Skip to main content

Posts

Showing posts from June, 2009

Recovering WebLogic Passwords

In one of my previous articles ( here ) I explained that the SerializedSystemIni.dat file in WebLogic contains the key used to encrypt and decrypt passwords. If you're not currently keeping this file secure I suggest you do, as with it someone can (to name a few things): Decrypt the WebLogic admin username and password from boot.properties. Recover database passwords, if JDBC Connection pools are configured, from config.xml. Recover the keystore passwords from config.xml and obtain SSL certificates stored in the jks keystores. Essentially, they can do whatever they want, so if you don't know who can read your SerializedSystemIni.dat files, look... now. In this article I will show how easy it is for this file to be used to recover lost passwords via a simple WLST script. The Script The script I use to decrypt passwords is incredibly short, and it works with WebLogic 8, 9 and 10 (probably for version 7 too). To use it, just create a new file called decryptpwd.py and paste the fol

BEASVC.EXE - WebLogic as a Windows Service

I remember the first time I had to work out why WebLogic wouldn't run as a service. It was a frustrating experience. There were no error messages. No Windows error dialog. No console output. How do you troubleshoot something like this??!! This short article will show you. For simplicity I'll talk about the node manager, but the same principles apply for running an admin or managed server as a service. First Steps First, you still have your server logs. Sure the console output is better, but it's a starting point. Check this log for errors and especially take note of the start up variables such as PATH and CLASSPATH. If the server log isn't being created, that tells you WebLogic probably isn't even being started. (Check that you have a license file if you haven't already.) Ok, so the logs were no help. The next step is to look at how the service is trying to start WebLogic. When you install WebLogic as a service, you're really setting up beasvc.exe as the ser