Reset the AdminServer Password in WebLogic 11g and 12c

Reset the AdminServer Password in WebLogic 11g and 12c:

source $DOMAIN_HOME/bin/setDomainEnv.sh
cd $DOMAIN_HOME/servers/AdminServer/
mv data data-old
cd $DOMAIN_HOME/security
java weblogic.security.utils.AdminAccount weblogic NEW_PASSWORD .

Restart the AdminServer.

If the weblogic has the file boot.properties in $DOMAIN_HOME/servers/AdminServer/security/, should be adjusted the credentials of user and password, before restart the AdminServer.

OBS: Check the post on decrypt datasource password, which can also be used to decrypt the credentials of boot.properties file, avoiding making the above procedure, if this file exists.

That’s all for today.
Jackson.

Weblogic JRF files in /tmp

Problem:
In weblogic 11G, there are several JFR files in /tmp directory:

root@app1wsora3 tmp]# pwd; find . -name *.jfr |xargs ls -tlhr
/tmp
-rw——- 1 oracle oinstall 0 Aug 11 18:41 ./2016_06_02_13_50_22_4317/2016_08_11_18_41_43_4317.jfr
-rw——- 1 oracle oinstall 37M Aug 11 18:41 ./2016_06_02_13_50_22_4317/2016_08_01_11_22_51_4317.jfr
-rw——- 1 oracle oinstall 14M Aug 16 09:25 ./2016_06_02_13_50_15_4341/2016_08_16_03_24_12_4341.jfr
-rw——- 1 oracle oinstall 0 Aug 16 12:02 ./2016_06_02_13_50_15_4341/2016_08_16_12_02_02_4341.jfr
-rw——- 1 oracle oinstall 14M Aug 16 12:02 ./2016_06_02_13_50_15_4341/2016_08_16_09_25_39_4341.jfr
-rw——- 1 oracle oinstall 0 Aug 16 12:43 ./2016_06_02_13_50_24_4344/2016_08_16_12_43_28_4344.jfr
-rw——- 1 oracle oinstall 150M Aug 16 12:43 ./2016_06_02_13_50_24_4344/2016_08_16_12_17_36_4344.jfr

These files are from DMS (Dynamic Monitoring Service) and they are created when application server is running.

More“Weblogic JRF files in /tmp”

Configuration Coherence Server Out-of-Process in OSB 12C

Hello guys,

Today I’m going to introduce the Coherence Server Out-of-Process configuration.
Once this configuration has changed a lot between versions 11G to 12C, the post will be a little bit more detailed (than usual).

The table below summarize these changes:

From To
 osb-coherence-cache-config.xml Coherence Cache Config resource
 osb-coherence-override.xml Coherence Cluster resoruce
Out-Of-Process Cache Server New WLS node/cluster

Follow the steps:

More“Configuration Coherence Server Out-of-Process in OSB 12C”

Decrypting WebLogic Datasource Password

Hi Guys,

Today I bring you a script that I use to decrypt datasource passwords and also the password of AdminServer, which is very useful on a daily basis.

The script uses the encrypted password that is found within the datasource configuration files ($DOMAIN_HOME/config/jdbc/*.xml).
To decrypt the AdminServer password is used the encrypted password contained within the boot.properties ($DOMAIN_HOME/servers/AdminServer/security).

Below the script (decryptPassword.py):

#=======================================================================================
# This Script decrypt WebLogic passwords
#
# Usage:
# wlst decryptPassword.py
#
#
#=======================================================================================
import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService

def decrypt(domainHomeName, encryptedPwd):
domainHomeAbsolutePath = os.path.abspath(domainHomeName)
encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
clear = ces.decrypt(encryptedPwd)
print "RESULT:" + clear

try:
if len(sys.argv) == 3:
decrypt(sys.argv[1], sys.argv[2])
else:
print "INVALID ARGUMENTS"
print " Usage: java weblogic.WLST decryptPassword.py "
print " Example:"
print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3swTJxFl0t8NInD/ykkE="
except:
print "Unexpected error: ", sys.exc_info()[0]
dumpStack()
raise

Syntax using: java weblogic.WLST decryptPassword.py $DOMAIN_HOME encrypted_password

Download script here.

For example:
[oracle@app1osbgrepora1l scripts]$ source /oracle/domains/osb_domain/bin/setDomainEnv.sh
[oracle@app1osbgrepora1l osb_domain]$ java weblogic.WLST decryptPassword.py /oracle/domains/osb_domain/ {AES}WdbfYhD1EbVXmIe62hLftef4WtNPvyRDGc1/lsyQ014=
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
RESULT:OSBPASS123

That’s all for today
Jackson.

Bypass user and password in the Oracle BAM ICommand.

Every time you need to execute ICommand, you must enter the user and password of the application server running Oracle BAM.
With the configuration below, it is no longer necessary to inform username and password every time.

In the file “BAMICommandConfig.xml” located in “$BEA_HOME/Oracle_SOA1/bam/config/”, add the lines below to the end of the file, before the tag “/BAMICommand”:

weblogic
YOUR_PASSWORD

Restart the Oracle BAM.

Jackson.

Error BAD_CERTIFICATE in Node Manager

Error:

Mar 8, 2016 2:41:16 PM weblogic.nodemanager.server.Handler run
WARNING: Uncaught exception in server handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from app1osbxpto1.localhost.net - 192.28.140.25. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from app1osbxpto1.localhost.net - 192.28.140.25. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.ReadHandler.read(Unknown Source)
at com.certicom.io.InputSSLIOStreamWrapper.read(Unknown Source)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at weblogic.nodemanager.server.Handler.run(Handler.java:71)
at java.lang.Thread.run(Thread.java:662)

Solution:

source $DOMAIN_HOME/bin/setDomainEnv.sh
. $WL_HOME/server/bin/setWLSEnv.sh
java utils.CertGen -cn `hostname` -keyfilepass DemoIdentityPassPhrase -certfile mycert -keyfile mykey
java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile mykey.pem -keyfilepass DemoIdentityPassPhrase -certfile mycert.pem -alias demoidentity
cp DemoIdentity.jks $WL_HOME/server/lib

$WL_HOME/common/bin/wlst.sh
connect('weblogic','password','t3://app1osbxpto1.localhost.net:7001')
nmEnroll('/oracle/domains/osb_domain','/oracle/binaries/wlserver_10.3/common/nodemanager/')
exit()

Restart node manager.

Jackson.

Weblogic in debug mode

Usually, in non-production environments, it is necessary to check applications deployed on a Weblogic server. The default log (.out) does not report or details conclusively the real cause of the problem.
In this case, beyond the levels of logs that can be configured via weblogic console (Managed Server > Logging > Advanced), we can add to the JVM startup arguments (Managed Server > Configuration > Server Start > Arguments) the following arguments:

-Dweblogic.webservice.verbose=true -Dweblogic.wsee.verbose=* -Dweblogic.wsee.verbose=weblogic.wsee.* -Dweblogic.wsee.verbose.timestamp=true

Recommended use only during the troubleshoot, because it generates a lot of logs.

Jackson.

WLST easeSyntax

Who works with WLST know it’s pretty boring to natigate to MBeans, because whenever necessary to put in parentheses () commands and quotation marks ‘ ‘. When we forget, need to retype the whole command again.
I found a command that helps a lot when it comes to navigate in MBean tree, it eliminates the need for parentheses and quotation marks.
After entering the WLST, type:

wls:/xpto_domain/serverConfig> easeSyntax()

wls:/xpto_domain/serverConfig> ls
dr– AdminConsole

dr– SelfTuning
dr– Servers
dr– ShutdownClasses
dr– SingletonServices

wls:/xpto_domain/serverConfig> cd Servers
wls:/xpto_domain/serverConfig/Servers> ls
dr– AdminServer
dr– WLS1_MSWS1
dr– WLS1_MSWS2

wls:/xpto_domain/serverConfig/Servers> cd WLS1_MSWS1
wls:/xpto_domain/serverConfig/Servers/WLS1_MSWS1> cd Log
wls:/xpto_domain/serverConfig/Servers/WLS1_MSWS1/Log> cd ..
wls:/xpto_domain/serverConfig/Servers/WLS1_MSWS1> cd Machine
wls:/xpto_domain/serverConfig/Servers/WLS1_MSWS1/Machine> ls
dr– app1wsmachine1

Not tested within python scripts, only browsing the tree Mbean.

Jackson.

WebLogic AdminServer Startup stopped at “Initializing self-tuning thread pool”

After starting AdminServer, it remains with starting status and stopped writing in log file in:

Check the disk space used, to make sure that there are no partitions with 100% utilization, including /tmp.
After them, make sure the owner of the weblogic (oracle) has have write permission of “/tmp”

[root@app1xptoosb1 /]# ls -tlhr / |grep tmp
drwxr-xr-x 5 root root 4.0K Nov 15 09:11 tmp

If the owner of weblogic does not have write permission must be set, because the application server writes some temporary files in the directory:

[root@app1xptoosb1 /]# chmod 777 /tmp

[root@app1xptoosb1 /]# ls -tlhr / |grep tmp
drwxrwxrwx 10 root root 4.0K Nov 18 09:44 tmp

Jackson.