Wednesday, December 13, 2006

Reset OC4J Admin Password

Seems like a rash of questions recently about how to reset Oracle Application Server/OC4J's administrator password and for whatever reason Google doesn't index our doc (as per the feedback below, due to our robot.txt disallowing this - I don't know why this is the policy) and as a result isn't finding the entry in our doc on how to do this here:

Reproduced in its entirety below [1] and hopefully this will help Google point people to the right information.

One of the "tricks" you have to be aware of when doing this is that if you are using Application Server Control to manage a cluster of OC4J's, there is a default assumption that all the OC4J's use the same administrator password (you can override) - if you are doing this, step 5 of the instructions, which talks about removing the ASControl cached security file (passwords encrypted!) to re-enable cluster management, is important to heed when you do this.


Reset the oc4jadmin password using the following procedure while you are logged in as the user who installed the Oracle Application Server instance:

  1. Stop OC4J and the Application Server Control.

    Enter the following command in the Oracle home of the application server instance:

    (UNIX) ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=OC4J
    (Windows) ORACLE_HOME\opmn\bin\opmnctl stopproc ias-component=OC4J

  2. Locate and open the following file in a text editor:


  3. Locate the line that defines the credentials property for the oc4jadmin user.

    The following example shows the section of system-jazn-data.xml with the encrypted credentials entry in boldface type:


    OC4J Administrator
    OC4J Administrator

  4. Replace the existing encrypted password with the new password.

    Be sure to prefix the password with an exclamation point (!). For example:


    The password for the oc4jadmin user should conform to following guidelines:

    • Must contain at least five characters, but not more than 30 characters.

    • Must begin with an alphabetic character. It cannot begin with a number, the underscore (_), the dollar sign ($), or the number sign (#).

    • At least one of the characters must be a number.

    • Can contain only the following characters; numbers, letters, and the following special characters: US dollar sign ($), number sign (#), or underscore (_).

    • Cannot contain any Oracle reserved words, such as VARCHAR.

    See Also:

    "The oc4jadmin User and Restrictions on its Password" in the Oracle Application Server Installation Guide

  5. Delete cached password data by deleting the contents of the following directory:

    ORACLE_HOME/j2ee/oc4jinstance /persistence/ascontrol/ascontrol/securestore/

  6. Start OC4J and the Application Server Control.

    After the restart, the Application Server Control will use your new Administrator (oc4jadmin) password, which will be stored in encrypted format within the system-jazn-data.xml file.


Anonymous said...

> for whatever reason Google doesn't index our doc (painful)

You make it sound like it is Googles fault. You do realize that that Google and other search engines are explicitly disallowed from touching any of the Oracle documentation by the robots.txt file, that Oracle have chosen to put on the server? Painful, yes, but such is life as an Oracle user.

Mike said...

Point taken - I did not know that but now do. I have updated the blog to change the comment.

Anonymous said...

I followed ur steps but I still can't get connection thru JDeveloper

I am getting "Connection refused: connect" error

when I try to stop OC4J
I am getting the below error
Error: Could not connect to the remote server. Please check if the server is dow
n or the client is using invalid host, ORMI port or password to connect: Connect
ion refused: connect

port number is correct, I checked in default-web-site.xml under config dir


can you please help me
THank you

Mike said...

It depends what version of JDev/OC4JJ you are using - in 10.1.2.x of JDev/OC4J, you normally used the RMI port - by default 23791 - to connect.

In 10.1.3, if you are running in stand-alone that approach continues to work, but if you are running an OPMN managed mode, you have to use the OPMN request port (typically 6003) to connect from JDeveloper.

Remember the connect from JDeveloper is RMI whereas coming in from the Web, you are right that OC4J by default tends to listen on HTTP port 8888.