Weblogic authentication denied
Problem description
The Weblogic admin server and / or managed server(s) are unable to start properly and throwing an authentication denied error message.
The Weblogic admin server and / or managed server(s) are unable to start properly and throwing an authentication denied error message.
Weblogic errors observed
Error #1
<Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed.
Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid;
The user name and/or password from the boot identity file (boot.properties) is not valid.
The boot identity may havenbeen changed since the boot identity file was created. Please edit and update
the boot identity file with the proper values of username and password. The first time the updated boot identity file
is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid;
The user name and/or password from the boot identity file (boot.properties) is not valid.
The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file
with the proper values of username and password. The first time the updated boot identity file is used to start the server,
these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Error #2
<Jul 30, 2011 5:11:55 AM PST> <Critical> <Security> <BEA-090403> <Authentication for user <user> denied>
<Jul 30, 2011 5:11:55 AM PST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed.
Reason: weblogic.security.SecurityInitializationException: Authentication for user <user> denied
weblogic.security.SecurityInitializationException: Authentication for user <user> denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Possible root causes and solutions
Root cause #1
The Weblogic boot.properties file is corrupted or contains invalid principal and credentials
Solution >> boot.properties reset
· Backup and clear the cache and data directories under <WL Domain>/servers/<Admin & Managed server>
· Recreate boot.properties (put back your plain text username and password) under <WL Domain>/servers/<Admin & Managed server>/security directory and restart the affected server(s)
Root cause #2
The Weblogic boot.properties file is valid but the security realm is corrupted or in an invalid state
Solution >> Weblogic Admin username and password reset
· Backup your Weblogic server domain
· Rename or delete <WL Domain>/security/DefaultAuthenticatorInit.ldift
· Run the following Java command:
java weblogic.security.utils.AdminAccount <new-admin-user-name> <new-admin-user-pwd> <<WL Domain>/security >
· Delete the contents inside the file boot.properties under <WL Domain>/servers/< AdminServer>/security
· Add the following contents inside the boot.properties
username=<new-admin-user-name>
password=<new-admin-user-pwd>
· Backup and delete the folder: <WL Domain>/servers/<AdminServer>/data/ldap
· Restart your Weblogic server