCPASS is not intended to change passwords for users who do not exist in these tables
For the users which are absent in FND_ORACLE_USERID you can change the password using alter command
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 822
CSSCUECUNDBSNMPEAAEVMFPTIBAIMTIPDJUNK_PSMDSYSMEODMODM_MTROKBOKOOKROLAPSYSORDPLUGINSORDSYSOUTLNOWAPUBOZPOZSRHXRLASCOTTSSOSDKSYSVEHXNCXNIXNMXNS
alter user XNS identified by password
For IBA IMT IPD ODM_MTR OKB OKO OKR OLAPSYS ABM AHM VEH XNC XNI XNM XNS RHX RLA schemasare part of the 6th category FNDCPASS should not be used
Also development mentioned this
Internal Bug 5394202 ARE1207ALL SCHEMAS PASSWORD NOT GETTING CHANGED FNDCPASS The 38 users listed above do not exist in FND_ORACLE_USERID or FND_USER tables FNDCPASS is not intended to change passwords for users who do not exist in these tables
For the users which are absent in FND_ORACLE_USERID you can change the password using alter command
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 922
11 Fndcpass Fails with 500 Internal Server Error After Migrating Database From Hp-Ux To Linux
When attempting to log in to a R12 instance after migrating the database from HP to Linux following the steps inNote 4546161 the following error occurs
500 Internal Server ErrororacleappsfndcacheCacheExceptionat oracleappsfndcacheAppsCacheget(AppsCachejava228)
The issue can be reproduced at will by attempting to log in
Password Hash Migration (FNDCPASS USERMIGRATE) done prior to the data migration
The cause of this issue is that the FND_USER_PREFERENCES table did not get exported properly due to passwordhash migration not being covered or accounted for in the existing procedure
To implement the solution reference the following
1 Export of the fnd_user_preferences table separately using
$ exp systemltPWDgt TABLES=(APPLSYSFND_USER_PREFERENCES) COMPRESS=Y DIRECT=YFILE=fnd_user_preferencesdmp LOG=exp_fnd_user_preferenceslog
2 Import the Applications database target 3 Import of the fnd_user_preferences table separately
$ imp systemltPWDgt FILE=fnd_user_preferencesdmp LOG=imp_fnd_user_preferenceslog TABLES=FND_USER_PREFERENCES FROMUSER=APPLSYS IGNORE=Y
4 Reset Advanced Queues ( Note 3622051 - Section 5) 5 Run adgrants (Note 3622031 - After the Database Upgrade) 6 Run adctxprvsql (Note 3622031 - After the Database Upgrade) 7 Compile Invalid Objects running adadmin8 Implement and run Autoconfig ( Note 3622031) 9 Gather Statistics for SYS schema (Note 3622031 - After the Database Upgrade) 10 Create ConText and Spatial Objects (Note 3622051 - Section 5) 11 Compile Invalid Objects (Note 3622051 - Section 5) 12 Maintain Applications database objects (Note 3622051 - Section 5) 13 Restart Applications Server Processes (Note 3622051 - Section 5)
12 FNDCPASS Fails with APP-FND-02702 and APP-FND-02704
Followed Note4568381 and found a number of accounts that are database users with passwords equal todatabase users but those do not seem to be registered as Oracle SchemasUsers
FNDCPASS ends with the following error
APP-FND-02702 ABM is not a valid oracle user
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1022
The list includes ABM AMF CSS CUE CUN EAA EVM FPT IBA IMT IPD ME OKB OKO OKR OZP OZS RHXRLA VEH XNC XNI XNM XNS
Also tried to change password for EDWREP user which is not a Database user but is defined as OracleSchemaUser and FNDCPASS errored with
APP-FND-02704 Unable to alter user EDWREP to change password
To implement the solution reference the following
1 EDWREP is not in the table DBA_USERS nor in FND_USER so there is no password to change for this user as thereis no possible connection to this user This is explained in Orion Note 4312721 EDWREP can be ignored as it is notan Oracle user nor an APPS user ( FND_USER )
2 The list of others users provided ( ABM ) is not in the table fnd_oracle_userid so it cannot be changed withFNDCPASS thats the normal behavior
Note 4619041 explains that ABM is now obsoleted
Some ApplicationsProducts are obsoleted in release 12
cun amf jts xni oko okb ahm imt veh rla rhx ozs ozp iba cue okr fpt xns xnc xnm css me zfa zsa rcmipd evm abm eaa
As obsoleted using the alter command can be used to safely change the password of the above users
13 APP-FND-00434 Unable to Change Password Using FNDCPASS Utility
When attempting to change the password of any applicationdatabase user using FNDCPASS the following erroroccurs
ErrorAPP-FND-00434 AFPRCPFailed to initialize profile option values FDWHOAMI environment variable containsinvalid value 5 for user ID
Step to ReproduceChange password of application user VISION using below FNDCPASS commandFNDCPASS appsapps 0 Y systemmanager USER VISION WELCOME
Seeded application user APPSMGR is not present in FND_USER table USER_ID of application user APPSMGR is5 That is why when you are trying to change the password of any applicationdatabase user using FNDCPASSutility then it errors out with invalid value 5 for user ID (see the error)
To implement the solution please execute the following steps
1 If a backup of the FND_USER table exists then restore the record for USER_ID=5 from the backup table to theexisting FND_USER table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1122
Connect to SQLPLUS as APPS user
SQLgt insert into FND_USER select from FND_USER_BAK where USER_ID=5
Where FND_USER_BAK is backup table of FND_USER table
If a backup of the FND_USER table does not exist then thedata for the APPSMGR user must be inserted using thebelow SQL
Connect to SQLPLUS as APPS user
SQLgt INSERT INTO FND_USER(USER_IDUSER_NAMELAST_UPDATE_DATELAST_UPDATED_BYCREATION_DATECREATED_BYLAST_UPDATE_LOGIN ENCRYPTED_FOUNDATION_PASSWORDENCRYPTED_USER_PASSWORDSESSION_NUMBERSTART_DATEEND_DATEDESCRIPTION)VALUES(5APPSMGRTO_DATE(10272004 60051 PMMMDDYYYY HHMISS PM) 0TO_DATE(0521198760051 PMMMDDYYYY HHMISS PM)10INVALIDINVALID0TO_DATE(01011951 60051 PMMMDDYYYYHHMISS PM)NULLUser for routine maintenance activities scheduled as concurrent requests Should be used for prescheduled requests and for requests submitted at the time of patching applications)
SQLgt Commit
2 Retest the issue
3 Migrate the solution as appropriate to other environments
DO NOT delete any seeded data from any of seeded table For example APPSMGR is a seeded application userand should not delete this record from the FND_USER table Deletion of seeded records from any seeded table isnot supported
14 FNDCPASS Gives APP-FND-01502 Cannot Encrypt Application ORACLE Password
APP-FND-01502 Cannot encrypt application ORACLE passwordApplication Object Library was unable encrypt your ORACLE passwordAction Contact your support representative (ORACLEUSER=APPS_SERV)
The table fnd_oracle_userid contain rows for schemas that does not exist Those rows must be deletedfrom the table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1222
To implement the solution please execute the following steps
1 Execute the following select statement
select from fnd_oracle_useridwhere oracle_username not in
(select username from all_users)
If this returns any rows then delete them
15 Why FNDCPASS Fails With ORA-01005 Using Underscore or Dollar Sign in Passwords
To implement the solution please execute the following steps
Using the Underscore ( _ ) or Dollar Sign ( $ ) as well as Parentheses ( ) and Comma ( ) will cause the followingerror to be generated
Routine AFPCSQ encountered an ORACLE error ORA-01005 null password given logon deniedReview your error messages for the cause of the error (=ltPOINTERgt)
Only alphanumeric characters should be for passwords Bug 5239293 - UNABLE USE THE PUNCTUATION MARK INFNDCPASS UTILITY has been logged to address using special characters such as the _ and $
16 FNDCPASS-CANNOT DECRYPT For Some Users
Getting error messages like
FNDCPASS-CANNOT DECRYPT (USER=CONCURRENT MANAGER)FNDCPASS-CANNOT DECRYPT (USER=ANONYMOUS)FNDCPASS-CANNOT DECRYPT (USER=APPLSYSPUB)
Patch (5846796) was created to fix the fnd_web_secvalidate_password to use the SIGNON_PASSWORD_CASEprofile setting for establishing new password criteria
According to Development Patch 5846796 will not be available standalone
To implement the solution please execute the following steps
1 Customers should apply 11iATG_PFHdelta6 (RUP 6) Patch 5903765 for this issue
WorkaroundThe error messages should disappear setting the System Profile Password Case Option to Insensitive
17 Db Links Are Invalid After Changing The Apps User Password With FNDCPASS
To implement the solution please execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1322
1 Since changing the apps password all the db links should have the new APPS password RunAutoConfig after changing the APPS password and this will update all Please note that there is no need to runautoconfig each time FNDCPASS is run only if changing any of the following users
- APPLSYS- APPS- APPS_MRC- APPLSYSPUB- PORTAL30 amp PORTAL30_SSO (For Oracle Log in Server and Portal 309 with E-Business Suite 11i)
18 Is PASSWORD_VERIFY_FUNCTION Compatible with FNDCPASS in E-Business Suite
To implement the solution please execute the following steps
1 Log a service request requesting to attach it to the existing enhancement Once this is done the service request willbe closed as its unknown when the enhancement will be integrated into Applications
2 Follow Enhancement Request Bug 3363011
19 ORA-29541 Unable to Change Password Using FNDCPASS Utility
Oracle error -29541 ORA-29541 class APPSoracleappsfndsecurityWebSessionManagerProc could not beresolved has been detected in FND_WEB_SECVALIDATE_PASSWORD
To implement the solution please execute the following steps
1 Unzip RDBMS $ORACE_HOMErdbmsjlibservletjar to a temporary location
2 cd to the lttemp locationgtjavaxservlet
loadjava -u sysltsyspwdgt -v -f -r ServletRequestclass
3 cd to the lttemp locationgtjavaxservlethttp
loadjava -u sysltsyspwdgt -v -f -r HttpServletRequestclass
4 If the above load is successful then try to compile the following java classes in this order
69cdcac5_URLTools9bcc02c9_GenericFileManager98ca471e_GenericFileManager7ef1f61b_AppsContextbe1b2bb2_ErrorStack4cc59dc8_AppsException4f323587_DataVerificationExceb3e79110_HTTPData50e4719a_AolSecurity3906534f_WebSessionManagerProc
For example
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1422
SQLgt conn appsappsConnected
SQLgt alter java class 69cdcac5_URLTools resolve
Java altered
5 Retest the issue
20 FNDCPASS Updates FND_USERLAST_LOGON_DATE with SYSDATE
The FND_USERLAST_LOGON_DATE table is getting reset with SYSDATE when FNDCPASS command is run tochange the apps password on the database
Changing APPS APPLSYS and Oracle Apps schema passwords is updating FND_USERLAST_LOGON_DATE forApplication Users
eg FNDCPASS appsltpassgt 0 Y systemltpassgt SYSTEM APPLSYS ltnew passgt
To implement the solution please execute the following steps
1 The official fix is included in RUP7 Patch 6241631
As a workaround please disable the trigger
1 Connect to the apps schema using sqlplus
2 Alter trigger FND_USER_RESET DISABLE
21 Why arent users forced to changereset passwords during next login after runningFNDCPASS
This is expected functionality FNDCPASS does not force the user to reset their passwords during the next log in Users wanting to resetchange their passwords upon change should do so through the FNDSCAUSfmb (Define User)form When a password is changed in the Define User form the user is forced to reset their password
22 FNDCPASS Was Not Able to Decrypt Password for User ABC During APPLSYS PasswordChange
When attempting to run command FNDCPASS appsXXX 0 Y systemXXX SYSTEM APPLSYS XXXthe following error occurs
ERROR-----------------------FNDCPASS was not able to decrypt password for user GCC during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1522
Debug line of code (fnd_preferenceremove) was found in a sql script that ran during the upgrade process -patch115sqlafsecctxsql This causes the error message when run FNDCPASS to change APPS password afterupgrading to 1213
This is justified in Bug 8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILSDECRYPT
To implement the solution please execute the following steps
1 Download and review the readme for Patch 8764069
2 Apply Patch 8764069 in a test environment
3 Confirm the following file versions
ltFND_TOPgtpatch115sqlafsecctxsql 1203120100002
You can use the commands like the following
strings -a $FND_TOP patch115sqlafsecctxsql | grep -i $Header
4 Retest the issue
5 Migrate the solution as appropriate to other environments
WORKAROUND
1 Change password of All Oracle Applications Users (FND_USER) according to Note 4194751 Removing Credentialsfrom a Cloned EBS Production Database
2 Retest the issue
23 FNDCPASS was not able to decrypt password for User Name during APPLSYS passwordchange
The passwords were updated by a method other than the Define User form or FNDCPASS This is NOT supported
To implement the solution please execute the following steps
Re-run FNDCPASS for the specific failed User Name
Examples
FNDCPASS appsltpwdgt 0 Y systemltpasswrdgt ORACLE GL ltNEWPASSWORDgtFNDCPASS appsltpwdgt 0 Y systemltpasswrdgt USER JOEUSER ltNEWPASSWORDgt
24 APP-FND-01496 Results From FNDCPASS Chaning The APPLSYS password
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1622
AFTER manually using the alter user in sqlplus the following error occurs in the log for every application useraccount
ERRORAPP-FND-01496 Cannot access application ORACLE passwordCause Application Object Library was unable access your ORACLE password
The APPLSYS (APPS) password became corrupted using ALTER USER because an applications session was notmaintained at the same time This apps session is necessary to change the APPLSYS password in Securitygt Oraclegt Register WHILE being in SQLPLUS as the SYSTEM user
The supported method is use of FNDCPASS
To implement the solution please execute the following steps
1 Restore the FND_ORACLE_USERID and FND_USER tables from a backup
2 Then run FNDCPASS to change the APPLSYS password Ex
FNDCPASS appsltapps passwordgt 0 Y systemltsystem passwordgt SYSTEM APPLSYS WELCOME
25 APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORD
When attempting to change a user password the error below is generated
APP-FND-1238 Cannot set value for field USERENCRYPTED_USER_PASSWORDReview your error messages (Help -gtDiagnostics -gt Display Database Error ) to see the cause of the error
Encrypted APPLSYS password was corrupted
To implement the solution please execute the following steps
Run FNDCPASS on the database tier and change the APPLSYS password to its original password value
For example
FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS ltnew passwordgt Ex $FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt SYSTEM APPLSYS NEWPASSWORD
NOTE Changing the APPLSYS password automatically changes the APPS password to match as these two must alwaysagree
26 FRM-40200 Changing Users Password With The System Administrator Responsibility
Unable to change a users password with the System Administrator responsibility The password field is notaccessible and the following message appears at the bottom of the window
FRM-40200 Field is protected against update
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1722
The fnd_userencrypted_user_password column = EXTERNAL
In FND_USER if the fnd_userencrypted_user_password column = EXTERNAL then
1 The Change Password menu entry should be disabled on the Forms menu2 The Password field should be disabled on the Users form
This is expected behavior for the column being set to EXTERNAL
To implement the solution please execute the following steps
1 Use FNDCPASS to change the password as required
Example FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER VISION WELCOME
2 Reference Note 3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation
27 Signon Password Failure Limit Is Reached Unlocking Queries
Q1 A user account is locked after Signon Password Failure Limit is reached Can it be unlocked withoutresetting the password
Q2 After the account is locked because of Signon Password Failure Limit can it be automatically unlocked after24hrs (or a set of hrs)
To implement the solution please execute the following step
A1 No To elaborateSignon Password Failure Limit invalidates the user account by updating the fnd_user encrypted password columnswith value INVALID In order to reinstate (unlock) the account these INVALID password values must be again populatedwith encrypted values This ONLY happens when the password is reset
A2 No To elaborateThere is no such automatic functionality within EBusiness Suite Apps to do this The reinstatement (unlocking) of theapplication user account must be done by resetting the password which is done by the administrator either thru theFNDSCAUS (Security gt User gt Define) form or by FNDCPASS
28 APP-FND-02704 APP-FND-01564 ORA-01403 changepassword Errors In Custom Schema
When attempting to modify a custom schemas (XXINT) password with FNDCPASS the following error messageoccurred
APP-FND-02704 Unable to alter user XXINT to change passwordAPP-FND-01564 ORACLE error 1403 in changepasswordCause changepassword failed due to ORA-01403 no data found
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1822
FND does not support case sensitive passwords for ORACLE accounts FND expects database level passwords to bein uppercase The SQL Reference manual under Object Naming Rules states that passwords can only containalphanumeric characters from your databases character set and the characters _ $ and
Using $ and is strongly discouraged
When Hard to Guess functionality is activated the password cannot contain repeating characters (By repeatingcharacters it is meant consecutively repeating characters Hence oracleo passes this criteria while oracleedoes not) The ORACLE password is converted to all upper case internally and then Hard to Guess is validated ifenabled
To implement the solution please execute the following step
Only use single case (upper suggested) passwords for ORACLE passwords If the Hard to Guess functionality isactivated verify that the selected password meets all the requirements
29 FND Invalid Hash mode detected for user_id = ampUSERID When Changing Password
Occurs when1 Go to Navigator Menu Editgt Preference gt Change Password2 Enter Old Password and New PasswordRe-enter password3 Press OK Button
This issue has been fixed in the file fnd srcsecurity fdspwdlc in version 11533This is explained in the following bugBUG 7304220 - 1OFF6658428ATG RUP6115102UNABLE TO RESET PASSWORD AFTER IMPLEMENTING NON-REVERSIBLE HASH PASSWD(FNDCPASS)
To implement the solution please execute the following step
1 Download and review the readme and pre-requisites for Patch 73042202 Ensure that you have taken a backup of your system before applying the recommended patch3 Apply the patch in a test environment4 Please log a Service Request for support to post you the password5 Retest the issue6 Migrate the solution as appropriate to other environments
WORKAROUNDS
1 a The SSWAFramework Preferences page b Security gt Define gt User form
OR
2 FNDCPASS appsltpasswordgt 0 Y systemltpasswordgt USER ltusernamegt ltpasswordgt
30 After 1213 Upgrade FNDCPASS Fails Was Not Able To Decrypt Password For User UsernameDuring Applsys Password Change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 1922
SymptomsIn 1213 When attempting to change password using FNDCPASS the following error is encountered Anothersymptom could be FNDCPASS fails with Unable to connect as applsys
FNDCPASS appsltapps_passwdgt 0 Y systemmanager SYSTEM APPLSYS ltNew Passwdgt
ERRORFNDCPASS was not able to decrypt password for user EDWREP during applsys password changeFNDCPASS was not able to decrypt password for user CTXSYS during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30_SSO during applsys password changeFNDCPASS was not able to decrypt password for user PORTAL30 during applsys password changeFNDCPASS was not able to decrypt password for user XNB during applsys password changeFNDCPASS was not able to decrypt password for user ZFA during applsys password changeFNDCPASS was not able to decrypt password for user ZSA during applsys password changeFNDCPASS was not able to decrypt password for user APPS during applsys password changeFNDCPASS was not able to decrypt password for user APPLSYS during applsys password change
CauseThe cause of this problem has been identified and verified in an unpublished Bug 11845888 After upgrade to 1213apply the Patch 11845888 before changing the password to avoid these problems This fixes the issues in FNDCPASSand issues with username length
To implement the solution please execute the following steps
1 Download and review the readme and pre-requisites for Patch 11845888
2 Ensure that you have taken a backup of your system before applying the recommended patch
3 Apply the patch in a test environment
4 Confirm the following file versions
afspwdo 1205120100008
fdscpwdo 12024120100008
You can use the commands like the following
strings -a $FND_TOPbinFNDCPASS | grep afspwd
strings -a $FND_TOPbinFNDCPASS | grep fdscpwd
5 Retest the issue and migrate to appropriate environments
After the Patch is applied the following errors might still occurThe below messages can be ignored Those areoracle seeded users to be used by the FNDLOAD They do not have login capabilities So it is normal that they areshown in the FNDCPASS log files
FNDCPASS was not able to decrypt password for user INDUSTRY DATA during applsys password change
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2022
FNDCPASS was not able to decrypt password for user ORACLE1200 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1210 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1220 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1230 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1240 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1250 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1260 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1270 during applsys password change FNDCPASS was not able to decrypt password for user ORACLE1280 during applsys password change
FNDCPASS was not able to decrypt password for user ORACLE1290 during applsys password change
120 customers can apply equivalent Patch 11854373
31 APP-FND-01564 ORACLE error 6502 in changepassword
When attempting to run FNDCPASS the following error occurs
ERROR-----------------------FNDCPASS appspwd 0 Y systempwd USER sysadmin pwd
Current system time is 25-JUN-2012 014224+---------------------------------------------------------------------------+
APP-FND-01564 ORACLE error 6502 in changepassword
Cause changepassword failed due to ORA-06502 PLSQL numeric or value error character stringbuffer too smallORA-06512 at APPSFND_WEB_SEC line 1372ORA-06512 at line 1
The SQL statement being executed at the time of the error was begin r =fnd_web_secchange_password(up) end and was executed from the file ampERRFILE
The likely cause for this error is that the profile option value for SIGNON_PASSWORD_CASE is wrongly set toINSENSITIVE it should be set to value 1 Possible values are INSENSITIVE - 1 and SENSITIVE - 2
To check the value of this profile option do the followiing
1 SQLgt select profile_option_idapplication_id from fnd_profile_options whereprofile_option_name=SIGNON_PASSWORD_CASEThen from the profile_option_id returned
2SQLgt select profile_option_valuelevel_idlevel_value from fnd_profile_option_valueswhere profile_option_id=[VALUE RETURNED FROM ABOVE QUERY] and application_id=0
If PROFILE_OPTION_VALUE returned is INSENSITIVE (-1) then execute the following steps
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2122
1 Declarevalue BooleanBeginvalue = FND_PROFILESAVE(SIGNON_PASSWORD_CASE 1 SITE)End
2 Retry the fndcpass
32 Unable To Change APPLSYS Password Using FNDCPASS In Applications 1213
Patch 11845888 delivers a new option that the customer can control whether or not they want to perform the invalid-check The OS variable FND_CHECK_INVALID was created to activateinactivate this new functionality That is whenone runs the FNDCPASS those records are marked so the program will not process the invalid-records again meaningthe next time that FNDCPASS runs it will not show those records in the report To Activate the option set the environment variable before running FNDCPASS
export FND_CHECK_INVALID=TRUE
To Inactivate the option Unset the environment variable before running FNDCPASS
export FND_CHECK_INVALID=FALSE
OR
Comment it out or unset FND_CHECK_INVALID
Diagnostics amp Utilities Community
DiagnosticsPlease access the EbusinessSecurity section on security diagnostics for the latest releases as reflected inDocument 4212451 E-Business Suite Diagnostics References for R12Utilities CommunityVisit the Utilities community for help from industry experts or to share knowledge
BUG8764069 - POST USERMIGRATE TO HASH PASSWORDS AFTER 121 UPG FNDCPASS FAILS DECRYPTNOTE13776701 - After 1213 Upgrade FNDCPASS Fails With Error - Was Not Able To Decrypt Password For UserUsername During Applsys Password ChangeNOTE3036211 - How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node AppsInstallationNOTE3622031 - Oracle Applications Release 11i with Oracle 10g Release 2 (1020)NOTE3622051 - 10g Release 2 ExportImport Process for Oracle Applications Release 11iNOTE4194751 - Removing Credentials from a Cloned EBS Production DatabaseNOTE4312721 - EDWREP And ODM Schemas Does Not Exist In DDA_USERS Table
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY
42913 Document Display
httpssupportoraclecomepmosfacesuikmSearchDocDisplayjspx_adfctrl-state=18dxyccwg2_9 2222
NOTE4372601 - How to Change Applications Passwords using Applications Schema Password Change Utility(FNDCPASS or AFPASSWD)NOTE4546161 - ExportImport Process for Oracle E-Business Suite Release 12 using 10gR2NOTE4568381 - When Running FNDCPASS with ALLORACLE Option Why Doesnt It Change All User PasswordsNOTE4619041 - Can the ABM Schema andor EAA Schema and Objects Be Dropped in R12
NOTE7615671 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for Microsoft Windows
Server (32-bit)NOTE7628941 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX PA-RISC (64-
bit)NOTE7628911 - Oracle E-Business Suite Installation and Upgrade Notes Release 12 (1211) for HP-UX ItaniumBUG12985552 - FNDCPASS WAS NOT ABLE TO DECRYPT PASSWORD FOR USER USERNAME DURING APPLSYS PASBUG12365915 - NOT ABLE TO CHANGE APPLSYS PASSWORD USING FNDCPASS IN R1213NOTE4212451 - E-Business Suite Diagnostics References for R12
BUG5239293 - UNABLE USE THE PUNCTUATION MARK IN FNDCPASS UTILITY