Some engineers think it's just a single step to change the
weblogic admin user password from console under realm option, but it's not
really a single step because if you do change the admin user password from
console only then you would able to logout with existing session and login with
new password but you would not able start your server once you will brought it
down untill and unless you will do some more workaround which is the part of
weblogic admin user password change procedure.
if you will only change the admin user password from console
and after that try to start your admin server you will get below error
*********************************************************************************
hentication denied: Boot identity not valid; The user name
and/or password from the boot identity file (boot.properties) is not valid. The
boot identity may hav
e been changed since the boot identity file was created.
Please edit and update the boot identity file with the proper values of
username and password. The firs
t time the updated boot identity file is used to start the
server, these new values are encrypted.
weblogic.security.SecurityInitializationException:
Authentication denied: Boot identity not valid; The user name and/or password
from the boot identity file (bo
ot.properties) is not valid. The boot identity may have been
changed since the boot identity file was created. Please edit and update the
boot identity file wit
h the proper values of username and password. The first time
the updated boot identity file is used to start the server, these new values
are encrypted. at
weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:959)at
weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at
weblogic.security.SecurityService.start(SecurityService.java:141)
at
weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see
log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException:
[Security:090304]Authentication Failed: User weblogic
javax.security.auth.login.FailedLoginException:
[Security:090302]Authentication Failed: User
weblogic denied
at
weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at
com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
*********************************************************************************
To avoid this you have to update the admin server
boot.properties file also
So, here is the procedure to change the weblogic admin user
password
Part A.
Login to admin
console
Under Domain Structure, select “Security Realms” option
Click on “myrealm”
Click on tab “Users and Groups"
Click on your admin user
Click on the Passwords tab
Update the password
Part B.
Logout and login again with new password to make sure you
are able to login with new password. ( if you are not able login with new
password then it means you have updated something else and trying with
something else :) )
Ok, now
1. Stop your admin server
2. Go to your_domain/servers/you_admin_server/security
directory
3. Take backup of existing boot.properties file
4. Create new boot.properties file with below contents
username=your_admin_user
password=your_new_password
5. Now start your admin server
Wait, its not over, If you have managed servers in your
domain then you have to do some more workaround for them to boot up properly
during next restart
Important :
If you always start your managed servers from console and
never started using command line ( using startManagedserver command ) by you or
by anyone since provisioning ( means setup of
environment ) then you will not see any boot.properties file under your managed
server(s) staging security directory (
your_domain/servers/your_managed_server/security ) and if will try to start
managed servers using script then you will be prompt for username and password
always untill and unless you will create boot.properties manually under
your_domain/servers/your_managed_server/security directory.
If you have changed admin user password ( using the way I
have mentioned above ) then you would able to stop start login admin console
successfully but you will not able to start managed servers once you will stop
them ( you will get same above highlighted exception in logs ) untill and
unless you will do below work around
Workaround - 1
1. Go to
"your_domain/servers/your_managed_server/data" for each managed
server you have
and rename ldap
folder to ldap.old and nodemanager folder to nodemanager.old
2. Start managed server(s) from console
Workaround - 2
if you still getting same authentication exception then
including workaround-1 first step, follow below steps also
1. Change the nodemanager password from admin console also
Login to admin console
Click on your domain name ( on left hand tree under Domain
Structure )
Click on security tab
Click on advance option link
Change "NodeManager Password:"
2. Go to your WL_HOME/common/nodemanager folder and rename
nm_data.properties file as nm_data.properties.old
3. Restart node manager
4. Start your managed servers
No comments:
Post a Comment