/ Weblogic authentication denied – WLS 10 ~ Java EE Support Patterns

7.30.2011

Weblogic authentication denied – WLS 10

Problem description

The Weblogic admin server and / or managed server(s) are unable to start properly and throwing an authentication denied error message.

Weblogic errors observed

Error #1

<Jul 30, 2011 3:13:18 AM PST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed.

Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid;
The user name and/or password from the boot identity file (boot.properties) is not valid.
The boot identity may havenbeen changed since the boot identity file was created. Please edit and update
the boot identity file with the proper values of username and password. The first time the updated boot identity file
is used to start the server, these new values are encrypted.

weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid;
The user name and/or password from the boot identity file (boot.properties) is not valid.
The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file
with the proper values of username and password. The first time the updated boot identity file is used to start the server,
these new values are encrypted.

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace

Error #2

<Jul 30, 2011 5:11:55 AM PST> <Critical> <Security> <BEA-090403> <Authentication for user <user> denied>
<Jul 30, 2011 5:11:55 AM PST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed.
Reason: weblogic.security.SecurityInitializationException: Authentication for user <user> denied
weblogic.security.SecurityInitializationException: Authentication for user <user> denied

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace

Possible root causes and solutions


Root cause #1

The Weblogic boot.properties file is corrupted or contains invalid principal and credentials

Solution >> boot.properties reset

·         Backup and clear the cache and data directories under <WL Domain>/servers/<Admin & Managed server>
·         Recreate boot.properties (put back your plain text username and password) under <WL Domain>/servers/<Admin & Managed server>/security directory and restart the affected server(s)

Root cause #2

The Weblogic boot.properties file is valid but the security realm is corrupted or in an invalid state

Solution >> Weblogic Admin username and password reset

·         Backup your Weblogic server domain
·         Rename or delete <WL Domain>/security/DefaultAuthenticatorInit.ldift
·         Run the following Java command:
        java weblogic.security.utils.AdminAccount <new-admin-user-name> <new-admin-user-pwd> <<WL Domain>/security >
·         Delete the contents inside the file boot.properties under <WL Domain>/servers/< AdminServer>/security
·         Add the following contents inside the boot.properties
        username=<new-admin-user-name>
        password=<new-admin-user-pwd>
·         Backup and delete the folder: <WL Domain>/servers/<AdminServer>/data/ldap
·          Restart your Weblogic server 

12 comments:

Hi,
thanks for this post, very useful.
I however today had the situation, that nothing was changed, but 'all of a sudden' one of the two managed nodes were not able to start any more, - and even that one, which resides on the same machine as the Admin. The Admin, reading the same files, started ok, but the Managed didn't.

Solution: remove all working dirs in the log directory and restart.

Perhaps someone else faces the the same problem, it might help.

Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090306]Authentication Failed Getting Groups for User weblogic java.lang.NullPointerException
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:317)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace

I am getting this error in my domain I tried both the solutions it didnt work :(

Hi,

Can you please describe the product you are using and version? Are you using standalone Weblogic or product such as Weblogic Portal etc.?

Thanks.
P-H

Thanks Guys It solved My problem

Hi anonymous,

I'm glad it solved your problem.

Regards,
P-H

Great work,
Thank you very much

Thank you very much. Only point was I had to repeat for each server I have in domain.

where can i run command java weblogic.security.utils.AdminAccount from

Thank you so much! Solution for root cause #2 helped me. The only piece missing was that before running the java command, I had to first run \server\bin\setWLSEnv.cmd (Windows) or setWLSEnv.sh (Unix/Linux) to set my environment; otherwise, I would get this - "Error: Could not find or load main class weblogic.security.utils.AdminAccount".

same issue. pls help me

smile2dhamu@gmail.com


hi below mentioned is the error im getting




<Server subsystem failed. Reason: A MultiException has 4 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.nodemanager.adminserver.NodeManagerMonitorService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.nodemanager.adminserver.NodeManagerMonitorService

A MultiException has 4 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.nodemanager.adminserver.NodeManagerMonitorService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.nodemanager.adminserver.NodeManagerMonitorService

at org.jvnet.hk2.internal.Collector.throwIfErrors(Collector.java:89)

Post a Comment