I will be speaking at the Dallas Oracle Users Group - DOUG on July 23, 2015 5pm-7:15pm. The topic will be "DBaaS: Deploying Databases quickly from OEM @ Dallas Oracle Users Group"
Please come and learn how to setup your Cloud infrastructure in Oracle Enterprise Manager 12c and deploy databases to it with a few clicks using Database as a Service (DBaaS)! More information at the below link.
http://viscosityna.com/event/dbaas-deploying-dbs-quickly-from-oem-dallas-oracle-users-group/
Showing posts with label Oracle Enterprise Manager. Show all posts
Showing posts with label Oracle Enterprise Manager. Show all posts
Saturday, July 4, 2015
Thursday, January 15, 2015
OEM 12c Cloud Control Reset the Weblogic and Nodemanager password
Have you ever encountered a situation where you lost the nodemanager and weblogic password for your Oracle Enterprise Manager OEM12c environment? It is quite common especially if you start to support a new environment and the DBA may only know the sysman password but not the others and you may need these account passwords once you decide to patch OEM12c.
Please refer to this useful Oracle Support note that has detailed steps to do this.
These steps are detailed and long, please ensure you follow them carefully otherwise you may have issues in starting your OMS again.
12c Cloud Control: Steps for Modifying the Password for Weblogic and Nodemanager User Accounts in the Enterprise Manager Installation (Doc ID 1450798.1)
*****************************************************************************************************************
Changing the Weblogic Password When Existing Password is Unknown
1. Stop the OMS, Agent on the OMS machine and set the necessary environment variables:
Stop the OMS:
$ cd <OMS_HOME>/bin
$ emctl stop oms -all
Ensure the OMS has stopped completely and there is no java process running from OMS base location:
$ ps -ef | grep java
If any processes are listed, then kill them using: kill -9 <pid> command, after ensuring that the process is running from the OMS base installation.
Stop the Agent on the OMS machine:
$ cd <AGENT_HOME>/bin>
$ emctl stop agent
Set the necessary environment variables for the WLS domain:
$ export DOMAIN_HOME=<EM_INSTANCE_BASE>/user_projects/domains/GCDomain/bin
$ . ./setDomainEnv.sh
Note that you need to replace <EM_INSTANCE_BASE> with the full path to the gc_inst directory.
Note: In case of a multi-OMS setup, all the OMS and the corresponding monitoring agent must be stopped.
2. Rename the existing DefaultAuthenticatorInit.ldift file in the domain directory and create a new file:
$ cd $DOMAIN_HOME/security
$ mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift_old
$ java weblogic.security.utils.AdminAccount weblogic <new_password> .
Note:
- Replace <new_password> with the new password that you wish to set for the weblogic user.
- The character '.' is mandatory at the end of above command.
- In case of a multi-OMS setup, the above step need to be performed on each OMS server and ensure that the same password is provided for the weblogic user on all the OMS machines.
3. Rename the ldap directory for the AdminServer and Managed Server:
$ cd $DOMAIN_HOME/servers/EMGC_ADMINSERVER/data
$ mv ldap ldap_old
$ cd $DOMAIN_HOME/servers/EMGC_OMS1/data
$ mv ldap ldap_old
In case of a multi-OMS setup, the ldap directory needs to be renamed only for the managed server
4. Rename the .lok file in tmp directory of Admin Server and Managed Server, if it exists:
$ cd $DOMAIN_HOME/servers/EMGC_ADMINSERVER/tmp
$ mv EMGC_ADMINSERVER.lok EMGC_ADMINSERVER.lok_old
$ cd $DOMAIN_HOME/servers/EMGC_OMS1/tmp
$ mv EMGC_OMS1.lok EMGC_OMS1.lok_old
In case of a multi-OMS setup, the tmp/*.lok file needs to be renamed only for the managed server.
5. Edit the Admin Server's $DOMAIN_HOME/servers/EMGC_ADMINSERVER/security/boot.properties file and specify the new password entered in step 2 in clear text, for the password field:
password=<new_password_in_clear_text>
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
For example:
password=oracle123
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
6. Modify the Managed Server's $DOMAIN_HOME/servers/EMGC_OMS1/data/nodemanager/boot.properties and specify the new password entered in step 2 in clear text, for the password field:
TrustKeyStore=DemoTrust
password=<new_password_in_clear_text>
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
For example:
TrustKeyStore=DemoTrust
password=oracle123
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
In case of a multi-OMS setup, the above step need to be performed on each OMS server.
7. As part of the 12c OMS installation, two weblogic users named: OracleSystemUser and weblogic_mntr are created. When the weblogic password is modified manually, these users are removed and it is important that these users are re-created manually by following the below steps:
In a terminal session, start the Admin server:
$ $DOMAIN_HOME/startWebLogic.sh
Wait till the status of Admin server is reported as 'RUNNING'. This session should be kept open till the below steps are completed.
Access the Admin Server Console using the URL: https://<omsmachine.domain>:<port>/console
(Default admin server console port is 7101). For the exact URL, refer to the details in the <OMS_HOME>/install/setupinfo.txt file.
Login with the weblogic user and provide the new password that was entered in Step 2.
In the Admin Server Console, navigate to Security Realms -> myrealm -> Users and Groups -> Groups.
Click on the 'New' button and enter the below details:
Name: OracleSystemGroup
Description: Oracle application software system group
Provider: <leave the default value: DefaultAuthenticator>
Click OK
Navigate to Security Realms -> myrealm -> Users and Groups -> Users. Click on the 'New' button and enter:
User: OracleSystemUser
Description: Oracle application software system user
Password: <provide same password as weblogic user>
Click OK.
Click on the username 'OracleSystemUser' and then click on 'Groups'. Select the previously created 'OracleSystemGroup' and click 'Save'.
In the Security Realms -> myrealm -> Users and Groups -> Users, click on the 'New' button again and enter:
User: weblogic_mntr
Description: Oracle application weblogic mntr user
Password: <provide same password as weblogic user>
Click OK.
Click on the username 'weblogic_mntr' and then click on 'Groups'. Select 'Administrators' and click 'Save'.
If the Admin Server Username specified during OEM installation is other than 'weblogic' (AS_USERNAME in emgc.properties) , then need to create a user with that username also and assign 'Administrator' group to it.
The password for nodemanager is needed in the the next step 9 when the new weblogic password is saved in the credential store. If the password for nodemanager account is also not known, then set a new password using the steps in the section: Changing the Nodemanager Password, at the end of this document and then continue with the steps below.
Navigate to GCDomain -> Security -> Embedded LDAP page, choose the 'Lock and Edit' option and select the flag 'Refresh Replica At Startup'.
Click 'Save' and then click on 'Activate Changes'.
Note: This step is needed to ensure that the LDAP data for the managed servers gets properly synchronized on startup.
Stop the Admin server by executing 'Ctrl+c' in the terminal session from which the Admin server was started at the beginning of this step.
9. Run the below command to save the new password to the EM Credential store:
cd <OMS_ORACLE_HOME>/bin
emctl secure create_admin_creds_wallet -admin_pwd <weblogic_pwd> -nodemgr_pwd <node_manager_pwd>
In case of multi-OMS setup the above step needs to be performed on each OMS server.
10. Start the OMS:
cd <OMS_HOME>/bin
emctl start oms
11. Login to Admin server console with username weblogic and the new password. Navigate to GCDomain -> Security -> Embedded LDAP page. Toggle the 'Lock and Edit option and unset the flag 'Refresh Replica At Startup'.
Click 'Save' and then click on 'Activate Changes'.
Note: The flag was used only for synchronizing the LDAP data in the managed servers at the time of startup after the password change but once this is accomplished, the option needs to be turned off as it imposes a cost on the startup operation.
12. Restart the OMS
cd <OMS_ORACLE_HOME>/bin
emctl stop oms -all
emctl start oms
13. EMGC_GCDomain is a monitored target in Enterprise Manager and the monitoring credentials of this target needs to be updated so as to continue monitoring this target:
Start the Agent on OMS Host
cd <AGENT_HOME>/bin
emctl start agent
Execute the below command to update the new password in monitoring configuration of weblogic target:
cd <OMS_HOME>/bin
emcli login -username=sysman
emcli modify_target -name="/EMGC_GCDomain/GCDomain" -type="weblogic_domain" -credentials="UserName:weblogic_mntr;password:<new password set in the admin server console>;" -on_agent
Note:
- You need to provide the user name as weblogic_mntr and its corresponding password as set in the Admin server console.
- The Monitoring password should be updated only after starting the Agent.
Back to Top
*****************************************************************************************************************
Changing the Weblogic Password When Existing Password is known
1. Access the Admin server console with the URL https://<omsmachine.domain>:<port>/console
(Default admin server console port is 7101). For the exact URL, refer to the details in the <OMS_HOME>/install/setupinfo.txt file.
2. Login to Admin server console as user weblogic and provide its password.
3. Navigate to Security Realms->myrealm->Users and Groups->choose weblogic->Passwords
weblogic_pwd
Provide the new password and save it.
5. The password for nodemanager is needed in the the below step 11 when the new weblogic password is saved in the credential store. If the password for nodemanager account also needs to be changed, then set a new password using the steps in the section: Changing the Nodemanager Password, at the end of this document and then continue with the steps below.
6. Click on 'Activate Changes' in the left panel.
7. Stop the OMS:
cd <OMS_HOME>/bin
emctl stop oms -all
8. Stop the Agent on OMS Host
cd <AGENT_HOME>/bin
emctl stop agent
9. Edit the Admin Server's $DOMAIN_HOME/servers/EMGC_ADMINSERVER/security/boot.properties file and specify the new password entered in the Admin server console in clear text, for the password field:
password=<new_password_in_clear_text>
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
For example:
password=oracle123
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
10. Modify the Managed Server's $DOMAIN_HOME/servers/EMGC_OMS1/data/nodemanager/boot.properties and specify the new password entered in step 2 in clear text, for the password field:
TrustKeyStore=DemoTrust
password=<new_password_in_clear_text>
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
For example:
TrustKeyStore=DemoTrust
password=oracle123
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
In case of a multi-OMS setup, the above step need to be performed on each OMS server.
11. Execute the below command to save the new passwords to the EM Credential store:
cd <OMS_ORACLE_HOME>/bin
emctl secure create_admin_creds_wallet -admin_pwd <weblogic_pwd> -nodemgr_pwd <node_manager_pwd>
In case of multi-OMS setup the above step needs to be performed on each OMS server.
12. Start the OMS:
cd <OMS_HOME>/bin
emctl start oms
13. EMGC_GCDomain is a monitored target in Enterprise Manager and the monitoring credentials of this target needs to be updated so as to continue monitoring this target:
Start the Agent on OMS Host
cd <AGENT_HOME>/bin
emctl start agent
Execute the below command to update the new password in monitoring configuration of weblogic target:
cd <OMS_HOME>/bin
emcli login -username=sysman
emcli modify_target -name="/EMGC_GCDomain/GCDomain" -type="weblogic_domain" -credentials="UserName:weblogic_mntr;password:<new password set in the admin server console>;" -on_agent
Note:
- You need to provide the user name as weblogic_mntr and its corresponding password as set in the Admin server console.
- The Monitoring password should be updated only after starting the Agent.
Back to Top
*********************************************************************************
Changing the Nodemanager Password
The nodemanager password can be modified by logging into the Admin server console as the weblogic user. If the password for the weblogic user is unknown, then follow the steps in the section: Changing the Weblogic Password When Existing Password is Unknown
1. Access the Admin Server Console using the URL: https://<omsmachine.domain>:<port>/console
(Default admin server console port is 7101). For the exact URL, refer to the details in the <OMS_HOME>/install/setupinfo.txt file.
2. Login with the weblogic user and navigate to GCDomain->Security-> expand the Advanced section:
nm_password
Enter the new password in the 'NodeManager Password' and 'Confirm NodeManager Password' fields and click on 'save' button. Click on 'Activate Changes' in the left panel.
NM_PASSWORD_2
3. On the OMS machine, edit the nm_password.properties file under <EM_INSTANCE_BASE/user_projects/domains/GCDomain/config/nodemanager and modify:
hashed=y4x2gnOpFlH9x9HUatIOVlV7nnU\=
TO
password=<new_nodemanager_password>
username=nodemanager
Provide the new password for the nodemanager in cleartext.Ensure there is no 'space' character at the end of each line.
In case of multi-OMS setup the above step needs to be performed on each OMS server.
4.If you are only changing the nodemanager password and not weblogic password, then execute the below commands to save the new passwords to the EM Credential store.If weblogic password is also being changed, then skip this and continue with the rest of steps for changing the weblogic password :
cd <OMS_ORACLE_HOME>/bin
emctl secure create_admin_creds_wallet -admin_pwd <weblogic_pwd> -nodemgr_pwd <node_manager_pwd>
Restart OMS
<OMS_HOME>/bin>./emctl stop oms -all
<OMS_HOME>/bin>./emctl start oms
In case of multi-OMS setup the above step needs to be performed on each OMS server.
Please refer to this useful Oracle Support note that has detailed steps to do this.
These steps are detailed and long, please ensure you follow them carefully otherwise you may have issues in starting your OMS again.
12c Cloud Control: Steps for Modifying the Password for Weblogic and Nodemanager User Accounts in the Enterprise Manager Installation (Doc ID 1450798.1)
*****************************************************************************************************************
Changing the Weblogic Password When Existing Password is Unknown
1. Stop the OMS, Agent on the OMS machine and set the necessary environment variables:
Stop the OMS:
$ cd <OMS_HOME>/bin
$ emctl stop oms -all
Ensure the OMS has stopped completely and there is no java process running from OMS base location:
$ ps -ef | grep java
If any processes are listed, then kill them using: kill -9 <pid> command, after ensuring that the process is running from the OMS base installation.
Stop the Agent on the OMS machine:
$ cd <AGENT_HOME>/bin>
$ emctl stop agent
Set the necessary environment variables for the WLS domain:
$ export DOMAIN_HOME=<EM_INSTANCE_BASE>/user_projects/domains/GCDomain/bin
$ . ./setDomainEnv.sh
Note that you need to replace <EM_INSTANCE_BASE> with the full path to the gc_inst directory.
Note: In case of a multi-OMS setup, all the OMS and the corresponding monitoring agent must be stopped.
2. Rename the existing DefaultAuthenticatorInit.ldift file in the domain directory and create a new file:
$ cd $DOMAIN_HOME/security
$ mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift_old
$ java weblogic.security.utils.AdminAccount weblogic <new_password> .
Note:
- Replace <new_password> with the new password that you wish to set for the weblogic user.
- The character '.' is mandatory at the end of above command.
- In case of a multi-OMS setup, the above step need to be performed on each OMS server and ensure that the same password is provided for the weblogic user on all the OMS machines.
3. Rename the ldap directory for the AdminServer and Managed Server:
$ cd $DOMAIN_HOME/servers/EMGC_ADMINSERVER/data
$ mv ldap ldap_old
$ cd $DOMAIN_HOME/servers/EMGC_OMS1/data
$ mv ldap ldap_old
In case of a multi-OMS setup, the ldap directory needs to be renamed only for the managed server
4. Rename the .lok file in tmp directory of Admin Server and Managed Server, if it exists:
$ cd $DOMAIN_HOME/servers/EMGC_ADMINSERVER/tmp
$ mv EMGC_ADMINSERVER.lok EMGC_ADMINSERVER.lok_old
$ cd $DOMAIN_HOME/servers/EMGC_OMS1/tmp
$ mv EMGC_OMS1.lok EMGC_OMS1.lok_old
In case of a multi-OMS setup, the tmp/*.lok file needs to be renamed only for the managed server.
5. Edit the Admin Server's $DOMAIN_HOME/servers/EMGC_ADMINSERVER/security/boot.properties file and specify the new password entered in step 2 in clear text, for the password field:
password=<new_password_in_clear_text>
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
For example:
password=oracle123
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
6. Modify the Managed Server's $DOMAIN_HOME/servers/EMGC_OMS1/data/nodemanager/boot.properties and specify the new password entered in step 2 in clear text, for the password field:
TrustKeyStore=DemoTrust
password=<new_password_in_clear_text>
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
For example:
TrustKeyStore=DemoTrust
password=oracle123
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
In case of a multi-OMS setup, the above step need to be performed on each OMS server.
7. As part of the 12c OMS installation, two weblogic users named: OracleSystemUser and weblogic_mntr are created. When the weblogic password is modified manually, these users are removed and it is important that these users are re-created manually by following the below steps:
In a terminal session, start the Admin server:
$ $DOMAIN_HOME/startWebLogic.sh
Wait till the status of Admin server is reported as 'RUNNING'. This session should be kept open till the below steps are completed.
Access the Admin Server Console using the URL: https://<omsmachine.domain>:<port>/console
(Default admin server console port is 7101). For the exact URL, refer to the details in the <OMS_HOME>/install/setupinfo.txt file.
Login with the weblogic user and provide the new password that was entered in Step 2.
In the Admin Server Console, navigate to Security Realms -> myrealm -> Users and Groups -> Groups.
Click on the 'New' button and enter the below details:
Name: OracleSystemGroup
Description: Oracle application software system group
Provider: <leave the default value: DefaultAuthenticator>
Click OK
Navigate to Security Realms -> myrealm -> Users and Groups -> Users. Click on the 'New' button and enter:
User: OracleSystemUser
Description: Oracle application software system user
Password: <provide same password as weblogic user>
Click OK.
Click on the username 'OracleSystemUser' and then click on 'Groups'. Select the previously created 'OracleSystemGroup' and click 'Save'.
In the Security Realms -> myrealm -> Users and Groups -> Users, click on the 'New' button again and enter:
User: weblogic_mntr
Description: Oracle application weblogic mntr user
Password: <provide same password as weblogic user>
Click OK.
Click on the username 'weblogic_mntr' and then click on 'Groups'. Select 'Administrators' and click 'Save'.
If the Admin Server Username specified during OEM installation is other than 'weblogic' (AS_USERNAME in emgc.properties) , then need to create a user with that username also and assign 'Administrator' group to it.
The password for nodemanager is needed in the the next step 9 when the new weblogic password is saved in the credential store. If the password for nodemanager account is also not known, then set a new password using the steps in the section: Changing the Nodemanager Password, at the end of this document and then continue with the steps below.
Navigate to GCDomain -> Security -> Embedded LDAP page, choose the 'Lock and Edit' option and select the flag 'Refresh Replica At Startup'.
Click 'Save' and then click on 'Activate Changes'.
Note: This step is needed to ensure that the LDAP data for the managed servers gets properly synchronized on startup.
Stop the Admin server by executing 'Ctrl+c' in the terminal session from which the Admin server was started at the beginning of this step.
9. Run the below command to save the new password to the EM Credential store:
cd <OMS_ORACLE_HOME>/bin
emctl secure create_admin_creds_wallet -admin_pwd <weblogic_pwd> -nodemgr_pwd <node_manager_pwd>
In case of multi-OMS setup the above step needs to be performed on each OMS server.
10. Start the OMS:
cd <OMS_HOME>/bin
emctl start oms
11. Login to Admin server console with username weblogic and the new password. Navigate to GCDomain -> Security -> Embedded LDAP page. Toggle the 'Lock and Edit option and unset the flag 'Refresh Replica At Startup'.
Click 'Save' and then click on 'Activate Changes'.
Note: The flag was used only for synchronizing the LDAP data in the managed servers at the time of startup after the password change but once this is accomplished, the option needs to be turned off as it imposes a cost on the startup operation.
12. Restart the OMS
cd <OMS_ORACLE_HOME>/bin
emctl stop oms -all
emctl start oms
13. EMGC_GCDomain is a monitored target in Enterprise Manager and the monitoring credentials of this target needs to be updated so as to continue monitoring this target:
Start the Agent on OMS Host
cd <AGENT_HOME>/bin
emctl start agent
Execute the below command to update the new password in monitoring configuration of weblogic target:
cd <OMS_HOME>/bin
emcli login -username=sysman
emcli modify_target -name="/EMGC_GCDomain/GCDomain" -type="weblogic_domain" -credentials="UserName:weblogic_mntr;password:<new password set in the admin server console>;" -on_agent
Note:
- You need to provide the user name as weblogic_mntr and its corresponding password as set in the Admin server console.
- The Monitoring password should be updated only after starting the Agent.
Back to Top
*****************************************************************************************************************
Changing the Weblogic Password When Existing Password is known
1. Access the Admin server console with the URL https://<omsmachine.domain>:<port>/console
(Default admin server console port is 7101). For the exact URL, refer to the details in the <OMS_HOME>/install/setupinfo.txt file.
2. Login to Admin server console as user weblogic and provide its password.
3. Navigate to Security Realms->myrealm->Users and Groups->choose weblogic->Passwords
weblogic_pwd
Provide the new password and save it.
5. The password for nodemanager is needed in the the below step 11 when the new weblogic password is saved in the credential store. If the password for nodemanager account also needs to be changed, then set a new password using the steps in the section: Changing the Nodemanager Password, at the end of this document and then continue with the steps below.
6. Click on 'Activate Changes' in the left panel.
7. Stop the OMS:
cd <OMS_HOME>/bin
emctl stop oms -all
8. Stop the Agent on OMS Host
cd <AGENT_HOME>/bin
emctl stop agent
9. Edit the Admin Server's $DOMAIN_HOME/servers/EMGC_ADMINSERVER/security/boot.properties file and specify the new password entered in the Admin server console in clear text, for the password field:
password=<new_password_in_clear_text>
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
For example:
password=oracle123
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
10. Modify the Managed Server's $DOMAIN_HOME/servers/EMGC_OMS1/data/nodemanager/boot.properties and specify the new password entered in step 2 in clear text, for the password field:
TrustKeyStore=DemoTrust
password=<new_password_in_clear_text>
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
For example:
TrustKeyStore=DemoTrust
password=oracle123
username={AES}g6mxfhlx/JtaVKgqx9/pYb8bWaxitVXzbLMzwo9tOIs\=
In case of a multi-OMS setup, the above step need to be performed on each OMS server.
11. Execute the below command to save the new passwords to the EM Credential store:
cd <OMS_ORACLE_HOME>/bin
emctl secure create_admin_creds_wallet -admin_pwd <weblogic_pwd> -nodemgr_pwd <node_manager_pwd>
In case of multi-OMS setup the above step needs to be performed on each OMS server.
12. Start the OMS:
cd <OMS_HOME>/bin
emctl start oms
13. EMGC_GCDomain is a monitored target in Enterprise Manager and the monitoring credentials of this target needs to be updated so as to continue monitoring this target:
Start the Agent on OMS Host
cd <AGENT_HOME>/bin
emctl start agent
Execute the below command to update the new password in monitoring configuration of weblogic target:
cd <OMS_HOME>/bin
emcli login -username=sysman
emcli modify_target -name="/EMGC_GCDomain/GCDomain" -type="weblogic_domain" -credentials="UserName:weblogic_mntr;password:<new password set in the admin server console>;" -on_agent
Note:
- You need to provide the user name as weblogic_mntr and its corresponding password as set in the Admin server console.
- The Monitoring password should be updated only after starting the Agent.
Back to Top
*********************************************************************************
Changing the Nodemanager Password
The nodemanager password can be modified by logging into the Admin server console as the weblogic user. If the password for the weblogic user is unknown, then follow the steps in the section: Changing the Weblogic Password When Existing Password is Unknown
1. Access the Admin Server Console using the URL: https://<omsmachine.domain>:<port>/console
(Default admin server console port is 7101). For the exact URL, refer to the details in the <OMS_HOME>/install/setupinfo.txt file.
2. Login with the weblogic user and navigate to GCDomain->Security-> expand the Advanced section:
nm_password
Enter the new password in the 'NodeManager Password' and 'Confirm NodeManager Password' fields and click on 'save' button. Click on 'Activate Changes' in the left panel.
NM_PASSWORD_2
3. On the OMS machine, edit the nm_password.properties file under <EM_INSTANCE_BASE/user_projects/domains/GCDomain/config/nodemanager and modify:
hashed=y4x2gnOpFlH9x9HUatIOVlV7nnU\=
TO
password=<new_nodemanager_password>
username=nodemanager
Provide the new password for the nodemanager in cleartext.Ensure there is no 'space' character at the end of each line.
In case of multi-OMS setup the above step needs to be performed on each OMS server.
4.If you are only changing the nodemanager password and not weblogic password, then execute the below commands to save the new passwords to the EM Credential store.If weblogic password is also being changed, then skip this and continue with the rest of steps for changing the weblogic password :
cd <OMS_ORACLE_HOME>/bin
emctl secure create_admin_creds_wallet -admin_pwd <weblogic_pwd> -nodemgr_pwd <node_manager_pwd>
Restart OMS
<OMS_HOME>/bin>./emctl stop oms -all
<OMS_HOME>/bin>./emctl start oms
In case of multi-OMS setup the above step needs to be performed on each OMS server.
Monday, October 13, 2014
Enterprise Manager 12c No Special Characters for SYSMAN account
While doing an upgrade of Oracle Enterprise Manager 12c from 12.1.0.1 to 12.1.0.4 I encountered an error which caused the upgrade to fail. Please keep in mind you cannot do a direct path upgrade from EM 12.1.0.1 to 12.1.0.4 you will first need to apply Bundle Patch (BP1) to the 12.1.0.1 binaries and then you can upgrade from 12.1.0.1 BP1 --> 12.1.0.2 or 12.1.0.3 and then finally you can upgrade to 12.1.0.4.
From the upgrade logs the error stack is below.
INFO: oracle.sysman.top.oms:MDS Schema Creation status: FAILURE
SEVERE: oracle.sysman.top.oms:MDS Schema Creation is failed
INFO: oracle.sysman.top.oms:_______________________________________________________________________
INFO: oracle.sysman.top.oms:Starting opss Schema Creation.
INFO: oracle.sysman.top.oms:Failed to create OPSS schema
INFO: oracle.sysman.top.oms:_______________________________________________________________________
INFO: oracle.sysman.top.oms:Starting APM Schema Creation.
INFO: oracle.sysman.top.oms:APM Component is already created
INFO: oracle.sysman.top.oms:The plug-in MDS Schema Configuration has failed its perform method
Cannot change password for sysman_mds java.sql.SQLSyntaxErrorException: ORA-00922: missing or invalid option
ERROR:MDS java.sql.SQLSyntaxErrorException: ORA-00922: missing or invalid option
java.sql.SQLSyntaxErrorException: ORA-00922: missing or invalid option
The Upgrade basically failed due to special character(s) in the SYSMAN password. Please make sure you do not have any special characters in the SYSMAN password such as *,#,!, etc Just use a good combination of alpha and number characters.
Since the upgrade failed I had to fallback and do the following to restart the upgrade all over again for this issue.
1.) Restore the database, inventory and OMS Middleware Home from backup.
2.) Startup database and listener
3.) Start the OMS
4.) Change the SYSMAN password that doesn't use special character(s), procedure below.
<OMS_HOME>/bin/emctl config oms -change_repos_pwd
Please note changing the SYSMAN password will change it on both the OMS and on the repository database.
From the upgrade logs the error stack is below.
INFO: oracle.sysman.top.oms:MDS Schema Creation status: FAILURE
SEVERE: oracle.sysman.top.oms:MDS Schema Creation is failed
INFO: oracle.sysman.top.oms:_______________________________________________________________________
INFO: oracle.sysman.top.oms:Starting opss Schema Creation.
INFO: oracle.sysman.top.oms:Failed to create OPSS schema
INFO: oracle.sysman.top.oms:_______________________________________________________________________
INFO: oracle.sysman.top.oms:Starting APM Schema Creation.
INFO: oracle.sysman.top.oms:APM Component is already created
INFO: oracle.sysman.top.oms:The plug-in MDS Schema Configuration has failed its perform method
Cannot change password for sysman_mds java.sql.SQLSyntaxErrorException: ORA-00922: missing or invalid option
ERROR:MDS java.sql.SQLSyntaxErrorException: ORA-00922: missing or invalid option
java.sql.SQLSyntaxErrorException: ORA-00922: missing or invalid option
The Upgrade basically failed due to special character(s) in the SYSMAN password. Please make sure you do not have any special characters in the SYSMAN password such as *,#,!, etc Just use a good combination of alpha and number characters.
Since the upgrade failed I had to fallback and do the following to restart the upgrade all over again for this issue.
1.) Restore the database, inventory and OMS Middleware Home from backup.
2.) Startup database and listener
3.) Start the OMS
4.) Change the SYSMAN password that doesn't use special character(s), procedure below.
<OMS_HOME>/bin/emctl config oms -change_repos_pwd
Please note changing the SYSMAN password will change it on both the OMS and on the repository database.
Enterprise Manager 12c Patching changes
Starting with Enterprise Manager 12.1.0.4.3 (PS3) all OMS bundle patches and plugins will be released as a single OMS-side "System" patch. The patch will be installed using the OPatchauto installation method. The EM 12.1.0.4.0 Agent and Agent-side Plug-in Bundle patches will continue to use Opatch.
More details at MOS: Enterprise Manager 12.1.0.4.0 (PS3) Master Bundle Patch List for Agent and Plug-ins (OMS and Agent side) (Doc ID 1900943.1)
More details at MOS: Enterprise Manager 12.1.0.4.0 (PS3) Master Bundle Patch List for Agent and Plug-ins (OMS and Agent side) (Doc ID 1900943.1)
Wednesday, April 16, 2014
Steps to Rename an Oracle Enterprise Manager Repository Database
Steps to rename an OEM repository Database.
This is
something you may not have to do very often. I will show you how to rename your
Oracle Enterprise Manager 12c repository database.
Take a
full RMAN backup with archivelogs.
Shutdown
OEM
$ . oraenv
ORACLE_SID = [oem] ?
oem
The Oracle base for
ORACLE_HOME=/opt/apps/MW/oms is /home/oracle
[oracle@dnvappoem06
~]$ emctl stop oms
Oracle Enterprise
Manager Cloud Control 12c Release 3
Copyright (c) 1996,
2013 Oracle Corporation. All rights
reserved.
Stopping WebTier...
WebTier Successfully
Stopped
Stopping Oracle
Management Server...
Change
the cluster database parameter to false
SQL> alter system set cluster_database=false scope=spfile
sid='*';
System altered.
Backup
the spfile
SQL>
create pfile='/tmp/initent_oem.ora' from spfile;
File
created.
Update
the init file /tmp/initent_oem.ora
with new parameters for the new sid and db name
Stop the
database
/home/oracle>srvctl stop
database -d oemsblp
In ASM make the new directories
mkdir
+DATA/ent_oem/tempfile
mkdir
+DATA/ent_oem/datafile
Startup mount only on one of the instances
Invoke the utility on the command line, specifying a valid user
with the SYSDBA privilege. You must specify both the DBNAME and SETNAME
parameters. The SETNAME parameter tells the DBNEWID utility to only alter
the database name.
% /home/oracle>nid TARGET=/ DBNAME=ent_oem SETNAME=YES
DBNEWID:
Release 11.2.0.3.0 - Production on Thu Feb 13 20:44:01 2014
Copyright
(c) 1982, 2011, Oracle and/or its affiliates.
All rights reserved.
Connected
to database OEMSBLP (DBID=1189579321)
Connected
to server version 11.2.0
Control
Files in database:
+RECO/oemsblp/controlfile/current.261.832085049
Change
database name of database OEMSBLP to ENT_OEM? (Y/[N]) => Y
Proceeding
with operation
Changing
database name from OEMSBLP to ENT_OEM
Control File
+RECO/oemsblp/controlfile/current.261.832085049 - modified
Datafile
+DATA/oemsblp/datafile/system.293.83208499 - wrote new name
Datafile
+DATA/oemsblp/datafile/sysaux.275.83208499 - wrote new name
Datafile
+DATA/oemsblp/datafile/undotbs1.276.83208499 - wrote new name
Datafile +DATA/oemsblp/datafile/users.290.83208499
- wrote new name
Datafile
+DATA/oemsblp/datafile/undotbs2.292.83208513 - wrote new name
Datafile
+DATA/oemsblp/datafile/mgmt_ecm_depot_ts.287.83232853 - wrote new name
Datafile +DATA/oemsblp/datafile/mgmt_tablespace.270.83232853
- wrote new name
Datafile
+DATA/oemsblp/datafile/mgmt_ad4j_ts.264.83232853 - wrote new name
Datafile
+DATA/oemsblp/tempfile/temp.291.83208507 - wrote new name
Control File
+RECO/oemsblp/controlfile/current.261.832085049 - wrote new name
Instance shut down
Database
name changed to ENT_OEM.
Modify
parameter file and generate a new password file before restarting.
Succesfully
changed database name.
DBNEWID -
Completed succesfully.
/home/oracle>
Create a new init file
pointer in the $ORACLE_HOME/dbs on each node
NODE1:
/opt/oracle/product/11203/db_1/dbs>cat
initent_oem1.ora
SPFILE='+DATA/ent_oem/spfileent_oem.ora'
NODE2:
/opt/oracle/product/11203/db_1/dbs>cat
initent_oem2.ora
SPFILE='+DATA/ent_oem/spfileent_oem.ora'
Create a
new password file on each node from the $ORACLE_HOME/dbs directory.
NODE1:
cp orapwoemsblp1
orapwent_oem1
NODE2:
cp orapwoemsblp1
orapwent_oem2
create
spfile='+DATA/ent_oem/spfileent_oem.ora' from pfile='/tmp/initent_oem.ora' ;
Set the new
ORACLE_SID
Verify the
parameters are updated correctly to the new name, note the instance_name and
db_name and other parameters.
SQL>
show parameter name
NAME TYPE VALUE
------------------------------------
----------- ------------------------------
db_file_name_convert string
db_name string ent_oem
db_unique_name string ent_oem
global_names boolean FALSE
instance_name string ent_oem1
lock_name_space string
log_file_name_convert string
processor_group_name string
service_names string ent_oem
SQL>
show parameter pfile
NAME TYPE VALUE
------------------------------------
----------- ------------------------------
spfile string +DATA/ent_oem/spfileent_oem.ora
Change the
cluster_database parameter back to true
SQL> alter system set cluster_database=true scope=spfile
sid='*';
DBNEWID
utility makes the changes in the controlfile and datafile headers. This utility
is not RAC aware. So it will not update the OCR when the database is renamed.
Hence, the user needs to invoke SRVCTL to remove and again add the database
information to OCR:
Before the
Rename
srvctl stop database -d
srvctl
remove instance -d oemsblp -i oemsblp1
srvctl
remove instance -d oemsblp -i oemsblp2
(repeat above command
for each instance as needed)
srvctl remove database -d oemsblp
And after the Rename
srvctl add database -d ent_oem -o /opt/oracle/product/11203/db_1
/opt/oracle/product/11203/db_1/dbs>srvctl
add instance -d ent_oem -i ent_oem1 -n dnvdboem01
/opt/oracle/product/11203/db_1/dbs>srvctl
add instance -d ent_oem -i ent_oem2 -n dnvdboem02
(repeat above
command for each instance as needed)
Start the
database
srvctl start database –d ent_oem
Save a backup
copy of the controlfile of the database.
alter
database backup controlfile to trace as '/tmp/ent_oem.trc';
Change
the cluster_mode back to false
alter
system set cluster_database=false scope=spfile sid='*';
Shutdown the
database and restart in mount mode.
Copy and
rename the datafiles to the new directory location via RMAN while connected to
the $ORACLE_SID
copy
datafile '+DATA/oemsblp/datafile/system.293.832084993' to '+data';
copy
datafile '+DATA/oemsblp/datafile/sysaux.275.832084993' to '+data';
copy
datafile '+DATA/oemsblp/datafile/undotbs1.276.832084993' to '+data';
copy
datafile '+DATA/oemsblp/datafile/users.290.832084993' to '+data';
copy
datafile '+DATA/oemsblp/datafile/undotbs2.292.832085133' to '+data';
copy
datafile '+DATA/oemsblp/datafile/mgmt_ecm_depot_ts.287.832328533' to '+data';
copy
datafile '+DATA/oemsblp/datafile/mgmt_tablespace.270.832328533' to '+data';
copy
datafile '+DATA/oemsblp/datafile/mgmt_ad4j_ts.264.832328533' to '+data';
ALTER
TABLESPACE TEMP ADD TEMPFILE '+DATA' size 1000M;
Run the
following controlfile script with the new directory locations
STARTUP
NOMOUNT
CREATE
CONTROLFILE reuse DATABASE "ENT_OEM" NORESETLOGS ARCHIVELOG
MAXLOGFILES 192
MAXLOGMEMBERS 3
MAXDATAFILES 1024
MAXINSTANCES 32
MAXLOGHISTORY 584
LOGFILE
GROUP 1
'+RECO/ent_oem/onlinelog/group_1.262.832085053'
SIZE 500M BLOCKSIZE 512,
GROUP 2
'+RECO/ent_oem/onlinelog/group_2.263.832085057'
SIZE 500M BLOCKSIZE 512,
GROUP 3
'+RECO/ent_oem/onlinelog/group_3.265.832085239'
SIZE 500M BLOCKSIZE 512,
GROUP 4
'+RECO/ent_oem/onlinelog/group_4.266.832085247'
SIZE 500M BLOCKSIZE 512,
GROUP 5
'+RECO/ent_oem/onlinelog/group_5.264.832085061'
SIZE 500M BLOCKSIZE 512,
GROUP 6
'+RECO/ent_oem/onlinelog/group_6.267.832085253'
SIZE 500M BLOCKSIZE 512
--
STANDBY LOGFILE
DATAFILE
'+DATA/ent_oem/datafile/system.293.832084993',
'+DATA/ent_oem/datafile/sysaux.275.832084993',
'+DATA/ent_oem/datafile/undotbs1.276.832084993',
'+DATA/ent_oem/datafile/users.290.832084993',
'+DATA/ent_oem/datafile/undotbs2.292.832085133',
'+DATA/ent_oem/datafile/mgmt_ecm_depot_ts.287.832328533',
'+DATA/ent_oem/datafile/mgmt_tablespace.270.832328533',
'+DATA/ent_oem/datafile/mgmt_ad4j_ts.264.832328533'
CHARACTER
SET AL32UTF8
;
ALTER
TABLESPACE TEMP ADD TEMPFILE '+DATA' size 1000M;
On the OMS
server run the following command to change the OMS repository database name
[oracle@dnvappoem06 ~]$ emctl config oms -store_repos_details
-repos_conndesc '(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)
(HOST=doem1dbrac-scan)(PORT=1521)))(LOAD_BALANCE=ON)
> (CONNECT_DATA=(SERVICE_NAME=ent_oem)))' -repos_user sysman
Oracle
Enterprise Manager Cloud Control 12c Release 3
Copyright
(c) 1996, 2013 Oracle Corporation. All
rights reserved.
Enter
Repository User's Password :
Successfully
updated datasources and stored repository details in Credential Store.
If there
are multiple OMSs in this environment, run this store_repos_details command on
all of them.
And
finally, restart all the OMSs using 'emctl stop oms -all' and 'emctl start
oms'.
[oracle@dnvappoem06
log]$ emctl config oms -list_repos_details
Oracle
Enterprise Manager Cloud Control 12c Release 3
Copyright
(c) 1996, 2013 Oracle Corporation. All
rights reserved.
Repository
Connect Descriptor : (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=doem1dbrac-scan)(PORT=1521)))(LOAD_BALANCE=ON)
(CONNECT_DATA=(SERVICE_NAME=ent_oem)))
Repository
User : sysman
[oracle@dnvappoem06
~]$
[oracle@dnvappoem06
~]$ emctl stop oms -all
Oracle
Enterprise Manager Cloud Control 12c Release 3
Copyright
(c) 1996, 2013 Oracle Corporation. All
rights reserved.
Stopping
WebTier...
WebTier
Successfully Stopped
Stopping
Oracle Management Server...
Oracle
Management Server Successfully Stopped
AdminServer
Successfully Stopped
Oracle
Management Server is Down
[oracle@dnvappoem06
~]$ emctl start oms
Oracle
Enterprise Manager Cloud Control 12c Release 3
Copyright
(c) 1996, 2013 Oracle Corporation. All
rights reserved.
Starting
Oracle Management Server...
Starting
WebTier...
WebTier
Successfully Started
Oracle
Management Server Successfully Started
Oracle
Management Server is Up
[oracle@dnvappoem06
~]$ emctl status oms
Oracle
Enterprise Manager Cloud Control 12c Release 3
Copyright
(c) 1996, 2013 Oracle Corporation. All
rights reserved.
WebTier
is Up
Oracle Management Server is
Up
Subscribe to:
Posts (Atom)