We are trying to use one of the existing weblogic 12c domain and It's DataSource passwords been expired.
Since AdminServer is not responding correctly I tried to re-start AdminServer as well, Now I have changed the DB passwords and wanted to set the new passwords starting the AdminServer, but I cant start AdminServer it's failing complaining passwords are expired. (I could have get a way with this issue if i keep the admin server running and set the new passwords)
I can see DataSources are targeted to Admin Server and I thought if I untarget DS from AdminServer I could start AdminServer correctly. hence I removed the AdminServer as a target from config.xml and tried o start the Admin but it's still failing complaining passwords are expired. Is Config cached anywhere , looks like I am Admin is still using the old config file ? by the way I have tried removing the tmp folder as well.
Also, I tried encrypting the new password and placing on JDBC config files, Probably the way I encrypted was wrong. These are the steps I used to encrypt
1. Connect to WLST offline ( because Admin is not up)
2. Read domain
3. Call encrypt function for new password
4. Print the encrypt password
Anything wrong ? Appreciate any suggestion to resolve this issue.
Error is starting like this ,
Jun 22, 2015 4:38:04 PM oracle.security.jps.JpsStartup start
INFO: Jps initializing.
Jun 22, 2015 4:38:07 PM org.hibernate.validator.util.Version <clinit>
INFO: Hibernate Validator 12.1.3.0.0
Jun 22, 2015 4:38:07 PM org.hibernate.validator.engine.resolver.DefaultTraversableResolver detectJPA
INFO: Instantiated an instance of org.hibernate.validator.engine.resolver.JPATraversableResolver.
[EL Severe]: ejb: 2015-06-22 16:38:11.173--ServerSession(143991231)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-01017: invalid username/password; logon denied
Error Code: 1017
Jun 22, 2015 4:38:11 PM oracle.security.jps.internal.common.config.AbstractSecurityStore getSecurityStoreVersion
WARNING: Unable to get the Version from Store returning the default oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-01017: invalid username/password; logon denied
Error Code: 1017
at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.processJPAException(JpsDBDataManager.java:2180)
at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.init(JpsDBDataManager.java:1028)
at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.jpsObjectBaseQuery(JpsDBDataManager.java:3089)
at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.queryBaseObjects(JpsDBDataManager.java:5761)
at oracle.security.jps.internal.common.config.AbstractSecurityStore.getSecurityStoreVersion(AbstractSecurityStore.java:211)
at oracle.security.jps.internal.common.config.AbstractSecurityStore.getSecurityStoreVersion(AbstractSecurityStore.java:195)
at oracle.security.jps.internal.common.config.AbstractSecurityStore.<init>(AbstractSecurityStore.java:99)
at oracle.security.jps.internal.credstore.AbstractCredentialStore.<init>(AbstractCredentialStore.java:104)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.<init>(LdapCredentialStore.java:130)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStoreProvider.getInstance(LdapCredentialStoreProvider.java:235)
at oracle.security.jps.internal.credstore.rdbms.DbmsCredentialStoreProvider.getInstance(DbmsCredentialStoreProvider.java:101)
at oracle.security.opss.internal.runtime.ServiceContextManagerImpl.createContextInternal(ServiceContextManagerImpl.java:432)
Thanks.
First take backup of complete config folder inside domain.It looks like you are using rdbms policy store inside domain.So check for security-realm tag in config.xml there you will able to find encrypted password change the same using newly encrypted password and your admin server should start.
Related
I am trying to set up WLS dynamic cluster on two machines.
Two nodes are up and running on one of machine where admin server is hosted as well, but when I try to start the node which is on different machine that I have added afterwards I see below exception.
<Jun 7, 2016 2:13:07 AM PDT> <Critical> <Security> <BEA-090518> <Could not decrypt the username attribute value of {AES}Q64tW2ys+PviYQPkPGPc8/c79/RwfgrsoekwDFpgZKI= from the file /usr/home/devtools/Middleware/user_projects/domains/v12C_d/servers/Cluster-0-abc-4/data/nodemanager/boot.properties. If an encrypted attribute was copied from boot.properties from another domain into /usr/home/devtools/Middleware/user_projects/domains/v12C_d/servers/Cluster-0-abc-4/data/nodemanager/boot.properties, change the encrypted attribute to its clear text value, and then restart the server. The attribute will be encrypted again. Otherwise, change all encrypted attributes to their clear text values, then restart the server. All encryptable attributes will be encrypted again. The decryption failed with the exception weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding..>
<Jun 7, 2016 2:13:07 AM PDT> <Critical> <Security> <BEA-090518> <Could not decrypt the password attribute value of {AES}qusooByFxC/eTogSMU2YEjfnWRpY69f6MfTeqhqfIFk= from the file /usr/home/devtools/Middleware/user_projects/domains/v12C_d/servers/Cluster-0-abc-4/data/nodemanager/boot.properties. If an encrypted attribute was copied from boot.properties from another domain into /usr/home/devtools/Middleware/user_projects/domains/v12C_d/servers/Cluster-0-abc-4/data/nodemanager/boot.properties, change the encrypted attribute to its clear text value, and then restart the server. The attribute will be encrypted again. Otherwise, change all encrypted attributes to their clear text values, then restart the server. All encryptable attributes will be encrypted again. The decryption failed with the exception weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding..>
Enter username to boot WebLogic server:<Jun 7, 2016 2:13:09 AM PDT> <Info> <Management> <BEA-141307> <Unable to connect to the Administration Server. Waiting 5 second(s) to retry (attempt number 1 of 3).>
<Jun 7, 2016 2:13:14 AM PDT> <Info> <Management> <BEA-141307> <Unable to connect to the Administration Server. Waiting 5 second(s) to retry (attempt number 2 of 3).>
On doing a search on internet I saw solutions such as giving the clear userid/password of weblogic admin in boot.properties file and upon restart the userid/password would get encrypted and issue should be fixed.
Well I have tried that and that didn't fix my issue.
Please note that I am using dynamic cluster which suggests that configurations are usually copied over nodes based on server templates.
Will really appreciate any input on this.
Suggestion:
1) Scale down your cluster to a single instance where the boot.properties files is known to work.
2) Change it to clear text.
3) Bounce WebLogic so it get's the file encrypted once again.
4) Make sure it works.
5) Scale Up your cluster again and see if the error persist.
I have a plone installation (4.2.5) with plone.app.ldap add-on. There is a site with plone-ldap enabled and our ldap server was changed to another domain/IP. So on, zope server downs on plone-ldap retrieving ldap information. Nothing more works even root ZMI.
Any request to server doesn't load anything few seconds after plone restart. Therefore I can't reconfigure our new ldap server neither by our site or ZMI interface.
In such case, How can I proceed to reconfigure the new ldap server on plone-ldap component? Is there some script application similar to ZMI to do this? Is it a known bug?
Some logs:
1) Zeoserver.log
2016-06-06T15:52:04 new connection ('127.0.0.1', 40051): <ManagedServerConnection ('127.0.0.1', 40051)>
2016-06-06T15:52:04 (127.0.0.1:40049) received handshake 'Z3101'
2016-06-06T15:52:04 (unconnected) disconnected
2016-06-06T15:52:04 (unconnected) disconnected
2016-06-06T15:52:08 new connection ('127.0.0.1', 40052): <ManagedServerConnection ('127.0.0.1', 40052)>
2016-06-06T15:52:08 new connection ('127.0.0.1', 40053): <ManagedServerConnection ('127.0.0.1', 40053)>
2016-06-06T15:52:08 new connection ('127.0.0.1', 40054): **<ManagedServerConnection ('127.0.0.1', 40054)>
2016-06-06T15:52:08 (127.0.0.1:40052) received handshake 'Z3101'
2016-06-06T15:52:08 (unconnected) disconnected
2016-06-06T15:52:08 (unconnected) disconnected**
2) client1/event.log
2016-06-06T15:53:12 ERROR event.LDAPDelegate {'desc': "Can't contact LDAP server"}
Traceback (most recent call last):
File "/usr/local/Plone/buildout-cache/eggs/Products.LDAPUserFolder-2.26-py2.7.egg/Products/LDAPUserFolder/LDAPDelegate.py", line 366, in search
connection = self.connect(bind_dn=bind_dn, bind_pwd=bind_pwd)
File "/usr/local/Plone/buildout-cache/eggs/Products.LDAPUserFolder-2.26-py2.7.egg/Products/LDAPUserFolder/LDAPDelegate.py", line 265, in connect
raise e
**SERVER_DOWN: {'desc': "Can't contact LDAP server"}**
Backup first
Disclaimer - I never seen before an LDAP configuration that freeze also the root-level admin ZMI access to the Plone site.
What I can quickly suggest you is to delete the ldap plugin from the site's acl_users and starts from scratch.
As ZMI is not usable you must use the console access.
For doing this run a zope instance as follow:
$ bin/instance debug
(where "instance" is one of your instances)
The you can delete the ldap plugin:
del app.Plone.acl_users['ldap-plugin-id']
Where Plone is the is of your site and ldap-plugin-id the is of the LDAP plugin.
If you don't remember it, look for it in this set:
app.Plone.acl_users.objectValues()
Finally you must persist your changes:
import transaction;transaction.commit()
...then exit using CTRL+D
Now you must be able to access ZMI and you must create and reconfigure a new plugin.
Please note: when configuring an LDAP or AD plugin always set a "Connection timout" and an "Operation timeout". This is probably why your access attempt totally freeze the instance.
I have a WebLogic domain whit an Admin server and one Managed Server. I installed the certificate for ssl connection beetwen Admin and Managed, but when I restart the Managed I have this error:
<May 2, 2016 6:39:24 PM CEST> <Info> <Management> <BEA-141307> <Unable to connect to the Administration Server. Waiting 5 second(s) to retry (attempt number 3 of 3).>
<May 2, 2016 6:39:29 PM CEST> <Info> <Management> <BEA-141298> <Could not register with the Administration Server: java.rmi.RemoteException: [Deployer:149150]An IOException occurred while reading the input.; nested exception is:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem>
I changed this option:
admin console Servers -> server name -> Configuration SSL tab -> Advanced -> Change Hostname Verification dropdown to None
Version 12.2.1
Do you have any solutions?
Thanks
Fabrizio
There's probably some problem with the SSL certificate. I would recommend to double check that and also rerun with -Dssl.debug added to the Weblogic command line to get more information. Then check both the admin and managed server log files, as it might have enough information to answer. If not, please and add more information here.
I have installed OpenShift Origin V3 on aws ec2(Fedora19) using oo-install.The set up is One Broker +One Node.
I was making some modifications to the security groups to make it more restrictive -
and it ended up some issues in the mongo service.
1.service mongod does not start up and the status shows failed.
The /var/log/mongodb/mongodb.log says
Thu Mar 6 11:24:08.189 [initandlisten] ERROR: listen(): bind() failed errno:99 Cannot assign requested address for socket: :27017
Thu Mar 6 11:24:08.189 [initandlisten] now exiting
Running oo-accept-broker -v says
FAIL: error logging into mongo db: MOPED: Retrying connection to primary for replica set :27017">]>: MOPED: Retrying connection to primary for replica set :27017">]>/MOPED: --username Retrying, exit code: 1
Any pointers on how to resolve this will be greatly appreciated.
Thanks
Shabna
I would try rolling back your changes to the security groups first and then make the changes one by one and see which one causes the issue, then post that to stack and see if anyone can comment on the specific change that is affecting mongodb.
may i know if someone has encountered this before? Found this in WebLogic
managed server logs.
####<Jul 15, 2011 9:59:34 AM EST> <Error> <WTC> <mi009.aiu.com> <ilpmServer3> <ExecuteThread: '58' for queue: 'weblogic.kernel.Default'> <ICO_WS1> <> <BEA-180029> <Caught this Ferror exception: 5 (FBADFLD). Additional exception info found: Unknown fldid32: 168877871>
The exception explanation at WebLogic does not provide much information about the error.
It seems that WLS is calling a TUXEDO server via WTC Tuxedo server is calling a WLS services exported via WTC.
In any of both cases the FIELDID 168877871 is not mapped to the same variable by Tuxedo server OR WLS code.
Please verify with the developers of the app if the FIELDID 168877871 correspond to the same variable for WLS and Tuxedo Server.
In Tuxedo server please check the files of)
env | egrep "FIELDTBLS|FLDTBLDIR"
In Java verify the source.