Oracle WebLogic Login Issue : Password is not correct (Password Lock Policy)

This post is very basic troubleshooting in WebLogic Server and your starting point should be Log files . For more information on logs in WebLogic Server (Admin & Managed Server Logs) here  

Issue : On login to WebLogic Console with correct credentials, you get message “username/password is not correct please try again”

Reason : User Account is locked and message on screen is misleading.

Recently my Development team contacted me with error that they can’t login to WebLogic Admin Server (/console) even with correct username/password. I tested this and faced similar issue (Your username and password are not correct please try again) .

On checking Admin Server Logs at $MW_HOME/ user_projects/ domains/ [domain_name]/ servers/ [AdminServer]/ logs/[AdminServer].log  I found below entry

_______________________

 ####<12-Sep-2009 09:17:52 o’clock GMT> <Notice> <Security> <focusthread.com> <AdminServer> <[ACTIVE] ExecuteThread: ’17’ for queue: ‘weblogic.kernel.Default (self-tuning)’> <<anonymous>> <> <> <1260962272097> <BEA-090078> <User weblogic in security realm myrealm has had 5 invalid login attempts, locking account for 30 minutes.>

####<12-Sep-2009 09:47:52 o’clock GMT> <Info> <Security> <focusthread.com> <AdminServer> <[ACTIVE] ExecuteThread: ’16’ for queue: ‘weblogic.kernel.Default (self-tuning)’> <<anonymous>> <> <> <1260966764623> <BEA-090067> <User lockout expired, unlocking user weblogic in security realm myrealm.>

______________________
Account Lockout is default behaviour in WebLogic Server which locks user account for 30 minutes after 5 failed attempts (This is default policy defined in default realm “myrealm” check image below).

.
You have following options :
1)
Disable lockout policy
2) Increase Lockout Threshold
3) Decrease Lockout Duration
4)User external LDAP server (iPlanet, OID, AD) to authenticate user and use password policy defined in LDAP Server
For quick fix you can disable Lockout feature in your Security Realm (avoid this in production server)

Security Realms -> Select your realm (myrealm in my case) -> User Lockout -> uncheck Lockout Enabled

.

.

.

More on performance troubleshooting in WebLogic Server coming soon !!!

Did you get a chance to download Free Interview Questions related to WebLogic? If not, download it here http://k21academy.com/weblogic-interview-question

weblogic banner

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

8 comments
kalyan says December 6, 2010

Hi,

We first developed the reports in OBIEE11g enterprice edition everything went smooth and then we planned to configure OID for SSO purpose. After configuring, we tried to log in the OBIEE 11g and it is giving below error:
error as : invalid username/password … when we try to open OBIEE 11g for developing the reports.

Even, we rolled back the OID configuration settings still unable to login with default passwords.

What might be the issue….can anyone suggest, how to retrive the the things?

Thanks & Regards,
Kalyan

Reply
Atul Kumar says December 7, 2010

@ Kalyan,
Which document you used to configure OID for SSO Purpose in OBIEE ?

Did you restart services (OBIEE/WebLogic) after removing OID configuration ?

Reply
archana says April 13, 2011

How to do this if we cannot even login to console ?

any fix in config.xml

Reply
Atul Kumar says April 13, 2011

@ archana,
Account will be locked for 30 minutes so either wait for 30 minutes and then try again (and then change value of account lock)

or update clearLockout attribute on the UserLockoutManagerRuntimeMBean.

______

Unlocking a locked user account can be done through either the WebLogic Administration Console or the clearLockout attribute on the UserLockoutManagerRuntimeMBean.
______

Check link http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/domain.htm#SECMG414

Reply
archana says April 13, 2011

Thanks Atul,
The issue is it is locked for weblogic administrator itself and 30 min.

Wait period itself is not working some how in the env.

In there a way to correct it from file system.

Reply
masthan says February 3, 2013

Hi iam using obiee11g integrated with weblogic
when iam try to login analytics it will give eeror
like in valid username/password

Reply
    Atul Kumar says February 5, 2013

    @ masthan,
    What do you mean by OBIEE 11g integrated with WebLogic ? Weblogic is by default required for OBIEE. Is this user available in weblogic’s identity store ?

    IS password used for this user correct ?

    Reply
Yatan Singh says March 6, 2017

What is d logic in your ans , if your weblogic passwoord is locked or expired than how can u login on EM ??

Reply
Add Your Reply

Not found