Thursday, September 28, 2017

Reset EBS Weblogic Password that is lost or forgotten

EBS WebLogic domain uses Node Manager to control startup of the AdminServer and Managed Servers. For the EBS WebLogic domain, the Node Manager and WebLogic AdminServer passwords must be same. If the passwords are different, the AD control scripts will not work properly.

If the AdminServer password has been lost or forgotten, it can be reset by carrying out the following steps on the run file system. As described in the final step, an fs_clone operation should then be performed to synchronize the run and patch file systems.

Step 1: Shut down all running services. Since the AdminServer password is not known, the servers cannot be stopped from the console and so must be killed as follows.
i. Connect to the Oracle E-Business Suite instance and source the application tier environment file.
ii. Identify the PIDs of Node Manager, AdminServer, and all running Managed Servers:
$ ps -ef | grep "NodeManager"
$ ps -ef | grep "weblogic.Name=AdminServer"
$ ps -ef | grep "weblogic.Name=forms-c4ws_server"
$ ps -ef | grep "weblogic.Name=forms_server"
$ ps -ef | grep "weblogic.Name=oafm_server"
$ ps -ef | grep "weblogic.Name=oacore_server"

iii. Kill all these processes, starting with Node Manager and followed by the Managed Servers.

Step2: Back up these folders, and then delete them:
$EBS_DOMAIN_HOME/security/DefaultAuthenticatorInit.ldift
$EBS_DOMAIN_HOME/servers/<server_name>/data/ldap
$EBS_DOMAIN_HOME/servers/<server_name>/security/boot.properties
$EBS_DOMAIN_HOME/servers/<server_name>/data/nodemanager/boot.properties

I have 4 managed servers (oacore_server1,oacore_server4,oacore_server6,oacore_server8) so I did all the below,
#echo $EBS_DOMAIN_HOME
/u02/erpt/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp
# cd /u02/erpt/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/security
# mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift_BACKUP

# cd $EBS_DOMAIN_HOME/servers/oacore_server1/data
# mv ldap ldap_BACKUP
# mkdir ldap
# cd $EBS_DOMAIN_HOME/servers/oacore_server1/security
# mv boot.properties boot.properties_BACKUP
# cd $EBS_DOMAIN_HOME/servers/oacore_server1/data/nodemanager
# mv boot.properties boot.properties_BACKUP

# cd $EBS_DOMAIN_HOME/servers/oacore_server4/data
# mv ldap ldap_BACKUP
# mkdir ldap
# cd $EBS_DOMAIN_HOME/servers/oacore_server4/security
# mv boot.properties boot.properties_BACKUP
# cd $EBS_DOMAIN_HOME/servers/oacore_server4/data/nodemanager
# mv boot.properties boot.properties_BACKUP

# cd $EBS_DOMAIN_HOME/servers/oacore_server6/data
# mv ldap ldap_BACKUP
# mkdir ldap
# cd $EBS_DOMAIN_HOME/servers/oacore_server6/security
# mv boot.properties boot.properties_BACKUP
# cd $EBS_DOMAIN_HOME/servers/oacore_server6/data/nodemanager
# mv boot.properties boot.properties_BACKUP

# cd $EBS_DOMAIN_HOME/servers/oacore_server8/data
# mv ldap ldap_BACKUP
# mkdir ldap
# cd $EBS_DOMAIN_HOME/servers/oacore_server8/security
# mv boot.properties boot.properties_BACKUP
# cd $EBS_DOMAIN_HOME/servers/oacore_server8/data/nodemanager
# mv boot.properties boot.properties_BACKUP

If the password is not reset correctly, the backed up files and folders can be restored.
Note: For certain servers, the boot.properties file may be present in only one location of the two specified above. In such a case, back it up and then delete it.

Step  3: Set up a new environment to change the WLS AdminServer password.
i. Start a new session and connect to the Oracle E-Business Suite instance.
ii. Do not source the application tier environment file.
iii. Run the following command to source the WebLogic Server domain environment:
$ cd <EBS_DOMAIN_HOME>/bin
# cd /u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/bin
# . setDomainEnv.sh

iv. Run the following commands:
$ cd <EBS_DOMAIN_HOME>/security
$ java weblogic.security.utils.AdminAccount <wls_adminuser> <wls_admin_new_password> .
Where:
• <wls_adminuser> is the same as the value of context variable s_wls_admin_user
• <wls_admin_new_password> is the new WLS AdminServer password you wish to set.
Note: Do not omit the trailing period ('.') in the above command: it is needed to specify the current domain directory.
# more $CONTEXT_FILE | grep s_wls_admin_user
<wls_admin_user oa_var="s_wls_admin_user">weblogic</wls_admin_user>
# echo $EBS_DOMAIN_HOME
/u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp
# cd /u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/security
# java weblogic.security.utils.AdminAccount weblogic welcome123 .


Step 4: Start AdminServer from the command line. You will be prompted for the WebLogic
Server username and password, so that the AdminServer boot.properties file can be generated.
i. Go to the EBS Domain Home:
$ cd <EBS_DOMAIN_HOME>
# cd /u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp
ii. Start AdminServer:
$ java <s_nm_jvm_startup_properties> -Dweblogic.system.StoreBootIdentity=true -Dweblogic.Name=AdminServer weblogic.Server
Where:
• <s_nm_jvm_startup_properties> is the same as the value of context variable ss_nm_jvm_startup_properties in CONTEXT_FILE
# more $CONTEXT_FILE | grep s_nm_jvm_startup_properties
         <nm_jvm_startup_properties oa_var="s_nm_jvm_startup_properties" osd="LINUX_X86-64">-XX:PermSize=512m -XX:MaxPermSize=512m -Xms1024m -Xmx1024m -Djava.security.policy=/u02/erptmp/fs2/FMW_Home/wlserver_10.3/server/lib/weblogic.policy -Djava.security.egd=file:/dev/./urandom -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/u02/erptmp/fs2/FMW_Home/wlserver_10.3 -Dwls.home=/u02/erptmp/fs2/FMW_Home/wlserver_10.3/server -Dweblogic.home=/u02/erptmp/fs2/FMW_Home/wlserver_10.3/server -Dcommon.components.home=/u02/erptmp/fs2/FMW_Home/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp -Djrockit.optfile=/u02/erptmp/fs2/FMW_Home/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/config/fmwconfig/servers/AdminServer -Doracle.domain.config.dir=/u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/config/fmwconfig -Digf.arisidbeans.carmlloc=/u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/config/fmwconfig/carml -Digf.arisidstack.home=/u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/u02/erptmp/fs2/FMW_Home/user_projects/domains/EBS_domain_erptmp/servers/AdminServer/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/u02/erptmp/fs2/FMW_Home/oracle_common/modules/oracle.ossoiap_11.1.1,/u02/erptmp/fs2/FMW_Home/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dportlet.oracle.home=/u02/erptmp/fs2/FMW_Home/oracle_common -Dem.oracle.home=/u02/erptmp/fs2/FMW_Home/oracle_common -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/u02/erptmp/fs2/FMW_Home/patch_wls1036/profiles/default/sysext_manifest_classpath</nm_jvm_startup_properties>

#java -XX:PermSize=512m -XX:MaxPermSize=512m -Xms1024m -Xmx1024m -Djava.security.policy=/u02/erptst/fs2/FMW_Home/wlserver_10.3/server/lib/weblogic.policy -Djava.security.egd=file:/dev/./urandom -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/u02/erptst/fs2/FMW_Home/wlserver_10.3 -Dwls.home=/u02/erptst/fs2/FMW_Home/wlserver_10.3/server -Dweblogic.home=/u02/erptst/fs2/FMW_Home/wlserver_10.3/server -Dcommon.components.home=/u02/erptst/fs2/FMW_Home/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/u02/erptst/fs2/FMW_Home/user_projects/domains/EBS_domain_erptst -Djrockit.optfile=/u02/erptst/fs2/FMW_Home/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/u02/erptst/fs2/FMW_Home/user_projects/domains/EBS_domain_erptst/config/fmwconfig/servers/AdminServer -Doracle.domain.config.dir=/u02/erptst/fs2/FMW_Home/user_projects/domains/EBS_domain_erptst/config/fmwconfig -Digf.arisidbeans.carmlloc=/u02/erptst/fs2/FMW_Home/user_projects/domains/EBS_domain_erptst/config/fmwconfig/carml -Digf.arisidstack.home=/u02/erptst/fs2/FMW_Home/user_projects/domains/EBS_domain_erptst/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/u02/erptst/fs2/FMW_Home/user_projects/domains/EBS_domain_erptst/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/u02/erptst/fs2/FMW_Home/user_projects/domains/EBS_domain_erptst/servers/AdminServer/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/u02/erptst/fs2/FMW_Home/oracle_common/modules/oracle.ossoiap_11.1.1,/u02/erptst/fs2/FMW_Home/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dportlet.oracle.home=/u02/erptst/fs2/FMW_Home/oracle_common -Dem.oracle.home=/u02/erptst/fs2/FMW_Home/oracle_common -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/u02/erptst/fs2/FMW_Home/patch_wls1036/profiles/default/sysext_manifest_classpath -Dweblogic.system.StoreBootIdentity=true -Dweblogic.Name=AdminServer weblogic.Server
The above command prompts for the WebLogic Server username and password:
Enter username to boot WebLogic server: weblogic
Enter password to boot WebLogic server: xxxx
Provide the same credentials as you provided in Step 3.

Step 5: Change Node Manager password
i. Log in to the WebLogic Administration console.
ii. Click the 'Lock & Edit' button.
iii. In the left panel, click on the EBS Domain link.
iv. Select the 'Security' tab.
v. Click on the 'Advanced' link.
vi. Edit the 'Node Manager password' field and set it to the new WebLogic Server password. The password should be same as set in Step 3.
vii. Edit the 'Confirm Node Manager Password' field and set it to the new WebLogic Server password. The password should be same as set in Step 3.
viii. Save and activate the changes.

Step 6: The first time, AdminServer has to be stopped from the Admin console. Follow these steps:
i. Log in to the WebLogic Administration console.
ii. Shut down AdminServer.

Step 7: Set up your environment to start AdminServer again. AdminServer should now be
started using the normal AD script, which will also start Node Manager using the
new password.
i. Launch a new session and connect to the Oracle E-Business Suite instance.
ii. Source the application tier environment file.
iii. Start AdminServer with the following command:
$ $ADMIN_SCRIPTS_HOME/adadminsrvctl.sh start

8. Start the Managed Servers. For the first time, all Managed Servers should be started
from the WebLogic Server Admin console. This step will create boot.properties
files for the respective Managed Servers. Follow these steps:
i. Log in to the WebLogic Server Administration Console
ii. Start all Managed Servers, one at a time

9. Shut down all the Managed Servers. This is so the new credentials will be picked up
at the next startup. Follow these steps:
i. Log in to the WebLogic AdminServer console.
ii. Shut down all Managed Servers.
iii. Shut down AdminServer.

10. Shut down Node Manager using the normal AD script.
$ $ADMIN_SCRIPTS_HOME/adnodemgrctl.sh stop

11. Copy the boot.properties file for each Managed Server. WebLogic Server native scripts use the boot.properties file. The above steps have created the boot.properties file under <EBS_DOMAIN_HOME>/servers/<Managed Servername>/data/nodemanager, which is used by Node Manager.
For each Managed Server, copy the newly-generated boot.properties file from <EBS_DOMAIN_HOME>/servers/<Managed Server name>/data/nodemanager TO <EBS_DOMAIN_HOME>/servers/<Managed Server name>/security
The EBS WebLogic Server domain password has now been changed, and all servers can now be started using the normal AD scripts.
To start AdminServer:
$ADMIN_SCRIPTS_HOME/adadminsrvctl.sh start
To start the Managed Servers:
$ $ADMIN_SCRIPTS_HOME/admanagedsrvctl.sh start <managed_server_name>

12. The above steps have changed the Oracle WebLogic AdminServer password on the run file system. You now need to perform an fs_clone operation, to change the WebLogic EBS Domain password on the patch file system:
i. Launch a new session and connect to the Oracle E-Business Suite instance.
ii. Source the application tier environment file.
iii. Run the command:
$ adop phase=fs_clone

For any questions, please email me samiappsdba@gmail.com