Hi,
Jay SenSharma
To know How to Decrypt WebLogic Password ? (click Here)
Many times we want to Alter WebLogic Admin Username and passwords on a Routine Basis…
If you want to Reset The WebLogic Username and Password then Please follow the Steps mentioned Below…(EXACTLY):
Step1). open a Command Prompt and then run “setDomainEnv.sh” or “setDomainEnv.cmd”.
Step2). Just for Safety Take a Backup of (C:bea103user_projectsdomains7001_Domainsecurity*DefaultAuthenticatorInit.ldift*) file …because in the Next Command which we are going to run is going to Create a New File “DefaultAuthenticatorInit.ldift”.
Step3). In the Command Window Move inside your Domain’s Security Directory…And then Run the Following Command:
Example: C:bea103user_projectsdomains7001_Domainsecurity>java weblogic.security.utils.AdminAccount newAdmin newPassword .
Syntax: java weblogic.security.utils.AdminAccount <NewAdminUserName> <NewAdminPassword>
NOTE:- There is a . (DOT) at the end of the Above command which represents the Current Directory. Here you can see that after this command Executes A new “DefaultAuthenticatorInit.ldift” file will be created in the Current Directory.
IMPORTANT STEP [This Step 3-A) U Need Not to Follow If you Already Forgot your Admin Credentials]
Step3-A). Login to Admin Console
Security Realms—> myrealm(Your realm Name)—> Migration(Tab)—> Export (Tab)
Here please provide a Directory location for “Export Directory on Server:” TextBox (Example: C:UserData)
Click on “Save” button…you will find that in the Directory which you have specified you will get :
DefaultAuthenticator.dat
DefaultCredentialMapper.dat
exportIndex.dat
XACMLAuthorizer.dat
XACMLRoleMapper.dat
Step 4). In the Same command prompt Move inside the admin Server folder inside your domain. And then Just remname the “data” folder to something else ….like “data_OLD” this is a way of taking safe backup….
Example: C:bea103user_projectsdomains7001_DomainserversAdminServer> rename data data_OLD
Step 5). Now Similarly rename the boot.properties as well to an other File….
Example: C:bea103user_projectsdomains7001_DomainserversAdminServersecurity> rename boot.properties boot.properties_OLD
Step 6). Make sure that “boot.properties” file exists….If yes then Now start The Admin Server….
While starting it will ask for the UserName and Password to be entered as ..we havenot created any “boot.properties” file at present. But it is always recommended that u create the “boot.properties” file on your own …to prevent WebLogic Prompting you for Admin Username & Passwords while starting the Server.
————> At the End Login to Admin Console with the New Useraname and Password—–> Check the Users in Security realms …you will not find any user with name “weblogic” There….
This is most important Step: Because Sometimes we face this kind of issue if you have provided a Wrong format in your “boot.properties” file there should be NO Special Charachers (UTF or Invisible sharacters) Or NO Space in your “boot.properties” file …except below two Lines:
username=MyAdminUserName password=MyAdminPassword
Please edit this File very carefully….better use Noteopad kind of Simple Editors.
Use “ls” (Unix command) or “dir” Windows Command to Make Sure that the File Extension is “boot.properties” only…and not “boot.properties.txt” or something else.
Note: There should be No Heading Or Trailing SPACE character in these two Lines.
Step 7). To import other User Data back Please do the following:
Login to Admin Console
Security Realms—> myrealm(Your realm Name)—> Migration(Tab)—> Import (Tab)
Now provide the folder Name where u have all the above files:
DefaultAuthenticator.dat
DefaultCredentialMapper.dat
exportIndex.dat
XACMLAuthorizer.dat
XACMLRoleMapper.dat
Enjoy….
Instructions for WebLogic 10.3.1 and above
For WLS 10.3.x And above Make sure that when you reset the Admin Passwords by following the instructions using the command line utility:http://middlewaremagic.com/weblogic/?p=323
Then using the new passwords login to the admin console first and then Security Realm —> myrealm —-> Users & Group (tab) you should reset the the password of the weblogic admin user Again ….AND this time give the same credentials which you reset just now (means the password which you created just now or give a new password)…..Then only the changes of the encrypted passwords will be reflected in the “config.xml” file.
Once the above is done now you should be able to decrypt the password mentioned in the “config.xml” file <node-manager-password-encrypted> tag. using http://middlewaremagic.com/weblogic/?p=5806
=============================
Also if you are facing the following kind of error in your server log and the Server is not coming up …
<Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
Few things in case of above errors:
1). Make sure that your “<DOMAIN_HOME>/servers/<SERVER_NAME>/security/boot.properties” file has the correct clear text Username/passwords.
2). You can also refer to the Step6). mentioned in the above Post to know how to write and override this file.
3). Also in the AdminServer and Managed Server try to rename the “<DOMAIN_HOME>/servers/<SERVER_NAME>/data” directory so that as soon as you will start the Admin Server a new “data” directory will be created with the new Security related files.
.
.
Thanks
Jay SenSharma
December 17th, 2009 on 11:26 pm
Jay,
This solution sounds almost like what I need, but the weblogic which is running on my server does not have an AdminServer directory inside my domain. It is Weblogic 10.3 running on RHEL 5.4. There is just the one domain created with one managed server. Under the domain there is the servers/myServer/data directory, so for step #4 in your instructions, I moved that data directory to dataOLD. And for step #5, I moved servers/myServer/security/boot.properties to bootOLD. Everything else in the instructions matched up with my configuration, but alas, I still got an “Authentication denied” error.
Any thoughts on how I can make this work in my configuration?
Thanks.
December 18th, 2009 on 3:56 am
Hi David,
I think you have made a changes insde your Managed Servers “data” directory.
Just try this :
1). In the Command Window just move inside your domain Directory. and
2). then move inside the /servers
3). As u have mentioned that you have 1-AdminServer(name is different in your case) and 1-Managed Server.
4). rename the “data” folder to somthing else like “data-old” of both the Servers.
5). Same thing you need to do with “security” folder of both the Servers..mentioned in the Step5) of above posting…
Please try above and let me know …if it works ?
Thanks for posting….
December 18th, 2009 on 10:19 pm
Jay,
Thanks for the reply. I got this working, I can start Weblogic now, but the deployment of my application fails, apparently due to an authentication error for a regular user. I guess this makes sense … the domain/servers/myServer/data/ldap directory gets removed before starting Weblogic, which causes myServer to lose any user accounts which it previously had.
Any idea how I can do this without losing my user accounts? Or, is there a way that I can export the user accounts out of the old ldap directory and then import them into the new ldap directory? Of course, I would need to do this using command-line (linux) commands as I can not get into Weblogic with the old ldap directory in place.
Thanks again for your help, Jay.
December 19th, 2009 on 7:31 am
Hi David…
While resetting your Admin UserName and Password…in the
Step 4) before renaming the “data” folder. Please do this…
Login to Admin Console
Security Realms—> myrealm(Your realm Name)—> Migration(Tab)—> Export (Tab)
Here please provide a Directory location for “Export Directory on Server:” TextBox (Example: C:UserData)
Click on “Save” button…you will find that in the Directory which you have specified you will get :
DefaultAuthenticator.dat
DefaultCredentialMapper.dat
exportIndex.dat
XACMLAuthorizer.dat
XACMLRoleMapper.dat
Files are created…. Your UserData is exported Success fully..
————-
Now follow Step 4) 5) and 6) then finally after resetting the passsword Please login to Admin Console and the do the same thing to “Import the UserData back…”
Step7).
Login to Admin Console
Security Realms—> myrealm(Your realm Name)—> Migration(Tab)—> Import (Tab)
Now provide the folder Name where u have all the above files:
DefaultAuthenticator.dat
DefaultCredentialMapper.dat
exportIndex.dat
XACMLAuthorizer.dat
XACMLRoleMapper.dat
And then Click on Save….
Sorry for not mentioning this Very Important Step for Production Boxes…
Thanks for Posting…Keep Posting.
Jay SenSharma
December 19th, 2009 on 7:36 am
I have Updated the Fresh Steps….In RED COLOR the Missing steps are High Lighted…
December 19th, 2009 on 7:43 pm
Thanks Jay. I can not get into work today to try this out, but unless I am mistaken, I believe the additional steps will fail for me right from the beginning … Login to admin console. If I remember correctly from my many attempts over the past two days, the only way that I can get into the Admin console is after I have reset the password AND removed the data directory. If I keep the data directory in place, then I get an authentication error when trying to start Weblogic. I will certainly give these new instructions a try when I get into work next and will post back with what I find.
Thanks once again for the suggestions and instructions.
December 21st, 2009 on 6:40 pm
Ya, as I remembered, I can not get into the Admin console after resetting the password. When I try to start up Weblogic, it fails authentication of the new user/password pair. Once I rename the data directory, then I can start up Weblogic and log into the Admin console; but at that point, my local users are lost. Any idea which exact file under the data directory holds the local user information? I am trying to figure that out now. Perhaps there will be some way for me to incorporate that file (from my old data directory) into the new data directory, with the hope that I will be able to log in with the new admni password and still be able to access the old local user information.
February 13th, 2010 on 12:52 pm
hi Jey
I have executed all the steps successfully, but after changing the password every time when i start admin console it asking to provide new user name and password how to prevent it, I think we need to make some changes in boot.properties please let me know the answer, As iam completely new for the weblogic, actually iam IIS admin i would like to work on weblogic too, So please help me regarding this Please mail at bheemabharath@gmail.com
Thanks
Bharath Kumar Bheema
February 13th, 2010 on 6:00 pm
Hi Bharath,
You need to create a fresh “boot.properties” file …Indide your <DOMAIN_HOME>serversAdminServersecurity.
the following two lines entry you need to make in this file…
username=weblogic
password=weblogic
It means boot.properties file will contain only above two lines and nothing else, Here “weblogic” is the Administrators Username and Password which may be different in your case…Please provide there your AdminServer Username & Password. The same file you need to paste in all the ManagedServers “security” folder…If the “security” directory doesn’t exists there then create it.
Keep Posting 🙂
Thanks
Jay SenSharma
March 29th, 2010 on 12:24 pm
Hi Jay
I Just did the same thing , but when i tried to start the Admin server . it is going to force shutdown automatically . iam on windows env.
any Solution
March 29th, 2010 on 12:38 pm
Hi Jagadesh,
Can you please paste the Server Log or STDOUT while server got forcefully shut down…? Which version of webLogic are you using?
The Logs will be really helpful.
Keep Posting 🙂
Thanks
Jay sensharma
April 4th, 2010 on 8:32 am
JFYI: We have a farm of Weblogic domains, so the forgotten password is often an issue. Finally I built a simple service to recover the passwords using more or less the same approach:
Works for 9.2, going to try one 10.x when it comes our way.
May 14th, 2010 on 10:13 pm
hi Jay,
After step 3, when trying to start admin server and navigate to console, i am hitting with following error:
please help….
July 23rd, 2010 on 4:26 pm
Hi Vinoth,
Thanks a lot for sharing the steps with us. It’s really a great point whenever we change the Admin Password..we must do this for Managed Servers.
.
.
Keep Sharing 🙂
Thanks
Jay SenSharma
August 2nd, 2010 on 2:49 pm
Hi Jay,
Before proceeding with these steps to reset my adminServer password , let me explain one thing –
1) Each time when i start AdminServer , I’ll be asked to provide username/password
2) I donot have boot.properties file by default under AdminServer/security , so there’s no question for me to take backup
Now..
I dont want to be asked to provide username/password each time when i start – how?
Now how do i proceed to test whether change password works of not ?
thanks for ur help.
-Arun
August 2nd, 2010 on 3:33 pm
Hi Arun,
If you dont want to be asked to provide username/password each time. Then follow the below instructions.
Step1). move inside “<DOMAIN_HOME>servers<SERVER_NAME>security” directory and then create a “boot.properties” file with following two lines of code: (Suppose your AdminServer username and password both are “weblogic”)
username=weblogic
password=weblogic
Step2). You need to follow Step1). for all your ManagedServers as well as AdminServer.
Step3). Restart your Servers….
Step4). As soon as you will see that the Servers have come up Successfully …please go and check the “boot.properties” file…you will see that the Username & Passwords are Encrypted for security purpose.
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
August 3rd, 2010 on 3:16 pm
Hi Jay,
Just now i’ve created new weblogic domain with production mode , so obviously I’ll be asked to provide username/password while starting the adminServer.
So as you mentioned above with steps , i just followed like :
1) Under servers , and created security folder.
For example in my PC , its like this :-
D:WLS_HOME_103user_projectsdomainsdomain3_prodserversAdminServersecurity
2) Under security folder , I’ve created new txt file named as boot.properties with contents as
username=weblogic
password=weblogic
3) Stopped the AdminServer now..
4) And started again.
But still i was asked to provide username/password while start the server.
Can you help me here??
Let me know if you want me to tell any more information.
Thanks
August 3rd, 2010 on 3:52 pm
Hi Arun,
1). Open a command prompt
2). Move inside “D:WLS_HOME_103user_projectsdomainsdomain3_prodserversAdminServersecurity” directory and then type the “dir” command
3). you will see a file with name “boot.properties.txt” …Please rename this file to “boot.properties”
4). restart your Server
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
August 3rd, 2010 on 4:04 pm
Yeah – that works for me.
Thanks alot Jay.
September 20th, 2010 on 4:34 am
Hi Jay,
I am trying to workout the steps u said to change the password in my local Ubuntu but after i execute the command java weblogic.security.utils.AdminAccount username passwd it is throwing an error as
Exception in thread ” main” java.lang.NoclassDefFound Error: weblogic/security/utils/AdminAccount
caused by : java.lang.classnotfound exception:weblogic.security.utils.adminaccount
at java.net.urlclassloader$1.run(urlclassloader.java:217)
at java.security.acesscontroller.dopriviliged(nativemethod)
could not find main class : weblogic.security.utils.adminaccount.
September 20th, 2010 on 9:30 am
Hi Yadav,
Please make sure that you run “setWLSEnv.cmd” (on WINDOWS) in the same command prompt where you are trying to run “java weblogic.security.utils.AdminAccount username passwd”
If you are using UNIX Based OS then Please make sure that u run the “setWLSEnv.sh” by adding two DOTs separated by a single space …..before the actual script like following : (use ‘cd’ command to move inside the /wlserver_10.3/server/bin) then run the following command…
. ./setWLSEnv.sh
Note: the first DOT represents that set the Environment in the current Shell, AND the second ./ represents execute the script from the current directory.
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
April 24th, 2011 on 9:30 am
Hi,
I have put a boot.properties in my managed server security directory. But when I try to start a managed server using startManagedWeblogic.cmd ms1 t3://adminurl:7001
it still asks me username and password for maanged server in command prompt. What am I missing?
April 24th, 2011 on 12:29 pm
Hi testab,
If you are using WINDOWS then please do run a “dir” inside ManagedServer/security directory to make sure that your File name is “boot.properties” AND NOT the “boot.properties.txt”
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
April 26th, 2011 on 1:07 pm
Hi Jai,
I have tried the same steps to create new admin user and password. I am getting the below error.
=====================================================
Stopping PointBase server…
PointBase server stopped.
Autonomy server stopped.
==========================================
I have deleted every folder under Admin server directory and created a fresh boot.properties file under security directory but no luck. At finally I have updated boot.properties with old credetials, wondering it is working. Means it is still refering old credentials. I am using WLS 10.1 version. Please advise me how to give a fix for this? Thanks.
April 26th, 2011 on 2:04 pm
Hi Rajendra,
few important things here…
Point-1). You need to run the “AdminAccount” utility from inside $DOMAIN_HOMEsecurity directory.
Point-2). Please check the time stamp of the file “DefaultAuthenticatorInit.ldift” in the same directory because the AdminAccount utility creates a new File with the same name in the same directory “$DOMAIN_HOMEsecurity”
Point-3). Also make sure that the following command has a DOT at the end
java weblogic.security.utils.AdminAccount newAdmin newPassword .
NOTE:- There is a . (DOT) at the end of the Above command which represents the Current Directory. Here you can see that after this command Executes A new “DefaultAuthenticatorInit.ldift” file will be created in the Current Directory.
Point-4). After running the AdminAccount command make sure that you check the Time Stamp of the newly created file “DefaultAuthenticatorInit.ldift”
Then you can create a fresh “boot.properties” file inside “DOMAIN_HOME/servers/$SERVER_NAME/security” directory
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
April 26th, 2011 on 2:37 pm
Did the same, listing the below error. I have deleted all the folders in Admin server directory before starting server.
Apr 26, 2011 2:35:46 PM IST> <Server subsystem failed. Reason: weblogic.security.Secu
ityInitializationException: Authentication for user rajwlsadmin denied
eblogic.security.SecurityInitializationException: Authentication for user rajwlsadmin denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
April 26th, 2011 on 2:39 pm
Hi Rajendra,
In that case we would request you to please contact Oracle WebLogic Support. Because the steps mentioned above was tested and worked in WebLogic 10.3.0
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
April 27th, 2011 on 12:13 pm
Hi Jay,
I have tested this scenario again on 11g environment and it is working fine. This machanism wont work on 10.0.0 version as I tested initially on this. Anyway thanks for help.
Regards
Rajendra
April 27th, 2011 on 12:46 pm
Hi Rajendra,
Ideally the same functionality should work fine in WLS10.0 as well…. If it is not working then it means there is something wrong and you must contact Oracle WebLogic Support to get it fixed.
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
April 29th, 2011 on 12:39 pm
Hi team ,
I am trying to change the password of admin ( weblogic ) and this is how I do it :
– Shutdown the whole domain ( admin & manage servers ) and take backup of data , tmp , logs & stage folders in admin & manage servers .
– Under security folder of admin server : eg: usr/appl/bea103/user_projects/domains/test/servers/admin/security : I took a back up pf the existing boot.properties file and create a new boot.properties file with new credentials for admin(weblogic ) account .
– Now I start the admin server using startweblogic.cmd and enter the new credentials to login .
– I open the admin console and search for admin( weblogic ) in security realms and Do I need to change the password in console aswell ?
– What happends to my existing users that are available , Do I need to crate all the users again ?
If I do the change password in this way even on manage servers Will it work ?
Please help me out .
-Kiran
April 29th, 2011 on 2:47 pm
Hi Kiran,
You need not to follow the same steps for Managed Servers …Just remove the old boot.properties from $DOMAIN_HOMEservers$SERVER_NAMEsecurity directory of your managed Servers and just add clear text new username and password there. Restart the servers. The AdminServer propagates the Security Data to the managed Servers.
.
.
Thanks
Jay SenSharma
May 3rd, 2011 on 9:04 am
Hi Jay
thanks for the info .
I have few questions .
-Does the existing users will be cleared off from the domain if i change the password of admin .
-Do i need to change the user password for admin (weblogic ) in admin console ?
-Kiran
May 3rd, 2011 on 10:31 am
Hi Kiran,
Question: Does the existing users will be cleared off from the domain if i change the password of admin ?
Changing Admin Username or password will not impact anything on other existing users of the Domain.
Question: Do i need to change the user password for admin (weblogic ) in admin console ?
After resetting your Admin UserName and password you can login to Admin Console with the Changed Admin UserName and password … After that you can do whatever you want to do like changing your Password or changing other Users password…etc.
Just try all these things in a Test Domain (As these things are simple matter of test and experiment) … You will find all these answers your self 🙁
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
July 26th, 2011 on 6:55 pm
Hi Jay,
we are trying to reset our weblogic console password for all the domains in all the environments. Is there any script to modify the password automatically for all the domains, or do we need to edit that manually for each and every domain. Which is the best way? and what all the things and files do we need take as a backup fo this task?
Thanks,
Pranay.
July 26th, 2011 on 8:57 pm
HI Pranay,
You can use the WLST Script mentioned in the following link to change the Admin UserName & Password for Multiple Domains at one Single ENTER key press.
http://middlewaremagic.com/weblogic/?p=4334
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
July 26th, 2011 on 10:07 pm
Thanks Jay.
And 1 more question, what are the security files do we need to take as a backup to be on safe side.
July 27th, 2011 on 9:52 am
Hi Pranay,
“$DOMAIN_HOME/security” directory contains around 4 files, we should always have a backup of these files.
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
October 5th, 2011 on 1:53 pm
Hi Jay,
In my project….weblogic is running with wlsuser and the system admin team has reset the password for wlsuser…no when I am restarting the weblogic it is not accepting the new password and giving me below error.Can you please help me ?
all the weblogic instances are down currently
October 5th, 2011 on 2:03 pm
Im not able to post the error log here.
weblogic.security.SecurityInitializationException: Authentication for user wlsuser denied
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User wlsuser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User wlsuser denied
October 5th, 2011 on 4:14 pm
Hi Sanjeev,
Seems that the credentials that you are providing are wrong.
Cross check whether the password that you are giving is correct by decrypting the admin password
Procedure to decrypt is provided in the following link
http://middlewaremagic.com/weblogic/?p=5806
October 5th, 2011 on 4:45 pm
Hi Sanjeev,
You can create a new Admin User by following the steps below and start your instances:
To recover the administrator username and pwd in a WebLogic domain: (For WL version 9 and higher)
For example create a userid “adminuser” with a password “weblogic”
1. At the command line, change directory to the domain and run the setEnv script to set the PATH and CLASSPATH.
2. cd /security
3. mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift_BKP
4. run java weblogic.security.utils.AdminAccount adminuser weblogic .
-above command will Create a new DefaultAuthenticatorInit.ldift
Don’t forget to add the “.” it is needed.
4. cd /servers//data/ldap
5. mv DefaultAuthenticatormyrealmInit.initialized DefaultAuthenticatormyrealmInit.initialized_BKP
6. Restart the Admin Server.
7. Login with new username/password
* To change the old admin user identity, log into the admin console and change the password from console.
October 18th, 2011 on 11:04 am
Hi,
Recently I made a few changes in the IP address of the machine which hosts the Active Directory.
Active Directory is configured as a security provider in weblogic, which is set to required in our environment and is on top in the order of authentication providers.
Now after making the changes in the config.xml file, I want to reboot my server but WLS does not let me do so when I tried stopping the server using ./stopWeblogic.sh.
Following is the error:
Connecting to t3://localhost:7001 with userid weblogic …
This Exception occurred at Tue Oct 18 17:00:29 IST 2011.
javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User: weblogic, failed to be authenticated.]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:788)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:682)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:469)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:376)
at weblogic.jndi.Environment.getContext(Environment.java:315)
at weblogic.jndi.Environment.getContext(Environment.java:285)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
Please suggest how do I restart my server!
Thank you.
March 2nd, 2012 on 12:18 am
Hi,
I am trying to adminserver and node but it is throwing this exception:
The WebLogic Server did not start up properly.
Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
Couple of thing has tried for it:
1)I have tried with updating boot.properties. but it is still throwing same error.
2) reset password of boot.properties by weblogic.admin security utility and removed data from ldap. but it is not work either.
3) removed boot.properties. after username / password provided during startweblogic script. It is throwing error message ” “weblogic.security.SecurityInitializationException:Authentication for user1 weblogic denied”
Can you please advise us what can done in order to start server?
March 2nd, 2012 on 1:12 am
Sorry I forget to mention WL version version 8.1 for this issue.
March 13th, 2012 on 5:55 pm
Hi Jay,
I have weblogic 10.3.4.0 hosted in Solaris 10 sparc. and an application that connects to the MS SQL Server 2008. I was able to connect to the database server when the developer defined the connection string with the driver jtds within war file. However when I tried to move it to production and I want to define the connections properties at the App Server, I could not connect to the application successfully. Tried all the drivers listed for MS SQL Server.
I came across one of your post
https://forums.oracle.com/forums/thread.jspa?messageID=3996108
I wonder if you guide me with the integration of jtds-1.2.5.jar with weblogic 10.3.4.0 so I could make a successful connection to the database.
Hope you get my point.
Regards
Andrew
March 13th, 2012 on 6:15 pm
Or more to add, I had successfully created the msssql connection pool and able to ping the mssql server.
However when I access the url and click on some links, i get the following error
“java.sql.SQLException: [FMWGEN][SQLServer JDBC Driver]Object has been closed”
The connection properties in my connection pool is as follows:
jndi name: jdbc/mssql
url: jdbc:weblogic:sqlserver://172.30.1.135:1433
driver class name: weblogic.jdbc.sqlserver.SQLServerDriver
and I am able to test the connection successfully.
this is the DBinclude.jsp file
User Authentication Failed Close & Re Login
User Authentication Failed.Close & Re-Login
<%return;}//if(LOGGEDIN_ENTITY_CODE!=null){
int UserType=0,cnT=0,cntGrp=0;if (LOGGEDIN_ENTITY_CODE.equals("HOSUN") ){UserType=12;}
Connection conI = null;Connection conBiz = null;//String url1 = "jdbc:odbc:BizConnect";
String url = "jdbc:jtds:sqlserver://172.30.1.135:1433/BizConnect";
//Class.forName("net.sourceforge.jtds.jdbc.Driver");
Class.forName("weblogic.jdbc.sqlserver.SQLServerDriver");
//.connections to be made using JNDI..
//Connection con = DriverManager.getConnection(url, "SSISUSER", "SSISUSER");
Connection con = null;
Context ctx = null;
Hashtable evn = new Hashtable();
evn.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
evn.put(Context.PROVIDER_URL,"t3://172.30.0.7:7004"); //jdbc:weblogic:sqlserver://172.30.1.135:1433
ctx = new InitialContext (evn);
DataSource ds =
(DataSource)ctx.lookup("jdbc/mssql");//jdbc/mssql
con = ds.getConnection ();
//Connection con3 = DriverManager.getConnection(url, "SSISUSER", "SSISUSER");
//.
//conI = DriverManager.getConnection(url, "SSISUSER", "SSISUSER");
conI = ds.getConnection ();
//.
//Connection conn = DriverManager.getConnection(url, "SSISUSER", "SSISUSER");
//.
//conBiz = DriverManager.getConnection(url, "SSISUSER", "SSISUSER");
conBiz = ds.getConnection ();
Statement st = con.createStatement();Statement st1 = con.createStatement();
ResultSet rs = null;String req_DOC_SEQ_NO = request.getParameter("req_DOC_SEQ_NO");
String DOC_SEQ_NO = null;Connection ora_conn = null;Statement stmt1 = null,ora_stmt=null;ResultSet rset = null;
//Class.forName("oracle.jdbc.driver.OracleDriver");
Class.forName("oracle.jdbc.OracleDriver");
//.
Context ora_ctx = null;
Hashtable ora_evn = new Hashtable();
ora_evn.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
ora_evn.put(Context.PROVIDER_URL,"t3://172.30.0.7:7004");
ora_ctx = new InitialContext ();
DataSource ora_ds =
(DataSource)ora_ctx.lookup("jdbc/oracle");//jdbc/oracle
ora_conn = ora_ds.getConnection ();
//ora_conn = DriverManager.getConnection("jdbc:oracle:thin:@172.30.0.6:1521:MMFT", "EMLAPTEST", "emlaptest");
stmt1= ora_conn.createStatement();ora_stmt=ora_conn.createStatement();
if(UserType0){
UserType=5;//out.println(“You can Assign the Enquiries.”);
}else{
String Qry1 = “select isnull(count(1),0)Cnt from group_user_detail where username='”+LOGGEDIN_ENTITY_CODE+”‘ ”
+”and Module_name=’76’ “;
ResultSet rs1 = null;rs1 = st1.executeQuery(Qry1);
if(rs1.next()){
cntGrp=rs.getInt(1);
if(cntGrp>0){
UserType=5; //out.println(“You can Assign the Enquiries. Based on Group Master”);
}else{
UserType=4;//out.println(“You Don’t Have Rights to Assign the Enquiries”);
}
}
}
}
}
%>
regards
Andrew.
April 16th, 2012 on 1:22 pm
HI,
My weblogic Admin server is in online. But am not able to open the Console mode through browser.could you please suggest me how to open..
Thanks in Advance.
Regards,
Rajesh Naidu.
August 3rd, 2012 on 4:26 am
Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: User cbdadmin is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions
One more query, All of sudden when i’m trying to restart my weblogic server its throwing up below exceptions related to boot properties. But when i check boot.properties it was not modified and none of admins did any changes on Admin servers. Can someone please explain the possible causes for this kind of scenarios
Hi All, Can someone please help me with the below query its really urgent. I’m trying to reset the Admin username and password by running the java utility as mentioned above but getting the below exception.
java -cp /../../weblogic1031/wlserver_10.3/server/lib/weblogic.jar:$CLASSPATH weblogic.security.utils.AdminAccount username password .
Exception in thread “main” java.lang.UnsupportedClassVersionError: Bad version number in .class file
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at weblogic.security.utils.AdminAccount.setupAdminAccount(AdminAccount.java:126)
at weblogic.security.utils.AdminAccount.main(AdminAccount.java:59)
October 17th, 2012 on 7:53 pm
Hi Joy, I followed your above steps how to restart BI Servers, But I have not done the migration. Is it any way from getting the data back by Import Method..please let me know its very urgent
I am also in the same boat..it saved me a lot..thank you so much…but now Im unable to import my old LDAP users..but I have a copy of DATA Foler.. how to import directory on sever logic without done Export
January 10th, 2013 on 5:00 pm
Hi Jay,
I want to change only the password for my “weblogic” user. Weblogic 10.3 MP5 running on Suse Linux:
-I changed it via the console ( Security realms–>myrealm).
-Then changed the password in the boot.properties file for the AdminServer(/sas/software/config/Lev3/Web/SASDomain/servers/AdminServer/security)
-renamed /sas/software/config/Lev3/Web/SASDomain/servers/AdminServer/data/ldap to ldap_OLD
-Renamed /sas/software/config/Lev3/Web/SASDomain/servers/SASServer1/data.ldap to ldap_OLD
-AdminServer starts but SASServer1(managed server does not start: neither command line nor from console). Same boot identity issue in the logs.
-When I delete the boot.properties from /sas/software/config/Lev3/Web/SASDomain/servers/SASServer1/data/nodemanager and try to start SASServer1 from command linke ( startWebLogicManaged.sh ….) It asks for the username and password, I give username and password (new) and it starts.
For me SASServer1 must start using startWebLogicManaged.sh so I changed the password back to the old one and performed the above steps and now SASServer1 starts.
So I don’t know what additional steps I must perform so that SASServer1 also starts from command line with the new password?
Thanks in advance for your reply.
Regards,
Sunil
December 29th, 2013 on 9:02 pm
Hi Jay,
I have a Solaris environment and I am getting the following error. Please help me:
bash-3.2$ java weblogic.security.utils.AdminAccount weblogicnew weblogicnew123 .
Exception in thread “main” java.lang.NoClassDefFoundError: weblogic/security/utils/AdminAccount
Caused by: java.lang.ClassNotFoundException: weblogic.security.utils.AdminAccount
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
Could not find the main class: weblogic.security.utils.AdminAccount. Program will exit.
I removed the security file from the security folder. But I am still getting this error. Please help me regarding this.
January 6th, 2014 on 7:26 pm
Hi Experts,
Sorry if i posted my query on wrong page.
need your help to make 2 scripts that can stop the managed node and start the managed server.
we have an application running on one Linux Server and we need to stop and start the managed node at 2300 Hrs everyday. so i need a script that can stop and start the managed server, then i will schedule this in cron as a job .
looking forward to hear from you.
thanks
Pankaj
January 8th, 2014 on 12:04 am
Thank you so much for the reply, Rene.
I followed up with the earlier suggestion of your’s by running the command setDomainEnv like . ./setDomainEnv.sh and the command worked magic and created a new file. Thanks for the suggestion. This is an amazing site. Thanks and keep up the good work.
Thanks
Vikas.
January 30th, 2014 on 12:44 am
Hi,
we accidentally changed the default Admin role policy permissions check for users who are members of both default Administrators group and an administrators group in an external LDAP. After saving the changes, we no longer see the roles/ policies/ users and groups on the admin console. we have tried to restart the admin server to see if we can somehow revert the changes, but the admin does not start now.
I tried to manually change the role conditions via wlst, but get a message saying the default admin user “weblogic” does not have permissions to do so.
cmo.setRoleExpression(None,’Admin’,’Grp(Administrators)|Grp(‘amp.labc.weblogic.administrators’)’)
creating a new admin user, with below does not help either and now the admin server is also down.
java weblogic.security.utils.AdminAccount tester12 tester12 .
<Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
weblogic.security.SecurityInitializationException: User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:1010)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Please help !!
January 30th, 2014 on 9:25 pm
I moved the $DOMAIN_HOME/servers/$SERVER_NAME directory and another got created when I tried to start the server. I thought this information was stored either in the aforementioned directory or the $DOMAIN_HOME/security directory, so I copied over the security directory itself from another domain which also has SOA and same admin credentials, still does not work.
We are using 11g with SOA on linux 6.
how else can I change the Admin role policy setting to either a local domain admin or an admin from the external LDAP group but not both?
Thanks in advance for your help.
February 1st, 2014 on 3:09 am
Was able to get into the RDBMS store and change the policy function manually. Thank you.