Hyperion servers password changes impact ?

Similar Messages

• Not able to restart managed servers after password change in console

  im doin the following steps,am i doin anything wrong?
  1)shutdown all managed servers
  2)change pwd in admin console
  3)edit boot.properties file with new pwd in admin server
  4)copy these boot file to every managed server
  5)now restart admin server.(able to do it succesfully)
  6)not able to restart managed servers (im getting the following error.
  Can any help me out plz very urgent?
  <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
  at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>

  Hi,
  *1)In order to export the user data on to the server,do we have to create a specific directory to save this data into the server.*
  Yes ....you can give any Existing Directory Path in the AdminConsole Export Page.... Any Directory in your File System.
  *2)Is there any other way by not exporting or importing the data?*
  That is the only way to prevent the Data Loss....There are some other ways to do it without using Admin Console like Using WLST or Using JMX you can export the Data but all these techniques will exactly do the same thing ... The AdminConsole is the easiest way to do it.
  Thanks
  Jay SenSharma
  http://middlewaremagic.com/weblogic/  (Middleware Magic Is Here)

• User Password change fails in OWA 2013

  User Password change fails in OWA with this error: Your password couldn't be changed. Make sure the old password you typed is correct and that the new password meets the minimum security requirements.
  We are migrating from Exchange 2007 to Exchange 2013.  Have mailboxes in both environments.  OWA 2007 password changes succeed (user mailbox is still in Exchange 2007).  When the user mailbox is moved to Exchange 2013, password changes fail
  with the above error.
  We have the Exch 2013 servers are on Windows 2012 and we are running Exch 2013 CU3.   We have made changes to the Default Role Assignment Policy to prevent users from changing Contact information and setting user photos, etc.  We are not exactly
  sure when user password changes stopped working, or even if they ever did work, although we recently installed our Prod Exch 2013 servers alongside our 2007 servers without any RBAC delegation implemented and a quick test of a user password change was successful.
  I reversed all the changes to the Default Role Assignment Policy but the password change still fails.

  Hi,
  Please try the following steps in your CAS server:
  1. Click Start > Run and type regedit and click OK.
  2. Navigate to the "HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA" key.
  3. Set the ChangeExpiredPasswordEnabled value from 1 to 0.
  4. Close regedit and re-open it.
  5. Set the ChangeExpiredPasswordEnabled value from 0 to 1.
  6. Close regedit.
  7. After you configure this DWORD value, please reset IIS. The recommended method to reset IIS is to use IISReset /noforce from a command prompt.
  Here is the similar thread about password change issue in Exchange 2013 CU3, please refer to:
  http://social.technet.microsoft.com/Forums/en-US/30b74c81-9b98-46f4-9ca0-1c3bb74f4a3f/users-with-expired-passwords-or-change-password-at-next-logon-unable-to-change-password-via-owa-in?forum=exchangesvrclients
  Hope it helps.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Weblogic admin user password change w/o disrupting existing users

  Hi Folks,
  As a business policy we need to change the password of the admin user in weblogic after a cycle of specific period.
  Please let us now how can we do that without losing the other existing users in 'my realm.'
  I understand that we can use the weblogic.utils.security.AdminAcoount utility to give the new password, which will create a new DefaultAuthenticatorInit.ldift file in +<domain-home>/security+ folder (according to Doc ID 1082299.1).
  The password will change but the users in 'my realm' will be lost. (there are many users and it is a production environment so recreation is out-of- question)
  Is there a way we can retain the users and still proceed with the password change?
  Cheers,
  Jeegar

  Hi Jeegar,
  This can be doen by followin the standard procedure by login to console and navigate to :-
  DOMAIN_STRUCTURE--->Security Realm--->myrealm--->Users and Groups---->User tab click on the user weblogic
  --click on the password tab and put the new password there and save (password is changed for the user here)
  ---Logout from the console and login to the console again using the new password
  But when the server starts it do not read the password for the user directly from the realm rather it picked the same from the $DOMAIN_HOME/servers/AdminServer/security/boot.properties
  Now in order to make this change available when the server starts change the values for the username and password in boot.properties and specify them in plain-text and save the same.
  Now next time whenever the server will start it will pick up the new values from the boot.properties and once the same had been accepted those will be encrypted again.
  You might have to make the change for the boot.properties for all the Managed Server if you have the Managed Servers in the domain which will be located at the location $DOMAIN_HOME/servers/<<Managed Server Name>>/data/nodemanager/boot.properties
  You can test the steps on some lower environment first and try the same in Critical environment once the testing goes successful.
  Regards,
  Vijay
  Edited by: V Kumar on Oct 25, 2012 3:06 PM

• How to track password changes in EBS R12

  How to check when was the last time the apps/sysadmin passwords was changed in EBS R12.

  Yes it doesn't help much since you don't have audit enabled.
  If you want to get more details about enabling audit, you can simply search previous discussions for Audit and AuditTrail and you should find the docs/links you need to refer to.
  There should be no impact on the performance to track password changes. Apps passwords can't be changed on the fly and it requires additional steps (i.e. running AutoConfig and bouncing the services) which can't be done in your production instance many times a day.
  I'm not sure why would you need to track password changes. Is this happening in your production instance?
  Thanks,
  Hussein

• Best practice to restart weblogic and managed  servers after changing pass

  hi
  i need to know if have an installation with the following structer what is the best practice to restart the servers after we change weblogic password ?and i know that i should change boot.properties with the new password ,is there anything else to change ? please advise .
  oracle access manager &oid (dose it affected by weblogic password change ?)
  thank you
  Edited by: hsweiss on Jul 31, 2012 10:45 AM

  the order is to restart:All managed servers and followed by Admin server
  If your weblogic server is integrated with oid, you need to change the credentilas in both the places ie weblogic server(boot.properties) and idm server
  if your weblogic server is using your internal ldap for the authentication, your idm and oam wil not effect with this change
  if you change the boot.properties file that is enough, you don't need to change anywhere

• Run As account password changed

  Hello,
  The password of the Run As accounts(2) for Linux/Unix servers have been changed:
  Now I am getting a lot of access denied... which step did I miss or should I do after a password change for these accounts?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Hello,
  Let me restart the agent on the Linux machine again.
  Is it possible to restart the agent from the SCOM 2007 Console?
  Access denied is seen in the SCOM Console Alerts as well as in the log on the Unix machines:
  Dec 28 04:03:46 srpsso1 adclient[5312]: WARN &lt;fd:10 PAMVerifyPassword&gt; audit User 'svcunixa' not authenticated
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

• Active directory, SSGD and password change

  Hi everybody, we have some problems with SSGD, active directory and password change
  Scenario:
  We have 2 different perfectly working Active directory called "Gruppo" and "Eracle";
  We have 2 different tarantella installations called "Sgd" and "Tlv";
  Sgd servers are working servers and users authenticate against Eracle, used by our customer.
  We made 2 basic different test with Tlv:
  1. we configure Tlv to authenticate users against Gruppo (that is our real need)---> we can't change pasword using kpasswd or ttakpasswd
  2. we configure Tlv to authenticate users against Eracle ---> everything was ok
  There are NO DIFFERENCE beetween Sgd and Tlv, they have same configuration, same krb5.conf etc..
  There is ONE DIFFERENCE beetween Eracle and Gruppo:
  Eracle Active Directory's properties:
  Domain functional level: Windows 2000 mixed
  Forest functional level: Windows 2000
  Gruppo Active Directory's properties:
  Domain functional level: Windows 2000 native
  Forest functional level: Windows 2000
  SSGD documentation doesn't speak about different Active Directory properties. The SSGD documentation says that you can authenticate users against Active directory, so, IT HAS TO WORK even if the domain functional level of active directory is different.
  Can someone help us^Hi Simon
  I'll try again to explain you our problem, because it seems that I wasn't so clear.
  Scenario:
  We have 2 different perfectly working Active directory called "Gruppo" and "Eracle";
  We have 2 different tarantella installations called "Sgd" and "Tlv";
  Sgd servers are working servers and users authenticate against Eracle, used by our customer.
  We made 2 basic different test with Tlv:
  1. we configure Tlv to authenticate users against Gruppo (that is our real need)---> we can't change pasword using kpasswd or ttakpasswd
  2. we configure Tlv to authenticate users against Eracle ---> everything was ok
  There are NO DIFFERENCE beetween Sgd and Tlv, they have same configuration, same krb5.conf etc..
  There is ONE DIFFERENCE beetween Eracle and Gruppo:
  Eracle Active Directory's properties:
  Domain functional level: Windows 2000 mixed
  Forest functional level: Windows 2000
  Gruppo Active Directory's properties:
  Domain functional level: Windows 2000 native
  Forest functional level: Windows 2000
  SSGD documentation doesn't speak about different Active Directory properties. The SSGD documentation says that you can authenticate users against Active directory, so, IT HAS TO WORK even if the domain functional level of active directory is different.
  Can someone help us?
  Many thank
  Patrizia

  Added question.
  Do you guys know if changing the password will change the password on their Active directory access.
  Thanks,
  helmut

• RBACx Encrypted Password Change Utility

  Hi all,
  In the OIA/SRM installation guide, there is a reference to a tool, to find out the password of rbacxservice.
  "Oracle Identity Analytics utilizes an encrypted password when communicating with the database.
  To change the default database password, use the RBACx Encrypted Password Change Utility"
  Could you please help me finding out this tool.
  Many thanks in advance.
  Warm regards,
  Manipradeep Sunku.

  The mentioned tool only encrypts the password so that you don't have to store a plain text password in the config file. It does not decrypt it. The default rbacxservice password is rbacxservice.
  The tool does not come with the OIA/SRM distribution so if you need it, you will need to contact support.

• ACS 5.3 UCP Password Change

  Hi at all,
  i have a Problem with the UCP Webside Password Change.
  The Side is running without Problem. A Password Change for the normal User is also o.k.
  Here me Problem.
  I will use this Side also for our Admins to Change here Password but this User has also a Enable Password.
  Is it Possible to Change also this Password with the UCP Webside?
  Thanks for help.
  regards
  Andreas

  Hey Tushar,
  That is our current setup. Right now each user logs in with their AD credentials to get into user exec mode and the same password to get into privileged exec mode. I would like to have a user login with their normal AD credentials to get into user exec mode and a different password (specific to each user, not locally on the device) to login to privileged exec mode. We are doing this for security reasons. Hopefully that clarifys what I'm trying to do.
  Thanks

• Is autoconfig required to be run for apps password change

  Is autoconfig required to be run for apps password change -- We are only changing APPS and APPLSYS passwords.
  How to Change Applications Passwords using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD) [ID 437260.1] -- does not mention anything about autoconfig.
  Please clarify.
  Thanks

  It's mentioned in the document twice
  1. For APPLSYSPUB/GUEST as you mentioned
  2. Under "Verify the new password" which cover the apps/applsys passwords
  If you search the doc for "AutoConfig" you will find it there.
  Thanks,
  Hussein

• Airport Extreme WiFi password change

  I want to change the network password on my Airport router. When I open Airport Utility it attempts to locate the Airport base station but never finds it. It says "no configured Airport base stations have been found...will continue searching" The Airport is working and is connected to the Internet. I have Wifi access from this Mac & mobile devices in the house.
  Any ideas on what I can do to access the base station to make the password change?

  Also, is your Mac connected to the AirPort Extreme/Express (either by ethernet cable or the AirPort's own wifi) or might it have gotten connected to some other wifi network (possibly associated with your ISP's modem, gateway, or router)?

• Outlook 2013 - Password change breaks S/MIME Certs "An error occurred in the underlying security system. Key not valid for us in specified state."

  AD password change comes up, user changes password.
  Tries to send signed or encrypted email with a Comodo S/MIME certificate, and gets the following error:
  ""An error occurred in the underlying security system.  Key not valid for us in specified state."
  I now have two reports of this error - one on Windows 7, and one on Windows 8.0 (remote user).
  The one on Windows 8.0, we tried removing their S/MIME cert from Outlook/Windows and re-adding, this did NOT resolve the issue.
  Plan was originally to have the 8.0 user ship their machine in, and wipe it, since nothing else could fix it and I wasn't finding anyone else with the same issue.  Now that I've got a second user with the same issue, its looking like a bug/issue and
  not a random glitch.
  Thanks in advance for any and all help with this!

  Hi,
  Thank you for your question.
  I am trying to involve someone familiar with this topic to further look at this issue.
  Thanks,
  Melon Chen
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click
  here

• ORACLE Password Change using APEX FORM

  Greetings!
  I would like to find out, if there is a utility or a sample page that permits the Database password changes for the DB users within the Database. My goal is for users to maintain password using the Browser, instead of using SQL*Plus or similar Windows tools
  Thanks in advance for your help!
  Muni

  So if you and I can both authenticate to this application, we will necessarily have separate accounts, say in the Application Express account repository of that application's workspace. Our accounts will each have a password that is not synchronized with our database account password. The application will allow me (SCOTT) to change only the database account named SCOTT and will allow you (VIKAS) to change only the database account named VIKAS. That rule would make it unnecessary for the provided form to provide an input field for the database account name (it would be pre-populated). Unfortunately, the chosen authentication method requires each of us to remember our application password, and, if the application is built correctly, to remember our old database password as well. (Implementing that verification has its own issues.) If the application used LDAP then a mapping table would be needed to relate [email protected] to VIKAS. Every time a new database user needed the self-service password facility, a new user account (and a new password), and a new mapping table entry would have to be created. All of that complexity is eliminated if the application uses Database Account credentials authentication -- a new database user is created, the user can authenticate to the application and use it; the database user is removed, the user can no longer authenticate.
  Let's not confuse the aim of providing a self-service "change my database password" application (the original requirement) with the simpler task of providing a super-user-oriented database account management page (like we did in XE).
  Scott

• AD Password Change Problem

  Hi,
  We are using a number of Intel based OSX 10.4 machines bound to a Windows 2003 Forest / Domain.
  We have run into a problem where users are unable to change there AD passwords using the Access applet from within System Prefs, it gives an error about a possible policy problem. I have tried doing the same thing using the Kerberos utility which gives similar results. If we set a user account to force the password to be changed the next login it works which is puzzling. Password changes are working without problem from within our Windows environment.
  I was wondering if anyone can shed any light on the matter?
  Many Thanks
  Tim

  Refer to the post titled "JNDI, Active Directory & Changing Passwords" at JNDI, Active Directory & Changing Passwords