Change the WebLogic Administrator Account to a Different User Account (Windows Authentication)

Perform this procedure to change the Weblogic Admin Account user name.

Before you begin 

Back up the Files Needed to Restore the Existing Account or Password

Procedure 

  1. Do one of the following:

    • Prepare a new account in the domain, according to requirements specified in the Technologies, Security and Network Integration Deployment Reference Guide.

    • Identify an existing account in the domain that meets the DRG requirements.

    If you have an application server cluster, you must repeat steps 2 through 26 on each application server in the cluster.

  2. Verify the new account created or identified in the previous step is working correctly. To do this, open the ldp.exe tool, connect to the domain controller, and do a simple bind using the account, as described below.

    1. From the command prompt, start the ldp.exe tool.

    2. Select Connections > Connect, complete these fields, and click OK:

      • Server: Enter the server name (FQDN) of the domain controller.

      • Port: Enter the port (default 389) to connect to the domain controller.

      Connections Connect page

    3. Select Connection > Bind, complete these fields, and click OK:

      • User: Enter the user name of the new account in the User Principal Name (UPN) format.

      • Password: Enter the password for the new account.

      • Bind Type: Select the Simple bind option.

      Simple Bind settings

    4. Verify the bind was successful.

      A successful bind shows a result such as:

      res=ldap_simple_bind_s(id, 'e2einstalluser@tlvabrecs.com',

      <unavailable>); // v.3

      Authenticated as 'TLVLABRECS\E2EInstallUser'.

      Successful bind message example

    5. Use the ldp.exe tool to search for any application user in the Active Directory One of the main user authentication methods supported in the system, allowing customers to leverage Windows Authentication as the authentication mechanism in the system..

  3. On the Application Server, access the WebLogic administration console using the following URL:

    http://localhost:7001/console

  4. Sign in to the console using the existing WebLogic Admin Account credentials.

    The username and password you use to sign in to the Weblogic Server Administration Console are the same account name and password that are specified on Framework Applications Server role in the Data Center that provides the system’s core applications. It is a mandatory server role in the system and required for all packages. server role Entity that contains a logical, predefined set of components (system software or certified third-party software) deployed in the Data Center and Site Zones that provide specific functionality for the system. Settings page.

    To view this username and password, select System Administration > Enterprise > Settings and select the Framework Applications server role in the Installations pane. The account name and password appear under the Server Access settings.

  5. Under Domain Structure (left pane), select Security Realms.

    Domain Structure options

  6. In the Realms table, click on BPDBRealm.

  7. Click the Roles and Policies tab.

  8. In the Roles table, expand Global Roles, then expand Roles.

    Roles table settings

  9. For the Admin role, under the Role Policy column, select View Role Conditions.

    View role conditions setting

  10. In the Role Conditions: section, click the Add Conditions.

    Add conditions setting

  11. In the Predicate List dropdown, select User.

    Predicate List drop down

  12. Beneath Predicate List, click Next.

  13. In the User Argument Name text box, type the case-sensitive user name associated with the domain account you created or identified in step 1. Then click Add.

    User Argument Name setting

  14. Click Finish.

  15. In the Edit Global Rule screen, confirm the User: field specifies the new username and that the Or operator is selected beneath the new user name. Then click Save.

    Or operator beneath the User field

  16. Under Domain Structure (left pane), select Security Realms.

    Domain Structure settings

  17. In the Realms table, click on BPDBRealm.

  18. Click the Providers tab.

    Providers tab

  19. In the Authentication Providers table, click the name of the Active Directory provider. (The Description column for this provider states Provider that performs LDAP authentication.)

    Authentication Providers table

  20. Click the Provider Specific tab.

    Provider Specific tab

  21. Under Change Center (left pane), click Lock & Edit.

    Change Center settings

  22. In the Connection section, complete these fields:

    • Principal text box - Type the new user account in the UPN format (for example user@domain.com).

    • Credential text box - Type the password for the account.

    • Confirm Credential text box - Re-type the password for the account.

      • Connection section fields

  23. Click Save.

    If the changes are not saved, change the Provider Specific items one at a time. For example, change Principal and click Save, change Credential and click Save, then change Confirm Credential and click Save.

  24. Under Change Center (left pane), click Activate Changes.

    When the changes are activated, the following message displays in the right pane: All changes have been activated. However 1 items must be restarted for the changes to take effect.

  25. Use a text editor to update the boot.properties file on the application server.

    1. Use Notepad or a similar text editor to open the boot.properties file on the application server at the location below:

      %VERINT_WEBLOGIC_DOMAIN_HOME%servers\ProductionServer\security\boot.properties

    2. For the username= parameter, type the new username (to replace the existing username value).

    3. For the password= parameter, type the new password (to replace the existing password value).

    4. Save the boot.properties file and close the text editor.

      The clear text username and password are encrypted after you restart the WFO_ProductionDomain_ProductionServer service in the next step

    5. Restart the WFO_ProductionDomain_ProductionServer Windows service from the Services window on the server on which you have edited the boot.properties file.

      • If the WFO_ProductionDomain_ProductionServer service fails to start, or stops unexpectedly, verify the username and password are both entered correctily in the boot.properties file and restart the service again.

      • If the service still fails to start, check for errors in the ProductionServer.log at this location:

        %impact360datadir%logs\ProductionServer\weblogic\ProductionServer.log

  26. Open a web browser and browse directly to the application server on which you have made all of the previous changes.

    At the log in prompt, type the username and password of an active user to verify that you can successfully log in using LDAP.

    If you have an application server cluster, repeat all of the steps from the beginning of this procedure to this step on each application server in the cluster before continuing to the next step.

  27. From the enterprise portal Home page or main UI access point for all WFO applications., select System Management Module that allows performing suite-wide system management activities from a single, Web-based application, the Enterprise Manager. > Enterprise > Settings.

  28. Under Installations (left pane), open the Framework Applications server role.

  29. In the Framework Applications server role settngs, update these two fields:

    • Administrator Account Name - Enter the username for the new WebLogic Admin Account here.

    • Administrator Account Password - Enter the password for the new WebLogic Admin Account here. (Click the icon to the right of the text box to set and confirm the password.)

  30. Wait for the Pending Messages icon to disappear from the top of the screen before continuing to the next step.

  31. Verify that the CMA distribution has completed successfully for the application servers.

    1. Open the Enterprise Manager Agent Web application installed on every system server that communicates with the Enterprise Manager regarding any configuration changes or alarm messages for the relevant server. (EMA) application on the application server. To access the EMA, enter this URL in the web browser: http://hostname/EMA, where hostname is the host name of the application server.

    2. Select Status > System Monitor.

    3. In the Status Messages section, look for a message stating: CMA Distribution: complete successfully on date_and_time

      4. Status Messages section

  32. Check the Alarm Dashboard for an alarm indicating that it is necessary to restart the WFO service.

    1. From the enterprise portal, select System Monitoring > System Monitor > Alarm Dashboard.

    2. In the Alarm Dashboard, look for an alarm named Service restart required that is active on an application server for which you have changed the WebLogic Admin Account.

      If you have multiple application servers, you should see one alarm for each application server.

      The alarm indicates that it is necessary to restart the WFO_ProductionDomain_ProductionServer service. (The alarm Details pane for an alarm indicates the specific service that must be restarted.)

    3. When you see this alarm for an application sever, restart the WFO_ProductionDomain_ProductionServer service on that application server and then acknowledge the alarm.

      If the Framework Applications plugin fails, check the pluginerror.log file. This log file is located at <install_directory>\Software\UCMServices\Plugins\Databases\FrameworkApplications.

      You must correct this error to complete the account change process

Related topics 

Workflow: Change the WebLogic Administrator Account (Windows Authentication)

Change the WebLogic Admin Account Password (Windows Authentication)

Restore the Existing WebLogic Admin Account User Name or Password

Related information 

Troubleshoot SSO (Authentication Configuration Guide)

Technologies, Security and Network Integration Deployment Reference Guide