Tuesday, February 3, 2015

ORA-28001: the password has expired


The weblogic resource exception due to the expired password and weblogic will not start without fixing this issue. The password expired issue is quite generic and to fix this issue we need to follow the certain steps.
Weblogic Versions : 10g

Error Message

weblogic.common.ResourceException: 0:weblogic.common.ResourceException: Could not create pool connection. The DBMS driver exception was: ORA-28001: the password has expired.
        at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1347)
        at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1166)
        at weblogic.common.resourcepool.ResourcePoolImpl.start(ResourcePoolImpl.java:249)
        at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1154)
        at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:154)
        Truncated. see log file for complete stacktrace
Caused By: weblogic.common.ResourceException: weblogic.common.ResourceException: Could not create pool
connection. The DBMS driver exception was: ORA-28001: the password has expired.




Solution Approach:

1.      Database Password Reset
2.      Encrypt newly generated password
3.      Update the new encrypted password in a required xml files.


Step 1: Database Password Reset

1.    Login to Database as a system admin and execute the below steps:

1.1  Check to see if any of the accounts are expired – 

select username, profile, account_status, expiry_date from dba_users;

 
1.2 Dynamically create SQL that will unexpire the expired accounts.  You can unexpired the  account by resetting the password.   NOTE: You will need to substitute <password> for the password you are using for your user. Execute the SQL generated from this query :

select 'ALTER USER ' || username || ' identified by <password>;'  from dba_users where account_status like 'EXPIRED%' and username != 'XS$NULL';


1.3  Dynamically create SQL that will unlock the locked accounts. Execute the SQL generated from this query :


select 'ALTER USER ' || username || ' account unlock;' from dba_users where  account_status like 'LOCKED%' and username != 'XS$NULL';


1.4   Modify the profile assigned to the accounts that you don’t want to expire so the  PASSWORD_LIFE_TIME is set to UNLIMITED.

    alter profile DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED ;



Step 2 : Encrypt newly generated password

2.1  Change directory to your domain's bin folder (For Eg. cd c:\bea\user_projects\domains\mydomain\bin)
2.2  Execute the setDomainEnv script (For Eg. setDomainEnv.cmd)
2.3  Execute java weblogic.security.Encrypt which will prompt for the password and will print the encrypted value in stdout.
2.4  The following are some sample output from running the utility

C:\bea\user_projects\domains\mydomain>java weblogic.security.Encrypt
Password:<enter new password>
{AES}vFuNlOGe3uoBSOi7dHuRjn7bq6JZEUXQAv2fqYS046I=

















2.5   copy the password
















Step 3: Update the new encrypted password in a required xml files

1.   \user_projects\domains\base_domain\config\jdbc and xml document (ex: wlsbjmsrpDataSource-jdbc)



5 comments:

  1. Thanks a lot, it really saved so much time for me to resolve the issue.

    ReplyDelete
  2. Great, thank you! The following doc was also helpful: https://docs.oracle.com/en/cloud/paas/java-cloud/jscug/change-database-schema-password.html#GUID-991072F3-2D5A-44A9-834F-9053AAA04C4D

    ReplyDelete
  3. for all new password ,its necessaury to do : cd /product/u01/weblogic/middleware/oracle_common/common/bin
    ./wlst.sh

    exemple :

    modifyBootStrapCredential(jpsConfigFile='/product/u01/weblogic/middleware/us
    er_projects/domains/YOUR_domain/config/fmwconfig/jps-config-jse.xml',
    username='USESERNAME',password='NEWPASSWD')

    ReplyDelete