This discussion is archived
10 Replies Latest reply: Jan 24, 2011 7:41 AM by user179997 RSS

Resloved!  Cheat Sheet - Users' passwords have expired

user179997 Newbie
Currently Being Moderated
Hello all,

I have installed and deployed the Oracle VM templates for HCM 9.1, and have been spinning my wheels for quite some time. Before I give a few details, what I'm hoping for is a list of operations I have to complete after all three images are up and running.

When I attempt to login, I'm getting an error that I've seen all over this forum: "+The site booted with internal default settings, beacuse of: bea.jolt.ServiceException+". I've tried a host of proposed solutions, confirmed network connections and configuration settings (although other than IP settings. host names, ports and DB name, there aren't many to check) and reinstalled the images multiple times. I've been through the documentation for "+Using Oracle VM ...+", "+...Applications Installation Guide+", "+... PeopleTools Installation Guide+", "+Getting Started ...+", etc, but I haven't been able to get anywhere. The reason I'm mentioning all of this is because I believe that I'm missing something so fundamental that nobody thought to mention it, which is why I've resisted for so (too) long before posting here. I've reached the point of trying some of the suggestions for a third and fourth time, which is an indication that it's time to surrender.

Unfortunately, I'm not at work at the moment (which is only unfortunate in the following sense), and so I can't give you specific information from the logs until the morning. I figured that I might get the thread rolling before then. In any event, I've deleted and recreated all three images, and they're waiting to be configured. More details in the morning,

But I would think, barring any network problems, that the images would require the exact sequence of post-installation steps to get everything running and allow a user to log in. I humbly request that you grant me that sequence.

Thanks for your help,

user9975842 (that's my name, please wear it out)

Edited by: user9975842 on Jan 24, 2011 7:44 AM

Edited by: user9975842 on Jan 24, 2011 7:45 AM
  • 1. Re: Cheat Sheet
    user179997 Newbie
    Currently Being Moderated
    Hello again,

    Here's an update of my latest attempt. Note that I typed all SQL commands and log entries, so please forgive any typos.

    Thanks for your help!

    1. Created image Virtual Machine from the OVM_EL5U2_X86_64_HCM91_PVM template, logged on and configured it.


    2. Rebooted, logged on as oracle/oracle.

    I know from a previous post that some of the image's user passwords have expired. I found them with SQL commands A-C and altered them with SQL commands D-K. I realize that this is most likely the cause of my current problem (skip to 6), but this step is necessary as far as I know. I don't know what the users' default passwords are. The example I saw online set each user's password to its username. I know this is the case for PS, and thought it was the case for PEOPLE and SYSADM.

    This is a good place for a few direct questions: Is this step necessary to run the VMs?  Is it documented?  Did it prevent APPDOM from booting because I altered a default password?  If so, what should I have done?

    --------------SQL Commands--------------
    2A. SQL>
         SELECT USERNAME, PROFILE, ACCOUNT_STATUS
         FROM DBA_USERS;

    OUTLN     DEFAULT     OPEN
    SYS     DEFAULT     OPEN
    SYSTEM     DEFAULT     OPEN
    SYSADM     DEFAULT     EXPIRED(GRACE)
    PEOPLE     DEFAULT     EXPIRED(GRACE)
    PS     DEFAULT     EXPIRED(GRACE)
    TSMSYS     DEFAULT     EXPIRED & LOCKED
    DIP     DEFAULT     EXPIRED & LOCKED
    DBSNMP     DEFAULT     EXPIRED & LOCKED
    ORACLE_OCM DEFAULT     EXPIRED & LOCKED
    2B. SQL>
         SELECT RESOURCE_NAME, LIMIT
         FROM DBA_PROFILES
         WHERE PROFILE = "DEFAULT'
         AND RESOURCE_TYPE = 'KERNEL';


    COMPOSITE_LIMIT               UNLIMITED
    SESSIONS_PER_USER          UNLIMITED
    CPU_PER_SESSION               UNLIMITED
    CPU_PER_CALL               UNLIMITED
    LOGICAL_READS_PER_SESSION     UNLIMITED     
    LOGICAL_READS_PER_CALL          UNLIMITED
    IDLE_TIME               UNLIMITED
    CONNECT_TIME               UNLIMITED
    PRIVATE_SGA               UNLIMITED
    2C. SQL>
         SELECT RESOURCE_NAME, LIMIT
         FROM DBA_PROFILES
         WHERE PROFILE = 'DEFAULT'
         AND RESOURCE_TYPE = 'PASSWORD';


    FAILED_LOGIN_ATTEMPTS     10
    PASSWORD_LIFE_TIME     180
    PASSWORD_LIFE_TIME     UNLIMITED
    PASSWORD_RESUE_TIME     UNLIMITED
    PASSWORD_RESUE_MAX     NULL
    PASSWORD_LOCK_TIME     1
    PASSWORD_GRACE_TIME     7
    --------------ALTER DEFAULT PROFILE--------------
    2D. SQL>
         ALTER PROFILE DEFAULT LIMIT
         FAILED_LOGIN_ATTEMPTS     UNLIMITED
         PASSWORD_LIFE_TIME     UNLIMITED
         PASSWORD_LOCK_TIME     UNLIMITED
         PASSWORD_GRACE_TIME     UNLIMITED;
    --------------ALTER EXPIRED USERS--------------
    >
    >
    2E. SQL>
         ALTER USER SYSADM IDENTIFIED BY SYSADM;
    2F. SQL>
         ALTER USER PEOPLE IDENTIFIED BY PEOPLE;
    2G. SQL>
         ALTER USER PS IDENTIFIED BY PS;
    >2H. SQL>
         ALTER USER TSMSYS IDENTIFIED BY TSMSYS
    2I. SQL>
         ALTER USER DIP IDENTIFIED BY DIP;
    >2J. SQL>
         ALTER USER DBSNMP IDENTIFIED BY DBSNMP;
    2K. SQL>
         ALTER USER ORACLE_OCM IDENTIFIED BY ORACLE_OCM;
    --------------------------------------------------------

    3. Started listener.

    4. Started database.

    5. Created images for VM_EL5U2_X86_64_AB85002_HCM91_PVM and OVM_EL5U2_X86_64_PIA85002_PVM.

    6. Logged onto VM_EL5U2_X86_64_AB85002_HCM91_PVM as psadmn2, started psadmin and selected "Application Server", "Administer a Domain", "APPDOM", "Boot this Domain", "Boot (Serial Boot)". This generated the following output:

    INFO: Oracle Tuxedo, Version 10.3.0.0, 64-bit, Patch Level (none)

    Booting admin processes ...
    exec BBL -A
         process id=1653 ... Started.
    1 process started.
    Attaching to bulletin board.

    Attempting to boot ...

    INFO: Oracle Tuxedo, Version 10.3.0.0, 64-bit, Patch Level (none)

    Booting server processes ...

    exec PSWATCHSRV -o ./LOGS/stdout -e ./LOGS/stderr -A -- -ID 123579 -D APPDOM -S PSWATCHSRV :
         process id=1657 ... Started.
    exec PSAPPSRV -o ./LOGS/stdout -e ./LOGS/stderr -s@psappsrv.lst -- -D APPDOM -S PSAPPSRV:
         CMDTUX_CAT:1685: ERROR: Application initialization failure

    tmboot: CMDTUX_CAT:827: ERROR: Fatal error encountered; initiating user error handler

    exec tmshutdown -qy

    ==============ERROR!==============
    Boot attempt encountered errors!, Check the TUXEDO log for details.

    ==============ERROR!==============


    ============================ From APPSRV.LOG ============================
    Begin boot attempt on domain APPDOM
    PeopleTools Release 8.50.02 (Linux) starting. Tuxedo server is APPSRV(99)/1
    Cache Directory being used: /home/psadm2/ps/pt/8.50/appserv/APPDOM/CACHE/PSAPPSRV_1/
    GenMessageBox(0, 0, M): Database Signon: Invalid access ID or password for database signon.
    Server failed to start/
    End boot attempt on domain APPDOM

    ============================ From TUXLOG.121410 ============================
    Begin attempt on domain APPDOM
    TMADMIN_CAT:1330: INFO: Command: boot -A
    12-14-2010: Tuxedo Version 10.3.0.0. 64-bit
    CMDTUX_CAT:1851: INFO: TM_BOOTTIMEOUT is set to 120 seconds
    CMDTUX_CAT:1855: INFO: TM_BOOTPRESUMEDFAIL option is selected
    Tuxedo Version 10.3.0.0, 64-bit, Patch Level (none)
    LIBTUX_CAT:262: INFO: Standard main starting
    LIBTUX_CAT:250: ERROR: tpsvrinit() failed
    tmboot: CMDTUX_CAT:827: ERROR: Fatal error encountered: initiating user error handler
    CMDTUX_CAT:26: INFO: The BBL is exiting system
    End boot attempt on domain APPDOM
  • 2. Re: Cheat Sheet
    Nicolas.Gasparotto Oracle ACE
    Currently Being Moderated
    If that's not late for replying :
    user9975842 wrote:
    ...
    2F. SQL>
         ALTER USER PEOPLE IDENTIFIED BY PEOPLE;
    The password of PEOPLE is peop1e (in lower case with the number one), a wrong people's password may explain the following error you got when starting appdom.
    Booting server processes ...

    exec PSWATCHSRV -o ./LOGS/stdout -e ./LOGS/stderr -A -- -ID 123579 -D APPDOM -S PSWATCHSRV :
         process id=1657 ... Started.
    exec PSAPPSRV -o ./LOGS/stdout -e ./LOGS/stderr -s@psappsrv.lst -- -D APPDOM -S PSAPPSRV:
         CMDTUX_CAT:1685: ERROR: Application initialization failure

    tmboot: CMDTUX_CAT:827: ERROR: Fatal error encountered; initiating user error handler

    exec tmshutdown -qy
    It is not documented, but I already reported it :
    http://gasparotto.blogspot.com/2010/03/psovm-sysadms-password-policy.html


    Nicolas.
  • 3. Please confirm solution for the benefit of others Re: Cheat Sheet
    user179997 Newbie
    Currently Being Moderated
    Thanks for the reply Nicolas,

    It turns out that that's exactly what I did to fix the problem. In fact, I thought I had posted a message similar to yours after I resolved the issue, but apparently, it never went through. (More than likely, I never clicked Submit. I don't know how I'd let myself do that, but it's the most obvious explanation.) I've pasted that message below (I always write posts offline first. This isn't the first time a backup has come in handy.)

    Anyway, I very much appreciate your reply. Here's to a happy new year.

    Thank you again,
    John

    _______________________________________

    Hello all,

    I was able to resolve the issue yesterday by changing the PEOPLE user's password to peop1e.  (The second to last character is a number 1).

    It seems to me that current OVM images will not run until the above changes (in my last post) have been made.  As far as I know, they're not documented anywhere.  A few lines in a README file could reduce 3-4 days of hand-wringing to 3-4 minutes of configuration.

    Please correct me if I'm wrong, but these steps must be necessary 100% of the time in order to get the deployment up and running.  I'm surprised that there aren't a slew of posts about it.   Anyway, could someone please confirm this, for the benefit of others?  Thanks for your help.
  • 4. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
    723876 Explorer
    Currently Being Moderated
    Folks-
    I apologise for the problems encountered as a result of this ambiguity. We'll get this documented in the next version of the templates.
    Not a defence but an explanation, this is one of those things that we would miss in Development because we're so used to seeing people/peop1e that we take it for granted that the '1' is there. Sorry about that.
  • 5. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
    user179997 Newbie
    Currently Being Moderated
    Thanks for the reply. I just wanted to point out that the most important information missing from the documentation is that the accounts for the SYSADM, PEOPLE, PS, TSMSYS, DIP, DBSNMP and ORACLE_OCM users have all expired on the current database image. I had to run the SQL commands above in order to use the VMs.
  • 6. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
    Nicolas.Gasparotto Oracle ACE
    Currently Being Moderated
    Mark,
    I'll join the other poster, peop1e's password is not a real issue, profile with password life time limit is more annoying and not documented.

    Nicolas.
  • 7. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
    723876 Explorer
    Currently Being Moderated
    I'll make sure that this is addressed in the next templates that are released. i.e: anything that is released after beginning February 2011.
  • 9. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
    Nicolas.Gasparotto Oracle ACE
    Currently Being Moderated
    Mark,

    Please, note that it is already fixed within the latest Peoplesoft OVM delivered last week - HCM9.1 on Peopletools 8.51.02 (announced by Greg New version of the PSFT HCM 9.1 OVM
    SYSADM and PEOPLE users have unlimited password life time :
    SQL> select username,account_status,expiry_date,profile
      2  from   dba_users
      3* where username in ('PEOPLE','SYSADM')
    SQL> /
    
    USERNAME                       ACCOUNT_STATUS                   EXPIRY_DATE        PROFILE
    ------------------------------ -------------------------------- ------------------ ------------------------------
    PEOPLE                         OPEN                                                DEFAULT
    SYSADM                         OPEN                                                DEFAULT
    
    SQL> select * from dba_profiles where profile='DEFAULT';
    
    PROFILE                        RESOURCE_NAME                    RESOURCE_TYPE                    LIMIT
    ------------------------------ -------------------------------- -------------------------------- -------------
    DEFAULT                        COMPOSITE_LIMIT                  KERNEL                           UNLIMITED
    DEFAULT                        SESSIONS_PER_USER                KERNEL                           UNLIMITED
    DEFAULT                        CPU_PER_SESSION                  KERNEL                           UNLIMITED
    DEFAULT                        CPU_PER_CALL                     KERNEL                           UNLIMITED
    DEFAULT                        LOGICAL_READS_PER_SESSION        KERNEL                           UNLIMITED
    DEFAULT                        LOGICAL_READS_PER_CALL           KERNEL                           UNLIMITED
    DEFAULT                        IDLE_TIME                        KERNEL                           UNLIMITED
    DEFAULT                        CONNECT_TIME                     KERNEL                           UNLIMITED
    DEFAULT                        PRIVATE_SGA                      KERNEL                           UNLIMITED
    DEFAULT                        FAILED_LOGIN_ATTEMPTS            PASSWORD                         UNLIMITED
    DEFAULT                        PASSWORD_LIFE_TIME               PASSWORD                         UNLIMITED
    DEFAULT                        PASSWORD_REUSE_TIME              PASSWORD                         UNLIMITED
    DEFAULT                        PASSWORD_REUSE_MAX               PASSWORD                         UNLIMITED
    DEFAULT                        PASSWORD_VERIFY_FUNCTION         PASSWORD                         NULL
    DEFAULT                        PASSWORD_LOCK_TIME               PASSWORD                         UNLIMITED
    DEFAULT                        PASSWORD_GRACE_TIME              PASSWORD                         UNLIMITED
    
    16 rows selected.
    Good to see it has been taken in account.

    Nicolas.
  • 10. Re: Please confirm solution for the benefit of others Re: Cheat Sheet
    user179997 Newbie
    Currently Being Moderated
    Thanks everyone. Case closed.
    - John

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points