8 Replies Latest reply on Jun 9, 2010 4:13 AM by 430429

    Reset admin password in Weblogic 9.2

    219286
      How do I reset the admin password in Weblogic 9.2?

      I attempted to create a new user with the following:
      java weblogic.security.utils.AdminAccount adminuser weblogic .

      and renaming the boot.properties file, but the server does not start. I get the following error (after starting weblogic and entering in the newly created username/password):

      <Jan 12, 2009 5:51:08 PM MST> <Critical> <WebLogicServer> <BEA-000386> <Server s
      ubsystem failed. Reason: weblogic.security.SecurityInitializationException: Auth
      entication for user adminuser denied
      weblogic.security.SecurityInitializationException: Authentication for user admin user denied

      I feel that I am missing something obvious to reset the admin password. Any help is appreciated
        • 1. Re: Reset admin password in Weblogic 9.2
          Yekki-Oracle
          #=============================================================================
          # Jython Script for displaying de-crypted WebLogic boot.properties files
          #
          # To run, change to a WebLogic domain directory and execute:
          #
          # > /opt/bea/weblogic92/common/bin/wlst.sh ~/myscripts/wlsdecrypt.py (Unix)
          # OR
          # > C:\\bea\\weblogic92\\common\\bin\\wlst.cmd C:\\myscripts\\wlsdecrypt.py (Windows)
          #
          # Add parameter '-?' to the end of the command line to display more help
          #=============================================================================

          import os
          from java.io import FileInputStream
          from java.util import Properties
          from weblogic.management import EncryptionHelper
          from weblogic.security.service import SecurityManager
          from weblogic.security.subject import SubjectManager

          #=============================================================================
          # Main
          #=============================================================================
          def main():
               for arg in sys.argv:
                    if ['-?', '-h', '--help'].count(arg.strip()):
                         printUsageAndExit()

               saltFilePath = os.path.join('security', 'SerializedSystemIni.dat')

               if not os.path.exists(saltFilePath):
                    print "Error: The script must be run from a WebLogic domain direcotry or a directory containing '%s'" % saltFilePath
                    printUsageAndExit()

               try:
                    open(saltFilePath, 'r').close()
               except IOError:
                    print "Error: The file '%s' is not readable - check file permissions" % saltFilePath
                    printUsageAndExit()

               processBootFiles(os.curdir, descryptPropsFile)

          #=============================================================================
          # Decrypt (Note, to encrypt just use: EncryptionHelper.encrypt(text))
          #=============================================================================
          def decrypt(text):
               getKernelIdMethod = SecurityManager.getDeclaredMethod('getKernelIdentity', None)
               getKernelIdMethod.accessible=1
               return EncryptionHelper.decrypt(text, getKernelIdMethod.invoke(SecurityManager, None))

          #=============================================================================
          # Process Boot Files
          #=============================================================================
          def processBootFiles(rootPath, processFunc):
               if not os.path.isdir(rootPath):
                    return

               fileNames = os.listdir(rootPath)

               for fileName in fileNames:
                    path = os.path.join(rootPath, fileName)

                    if os.path.isfile(path):
                         if fileName == 'boot.properties':
                              processFunc(path)
                    elif os.path.isdir(path):
                         processBootFiles(path, processFunc)

          #=============================================================================
          # Decrypt Props File
          #=============================================================================
          def descryptPropsFile(filepath):
               print
               print '----- Decrypting %s -----' % filepath

               try:
                    properties = Properties()
                    file = FileInputStream(filepath)
                    properties.load(file)
                    file.close()

                    for entry in properties.entrySet():
                         print '%s = %s' % (entry.key.strip(), java.lang.String(decrypt(entry.value.strip())))
               except IOError:
                    print "Error: Unable to read file '%s' - check file permissions" % filepath

               print

          #=============================================================================
          # Print Usage And Exit
          #=============================================================================
          def printUsageAndExit():
               print
               print 'wlsdecrypt.py'
               print '-------------'
               print
               print "Jython Script for displaying de-crypted boot.properties files from a WebLogic domain. Before running the script, change directory to the directory that contains a WebLogic domain (or a directory containing 'security/SerializedSystemIni.dat' and one or more associated 'boot.properties' files). Run this script via WLST or directly via the Java/Jython launch command (the latter option requires both 'jython.jar' and 'weblogic.jar' to be added to the classpath)."
               print
               print 'Example Usage:'
               print
               print '> /opt/bea/weblogic92/common/bin/wlst.sh ~/myscripts/wlsdecrypt.py (Unix)'
               print
               print '> C:\\bea\\weblogic92\\common\\bin\\wlst.cmd C:\\myscripts\\wlsdecrypt.py (Windows)'
               print
               exit()


          #
          # Invoke main and end
          #
          main()
          • 2. Re: Reset admin password in Weblogic 9.2
            696977
            Gary,

            Recieving below error while executing the script.

            **wls:/offline> execfile('wlsdecrypt.py')**
            **Traceback (innermost last):**
            **File "<console>", line 1, in ?**
            **File "wlsdecrypt.py", line 24**
            **for arg in sys.argv:**
            **^**
            **SyntaxError: invalid syntax**


            Do we need any properties file, if yes what are the values of that.
            • 3. Re: Reset admin password in Weblogic 9.2
              696977
              To recover the administrator password in a WebLogic domain: (For WL version 9 and higher)

              1. At the command line, change directory to the domain and run the setEnv script to set the PATH and CLASSPATH.
              2. cd <domain_home>/security
              3. mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift_BKP
              4. run java weblogic.security.utils.AdminAccount <tempadmin> <temppassword> ./
              -above command will Create a new DefaultAuthenticatorInit.ldift

              4. cd <domain_home>/servers/<AdminServer>/data/ldap
              5. mv DefaultAuthenticatormyrealmInit.initialized DefaultAuthenticatormyrealmInit.initialized_BKP
              6. Restart the Admin Server.
              7. Login with new username/password

              * To change the old admin user identity, log into the admin console and change the password from console.
              • 4. Re: Reset admin password in Weblogic 9.2
                704795
                This is a very useful thread and definitely works. The above Python code is proper, only that Python requires indentation, and would not work otherwise.
                The reason everyone seems to be having problems running this code is because the intentation is missing. See my modified code below. I have put in </tab> to indicate there indentation should be. Simply replace </tab> with an actual tab using Notepad++, Textpad or a similar text editor. I have also made a little modification as I could not get the username and password to display correctly with the above code. The code has complex path processing in function processBootFiles(rootPath, processFunc) which perhaps misses out on the main boot.properties file, even though its coded in.

                The key is in getting this function to run explicitely: processFunc("./boot.properties"). Please check the paths for your wlst.sh/.cmd installation and ensure that you are currently in the directory with boot.properties file and run a command to call wlst & this script (call it wlsdecrypt.py) from that directory. This will work and indeed display the username & password :-)

                <code>

                #=============================================================================
                # Jython Script for displaying de-crypted WebLogic boot.properties files
                #
                # To run, change to a WebLogic domain directory and execute:
                #
                # > /opt/weblogic/wlsadm/weblogic92/common/bin/wlst.sh ~/home/chordadm/wlsdecrypt.py (Unix)
                # OR
                # > C:\\bea\\weblogic92\\common\\bin\\wlst.cmd C:\\myscripts\\wlsdecrypt.py (Windows)
                #
                # Add parameter '-?' to the end of the command line to display more help
                #=============================================================================

                import os
                from java.io import FileInputStream
                from java.util import Properties
                from weblogic.management import EncryptionHelper
                from weblogic.security.service import SecurityManager
                from weblogic.security.subject import SubjectManager

                #=============================================================================
                # Main
                #=============================================================================
                def main():
                </tab>for arg in sys.argv:
                </tab></tab>if arg.count(arg.strip()):
                </tab></tab></tab>printUsageAndExit()
                </tab>saltFilePath=os.path.join('security', 'SerializedSystemIni.dat')
                </tab>if not os.path.exists(saltFilePath):
                </tab></tab>print "Error: The script must be run from a WebLogic domain direcotry or a directory containing '%s'" % saltFilePath
                </tab></tab>printUsageAndExit()
                </tab>try:
                </tab></tab>open(saltFilePath, 'r').close()
                </tab>except IOError:
                </tab></tab>print "Error: The file '%s' is not readable - check file permissions" % saltFilePath
                </tab></tab>printUsageAndExit()
                </tab>processBootFiles(os.curdir, descryptPropsFile)

                #=============================================================================
                # Decrypt (Note, to encrypt just use: EncryptionHelper.encrypt(text))
                #=============================================================================
                def decrypt(text):
                </tab>getKernelIdMethod = SecurityManager.getDeclaredMethod('getKernelIdentity', None)
                </tab>getKernelIdMethod.accessible=1
                </tab>return EncryptionHelper.decrypt(text, getKernelIdMethod.invoke(SecurityManager, None))

                #=============================================================================
                # Process Boot Files
                #=============================================================================
                def processBootFiles(rootPath, processFunc):
                </tab>if not os.path.isdir(rootPath):
                </tab></tab>return
                </tab>fileNames = os.listdir(rootPath)
                </tab>for fileName in fileNames:
                </tab></tab>path = os.path.join(rootPath, fileName)
                </tab>if os.path.isfile(path):
                </tab></tab>if fileName == 'boot.properties':
                </tab></tab></tab>processFunc(path)
                </tab></tab>elif os.path.isdir(path):
                </tab></tab></tab>processBootFiles(path, processFunc)
                </tab>processFunc("./boot.properties")


                #=============================================================================
                # Decrypt Props File
                #=============================================================================
                def descryptPropsFile(filepath):
                </tab>print
                </tab>print '----- Decrypting %s -----' % filepath
                </tab>try:
                </tab></tab>properties = Properties()
                </tab></tab>file = FileInputStream(filepath)
                </tab></tab>properties.load(file)
                </tab></tab>file.close()
                </tab></tab>for entry in properties.entrySet():
                </tab></tab></tab>print '%s = %s' % (entry.key.strip(), java.lang.String(decrypt(entry.value.strip())))
                </tab>except IOError:
                </tab></tab>print "Error: Unable to read file '%s' - check file permissions" % filepath
                </tab></tab>print

                #=============================================================================
                # Print Usage And Exit
                #=============================================================================
                def printUsageAndExit():
                </tab>print
                </tab>print 'wlsdecrypt.py'
                </tab>print '-------------'
                </tab>print
                </tab>print "Jython Script for displaying de-crypted boot.properties files from a WebLogic domain. Before running the script, change directory to the directory that contains a WebLogic domain (or a directory containing 'security/SerializedSystemIni.dat' and one or more associated 'boot.properties' files). Run this script via WLST or directly via the Java/Jython launch command (the latter option requires both 'jython.jar' and 'weblogic.jar' to be added to the classpath)."
                </tab>print
                </tab>print 'Example Usage:'
                </tab>print
                </tab>print '> /opt/weblogic/wlsadm/weblogic92/common/bin/wlst.sh ~/home/chordadm/wlsdecrypt.py (Unix)'
                </tab>print
                </tab>print '> C:\\bea\\weblogic92\\common\\bin</tab>wlst.cmd C:\\myscripts wlsdecrypt.py (Windows)'
                </tab>print
                </tab>exit()

                #
                # Invoke main and end
                #
                main()


                </code>


                Enjoy,

                Swapnil Kashyap
                • 5. Re: Reset admin password in Weblogic 9.2
                  gloobyjoe
                  I tried this script in WebLogic 10.3 and was unsuccessful.
                  Is it just a difference in pathing?
                  • 6. Re: Reset admin password in Weblogic 9.2
                    679961
                    Hi Swapnil ,

                    I've tried using this, but the script just exits without displaying the password.

                    I made sure tht i ran this script from the directory containing "<BEA_HOME>/domain/security/SerializedSystemIni.dat" as well as from the directory containing 'boot.properties'. It didnt work.
                    • 7. Re: Reset admin password in Weblogic 9.2
                      399273
                      I've tried the steps above, and yes the booting process asked me for the new user/password
                      but apparently something wrong with <domain>/config/config.xml credentials,,, is there away to reset these too?
                      there are 3 of them
                      1. for myrealm
                      2. for domain credentials
                      3. for AdminServer credentials
                      tried to clear them out, but got NullPointerException
                      Any hints?
                      • 8. Re: Reset admin password in Weblogic 9.2
                        430429
                        Hello All

                        This is what I did for WLS 9.2.3 and it works absoultely fine :)

                        Note: Ensure that the AdminServer / Node Manager or the Managed Instances are shutdown before this Task process. +

                        Step 1: Backup the Domain
                        Step 2: Delete $DOMAIN_DIR\security\DefaultAuthenticatorInit.ldift
                        Step 3: Run the Java command:
                        java weblogic.security.utils.AdminAccount <new-admin-user-name> <new-admin-user-pwd> <$DOMAIN_DIR\security>
                        Step 4: Delete the contents inside the file [boot.properties] under $DOMAIN_DIR\servers\<admin-server-name>\security.
                        Step 5: Add the folllowing contents.
                        username=<new-admin-user-name>
                        password=<new-admin-user-pwd>
                        Step 6: Important Step: Delete the folder: $DOMAIN_DIR\servers\<admin-server-name>\data\ldap

                        Let me know if these steps worked for you or not.

                        Thanks and regards,
                        Pazhanikanthan. P