Troubleshooting errors starting #OID #11g #Oracle #Identity #LDAP

I have an Oracle Identity 11g environment running on VirtualBox 4.0. This is a development environment that I use to test out various installations and configurations. I noticed the other day that I wasn’t able to start the Oracle Internet Directory (OID) instance.

When I checked the log file I can see that I am not able to connect to the Database. By the way, the log that is referenced doesn’t show anything of value. The log that actually contained the error is called: oidmon-0000.log

According to ora-code.com ora-28000 the error means that the user account that is connecting to the database ‘ODS’ is locked.

ORA-28000:	the account is locked
Cause:	The user has entered wrong password consequently for maximum number of times specified by the user’s profile parameter FAILED_LOGIN_ATTEMPTS, or the DBA has locked the account
Action:	Wait for PASSWORD_LOCK_TIME or contact DBA

It’s typically trivial to unlock an account from the sqlplus command line

So, we should be good now. I will try to start the process again.

But now my log shows

So, now I am getting an ORA-01017 error. Which means “Invalid username/password”. So, it seems that the Database doesn’t like the password that OID is supplying to connect to the ODS schema.

I’ll use SQL Developer to try and connect to the database with the ODS user

Interesting, SQL Developer is showing an ORA-28000 error.

Let’s try connecting using SQLPlus …

So, it seems we have a consensus (and yes, I did just include my password in the screenshot … it doesn’t matter)

Let’s see what the database has to say about this user. Make sure you reconnect to the DB as oracle.

Ok, didn’t we just unlock it? Let’s try again …

So, now what is the status?

Hey! This is good right? … the account seems to be open again.

So, let’s try to start OID again.

Ok, this is looking pretty ugly right about now…

… and the account is locked again. So, let’s see if we can figure out why this is happening.

Maybe the wallet that holds the ODS password for OID has become corrupt. We can recreate it using oidpasswd.

Note: Before you run oidpasswd it’s important to have your Oracle environment set up correctly. Here is what I am using (yours may vary):

ORACLE_SID=orcl

ORACLE_BASE=/opt/oracle

ORACLE_INSTANCE=/opt/oracle/Middleware/asisnt_1

ORACLE_HOME=/opt/oracle/Middleware/Oracle_IDM1

MW_HOME=/opt/oracle/Middleware

Now with this output … I have verified the location of the tnsnames.ora file and the information in it … so I am going to assume for the moment that the issue is with the password (at least until I prove otherwise).

Typically, changing the password will unlock the account

But here we are and the account is still locked.

… I am spending some time just fishing around on the Internet and looking around at my system

Wait a second … I wasn’t even thinking about ODSSM …

Change the ODSSM’s password and then unlock ODS.

So, both accounts should now be “OPEN”

Now restart the OIDMON process

What does the log say

Completely different error this time. At least I feel like we are making some progress …

hmmm … if the wallet can’t be read … maybe we can recreate the wallet. Let’s re-run the “create wallet” command that we tried earlier.

Hey! … it was successful this time. So, let’s try starting the OID processes

That was successful!

Now to check the status of the OPMN Processes

All of the OID related processes are now Alive. The ohs1 process is down because I turned it off earlier.