.
Steps to replicate Issue :
1. Login to OSR (Oracle Service Registry) 11g Control http://servername:7101/registry/uddi/web (7101 is default port for OSR 11g deployed on WebLogic Server)
2. Click on Registry Management -> Click on Account Management
_________________________________
Initialization of accounts has failed. For help please contact the administrator of the registry.
____________________________________
.
.
Setup:
OSR 11g deployed on WebLogic Server with Oracle Database as database repository and Integration with LDAP (OID) as Authentication Provider. For list of supported Application Servers and database for OSR 11g check my post here
.
Possible Reasons for this issue
1.Unable to connect to OSR repository (Database) from applications server (WebLogic in my case)
2. If you have integrated OSR with LDAP server (OID, AD, Sun Directory) for authentication then there could be conflict with ADMIN user in OSR and similar user in LDAP Server.
3. Unable to connect to OID (LDAP) server
.
Where are logs in OSR
There are two main logs install time log ($INSTALL_DIR/log – install.log & setup.log) and run time log (depending on application server on which you deploy OSR). For OSR 11g deployed on WebLogic logs will be at following locations
a)$DOMAIN_HOME/ servers/ osr_server1/ logs/
b)$DOMAIN_HOME/ servers/ osr_server1/ tmp/ _WL_user/ registry/ [random_number]/ public/ serviceRegistry_errorEvents.log & serviceRegistry_logEvents.log
Error in serviceRegistry_errorEvents.log
Checked in logs and following was recorded in Service Registry Error Event Log
_______________
<2010-03-19 08:55:47,778> – <ID1279526140038> <ERROR> <USR4023> account.com.systinet.uddi.account.ldap.LdapBackendImpl – It is impossible to open connection to LDAP server. – EXCEPTION: javax.naming.OperationNotSupportedException: [LDAP: error code 53 – Password Policy Error :9001: cn=orcladmin : Your account is locked. Contact your OID administrator.]
javax.naming.OperationNotSupportedException: [LDAP: error code 53 – Password Policy Error :9001: cn=orcladmin : Your account is locked. Contact your OID administrator.]ERROR: com.systinet.uddi.webui.WebUIRawService – Web Framework exception EXCEPTION: com.systinet.uddi.webui.WebUIException: (18003) UDDI error occurred. javax.servlet.ServletException: com.systinet.uddi.webui.WebUIException: (18003) UDDI error occurred.
at com.systinet.webfw.servlet.WebFilterChain.doFilter(WebFilterChain.java:42)
ERROR: com.systinet.uddi.webui.WebUIRawService –
EXCEPTION: Initialization of accounts has failed. For help please contact the administrator of the registry.
____________________.
Issue Verification
As per logs it was clear that user cn=orcladmin(used for OSR integration ) was locked. To verify I executed ldapbind on OID server.
$ORACLE_HOME/bin/ldapbind -p 389 -D cn=orcladmin -w [orcladmin_password]
ldap_bind: DSA is unwilling to perform
ldap_bind: additional info: Password Policy Error :9001: cn=orcladmin : Your account is locked. Contact your OID administrator.
.
Unlock Superuser (cn=orcladmin) in OID using oidpasswd
OIDPASSWDis command to unlock or reset super user (cn=orcladmin) account in OID. More information here
Run below command in OID node
export ORACLE_INSTANCE=/u01/oracle/fmw11g/oid1
export ORACLE_HOME=/u01/oracle/fmw11g/Oracle_IDM1
$ORACLE_HOME/ldap/bin/oidpasswd connect=[tns_alias] unlock_su_acct=true
.
OIDPASSWD failed
OIDPASSWD command failed with below error
ERROR * gsldpuUnlockSuAccount * ORA-12154:ORA-12154: TNS:could not resolve the connect identifier specified
encountered Error in unlocking OID super user account.
I got similar error even after creating tnsalias in $ORACLE_HOME/network/admin/tnsnames.ora. Finally I found Oracle Support note 882360.1 which suggested that in 11g OID, tns alias is picked up from $ORACLE_INSTANCE/config/tnsnames.ora
Finally issue fixed by “unlocking orcladmin account and restarting WebLogic Server Managed Server (osr_server1) hosting OSR”.
.
.
Related/References Oracle My Support Notes