To change the Administrator password on WLS 10.3.6 or earlier, perform the following steps depending on your situation:
IF YOU KNOW CURRENT PASSWORD
- Start the Admin Server and log into /console.
- Go to page: Home > Summary of Security Realms > myrealm > Users and Groups > weblogic. and click on tab Passwords.
- Enter the new Password.
- Restart the server.
If you get a weblogic.security.SecurityInitializationException error, perform these additional steps on every Managed Server (or eventually the Admin Server, too):
- Go to folder <DOMAIN_HOME>/servers/AdminServer/security
- Edit the boot.properties file and change the password to the value already entered on the Admin Console. Do this for all the servers in the domain.
- Start the Admin Server (Weblogic Server will encrypt the password for you).
Optionally, you can force a Managed Server to connect to the embedded LDAP server on the Administration Server, instead of connecting to the local replicated LDAP server. Follow these steps:
- Go to page: Domain > Security > Embedded LDAP page on the Admin Console.
- Enable MasterFirst.
- Restart the server.
IF YOU DON'T KNOW CURRENT PASSWORD
If you forget your administrative password and cannot start the server, the following procedure works for the default authenticator using the embedded LDAP server and only if you have not modified the global Admin role, which by default is granted to the Administrators group. For our example, it is assumed that your server name is AdminServer. Important: Using the weblogic.security.utils.AdminAccount tool creates a new admin user, but you may lose your existing LDAP data, which includes user, groups, and policy data, so backing up your LDAP folder is recommended before executing the steps.
- Note: This is not supported in WLS 12c.
To reset the password, follow these steps:
- Make sure Weblogic Server instance is stopped.
- Make a backup of the LDAP folder of the admin server as well as managed servers (you may rename those folders):
<WL_HOME>/user_projects/domains/<DOMAIN_NAME>/servers/<SERVER_NAME>/data/ldap - Set your environment variables by running setDomainEnv.sh (UNIX) or setDomainEnv.cmd (Windows). For example, on UNIX:
. ./setDomainEnv.sh (Notice the space between the dots) - Create a new initialization file for the default authenticator by running the following command that creates a new DefaultAuthenticatorInit.ldift file in the $DOMAIN_HOME/security subdirectory:
java weblogic.security.utils.AdminAccount <ADMIN-USERNAME> <ADMIN-PASSWORD> <DOMAIN_HOME>/security
Note: AdminAccount should be run on the Admin Server, not one of the Managed Servers. - Remove the initialized status file DefaultAuthenticatormyrealmInit.initialized from the <DOMAIN_HOME>/servers/AdminServer/data/ldap/ subdirectory:
cd <WL_HOME>/user_projects/domains/<DOMAINNAME>/servers/AdminServer/data/ldap
rm DefaultAuthenticatormyrealmInit.initialized
NOTE: In some cases, it has been necessary to delete ldap directory for this process to work. - Go to folder <DOMAIN_HOME>/servers/AdminServer/security
- Edit the boot.properties file and change the password to the value already used on the previous step. Do this for all the servers in the domain.
- Start Weblogic Server (Weblogic Server will encrypt the password for you).
IMPORTANT:
Keep in mind that we are not just changing the password for the Admin Console, but we are rather changing it for the Admin User (which may connect in many different ways to Admin Server).
Remember to use the new password (once successfully changed), when connecting to WLST, start the managed servers or using weblogic.Admin utility.
