How to change / reset weblogic admin user password
Some engineers think it's just a single step to change the weblogic admin user password from console under realm option, but it's not really a single step because if you do change the admin user password from console only then you would able to logout with existing session and login with new password but you would not able start your server once you will brought it down untill and unless you will do some more workaround which is the part of weblogic admin user password change procedure.
if you will only change the admin user password from console and after that try to start your admin server you will get below error
*********************************************************************************
<Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Aut
hentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may hav
e been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The firs
So, here is the procedure to change the weblogic admin user password
Part A.
Login to admin console
Under Domain Structure, select “Security Realms” option
Click on “myrealm”
Click on tab “Users and Groups"
Click on your admin user
Click on the Passwords tab
Wait, its not over, If you have managed servers in your domain then you have to do some more workaround for them to boot up properly during next restart
Important :
If you have changed admin user password ( using the way I have mentioned above ) then you would able to stop start login admin console successfully but you will not able to start managed servers once you will stop them ( you will get same above highlighted exception in logs ) untill and unless you will do below work around
Workaround - 1
1. Go to "your_domain/servers/your_managed_server/data" for each managed server you have
and rename ldap folder to ldap.old and nodemanager folder to nodemanager.old
2. Start managed server(s) from console
Workaround - 2
if you still getting same authentication exception then including workaround-1 first step, follow below steps also
1. Change the nodemanager password from admin console also
Login to admin console
Click on your domain name ( on left hand tree under Domain Structure )
Click on security tab
Click on advance option link
Change "NodeManager Password:"
2. Go to your WL_HOME/common/nodemanager folder and rename nm_data.properties file as nm_data.properties.old
3. Restart node manager
4. Start your managed servers
Some engineers think it's just a single step to change the weblogic admin user password from console under realm option, but it's not really a single step because if you do change the admin user password from console only then you would able to logout with existing session and login with new password but you would not able start your server once you will brought it down untill and unless you will do some more workaround which is the part of weblogic admin user password change procedure.
if you will only change the admin user password from console and after that try to start your admin server you will get below error
*********************************************************************************
<Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Aut
hentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may hav
e been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The firs
t time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (bo
ot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file wit
h the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted. at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:959)at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User weblogic javax.security.auth.login.FailedLoginException:
[Security:090302]Authentication Failed: User weblogic denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
*********************************************************************************
To avoid this you have to update the admin server boot.properties file also
Login to admin console
Under Domain Structure, select “Security Realms” option
Click on “myrealm”
Click on tab “Users and Groups"
Click on your admin user
Click on the Passwords tab
Update the password
Part B.
Logout and login again with new password to make sure you are able to login with new password. ( if you are not able login with new password then it means you have updated something else and trying with something else :) )
Ok, now
1. Stop your admin server
2. Go to your_domain/servers/you_admin_server/security directory
3. Take backup of existing boot.properties file
4. Create new boot.properties file with below contents
username=your_admin_user
password=your_new_password
5. Now start your admin server
Wait, its not over, If you have managed servers in your domain then you have to do some more workaround for them to boot up properly during next restart
Important :
If you always start your managed servers from console and never started using command line ( using startManagedserver command ) by you or by anyone since provisioning ( means setup of environment ) then you will not see any boot.properties file under your managed server(s) staging security directory ( your_domain/servers/your_managed_server/security ) and if will try to start managed servers using script then you will be prompt for username and password always untill and unless you will create boot.properties manually under your_domain/servers/your_managed_server/security directory.
If you have changed admin user password ( using the way I have mentioned above ) then you would able to stop start login admin console successfully but you will not able to start managed servers once you will stop them ( you will get same above highlighted exception in logs ) untill and unless you will do below work around
Workaround - 1
1. Go to "your_domain/servers/your_managed_server/data" for each managed server you have
and rename ldap folder to ldap.old and nodemanager folder to nodemanager.old
2. Start managed server(s) from console
Workaround - 2
if you still getting same authentication exception then including workaround-1 first step, follow below steps also
1. Change the nodemanager password from admin console also
Login to admin console
Click on your domain name ( on left hand tree under Domain Structure )
Click on security tab
Click on advance option link
Change "NodeManager Password:"
2. Go to your WL_HOME/common/nodemanager folder and rename nm_data.properties file as nm_data.properties.old
3. Restart node manager
4. Start your managed servers
No comments:
Post a Comment