|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle|
RSA Version/Condition: All
|Issue||Attempting to migrate a database that was imported from another system fails with the following error:|
Unable to migrate schema. (class org.jboss.util.NestedSQLException: Could not create connection; - nested throwable: (java.sql.SQLException: ORA-28000: the account is locked
; - nested throwable: (org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: ORA-28000: the account is locked
|Cause||The issue occurs when an imported database has Oracle user accounts that have expired.|
By default, RSA Identity Governance & Lifecycle creates the Oracle application user accounts with an Oracle profile that configures the passwords as non-expiring. The reason for this is to prevent the application from unexpectedly failing when the Oracle account expires. This profile is the ACMPROFILE as documented in the RSA Identity Governance & Lifecycle Database Setup and Management Guide.
Because some corporate environments may have requirements that do not allow non-expiring accounts, the ACMPROFILE profile may be changed to enforce a password expiration date which will cause the Oracle accounts to expire and become inaccessible.
|Resolution||To resolve this issue, the Oracle account status needs to be checked and corrected so that the account is accessible. A good practice would be to check the Oracle account status prior to attempting the database migration to avoid the initial migration failure. |
This may return output similar to the following:
For example, if only the AVUSER account is noted as locked, then the commands would be: