what is the right way to reset weblogic admin password via backend?

Question

Tried many support documents to reset weblogic admin password via backend, but nothing working completely. we have clusters, and OAS deployments are fully automated, and as per security enforcement, weblogic admin password should also be reset. Following this is doing reset, but after restart, additional server is not starting. . $DOMAIN_HOME/bin/setDomainEnv.sh java weblogic.security.utils.AdminAccount $DOMAIN_HOME/security ${ORACLE_HOME}/oracle_common/common/bin/wlst.sh connect('','','t3://bip:9500') cd('/SecurityConfiguration/bi/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator') cmo.resetUserPassword('','') disconnect() exit() ${ORACLE_HOME}/oracle_common/common/bin/wlst.sh readDomain('/u01/oracle/user_projects/domains/bi') cd("/SecurityConfiguration/bi") cmo.setNodeManagerPasswordEncrypted('') updateDomain() nmConnect('','','bip','9506','bi','/u01/oracle/user_projects/domains/bi') storeUserConfig(userConfigFile='/u01/oracle/user_projects/domains/bi/nodemanager/nmUserConfig.properties',userKeyFile='/u01/oracle/user_projects/domains/bi/nodemanager/nmUserKey.properties',nm='true') nmDisconnect() exit() echo "username= password=" > $DOMAIN_HOME/servers/AdminServer/security/boot.properties cat $DOMAIN_HOME/servers/AdminServer/security/boot.properties cp $DOMAIN_HOME/servers/AdminServer/security/boot.properties $DOMAIN_HOME/servers/bi_server1/security/ mkdir -p /u01/oracle/user_projects/domains/bi/servers/AdminServer/data/nodemanager cp $DOMAIN_HOME/servers/AdminServer/security/boot.properties $DOMAIN_HOME/servers/AdminServer/data/nodemanager/boot.properties mkdir -p /u01/oracle/user_projects/domains/bi/servers/bi_server1/data/nodemanager cp $DOMAIN_HOME/servers/AdminServer/security/boot.properties $DOMAIN_HOME/servers/bi_server1/data/nodemanager/boot.properties export ADMIN_USER="" export ADMIN_PWD="" sed -i -E \ -e "s|(password=)(.*)$|\1${ADMIN_PWD}|g" \ -e "s|(username=)(.*)$|\1${ADMIN_USER}|g" \ $DOMAIN_HOME/servers/AdminServer/security/adminServerUserConfig.properties rm -rf $DOMAIN_HOME/servers/AdminServer/data/ldap/* rm -rf $DOMAIN_HOME/servers/bi_server1/data/ldap/* rm -f $DOMAIN_HOME/edit.lok logs showing this issue, (AdminServer-diagnostic.log) [2023-12-18T09:19:05.352+00:00] [AdminServer] [ERROR] [] [oracle.wsm.resources.policymanager] [tid: [ACTIVE].ExecuteThread: '10' for queue: 'weblogic.kteThre ad: '10' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <54f7728d-7deb-4125-a3a4-edb0ca434478-0000017f> <1702891025261> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ied user failed to log in. The issue could be because of an incorrect password in boot.properties file or a corrupted boot.properties file. javax.security.auth.login.FailedLoginException : [Security:090302]Authentication Failed: User specified user denied"., Failed due to : [Security:090938]Authentication failure: The specified user failed to log in. The issue could be b ecause of an incorrect password in boot.properties file or a corrupted boot.properties file. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specified user denied.> bi.log) #### <[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tu ning)'> <> <> <54f7728d-7deb-4125-a3a4-edb0ca434478-00000185> <1702891085304> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > o get the Action Executor due to "javax.security.auth.login.FailedLoginException: [Security:090938]Authentication failure: The specified user failed to log in. The issue could be because of an incorrect password in boot.properties file or a corrupted boot.properties file. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specif ied user denied"., Failed due to : [Security:090938]Authentication failure: The specified user failed to log in. The issue could be because of an incorrect password in boot.properties fi le or a corrupted boot.properties file. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specified user denied.> kindly direct me if any right support document or steps available to reset .

Karthik-Oracle · Answer

https://community.oracle.com/products/oracleanalytics/discussion/comment/51222#Comment_51222

Thanks @Mallikarjuna Kuppauru-Oracle

followed this document, it works.

* but very hard to implement this in kubernetes deployment, as first half part expect OAS online, then it needs to be stopped, which makes pod die..
* and strange after following these steps, still logs print invalid password error, but still goes online after some 3 to 5 minutes.. might be it is trying with old trace, shows error, and then picking new password..

Mallikarjuna Kuppauru-Oracle · Answer

Hi @Karthik-Oracle

If you using OAS version you can refer below -

How To Reset Weblogic Password In Oracle Analytics Server(OAS) (Doc ID 2786135.1)

Regards,

Arjun

Karthik-Oracle · Answer

https://community.oracle.com/products/oracleanalytics/discussion/comment/51202#Comment_51202 @RanaAshutosh-Oracle if I want to change admin password itself. then will this script work? and in that case, do I need to give same admin username for both ADM-USER/USER1 ?

and I think ADM-PASSWORD should be existing, and PASSWORD1 should be new ? --- is this also expects, any boot.properties file changes, running stop/start etc..?