content top

How to Recover Weblogic Administration Password of Enterprise Manager

As you may know, Weblogic is a part of Enterprise Manager Cloud Control environment, and it’s automatically installed and configured by the EM installer. The Enterprise Manager asks you to enter a username and password for Weblogic administration. This information is stored in secure files, and you usually do not need them unless you need to use Weblogic console. So it’s easy to forgot these username and password, and that’s what happened to me. Fortunately there’s a way to recover them without even resetting new user/password. Here are the steps:

First we need to know DOMAIN_HOME directory. My OMS is located in “/u02/Middleware/oms”. You can find yours if you read “/etc/oragchomelist”. If the full path of OMS is “/u02/Middleware/oms”, my middleware home is “/u02/Middleware/”. Under my middleware home, I need to go GCDomains folder:

First let’s get the encrypted information from file:

Read More

EM12c: How to Retrieve Passwords from the Named Credentials

In my previous post, I have showed how to list all named credentials in Enterprise Manager Cloud Control. As you see, it was not possible using regular user interface, so we connected to the repository database to get the information. Now let’s keep digging and see if we can retrieve “encrypted information” saved in named credentials.

The username, password and role information of named credentials are stored in em_nc_cred_columns table. When we examine it, we can see that there’s one-to-many relation with em_nc_creds using target_guid column, and the sensitive information are stored in cred_attr_value column. That column is encrypted using em_crypto package. The encryption algrotim uses a secret key which is stored in “Admin Credentials Wallet” and a salt (random data for additional security). The wallet file is located in $MIDDLEWARE_HOME/gc_inst/em/EMGC_OMS1/sysman/config/adminCredsWallet/cwallet.sso) and the salt data can be found in cred_salt column of the em_nc_cred_columns table. Here’s what it looks like:


To decrypt the information, we need to call the decrypt in em_crypto package, but if we call it without opening the wallet, we get the following error:

Read More

EM12c: How to View All of the Credentials Exist for All Users

In another question on OTN forum, someone says that there are multiple (EM12c) users and they can create their own credentials. They ask how to view all of the credentials that exist for all users. A valid answer is already given: An EM administrator, including sysman, cannot view the named credentials owned by other administrators unless an explicit grant is provided.


Read More

EM12c: Using Metric Extensions to Generate Composite Alerts

There was a question on OTN forums about how to generate alerts based on two different metrics. The user wants to get alert only if the warning threshold is over 80% “AND” there is less then 20Gb of free space of a tablespace. So he doesn’t want to get alert if the tablespace is over %80 full but still has 100GB free space. Of course, he can set different thresholds for each tablespace: He can set percentage threshold for small tablespaces and set free space threshold for bigger ones. I do not know how many databases he monitors but if he’s managing lots of DBs, this could be a time consuming task.

So how can we solve it? EM12c doesn’t let you generate an alert based on two different metrics. For these situations, you can create metric extensions. All you need is to query mgmt$alert_current and see if two alerts occurred for same target. Examine the following SQL:

Read More

Enterprise Management Agent Host Credentials for PAM and LDAP

We use LDAP users to install oracle software. In my humble opinion, it’s not a good approach because if the server can not communicate with LDAP service, Oracle gets errors when spawning new processes. We have already started to switch our oracle users from LDAP authentication to local users, but this is not the subject of this blog post. Using LDAP for authentication, also affects Enterprise Manager agents. When I try to create a named credential, EM agent can not verify the user/password, although I used the same user/password information to deploy the agents :)


Here’s the log generated by the agent:

Read More
Page 1 of 3212345...Last »
content top