Tuesday, May 19, 2009

ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_INITIALIZATION_EXCEPTION

Seems like this week will go to resolve OID issues for us. We had another issue in our dev OID setup, where synchronization with AD is not happening and log says this:
=======================================================
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_INITIALIZATION_EXCEPTION
java.lang.NullPointerException
at oracle.ldap.odip.util.DirUtils.getLastChgNum(DirUtils.java:48)
at oracle.ldap.odip.gsi.LDAPReader.initAvailableChgKey(LDAPReader.java:884)
at oracle.ldap.odip.gsi.LDAPReader.initialise(LDAPReader.java:250)
at oracle.ldap.odip.engine.AgentThread.readerInitialise(AgentThread.java:460)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:509)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:375)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:237)
ActiveChgImp:about to Update exec status
Updated Attributes
orclodipLastExecutionTime: 20090518024937
orclodipConDirLastAppliedChgNum: 0
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: Profile Initialization Failure
============================================================
Metalink note: 276481.1 does help to understand the issue and that is with dipassistance. After checking $ORACLE_HOME/ldap/odi/conf/ActiveChgImp.cfg file we realized the issue. As this is not the correct file. To make is correct. I have to stop our second odiserv instance and disable ActiveChgImp profile from oidadmin.
Once that is done. We again modified the Import Connector profile with correct cfg file. and enable ActiveChgImp profile and start odiserv instance and vola now log file looks better.

Happy Troubleshooting !!!

Monday, May 18, 2009

APP-FND-01564: ORACLE error 31202 in changepassword

We had this issue in our production this morning. Our dedicated sysadmin team were not able to change any user password from frontend. They were receiving following error "ORA-20001: Unable to call fnd_ldap_wrapper.update_user".
Issue came to us and we tried changing via FNDCPASS and in log we saw following message"
===============================================================
APP-FND-01564: ORACLE error 31202 in changepassword
Cause: changepassword failed due to ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials. Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the Administrator to change your password.ORA-06512: at "APPS.FND_LDAP_UTIL",.
The SQL statement being executed at the time of the error was: begin :r := fnd_web_sec.change_password(:u,:p); end; and was executed from the file &ERRFILE.
================================================================
Message was clear that we had some issue with our OID account. Metalink note id 401836.1 helped us to crack this issue. Issue was appsDN password in OID got expired and we have to reset the password. Here is how to resolve this error:

To implement the solution, login to the E-Business Suite database as the 'APPS' user and execute the following steps:
(1) SQL> select fnd_preference.get('#INTERNAL', 'LDAP_SYNCH','USERNAME') Apps_Instance_OID_Account from dual;
Example:
APPS_INSTANCE_OID_ACCOUNT
-------------------------------------------------------------------------------- orclApplicationCommonName="MYAPPSINSTANCE",cn="EBusiness",cn=Products,cn=OracleContext,dc=mycompany,dc=com (2) SQL> select fnd_preference.eget('#INTERNAL', 'LDAP_SYNCH','EPWD','LDAP_PWD') Apps_Password from dual;
Example:
APPS_PASSWORD
-------------------------------------------------------------------------------- mypassword1
(3) Now test the above credentials with ldapbind,
Example:
> ldapbind -h -p -D orclApplicationCommonName="MYAPPSINSTANCE",cn="EBusiness",cn=Products,cn=OracleContext,dc=mycompany,dc=com -w mypassword1 invalid credentials
Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired.
Note: If above returns the same password expired message, then login to oidadmin (Oracle Directory Manager) and expand Entry Management and navigate to the Apps User DN entry expanding backwards on the DN, ie:
+ dc=com
+ dc=mycompany
+ cn=OracleContext
+ cn=Products
+ cn="EBusiness"
+ orclApplicationCommonName="MYAPPSINSTANCE"
And type the same password returned from the sql query on step 2 as value for userpassword attribute, then click Apply.
(4) Then retest the previous ldapbind and it should now work:
> ldapbind -h -p -D orclApplicationCommonName="MYAPPSINSTANCE",cn="EBusiness",cn=Products,cn=OracleContext,dc=mycompany,dc=com -w mypassword1
bind successful

Happy Troubleshooting !!!