Weblogic user password change looks seems pretty easy
process, however many time I have noticed it ended up some problem which leads several
hours troubleshooting.
In this article I just want to list it out password
resetting steps and some precaution which we need do take care to avoid
misleading error messages.
Weblogic user Password resetting effect below components –
1)
AdminServer
2)
MServers
3)
Node Manager
4)
Any other
Oracle product or custom application which using Weblogic user e.g. OEM etc.
The new password which you set must be reflected for each
components, below steps describe password reset steps for these components.
Admin Server and WLS console
The password for WLS console web app which is running inside Admin
Server need to be change at two places in order to work.
1)
At WLS Console password has to be changed.
2)
A new boot.properties file need to be created
with new username and password (Note: this required as AdminServer always get
started using weblogic script only)
Step1:
login to WLS console using weblogic user, go to Security
Realms>>myrealm>>users ad groups>> weblogic
And change the password.
Step2:
cd to $Domain_Home/servers/AdminServer/security
Then move existing boot.properties to some different name
“mv boot.properties boot.properties_bkp”
Create a new file “vi boot.properties” and provide username
and password in clear text as per snap.
Note: For security reason I have colored password
Save the file “!wq” and restart the Admin Server.
MServer password location
WLS MServers picks the password from two different
configuration depending how we are starting Mservers.
1)
Starting MServer using Node Manager
2 )
Starting MServers Using WLS scripts
However many clients does prefer to start the MServers using
Node Manager.
If you are resetting the password of Weblogic user, then
make sure the username and password which Node Manager supply while starting
MServer must need to be changed.
MServer password location using Node Manager
In order to change the Node Manager username and password
while server starting below steps has to be followed-
Step1:
Login into WLS console using weblogic user and go to
domain>>security>>general>> advanced
Change the highlighted part as below snap.
Note: The red
dots are just hiding actual domain name in my environment due to security
reason.
MServer password location WLS Script
If we want to start the Mserver using WLS script command
e.g. “nohup
./startManagedWebLogic.sh WLS_OSB1
http://soa-bpl-srv3:7001 > WLS_OSB1.out 2>&1 &”
In that case we must need to create boot.properties file
with correct credentials inside individual WLS MServer location e.g.
$Domain_home/servers/WLS_OSB1/security/boot.properties
Note: Don’t copy
paste this file from anywhere, always create new file with correct username and
password. If first attempt won’t work then re-create it again with carefully typing
correct username and password.
Also, if you are getting this error “Server subsystem failed. Reason:
weblogic.security.SecurityInitializationException: Authentication denied: Boot
identity not valid”
Then take a backup of “data” folder resides inside e.g. $Domain_home/servers/WLS_OSB1/data and delete
“data” folder, some time because of corrupt LDAP files weblogic does not allow
to boot servers. By deleting data folder it will clean old ldap file and create
new ldap files with new credentials.
The username or password has been refused by WebLogic Server. Please try again
Some time we might see this message in WLS console “The
username or password has been refused by WebLogic Server. Please try again.” While
login even we are supplying correct credentials
If that’s happening then check the AdminServer.out log.
If the log has message like this “<Mar 9, 2015 6:01:33 PM
EST> <Notice> <Security> <BEA-090078> <User weblogic in
security realm myrealm has had 5 invalid login attempts, locking account for 30
minutes.>”
There could be possibility that any other Oracle Product or
Custom Designed script continuously trying to connect with Weblogic using OLD
password as result weblogic user getting locked up.
The environment where I was getting this error, the Oracle
Enterprise manager was keep trying to connect weblogic using weblogic username
and password (old credentials), and keep locking weblogic account.
It’s been bit
puzzled for me but later I have worked out this problem and disabled the
Weblogic Account Lockup configuration or change the password in OEM.
To disable User Lockout configuration go to
$Domain>>security realm >> myrealm>> user Lockout
And untick “Lockout Enabled” option.
I hope following above steps we would be able to reset the Weblogic user credential to new password.
I am getting the same message (The username or password has been refused by Weblogic Server)for my account and not for weblogic account, though I am able to log in to console. Kindly suggest.
ReplyDelete