I’ve seen it time and time again. We’d like to change the weblogic user password. We have forgotten / don’t know / someone maliciously changed the password or now we’ve changed the password the servers or node manager won’t start.
I know there are many other documents out there on this issue, but none of them are a one stop shop for how resolve this issue with passwords. I hope to remedy that here.
So how do I change the weblogic user’s password
So, let start with the basic question. I know the current default administrator password and I’d like to change it. Where do I need to go to change the weblogic password?
Within the weblogic console, you can go to: Security Realm -> myrealm > Users and Groups >weblogic -> Passwords.
Once here, change the password, as you would do for every other user.
Of course, this isn’t the only way to change the password, assuming that you know the existing one. There is also a method in WLST, which is very useful, if you want to script the changing of the password.
Armed with our two different methods of changing the password we can move on to configuring the system once the password is reset.
… but now my server won’t start!
Does this error look familiar at this point?
<17-Sep-2012 15:36:23 o’clock BST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User weblogic javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
This is actually pretty straight forward to fix; the boot.properties file needs updating. I’ve written all about this before in a previous post on the WebLogic Server boot.properties file.
… but wait! I don’t know the password. The bofh has been messing with my system!
Then you have a little more work to do. You could visit the friendly app that someone has kindly posted online at http://recover-weblogic-password.appspot.com/. No offence to them, I’m not ready to trust someone that I don’t know, but the FAQ is worth reading.
Another method to recover the weblogic password is to use the code that is supplied by Kenneth. This method uses the boot.properties file to retrieve the original password. I’m pretty sure this method isn’t documented, so someone has been naughty with decompiling the code, I think …
So you don’t like the first method and the boot.properties file is also incorrect, because the password has been changed, don’t despair, not all hope is lost, there are a couple of ways that you can go from here. The first method is that you can use the weblogic.security.utils.AdminAccount method to create a new administrative user. WLS won’t accept the old one, please note!
PLEASE NOTE! Only do this if you are using the LDAP that is shipped with WLS to store the admin user. If you are not, go no further.
- Shut everything down and take a backup of the domain and then delete these files in the $DOMAIN_HOME/servers/AdminServer/data/ldap directory
- Open a command prompt and set your environment variables
- With the $DOMAIN_HOME/security directory, run
java weblogic.security.utils.AdminAccount <<username>> <<admin_password>> .
Don’t forget the “.” at the end, without it, you will get the error “Error: Invalid arguments”.
- Go to $DOMAIN_HOME/servers/AdminServer/security and then edit the boot.properties file, supply the new admin username/password from step 3. This will be needed to be repeated for all the servers in the domain.
- Once this is done, the managed servers will need to be restarted. The following files will need deleted from the $DOMAIN_HOME/servers/<<managed_server_name>>/data/ldap directory
These files store the authentication for the server and are checked before those on the admin server. If they are deleted the server needs to contact the admin server to get a replica.
- Once this is done the boot.properties file needs to be updated, if you are using it to start the server or if you are using node.manager. In the latter case, the boot.properties file can be located under the $DOMAIN_HOME/servers/<<ms>>/data/nodemanager directory.