Pages

Tuesday, March 10, 2015

Webogic User password change




Weblogic user password change looks seems pretty easy process, however many time I have noticed it ended up some problem which leads several hours troubleshooting.

In this article I just want to list it out password resetting steps and some precaution which we need do take care to avoid misleading error messages. 

Weblogic user Password resetting effect below components –

1)      AdminServer
2)      MServers
3)      Node Manager
4)      Any other Oracle product or custom application which using Weblogic user e.g. OEM etc.

The new password which you set must be reflected for each components, below steps describe password reset steps for these components.

 

Admin Server and WLS console


The password for WLS console web app which is running inside Admin Server need to be change at two places in order to work. 

1)      At WLS Console password has to be changed.

2)      A new boot.properties file need to be created with new username and password (Note: this required as AdminServer always get started using weblogic script only)

Step1:

login to WLS console using weblogic user, go to Security Realms>>myrealm>>users ad groups>> weblogic

And change the password. 





Step2:
 
cd to $Domain_Home/servers/AdminServer/security

Then move existing boot.properties to some different name 

“mv boot.properties boot.properties_bkp”

Create a new file “vi boot.properties” and provide username and password in clear text as per snap.

 


Note: For security reason I have colored password

 



Save the file “!wq” and restart the Admin Server.

MServer password location


WLS MServers picks the password from two different configuration depending how we are starting Mservers.  

   1)      Starting MServer using Node Manager

2 )      Starting MServers Using WLS scripts

However many clients does prefer to start the MServers using Node Manager. 

If you are resetting the password of Weblogic user, then make sure the username and password which Node Manager supply while starting MServer must need to be changed.

MServer password location using Node Manager


In order to change the Node Manager username and password while server starting below steps has to be followed-

Step1: 

Login into WLS console using weblogic user and go to domain>>security>>general>> advanced

Change the highlighted part as below snap.

Note: The red dots are just hiding actual domain name in my environment due to security reason.






MServer password location WLS Script


If we want to start the Mserver using WLS script command e.g. “nohup ./startManagedWebLogic.sh  WLS_OSB1 http://soa-bpl-srv3:7001 > WLS_OSB1.out 2>&1 &

In that case we must need to create boot.properties file with correct credentials inside individual WLS MServer location e.g. $Domain_home/servers/WLS_OSB1/security/boot.properties

Note: Don’t copy paste this file from anywhere, always create new file with correct username and password. If first attempt won’t work then re-create it again with carefully typing correct username and password. 

Also, if you are getting this error “Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid” 



Then take a backup of “data” folder resides inside e.g.  $Domain_home/servers/WLS_OSB1/data and delete “data” folder, some time because of corrupt LDAP files weblogic does not allow to boot servers. By deleting data folder it will clean old ldap file and create new ldap files with new credentials.

The username or password has been refused by WebLogic Server. Please try again



Some time we might see this message in WLS console “The username or password has been refused by WebLogic Server. Please try again.” While login even we are supplying correct credentials





If that’s happening then check the AdminServer.out log. 

If the log has message like this “<Mar 9, 2015 6:01:33 PM EST> <Notice> <Security> <BEA-090078> <User weblogic in security realm myrealm has had 5 invalid login attempts, locking account for 30 minutes.>”




There could be possibility that any other Oracle Product or Custom Designed script continuously trying to connect with Weblogic using OLD password as result weblogic user getting locked up.

The environment where I was getting this error, the Oracle Enterprise manager was keep trying to connect weblogic using weblogic username and password (old credentials), and keep locking weblogic account.

It’s been bit puzzled for me but later I have worked out this problem and disabled the Weblogic Account Lockup configuration or change the password in OEM. 

To disable User Lockout configuration go to $Domain>>security realm >> myrealm>> user Lockout
And untick “Lockout Enabled” option. 


I hope following above steps we would be able to reset the Weblogic user credential to new password. 



1 comment:

  1. I am getting the same message (The username or password has been refused by Weblogic Server)for my account and not for weblogic account, though I am able to log in to console. Kindly suggest.

    ReplyDelete