Loss of PeopleSoft Weblogic Administrator (System) Password


You may receive the following error when starting the PeopleSoft WebLogic domain:
    
<BEA-090402> <Authentication denied: Boot identity not valid
You might loss you Weblogic administrator (ie userid "system") password or someone has changed it

By default, the PeopleSoft Weblogic password for the "system" user id is as follows:

"password" for WebLogic 9.2
"Passw0rd" for WebLogic 10.3



As there is no procedure to override the userid's password, you have to create a new administrator userid. For example create a userid "adminuser" with a password "Webl0gic!". Below are the steps to do this:

1. Make certain that the WebLogic domain is shut down

2. Make a backup of the WebLogic domain (ie make a backup of folder
<PS_HOME>/webserv/<DOMAIN_NAME>)

3. Go to a command line prompt on the web server machine.

4. Run setEnv to make sure that the environment is set correctly. Do this as follows:
    a. cd <PS_HOME>/webserv/<DOMAIN_NAME>/bin
    b. If using Windows, run setEnv.cmd:
           setEnv.cmd
       If using Unix/Linux, run setEnv.sh:
           
. ./setEnv.sh (there is a dot "." then a space then ./setEnv.sh)

5. Create an initialization file for the default authenticator as follows:


    Go to directory <PS_HOME>/webserv/<DOMAIN_NAME>/security and run the following command:


java weblogic.security.utils.AdminAccount adminuser Webl0gic! .
           (Don't forget to add the "." it is needed.)
     This will produce/update a file called
DefaultAuthenticatorInit.ldift.

6. Remove the ldap directory:


    -If using a multi-server domain, remove directory <PS_HOME>/webserv/<DOMAIN_NAME>/servers/WebLogicAdmin/data/ldap
    -For single-server domain, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/servers/PIA/data/ldap/)

7. Update boot.properties, with the new user/password that was set up
    a. Edit boot.properties.
        In multi-server domain, it is located at
<PS_HOME>/webserv/<DOMAIN_NAME>/servers/WebLogicAdmin/security
        In single-server domain, it is located at
<PS_HOME>/webserv/<DOMAIN_NAME>/servers/PIA/security
    b. Replace existing encrypted username/password entries with the new values. 

Example:
          
username=adminuser
       password=Webl0gic!


       (After you restart WebLogic, it'll update the boot.properties file and encrypt the username and password)

8. Start the WebLogic domain:
    -If using single-server domain, run
startPIA.cmd/sh
    -If using multi-server domain
         -Run
"startWebLogicadmin.cmd/sh"
        -Wait for the Admin server to fully start
        -Then run
"startManagedWebLogic.sh/cmd PIA" (as well as any other managed servers you use)

9. You can now go into the console and fix the system password if you wish or keep using the adminuser account. To fix the system password from the console, do the following:
    a. Log into WebLogic console as adminuser
    b. Navigate to:
Security Realms -> myrealm -> Users and Groups
    c. Click on 'system' hyperlink and then choose 'passwords' tab.
    d. Enter the new password. Then click save

You may also wish to go back and change the username/password in boot.properties, to use the system user (and the new password that you chose)

10. After you've verified the changes, you can remove the backup directory created in step#2