10 Replies Latest reply: Jan 24, 2011 9:41 AM by user9975842 RSS

    Resloved!  Cheat Sheet - Users' passwords have expired

    user9975842
      Hello all,

      I have installed and deployed the Oracle VM templates for HCM 9.1, and have been spinning my wheels for quite some time. Before I give a few details, what I'm hoping for is a list of operations I have to complete after all three images are up and running.

      When I attempt to login, I'm getting an error that I've seen all over this forum: "+The site booted with internal default settings, beacuse of: bea.jolt.ServiceException+". I've tried a host of proposed solutions, confirmed network connections and configuration settings (although other than IP settings. host names, ports and DB name, there aren't many to check) and reinstalled the images multiple times. I've been through the documentation for "+Using Oracle VM ...+", "+...Applications Installation Guide+", "+... PeopleTools Installation Guide+", "+Getting Started ...+", etc, but I haven't been able to get anywhere. The reason I'm mentioning all of this is because I believe that I'm missing something so fundamental that nobody thought to mention it, which is why I've resisted for so (too) long before posting here. I've reached the point of trying some of the suggestions for a third and fourth time, which is an indication that it's time to surrender.

      Unfortunately, I'm not at work at the moment (which is only unfortunate in the following sense), and so I can't give you specific information from the logs until the morning. I figured that I might get the thread rolling before then. In any event, I've deleted and recreated all three images, and they're waiting to be configured. More details in the morning,

      But I would think, barring any network problems, that the images would require the exact sequence of post-installation steps to get everything running and allow a user to log in. I humbly request that you grant me that sequence.

      Thanks for your help,

      user9975842 (that's my name, please wear it out)

      Edited by: user9975842 on Jan 24, 2011 7:44 AM

      Edited by: user9975842 on Jan 24, 2011 7:45 AM
        • 1. Re: Cheat Sheet
          user9975842
          Hello again,

          Here's an update of my latest attempt. Note that I typed all SQL commands and log entries, so please forgive any typos.

          Thanks for your help!

          1. Created image Virtual Machine from the OVM_EL5U2_X86_64_HCM91_PVM template, logged on and configured it.


          2. Rebooted, logged on as oracle/oracle.

          I know from a previous post that some of the image's user passwords have expired. I found them with SQL commands A-C and altered them with SQL commands D-K. I realize that this is most likely the cause of my current problem (skip to 6), but this step is necessary as far as I know. I don't know what the users' default passwords are. The example I saw online set each user's password to its username. I know this is the case for PS, and thought it was the case for PEOPLE and SYSADM.

          This is a good place for a few direct questions: Is this step necessary to run the VMs?  Is it documented?  Did it prevent APPDOM from booting because I altered a default password?  If so, what should I have done?

          --------------SQL Commands--------------
          2A. SQL>
               SELECT USERNAME, PROFILE, ACCOUNT_STATUS
               FROM DBA_USERS;

          OUTLN     DEFAULT     OPEN
          SYS     DEFAULT     OPEN
          SYSTEM     DEFAULT     OPEN
          SYSADM     DEFAULT     EXPIRED(GRACE)
          PEOPLE     DEFAULT     EXPIRED(GRACE)
          PS     DEFAULT     EXPIRED(GRACE)
          TSMSYS     DEFAULT     EXPIRED & LOCKED
          DIP     DEFAULT     EXPIRED & LOCKED
          DBSNMP     DEFAULT     EXPIRED & LOCKED
          ORACLE_OCM DEFAULT     EXPIRED & LOCKED
          2B. SQL>
               SELECT RESOURCE_NAME, LIMIT
               FROM DBA_PROFILES
               WHERE PROFILE = "DEFAULT'
               AND RESOURCE_TYPE = 'KERNEL';


          COMPOSITE_LIMIT               UNLIMITED
          SESSIONS_PER_USER          UNLIMITED
          CPU_PER_SESSION               UNLIMITED
          CPU_PER_CALL               UNLIMITED
          LOGICAL_READS_PER_SESSION     UNLIMITED     
          LOGICAL_READS_PER_CALL          UNLIMITED
          IDLE_TIME               UNLIMITED
          CONNECT_TIME               UNLIMITED
          PRIVATE_SGA               UNLIMITED
          2C. SQL>
               SELECT RESOURCE_NAME, LIMIT
               FROM DBA_PROFILES
               WHERE PROFILE = 'DEFAULT'
               AND RESOURCE_TYPE = 'PASSWORD';


          FAILED_LOGIN_ATTEMPTS     10
          PASSWORD_LIFE_TIME     180
          PASSWORD_LIFE_TIME     UNLIMITED
          PASSWORD_RESUE_TIME     UNLIMITED
          PASSWORD_RESUE_MAX     NULL
          PASSWORD_LOCK_TIME     1
          PASSWORD_GRACE_TIME     7
          --------------ALTER DEFAULT PROFILE--------------
          2D. SQL>
               ALTER PROFILE DEFAULT LIMIT
               FAILED_LOGIN_ATTEMPTS     UNLIMITED
               PASSWORD_LIFE_TIME     UNLIMITED
               PASSWORD_LOCK_TIME     UNLIMITED
               PASSWORD_GRACE_TIME     UNLIMITED;
          --------------ALTER EXPIRED USERS--------------
          >
          >
          2E. SQL>
               ALTER USER SYSADM IDENTIFIED BY SYSADM;
          2F. SQL>
               ALTER USER PEOPLE IDENTIFIED BY PEOPLE;
          2G. SQL>
               ALTER USER PS IDENTIFIED BY PS;
          >2H. SQL>
               ALTER USER TSMSYS IDENTIFIED BY TSMSYS
          2I. SQL>
               ALTER USER DIP IDENTIFIED BY DIP;
          >2J. SQL>
               ALTER USER DBSNMP IDENTIFIED BY DBSNMP;
          2K. SQL>
               ALTER USER ORACLE_OCM IDENTIFIED BY ORACLE_OCM;
          --------------------------------------------------------

          3. Started listener.

          4. Started database.

          5. Created images for VM_EL5U2_X86_64_AB85002_HCM91_PVM and OVM_EL5U2_X86_64_PIA85002_PVM.

          6. Logged onto VM_EL5U2_X86_64_AB85002_HCM91_PVM as psadmn2, started psadmin and selected "Application Server", "Administer a Domain", "APPDOM", "Boot this Domain", "Boot (Serial Boot)". This generated the following output:

          INFO: Oracle Tuxedo, Version 10.3.0.0, 64-bit, Patch Level (none)

          Booting admin processes ...
          exec BBL -A
               process id=1653 ... Started.
          1 process started.
          Attaching to bulletin board.

          Attempting to boot ...

          INFO: Oracle Tuxedo, Version 10.3.0.0, 64-bit, Patch Level (none)

          Booting server processes ...

          exec PSWATCHSRV -o ./LOGS/stdout -e ./LOGS/stderr -A -- -ID 123579 -D APPDOM -S PSWATCHSRV :
               process id=1657 ... Started.
          exec PSAPPSRV -o ./LOGS/stdout -e ./LOGS/stderr -s@psappsrv.lst -- -D APPDOM -S PSAPPSRV:
               CMDTUX_CAT:1685: ERROR: Application initialization failure

          tmboot: CMDTUX_CAT:827: ERROR: Fatal error encountered; initiating user error handler

          exec tmshutdown -qy

          ==============ERROR!==============
          Boot attempt encountered errors!, Check the TUXEDO log for details.

          ==============ERROR!==============


          ============================ From APPSRV.LOG ============================
          Begin boot attempt on domain APPDOM
          PeopleTools Release 8.50.02 (Linux) starting. Tuxedo server is APPSRV(99)/1
          Cache Directory being used: /home/psadm2/ps/pt/8.50/appserv/APPDOM/CACHE/PSAPPSRV_1/
          GenMessageBox(0, 0, M): Database Signon: Invalid access ID or password for database signon.
          Server failed to start/
          End boot attempt on domain APPDOM

          ============================ From TUXLOG.121410 ============================
          Begin attempt on domain APPDOM
          TMADMIN_CAT:1330: INFO: Command: boot -A
          12-14-2010: Tuxedo Version 10.3.0.0. 64-bit
          CMDTUX_CAT:1851: INFO: TM_BOOTTIMEOUT is set to 120 seconds
          CMDTUX_CAT:1855: INFO: TM_BOOTPRESUMEDFAIL option is selected
          Tuxedo Version 10.3.0.0, 64-bit, Patch Level (none)
          LIBTUX_CAT:262: INFO: Standard main starting
          LIBTUX_CAT:250: ERROR: tpsvrinit() failed
          tmboot: CMDTUX_CAT:827: ERROR: Fatal error encountered: initiating user error handler
          CMDTUX_CAT:26: INFO: The BBL is exiting system
          End boot attempt on domain APPDOM
          • 2. Re: Cheat Sheet
            Nicolas.Gasparotto
            If that's not late for replying :
            user9975842 wrote:
            ...
            2F. SQL>
                 ALTER USER PEOPLE IDENTIFIED BY PEOPLE;
            The password of PEOPLE is peop1e (in lower case with the number one), a wrong people's password may explain the following error you got when starting appdom.
            Booting server processes ...

            exec PSWATCHSRV -o ./LOGS/stdout -e ./LOGS/stderr -A -- -ID 123579 -D APPDOM -S PSWATCHSRV :
                 process id=1657 ... Started.
            exec PSAPPSRV -o ./LOGS/stdout -e ./LOGS/stderr -s@psappsrv.lst -- -D APPDOM -S PSAPPSRV:
                 CMDTUX_CAT:1685: ERROR: Application initialization failure

            tmboot: CMDTUX_CAT:827: ERROR: Fatal error encountered; initiating user error handler

            exec tmshutdown -qy
            It is not documented, but I already reported it :
            http://gasparotto.blogspot.com/2010/03/psovm-sysadms-password-policy.html


            Nicolas.
            • 3. Please confirm solution for the benefit of others Re: Cheat Sheet
              user9975842
              Thanks for the reply Nicolas,

              It turns out that that's exactly what I did to fix the problem. In fact, I thought I had posted a message similar to yours after I resolved the issue, but apparently, it never went through. (More than likely, I never clicked Submit. I don't know how I'd let myself do that, but it's the most obvious explanation.) I've pasted that message below (I always write posts offline first. This isn't the first time a backup has come in handy.)

              Anyway, I very much appreciate your reply. Here's to a happy new year.

              Thank you again,
              John

              _______________________________________

              Hello all,

              I was able to resolve the issue yesterday by changing the PEOPLE user's password to peop1e.  (The second to last character is a number 1).

              It seems to me that current OVM images will not run until the above changes (in my last post) have been made.  As far as I know, they're not documented anywhere.  A few lines in a README file could reduce 3-4 days of hand-wringing to 3-4 minutes of configuration.

              Please correct me if I'm wrong, but these steps must be necessary 100% of the time in order to get the deployment up and running.  I'm surprised that there aren't a slew of posts about it.   Anyway, could someone please confirm this, for the benefit of others?  Thanks for your help.
              • 4. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
                723876
                Folks-
                I apologise for the problems encountered as a result of this ambiguity. We'll get this documented in the next version of the templates.
                Not a defence but an explanation, this is one of those things that we would miss in Development because we're so used to seeing people/peop1e that we take it for granted that the '1' is there. Sorry about that.
                • 5. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
                  user9975842
                  Thanks for the reply. I just wanted to point out that the most important information missing from the documentation is that the accounts for the SYSADM, PEOPLE, PS, TSMSYS, DIP, DBSNMP and ORACLE_OCM users have all expired on the current database image. I had to run the SQL commands above in order to use the VMs.
                  • 6. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
                    Nicolas.Gasparotto
                    Mark,
                    I'll join the other poster, peop1e's password is not a real issue, profile with password life time limit is more annoying and not documented.

                    Nicolas.
                    • 7. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
                      723876
                      I'll make sure that this is addressed in the next templates that are released. i.e: anything that is released after beginning February 2011.
                      • 9. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
                        Nicolas.Gasparotto
                        Mark,

                        Please, note that it is already fixed within the latest Peoplesoft OVM delivered last week - HCM9.1 on Peopletools 8.51.02 (announced by Greg New version of the PSFT HCM 9.1 OVM
                        SYSADM and PEOPLE users have unlimited password life time :
                        SQL> select username,account_status,expiry_date,profile
                          2  from   dba_users
                          3* where username in ('PEOPLE','SYSADM')
                        SQL> /
                        
                        USERNAME                       ACCOUNT_STATUS                   EXPIRY_DATE        PROFILE
                        ------------------------------ -------------------------------- ------------------ ------------------------------
                        PEOPLE                         OPEN                                                DEFAULT
                        SYSADM                         OPEN                                                DEFAULT
                        
                        SQL> select * from dba_profiles where profile='DEFAULT';
                        
                        PROFILE                        RESOURCE_NAME                    RESOURCE_TYPE                    LIMIT
                        ------------------------------ -------------------------------- -------------------------------- -------------
                        DEFAULT                        COMPOSITE_LIMIT                  KERNEL                           UNLIMITED
                        DEFAULT                        SESSIONS_PER_USER                KERNEL                           UNLIMITED
                        DEFAULT                        CPU_PER_SESSION                  KERNEL                           UNLIMITED
                        DEFAULT                        CPU_PER_CALL                     KERNEL                           UNLIMITED
                        DEFAULT                        LOGICAL_READS_PER_SESSION        KERNEL                           UNLIMITED
                        DEFAULT                        LOGICAL_READS_PER_CALL           KERNEL                           UNLIMITED
                        DEFAULT                        IDLE_TIME                        KERNEL                           UNLIMITED
                        DEFAULT                        CONNECT_TIME                     KERNEL                           UNLIMITED
                        DEFAULT                        PRIVATE_SGA                      KERNEL                           UNLIMITED
                        DEFAULT                        FAILED_LOGIN_ATTEMPTS            PASSWORD                         UNLIMITED
                        DEFAULT                        PASSWORD_LIFE_TIME               PASSWORD                         UNLIMITED
                        DEFAULT                        PASSWORD_REUSE_TIME              PASSWORD                         UNLIMITED
                        DEFAULT                        PASSWORD_REUSE_MAX               PASSWORD                         UNLIMITED
                        DEFAULT                        PASSWORD_VERIFY_FUNCTION         PASSWORD                         NULL
                        DEFAULT                        PASSWORD_LOCK_TIME               PASSWORD                         UNLIMITED
                        DEFAULT                        PASSWORD_GRACE_TIME              PASSWORD                         UNLIMITED
                        
                        16 rows selected.
                        Good to see it has been taken in account.

                        Nicolas.
                        • 10. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
                          user9975842
                          Thanks everyone. Case closed.
                          - John