This problem affects all 12c Oracle infrastructures running on Weblogic.
While attempting to start the WebLogic Admin server after
the OPSS schema password is changed, you can run across the following issue.
Caused by:
oracle.security.jps.service.credstore.CredStoreException: JPS-01055: Could not
create credential store instance. Reason
oracle.security.jps.service.policystore.PolicyStoreException: Can not connect
DB with URL [jdbc:oracle:thin:@//<HOSTNAME>:<PORT>/SERVICE NAME]
Caused by:
oracle.security.jps.service.policystore.PolicyStoreException: Can not connect
DB with URL [jdbc:oracle:thin:@//<HOSTNAME>:<PORT>/SERVICE NAME]
Caused by: java.sql.SQLException: ORA-01017: invalid
username/password; logon denied
Solution:
Step 1: Encrypt the new password and update the encrypted password in the OPSS datasource xml file.
-bash-4.2$ cd /u01/app/oracle/admin/dev_domain/aserver/dev_domain/bin/
-bash-4.2$ . setDomainEnv.sh
-bash-4.2$ java weblogic.security.Encrypt
Password:
{AES}IBb1q1YkLlymVhJXdLdvOvJKDTDNU/7fz00IZV3scf=
Update the encrypted password in the below files under
<Domain_home>/config/JDBC
opss-datasource-jdbc.xml
LocalSvcTblDataSource-jdbc.xml
opss-audit-jdbc.xml
opss-auditview-jdbc.xml
WLSSchemaDataSource-jdbc.xml
Step 2: Use the Weblogic scripting tool(WLST) to update the bootstrap credential store with the correct password and username.
Launch WLST
<Oracle_home>/oracle_common/common/bin/wlst.sh
modifyBootStrapCredential(jpsConfigFile='<Domain_home>/config/fmwconfig/jps-config-jse.xml',username='<schema_prefix>_OPSS',password='new_password')
exit()
Step 3:
Start Admin Server by clearing tmp/cache.
