How to Recover Weblogic Administration Password of Enterprise Manager

As you may know, Weblogic is a part of Enterprise Manager Cloud Control environment, and it’s automatically installed and configured by the EM installer. The Enterprise Manager asks you to enter a username and password for Weblogic administration. This information is stored in secure files, and you usually do not need them unless you need to use Weblogic console. So it’s easy to forgot these username and password, and that’s what happened to me. Fortunately there’s a way to recover them without even resetting new user/password. Here are the steps:

First we need to know DOMAIN_HOME directory. My OMS is located in “/u02/Middleware/oms”. You can find yours if you read “/etc/oragchomelist”. If the full path of OMS is “/u02/Middleware/oms”, my middleware home is “/u02/Middleware/”. Under my middleware home, I need to go GCDomains folder:

oracle@db-cloud /$ cd /u02/Middleware
oracle@db-cloud Middleware$ cd gc_inst/user_projects/domains/GCDomain

1 2	oracle@db-cloud /$ cd /u02/Middleware oracle@db-cloud Middleware$ cd gc_inst/user_projects/domains/GCDomain

First let’s get the encrypted information from boot.properties file:

oracle@db-cloud GCDomain$ cat servers/EMGC_ADMINSERVER/security/boot.properties

# Generated by Configuration Wizard on Wed Jun 04 10:22:47 EEST 2014
username={AES}nPuZvKIMjH4Ot2ZiiaSVT/RKbyBA6QITJE6ox56dHvk=
password={AES}krCf4h1du93tJOQcUg0QSoKamuNYYuGcAao1tFvHxzc=

oracle@db-cloud GCDomain$ cat servers/EMGC_ADMINSERVER/security/boot.properties

# Generated by Configuration Wizard on Wed Jun 04 10:22:47 EEST 2014

username={AES}nPuZvKIMjH4Ot2ZiiaSVT/RKbyBA6QITJE6ox56dHvk=

password={AES}krCf4h1du93tJOQcUg0QSoKamuNYYuGcAao1tFvHxzc=

The encrypted information starts with {AES} and ends with equal (=) sign. To decrypt the username and password, we will create a simple java application:

oracle@db-cloud GCDomain$ cat recoverpassword.java
public class recoverpassword {
 public static void main(String[] args)
 {
  System.out.println(
  new weblogic.security.internal.encryption.ClearOrEncryptedService(
  weblogic.security.internal.SerializedSystemIni.getEncryptionService(args[0]
   )).decrypt(args[1]));
  }
}

oracle@db-cloud GCDomain$ cat recoverpassword.java

public class recoverpassword {

public static void main(String[] args)

{

System.out.println(

new weblogic.security.internal.encryption.ClearOrEncryptedService(

weblogic.security.internal.SerializedSystemIni.getEncryptionService(args[0]

)).decrypt(args[1]));

}

Save it as “recoverpassword.java”. To be able to compile (and run) it, we need to set environment variables (we’re still in GCDomain folder). We’ll give the encrypted part as the last parameter:

oracle@db-cloud GCDomain$ . bin/setDomainEnv.sh
oracle@db-cloud GCDomain$ javac recoverpassword.java
oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpassword \
$DOMAIN_HOME {AES}nPuZvKIMjH4Ot2ZiiaSVT/RKbyBA6QITJE6ox56dHvk=
oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpassword \
$DOMAIN_HOME {AES}krCf4h1du93tJOQcUg0QSoKamuNYYuGcAao1tFvHxzc=

oracle@db-cloud GCDomain$ . bin/setDomainEnv.sh

oracle@db-cloud GCDomain$ javac recoverpassword.java

oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpassword \

$DOMAIN_HOME {AES}nPuZvKIMjH4Ot2ZiiaSVT/RKbyBA6QITJE6ox56dHvk=

oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpassword \

$DOMAIN_HOME {AES}krCf4h1du93tJOQcUg0QSoKamuNYYuGcAao1tFvHxzc=

I intentionally break the lines to make the code fits the page but you don’t need to do it. Correct CLASSPATH and DOMAIN_NAME are set when we issued “. bin/setDomainEnv.sh” command. When we run the last two commands, we should see the weblogic administrator username and password in plain text. By the way, even if you use the same password with me, you may see different encrypted text because when encrypting and decrypting, weblogic uses the cypher key stored in “security/SerializedSystemIni.dat” file. So as long as the cypher key is different, you get different encrypted text for even same input.

Please share

28 Comments

Nesir Ahmet

April 1, 2015 Reply

Hello Mr. Gökhan
I want to thank you for this post it really helped me. And the interesting point is that i have faced this problem last evening and you have just post it last night 🙂 nice coincidence..
- Gokhan Atil
  
  April 1, 2015
  
  I’m glad to hear that it helped 🙂
Talip Hakan Ozturk

April 2, 2015 Reply

Hi Nesir,

You must thank to me also 🙂 Because, I send you this blog post link 🙂 🙂
- Nesir Ahmet
  
  April 3, 2015
  
  sure Talib hocam 🙂 thanks again
Murthy

May 5, 2015 Reply

Thank you for posting this, I was struggling with password changes and related issues – this solved all those.
- Gokhan Atil
  
  May 5, 2015
  
  You’re welcome. I’m happy to hear that it helps.
iftequar mohammed

November 6, 2015 Reply

This is a great post, thanks 🙂
Pingback: How to Upgrade Oracle Enterprise Manager Cloud Control 12c to EM13c | Gokhan Atil's Oracle Blog
nnarimanov

January 2, 2016 Reply

Hi Gokhan,

Tested this method against OEM 13c, works fine. Thanks.
Roberto

July 20, 2016 Reply

In windows how to will it ?
djobbimohamed

February 4, 2017 Reply

Many Thanks
comrade

April 13, 2017 Reply

Testen against EM13.2, works perfectly! Many Thx!
Joseph Thangaraja

April 13, 2017 Reply

Great help. It helped timely when I was running Production upgrade.

Thanks lot.

Regards,
Joseph
Nico

April 19, 2017 Reply

Great post, thanks Gokhan!
paul

April 21, 2017 Reply

YOU ARE THE MAN!

I can’t believe that worked, but it worked beautifully!

Such a clever trick. How in the world did you come up with something so esoteric, profound and useful?
kamm

May 22, 2017 Reply

Thanks Gokhan! You made my day..

Best regards
Emre

June 8, 2017 Reply

THIS IS IT!!!
That worked, thanks for the clever post.
Phil Broughton

June 29, 2017 Reply

Life saver – just had to do this and it works with zero fuss… Well done and thanks for posting
Atul

August 18, 2017 Reply

Great Gokhan, it helped me.

The java program reflects you are a master with weblogic methods/api’s.

Many thanks!
Imran Md

November 7, 2017 Reply

Nice job, It helped me a lot.. thank you.
MAN MOHAN KUMAR

November 21, 2017 Reply

Thank you very much..!! I got my weblogic password using this method.
Andrew

January 18, 2018 Reply

It’s not often that unofficial tips like this actually work. Heck, it’s unusual that official tips like this actually work. I sort of already know the password, but wanted to double check it. This tip worked *flawlessly* during my upgrade from EM12.1.0.3 to EM13.1 on RH 7 and a 12.1.0.2 repository DB. Thank you very much.
Shobha

July 31, 2018 Reply

Hi, I am not a java person, I have this: what do i do next?
-rw-r–r– 1 oemora1 dba 274 Jul 31 12:38 recoverpassword.java
-rw-r–r– 1 oemora1 dba 801 Jul 31 12:39 recoverpassword.class
Frank lee

April 26, 2019 Reply

Gokhan Atil:

Very good approach and procedures. It really help me. Thanks.
CD

April 27, 2019 Reply

Thanks Atil, your generosity is appreciated.
den

May 6, 2019 Reply

you are great!
Damu

June 17, 2019 Reply

Thanks a lot. I couldn’t believe that it actually worked. Recovered my weblogic password of OEM 13c.
Anand Doraiswamy

November 19, 2019 Reply

This posting a absolutely brilliant. Gokhan, you are amazing!!