Pages

Wednesday, December 27, 2017

How To Change The Weblogic Server Administrator Password


Applies To:

Oracle WebLogic Server - Version 8.1 and later

IF YOU KNOW CURRENT PASSWORD:

Start the Admin Server and log into /console.
Go to page: Home > Summary of Security Realms > myrealm > Users and Groups > weblogic. and click on tab Passwords.
Enter the new Password.
Restart the server.
If you get a weblogic.security.SecurityInitializationException error, perform these additional steps on every Managed Server (or eventually the Admin Server, too):

Go to folder DOMAIN_HOME/servers/AdminServer/security
Edit the boot.properties file and change the password to the value already entered on the Admin Console. Do this for all the servers in the domain.
Start the Admin Server (Weblogic Server will encrypt the password for you).
Optionally, you can force a Managed Server to connect to the embedded LDAP server on the Administration Server, instead of connecting to the local replicated LDAP server. Follow these steps:

Go to page: Domain > Security > Embedded LDAP page on the Admin Console.
Enable MasterFirst.
Restart the server.


IF YOU DON'T KNOW CURRENT PASSWORD:

If you forget your administrative password and cannot boot the server, the following procedure works for the default authenticator using the embedded LDAP server and only if you have not modified the global Admin role, which by default is granted to the Administrators group. For our example, it is assumed that your server name is AdminServer.  Important: Using the weblogic.security.utils.AdminAccount tool creates a new admin user, but you may lose your existing LDAP data, which includes user, groups, and policy data, so backing up your LDAP folder is recommended before executing the steps.


To reset the password, follow these steps:

Make sure Weblogic Server instance is stopped.

Make a backup of the LDAP folder of the admin server as well as managed servers (you may rename those folders):

$WL_HOME/user_projects/domains/$DOMAIN_NAME/servers/$SERVER_NAME/data/ldap

Set your environment variables by running setDomainEnv.sh (UNIX) or setDomainEnv.cmd (Windows). For UNIX only environments do as follows:
. ./setDomainEnv.sh (Notice the space between the dots) located in $DOMAIN_HOME/<servername>/bin

Create a new initialization file for the default authenticator by running the following command that creates a new DefaultAuthenticatorInit.ldift file in the $DOMAIN_HOME/security subdirectory:
java weblogic.security.utils.AdminAccount <tempadmin> <temppassword> $DOMAIN_HOME/security

Remove the initialized status file DefaultAuthenticatormyrealmInit.initialized from the $DOMAIN_HOME/servers/AdminServer/data/ldap/ subdirectory:
cd WL_HOME/user_projects/domains/base_domain/servers/AdminServer/data/ldap
rm DefaultAuthenticatormyrealmInit.initialized

NOTE: In some cases, it has been necessary to delete ldap directory for this process to work.

Go to folder DOMAIN_HOME/servers/AdminServer/security

Edit the boot.properties file and change the password to the value already used on step 5. Do this for all the servers in the domain.

Start Weblogic Server (Weblogic Server will encrypt the password for you).

IMPORTANT:

Keep in mind that we are not just changing the password for the Admin Console, but we are rather changing it for the Admin User (which may connect in many different ways to Admin Server).

Remember to use the new password (once successfully changed), when when connecting to WLST, start the managed servers or using weblogic.Admin utility.


Reference metalink Doc ID 1082299.1

No comments:

Post a Comment