Pages

Monday, February 12, 2018

Steps to Change the APPS, APPLSYS, and APPS_NE Password Using FNDCPASS or AFPASSWD 


Applies To:

Oracle Application Object Library - Version 12.2 and later, Information in this document applies to any platform.

Goal:
What are the steps to change the APPS, APPLSYS, and APPS_NE password using FNDCPASS for E-Business Suite (EBS) 12.2?

Solution:

Whenever using FNDCPASS or AFPASSWD to change the APPS, APPLSYS, and APPS_NE password, one must also perform the following actions:

Important: These steps must be carried out on the run file system. The FND_USER and FND_ORACLE_USERID tables should be backed up before any passwords are changed.

Remove the backups after you have confirmed that the changes are successfully completed. Passwords for all the 3 schemas, APPS, APPLSYS and APPS_NE will be changed together while changing APPLSYS password.

1. Shut down the application tier services using the below script:

$INST_TOP/admin/scripts/adstpall.sh

2. Change the APPLSYS password using

A. FNDCPASS:

Use the below syntax:

FNDCPASS <logon> 0 Y <SYSTEM username>/<SYSTEM password> SYSTEM APPLSYS <new_password>
For example, the following command changes the APPLSYS password to 'WELCOME':

FNDCPASS apps/<appspwd> 0 Y system/manager SYSTEM APPLSYS WELCOME

Example:

[apps@ebs scripts]$ FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS <new_password>
Log filename : L471367.log
Report filename : O471367.out

[apps@ebs scripts]$ vi L471367.log

Note: Please note that you have $FND_TOP/patch/115/sql/ AFSCJAVS.pls file version 120.12.12020000.8 or above before running FNDCPASS on 12.2.X.

Else you need to apply the patch 19127427 : UNABLE TO CHANGE PASSWORD USING FNDCPASS - NO ERRORS IN THE LOG, If not FNDCPASS with fail to change the password.

 B. AFPASSWD:

AFPASSWD is an enhanced version of FNDCPASS, and includes the following features:

• AFPASSWD only prompts for passwords required for the current operation, allowing separation of duties between applications administrators and database

administrators. This also improves interoperability with Oracle Database Vault. In contrast, the FNDCPASS utility currently requires specification of the APPS and the

SYSTEM usernames and corresponding passwords, preventing separation of duties between applications administrators and database administrators.

• When changing a password with AFPASSWD, the user is prompted to enter the new password twice to confirm.

• In Oracle E-Business Suite Release 12.2.3 and higher, you can also use the AFPASSWD utility to migrate Oracle E-Business Suite user passwords to a password hashing scheme.

Note: AFPASSWD can be run from the database tier as well as the application tier. In contrast, FNDCPASS can only be run from the application tier.

Syntax for using AFPASSWD:

AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -s <APPLSYS>

Example:

[apps@ebs scripts]$ AFPASSWD -c apps@PROD -s APPLSYS
Enter the ORACLE password of Application Object Library 'APPSUSER': (Here it will ask old apps password)
Connected successfully to APPS.
Enter the password for your 'SYSTEM' ORACLE schema: (system password of a database user)
Connected successfully to SYSTEM.
Log file: AFPWD_PROD_454358.log ( one new logfile created )
Enter new password for user: (new password)
Verify new password for user: ( retype a new password)
AFPASSWD completed successfully.

NOTE: The steps 3 to 7 are mandatory for both FNDCPASS and AFPASSWD and are only applicable when changing the APPLSYS password. They are not applicable when changing passwords for product schemas like PO, GL etc or the SYSTEM schema.

In the next prepare phase after the password change, ADOP will invoke EBS Domain Configuration to ensure that the WLS datasource on the patch file system will be synchronized with the new APPS password.

3. Run autoconfig with the newly changed password.

4. Start AdminServer using the $INST_TOP/admin/scripts/adadminsrvctl.sh script. Do not start any other application tier services.

5. Change the "apps" password in WLS Datasource as follows:

a. Log in to WLS Administration Console.
b. Click Lock & Edit in Change Center.
c. In the Domain Structure tree, expand Services, then select Data Sources.
d. On the "Summary of JDBC Data Sources" page, select EBSDataSource.
e. On the "Settings for EBSDataSource" page, select the Connection Pool tab.
f. Enter the new password in the "Password" field.
g. Enter the new password in the "Confirm Password" field.
h. Click Save.
i. Click Activate Changes in Change Center.

6. Start all the application tier services using the below script

$INST_TOP/admin/scripts/adstrtal.sh

7. Verify the WLS Datastore changes as follows:

a. Log in to WLS Administration Console.
b. In the Domain Structure tree, expand Services, then select Data Sources.
c. On the "Summary of JDBC Data Sources" page, select EBSDataSource.
d. On the "Settings for EBSDataSource" page, select Monitoring > Testing.
e. Select "oacore_server1".
f. Click Test DataSource
g. Look for the message "Test of EBSDataSource on server oacore_server1 was successful".

8. If Integrated SOA Gateway (ISG) is implemented, repeat the steps for "OAEADataSource". Verify "oafm_cluster*" managed servers are started successfully.

Reference metalink Doc ID 1674462.1

No comments:

Post a Comment