I have tried following this tutorial but the new password doesn't take effect after security is enabled again, still have to use old password to login as wasadmin:
http://weblogic-wonders.com/weblogic/2014/03/27/reset-websphere-admin-console-password/
I even tried the guide from IBM:
http://www-01.ibm.com/support/docview.wss?uid=swg21392427
But I'm lost at this step:
_Navigate via command prompt to /ConfigEngine
Because in my WebSphere it doesn't have this ConfigEngine folder in order the run the rest of the commands.
Can anyone help me?
EDIT: This is WebSphere 7 for Maximo 7.5
Have you tried the following?
To disable security, please perform the following steps via wsadmin:
/bin/> wsadmin -conntype NONE
wsadmin> securityoff
wsadmin> exit
Restart the servers.
Enable the security from administrative console.
Once the needed corrections are made, you can re-enable security in the admin console and then restart WebSphere.
NOTE: To restart the servers, you will first need to manually kill the java process since security is still enabled in the currently running process.
Or editing the xml file
Following this link you have 2 optiont:
This is for the standalone version
Make a backup of the security.xml file:
/config/cells/cellname/security.xml
Edit the security.xml file by searching for the first instance of " enabled= ". You should see enabled="true" as in:
Change to enabled="false".
Save the security.xml file.
Restart server1 and the WebSphere_Portal servers. If you get authentication exceptions while trying to stop the servers, you may have to manually kill the server processes and then restart them.
In the wpconfig.properties file, make the following changes:
PortalAdminId=wpsadmin
PortalAdminGroupId=wpsadmins
Refer to the Information Center link for specific instructions.
Save the wpconfig.propeties file.
Try to disable security again using the disable-security task:
./WPSconfig.sh disable-securit y
At this point, security should be disabled. You can verify by accessing the WebSphere Application Server admin console. You should be prompted for only a user name, not a password.
Follow these instructions for a clustered version:
Make a backup of the security.xml file on the Deployment Manager machine:
/config/cells/cellname/security.xml
Edit the security.xml file by searching for the first instance of "enabled= ". You should see enabled="true" as in:
Change to enabled="false".
Save the security.xml file.
Copy the security.xml file to the nodes:
/config/cells/cellname/security.xml
/config/cells/cellname/security.xml
Restart DMGR, NodeAgents, and WebSphere_Portal servers. If you get authentication exceptions while trying to stop the servers, you may have to manually kill the server processes and then restart them.
In wpconfig.properties, make the following changes:
PortalAdminId=wpsadmin
PortalAdminGroupId=wpsadmins
Refer to the Information Center link for specific instructions.
Save the wpconfig.propeties file.
Try to disable security again using the disable-security task. Note that the DMGR and the nodeagent should be running:
./WPSconfig.sh disable-security
At this point, security should be disabled. You can verify by accessing the DMGR AdminConsole. You should be prompted for only a user name, not a password.
Or more option is explained here
Note: I haven't tried this myself yet
Goto DMGR bin directory and follow the below process.
[root#localhost bin]# ./wsadmin.sh -connType NONE -lang jython
wsadmin>AdminTask.changeFileRegistryAccountPassword('-userId saddam -password saddamm')
wsadmin>AdminConfig.save()
Please restart dmgr.
If you have forgotten the password, then you have to directly kill the dmgr process id and start dmgr.
Login to WebSphere Console -> Users and Groups -> Manage Users -> click on <user_name> -> change the password value -> save the configuration.
Related
I looked at the config files everything is fine, made environment variables PATH's, started and restarted the service put in the right password, searched for someone with similar problems(not found).
Every time i go to the default location via browser I get the login screen but when i put in 'root' and the password I get an error message 'Login Failed'.
When I set athenticate=false in the conf file i can access the web manager.
Anybody know how to solve this or at least what might be wrong?
During the installation, the ArangoDB Installer will ask you the password for the administrator user.
Use root as user name with your password to gain access to the database.
Open a CMD-Window in your ArangoDB installation directory.
To re-gain access to the database, stop the ArangoDB database service using
sc stop ArangoDB
after the database was stopped, invoke
.\usr\bin\arango-secure-installation
which will ask you for a new password.
After that, start the service again using:
sc start ArangoDB
I want to install a TeamCity BuildAgend as a user. When entering my user credentials here:
I always get this error:
NOTE: My account (user) is Administrator with full permission!
How can I do this?
The error message says it does not have "enough rights to run as a service",
this is slightly different from just being an administrator.
Go to Control Panel> Administrative Tools> Local Security Policy.
Select Local Policies> User Rights Assignment.
Scroll down through the list of policies and look for Log on as a service.
Add the account you're using to the list of accounts with this right.
That should in theory be all you need to allow the service to run under that user.
The best powershell command that I have found for this is:
Grant-Privilege -Identity $SERVICE_USERNAME -Privilege SeServiceLogonRight
Requires use of the Carbon framework.
I'm a Windows 10 Home user and the steps above did not work for me, but the following did:
Enable gpedit.msc by running the batch file as explained here under Method 1: https://www.askvg.com/how-to-enable-group-policy-editor-gpedit-msc-in-windows-7-home-premium-home-basic-and-starter-editions/
Run gpedit.msc
Go to Local Computer Policy / Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment
Double-click Log on as a service
On the window that appears, click Add User or Group...
Enter your username and click the Check Names button
Your name will be modified, adding the machine name as the prefix. Click OK
Click OK on the Log on as a service Properties window to apply the change.
It is a little bit of a pain, but after doing that, I was able to continue installing TeamCity
I'm trying to connect to an admin server in WLST using config and key files. There are no error messages but I am prompted for a username and password. These files were created (by another developer who is long gone[1]) with the storeUserConfig() command. My call to connect looks something like this: connect(userConfigFile=configFile, userKeyFile=keyFile, url='t3://somehost:7031')).
Is there some restriction in using these files, such as it can only be used on the host where created, or it needs access to the domain's boot.properties file?
Note: I'm trying to connect to an admin server on a different host and non-standard port (e.g. not 7001). The server I am running WLST on and the remote host are the same version of Weblogic.
Some of the things I have tried:
verified that these files appear correct, the key file being binary data and the config file having a line for "weblogic.management.username={AES}..." and "weblogic.management.password={AES}...".
verified that there is a server on the specified port by entering a known login and password that is successful
specified the admin server in the connect parameter
turn on debug(true); the only output is <wlst-debug> connect : Will check if userConfig and userKeyFile should be used to connect to the server and another line giving the path to the userConfig file
turn on Python logging in jython with -Dpython.verbose=debug; nothing relevant to decryption operation
Munging the key or the config files generates no error messages and behaviour as above
[1]: These files are still used today by other existing WLST scripts. However, these scripts are so convoluted and deliberately obfuscated that they are very difficult to reverse-engineer how connect() is being called.
You do not need to access to the domain's boot.properties file. You just need to make sure the configFile and keyFile pointing to the right files. FYI, here is one of the commands we are using:connect(userConfigFile='./user.secure',userKeyFile='./key.secure',url='t3://somehost:7001')
Have you check the network connectity that might be having a firewall in between that troubling you, check the traceroute from the script machine to the Remote machine. Recently I have faced simalar issue. once the routing table updated with allow the WL admin server port everything got set.
Hope this could helps you!
I had this problem too. In a script, I exported the Linux variables userConfigFile and userKeyFile. Then I connected by running:
url='t3://localhost:7002'
userConfigFile='$userConfigFile'
userKeyFile='$userKeyFile'
connect(userConfigFile=$userConfigFile, userKeyFile=#userKeyFile, url=url)
That all worked in a script, but would not work interactively. I changed to doing the following:
url='t3://localhost:7002'
userConfigFile='/users/me/weblogic-2014/weblogic-admin-WebLogicConfig.properties'
userKeyFile='/users/me/weblogic-2014/weblogic-admin-WebLogicKey.properties'
connect(userConfigFile=userConfigFile, userKeyFile=userKeyFile, url=url)
And that worked interactively.
I have setted up rabbitMQ and its management plubin in windows,
I found rabbitmq.config file with "EXAMPLE FILE" type in the path of
" ...AppData\Roaming\RabbitMQ " and " C:\Program Files (x86)\RabbitMQ Server\rabbitmq_server-3.3.1\etc "
I add the line {loopback_users, []} into this rabbitmq.config file, and restart the windows service, but still can't login from another computer with guest/guest
Am I editing the wrong config file?
Here is some relevant discussion:
How to access RabbitMq publicly
http://www.rabbitmq.com/access-control.html
RabbitMQ service can't read the configuration file, this is the problem. So, your configuration file is not loaded.
The path "..AppData\Roaming\RabbitMQ" is valid only if you execute rabbitmq-server.bat from the command prompt and not if you execute a service.
In order to work with Windows Service you have to configure the environment variable RABBITMQ_CONFIG_FILE in windows.
Open Control Panel > System > Advanced > Environment Variables and then add:
RABBITMQ_CONFIG_FILE
path_your_configuration_file
as:
Then you have to uninstall and re-install rabbitmq and it works.
Please read this discussion
I tried on windows7 with rabbitmq 3.3.1, it works corretly using guest/guest.
My configuration file is:
[{, [{loopback_users, []}]}].
A combination of the prior post and the comment from Jon Egerton was key to getting my Windows configuration working for the guest account remotely. Here are steps I took:
Set an environment variable: RABBITMQ_BASE (I set mine to
c:\RabbitMQData)
Create the directory and create the rabbitmq.config file as explained in the previous post.
Uninstall RabbitMQ (As mentioned already, don’t skip this step. Stopping and starting RabbitMQ won’t do the trick)
Reinstall RabbitMQ and verify the RabbitMQ Server service started.
Verify that the directory specified by RABBITMQ_BASE contains the db and log sub-directories.
Install the RabbitMQ_Management plug-in from the command line.
Verify that you can now logon as the guest account using the host’s IP address or host name.
How can I stop and then restart an IIS 7 application pool from an MSBuild script running inside TeamCity. I want to deploy our nightly builds to an IIS server for out testers to view.
I have tried using appcmd like so:
appcmd stop apppool /apppool.name:MYAPP-POOL
... but I have run into elevation issues in Windows 2008 that so far have stopped me from being able to run that command from my TeamCity build process because Windows 2008 requires elevation in order to run appcmd.
If I do not stop the application pool before I copy my files to the web server my MSBuild script is unable to copy the files to the server.
Has anybody else seen and solved this issue when deploying web sites to IIS from TeamCity?
This article describes using an htm file named App_offline.htm to take a site offline. Once the IIS detectes this file in the root of a web application directory,
ASP.NET 2.0 will shut-down the application, unload the application
domain from the server, and stop processing any new incoming requests
for that application.
In App_offline-htm, you can put a user-friendly message indicating that the site is currently under maintainance.
Jason Lee shows the MSDeploy calls you need to use (plus much more about integrating these steps in your build scripts!).
MSDeploy
-verb:sync
-source:contentPath="[absolute_path]App_offline-Template.htm"
-dest:contentPath="name_of_site/App_offline.htm",computerName="copmuter_name",
username=user_with_administrative priviliges,password=passwort
After deployment you can remove the App_offline.htm file using the following call:
MSDeploy
-verb:delete
-dest:contentPath="name_of_site/App_offline.htm",computerName="computer_name",
username=user_with_administrative_priviliges,password=passwort
The msbuild community tasks includes an AppPoolController that appears to do what you want (though as noted it is dated and at present only supports IIS6.) An example:
<AppPoolController ApplicationPoolName="MyAppPool" Action="Restart" />
Note that you can also provide a username and password if necessary.
Edit: Just noticed that the MSBuild Extension Pack has an Iis7AppPool task that is probably more appropriate.
this is the fairly hackey workaround I ended up using:
1) Set up a limited-access account for your service to run as. Since I'm running a CruiseControl.NET service, I'll call my user 'ccnet'. He does NOT have admin rights.
2) Make a new local user account, and assign to the Administrators group (I'll call him 'iis_helper' for this example). Give him some password, and set it to never expire.
3) Change iis_helper's access permissions to NOT allow local login or remote desktop login, and anything else you might want to do to lock down this account.
4) Log in (either locally or through remote desktop) as your non-admin user, 'ccnet' in this example.
5) Open a command terminal, and use the 'runas' command to execute whatever it is that needs to be run escalated. Use the /savecred option. Specify your new administrative user.
runas /savecred /user:MYMACHINE\iis_helper "C:\Windows\System32\inetsrv\appcmd.exe"
The first time it will prompt you for 'iis_helper's password. After that, it will be stored thanks to the /savecred option (this is why we're running it once from a real command prompt, so we can enter the password once).
6) Assuming that command executed OK, you can now log out. I then logged back in as a local admin and turned off the 'ccnet' user for local interactive login, and remote desktop. The account is only used to run a service, but no real logins. This isnt a mandatory step.
7) Set up your service to run as your user account ('ccnet').
8) Configure whatever service is running (CruiseControl.NET in my case) to execute the 'runas' command instead of 'appcmd.exe' directly, the same as before:
replace:
"C:\Windows\System32\inetsrv\appcmd.exe" start site "My Super Site"
with:
runas /savecred /user:MYMACHINE\iis_helper "\"C:\Windows\System32\inetsrv\appcmd.exe\" start site \"My Super Site\""
The thing to note there is that the command should be in one set of quotes, with all the inner quotes escaped (slash-quote).
9) Test, call it a day, hit the local pub.
Edit: I apparently did #9 in the wrong order and had a few too many before testing...
This method also doesn't completely work. It does attempt to run as the administrative account, however it still runs as a non-escalated process under the administrative user, so still no admin permissions. I didn't initially catch the failure because the 'runas' command spawns a separate cmd window then closes right away, so I wasn't seeing the failure output.
Its starting to seem like the only real possibility might be writing a windows service that will run as admin, and its only purpose is to run appcmd.exe, then somehow call that service to start/stop IIS.
Isn't it great how UAC is there to secure things, but in actuality just unsecures more servers, because anything you want to do you have to do as admin, so its easier to just always run everything as admin and forget it?
You can try changing the Build Agent Service settings to log-on as a normal user account instead of SYSTEM (the default), this can be done from the services control panel (Start | Run | services.msc).
If it doesn't help, you can also try configuring the appcmd to always run elevated, refer to this document for details.
In case such option is not available for appcmd or it still doesn't work, you can disable UAC completely for this user.
Here you go. You can use this from CC.NET with NAnt or just with NAnt:
http://nantcontrib.sourceforge.net/release/latest/help/tasks/iisapppool.html