Gokhan Atil's Technology Blog

How To Recover The Weblogic Administrator Password Of The Enterprise Manager?

As you know, Weblogic is a part of the Enterprise Manager Cloud Control environment, and it’s automatically installed and configured by the EM installer. The Enterprise Manager asks you to enter a username and password for Weblogic administration. This information is stored in secure files; you usually do not need them unless you use the Weblogic console. So it’s easy to forget this username and password, and that’s what happened to me. Fortunately, there’s a way to recover them without resetting a new user/password. Here are the steps:

First, we need to know the DOMAIN_HOME directory. My OMS is located in “/u02/Middleware/oms”. You can find yours if you read “/etc/oragchomelist”. If the full path of OMS is “/u02/Middleware/oms”, the middleware home is “/u02/Middleware/”. Under my middleware home, I need to go GCDomains folder:

oracle@db-cloud /$ cd /u02/Middleware
oracle@db-cloud Middleware$ cd gc_inst/user_projects/domains/GCDomain

Then we get the encrypted information from boot.properties file:

oracle@db-cloud GCDomain$ cat servers/EMGC_ADMINSERVER/security/boot.properties

# Generated by Configuration Wizard on Wed Jun 04 10:22:47 EEST 2014

The encrypted information starts with {AES} and ends with an equal (=) sign. To decrypt the username and password, we will create a simple Java application:

public class recoverpassword {
 public static void main(String[] args)
  new weblogic.security.internal.encryption.ClearOrEncryptedService(

Save it as “recoverpassword.java”. To compile (and run) it, we need to set environment variables (we’re still in the GCDomain folder). We’ll give the encrypted part as the last parameter:

oracle@db-cloud GCDomain$ . bin/setDomainEnv.sh
oracle@db-cloud GCDomain$ javac recoverpassword.java
oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpassword $DOMAIN_HOME {AES}nPuZvKIMjH4Ot2ZiiaSVT/RKbyBA6QITJE6ox56dHvk=
oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpassword $DOMAIN_HOME {AES}krCf4h1du93tJOQcUg0QSoKamuNYYuGcAao1tFvHxzc=

Correct CLASSPATH and DOMAIN_NAME are set when we issued the “setDomainEnv.sh” command. When we run the last two commands, we should see the WebLogic administrator username and password in plain text. By the way, WebLogic uses the cipher key stored in “security/SerializedSystemIni.dat” file when encrypting and decrypting. So even if you use the same password as me, you can see a different encrypted text.