Recently changed the password for our weblogic server by following these guides 1 and 2. I skipped the nodemanager password reset part for guide 2. But when I restarted the server encountered multiple issues see below. Can you please advise on how to fix these errors.
Weblogic and Oracle Linux version
Weblogic 12c
Linux 3.10.0-229.el7.x86_64
A MultiException has 8 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.rmi.cluster.RemoteBinderFactoryService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.rmi.cluster.RemoteBinderFactoryService
7. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.cluster.ClusterServiceActivator errors were found
8. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.cluster.ClusterServiceActivator
Update
I wasn't able to pinpoint the exact error as to why it's giving me all these messages. But am almost 90% sure it's related when I modified boot.properties.
I was able to fix it by restarting the deleting some folders related to weblogic restart like ldap, sessions. Also deleted boot.properties and modified the username and password again which is similar to the original credentials I entered. Because I suspect that weblogic is not able to match the new boot.properties credentials with the configured credentials in weblogic.
I faced the similar issue. Then followed below steps and it worked:
Added weblogic username and password in startWeblogic.[sh|cmd]
Clear the ldap and store directory under domain_home/servers//data
Cleared the tmp directory parallel to data directory (as above)
Restarted the managed server
Related
I am extremely new to UiPath. I have inherited a project from an experienced UiPath developer. I am trying to find the username and password he uses to login to a specific app. Because the project is not working when executing in the development environment, it is possible the password has expired. I am on the machine he used to develop the project, but logged in under my name. I have found the process that does the "Get Credential". I am using a message box to show the username at this point. When I run the process The "Get Credential" activity returns the error "you are not authenticated Error Code:0" I have researched the error and found several answers as to why it is happening, but not what to do to either fix my problem or get around the problem. The UiPath.systems.Activites version used is 21.4.1. I am aware of the concept of the CredentialStores, but can't seem to find the one used for this project. Where would I find the name of the credential store used? How do I find the username? I need to test the change I made for a user request.
I am going to close this question as I have determined the correct password for what I needed to do. I have no need to get into the credential stores for a password.
Credential stores and password were not the actual issue with the error I was receiving. The error "Loading asset PreAuth_Citrix_FolderName failed:
You are not authenticated! Error code: 0" by referencing the word authenticated, I assumed it had to do with passwords. As I did more research I found the issue to be the new security certificate installed on our web server. While orchestrator recognized the new cert, the Identity Server was not updated with the new thumbprint. I found the information I need at this link https://forum.uipath.com/t/get-asset-you-are-not-authenticated-error-code-0/343910. Once I updated the Identity Server thumbprint, I no longer received the error and my jobs ran. (not successful, but at least they ran past this error!)
In Keycloak server console > User Federation > Ldap
I successfully Test connection to Windows Active Directory server - Ok
But keep receive error message on Test Authentication
Server console output: ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have generated keystore.jks file with jdk keytool utility and try to put it in c:\Program Files\Java\jdk1.8.0_241\lib\security\cacerts\
But still, have the same error.
Any suggestion on what may cause this error and how to fix it?
Here we all are, faced with figuring out this configuration ... again. Seems to change everytime I get to do it. Here are some learnings I'd like to pass along.
keycloak will not work with ldaps by default, the certificate authority public key must be added to the truststore.
to get the public key, https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/export-root-certification-authority-certificate, run the following command on your windows ad server in a cmd shell (don't use powershell): certutil -ca.cert ca_name.cer
now you have your ca public key in a DER formatted base64 text file, you need to load this into the keystore file on the keycloak server, but where is it? in the past default locations were used, then later you had to check the configuration file based on your installation type standalone.xml, standalone-ha.xml, or domain.xml ... here is a file with where to look in the configuration file: https://www.keycloak.org/docs/latest/server_admin/ . search for 'truststore'
now, you were able to find the location of an existing keystore that was in the configuration file of your installation type, or added to your configuration file where the location is, and you can use the keytool utility to install the cert to your truststore using: keytool -import -file ca_name.cer -keystore path_to_keystore.jks
This has worked for me perfectly in the past, and though I didn't add a section to my configuration file yet, I have not yet had success and I think it may be that keycloak is now using a different jks file specified in the configuration file called https-keystore.jks. I can see the file but don't have the password to see if adding the cert there will get things working.
If I figure it out I'll try to remember to update this posting. In anycase, I'm working towards switching to a kubernetes style installation which has a technique to make this work correctly once and for all ... but, it doesn't. I currently have a ticket in for it and I suspect it used to work, but then something changed, and it broke there too ... just like the latest docker image which I'm currently using.
Here's hoping this configuration becomes a part of keycloak and not something left up to folks to figure out on their own as I believe this tends to push away potential Windows AD users. Good luck out there everyone.
ERROR: Registering runner... failed
runner=J4DBd8we
status=couldn't execute POST against https://tarun-labs.local/api/v4/runners:
Post https://tarun-labs.local/api/v4/runners: x509:
certificate signed by unknown authority PANIC:
Failed to register this runner
Hi I am facing same problem and tried searching many forums for answers and didn't got any solution yet. config.toml file location is not clear as the one I saw is not the right one I think It is in /gitlab-runner folder and shows only 3 parameters: [Concurrent][check Interval] and [Session Server]. So now way I can change any Value. As I am registering the runner ..the [runners] tab is not expected to be there.
I am trying this on home lab therefore do we need a "single" self signed certificate or need to have CA Certificate as well. Not clear [Full Chain ? or only CA+Server Cert]. I am using home lab so cannot arrange certificate from Pubic CA.
Also is there a way I can skip this error by bypassing SSL? I have seen tls verify or ssl verify option to be set to no.. Where to put that is not clear or mentioned in any forum whatsoever.
This should be common problem for many as fresh installation does not give you any runner to begin with so everyone should be doing these steps. Please help anyone?
From gitlab documentation.
GitLab Runner reads the PEM certificate (DER format is not supported) from a predefined file:
1 - /etc/gitlab-runner/certs/hostname.crt on *nix systems when GitLab Runner is executed as root.
2 - ~/.gitlab-runner/certs/hostname.crt on *nix systems when GitLab Runner is executed as non-root.
3 - ./certs/hostname.crt on other systems. If running Runner as a Windows service, this will not work. Use the last option instead.
If your server address is: https://my.gitlab.server.com:8443/, create the certificate file at: /etc/gitlab-runner/certs/my.gitlab.server.com.crt. To verify that the file looks correct, you can use a tool like openssl.
I am trying to record an internal website for which i need to enter credentials that is not same as the windows credential. Later on the same test needs to be run for more than one user. i know how to use the csv file to pass the parameters - username and password.
For Windows Authentication i have added Authorization manager.
From Fiddler i checked it was NTLM authentication(though i am not sure yet) and i did enter the values for NTLM authentication in Authorization Manager.
Now when i try and record the internal website - i cannot even go to homepage after the windows credentials, it keeps on spinning.
When i check the Authorization Manager, i find an extra line added for kerberos Authentication as shown in Picture:
My query here is:
1)why is it recording it as kerberos
2)where is it saving the username and password
3)why is it not loading the website- always keeps spinning and i have to stop it
4)I have tried Kerberos settings and then record, but its not working either , could it be i am using the wrong values in the kerb5.conf file , how do i debug.
Kind of stuck at the moment.
Thanks for help!
If you're uncertain what authentication is being used under the hood - just ask around, application developers or network administrators should be aware of the external authentication scheme. You can also try using a 3rd-party tool like Kerberos Authentication Tester
I don't think you can record and replay Windows authentication so it makes sense to start recording some time after the login screen as long as you can login using JMeter
Looking into JMeter source
// if HEADER_AUTHORIZATION contains "Basic"
// then set Mechanism.BASIC_DIGEST, otherwise Mechanism.KERBEROS
In case of Kerberos credentials are saved directly in the HTTP Authorization Manager in form of ${AUTH_LOGIN} and ${AUTH_PASSWORD}, real credentials are not stored anywhere
Most probably your application doesn't receive valid authentication context therefore it cannot proceed
Add sun.security.krb5.debug=true line to system.properties file (lives in "bin" folder of your JMeter installation), JMeter restart will be required to pick the property up.
More information:
Windows Authentication with Apache JMeter
JAAS and Java GSS-API Tutorials
I have a Bolt Authentication issue that I don't know how to solve. I restored a backup from my online provider to my local machine. I can launch the browser and run "CALL db.schema" and the query returns. But when i try to just select a sample set of data I'm seeing this in the logs and the query never returns.
2018-06-25 14:39:23.778+0000 ERROR Unexpected error detected in bolt session 'ace2d3fffe92e75d-0005b714-00000004-4c1990029792d052-f94315d8'. The client is unauthorized due to authentication failure.
org.neo4j.bolt.v1.runtime.BoltConnectionFatality: The client is unauthorized due to authentication failure.
at org.neo4j.bolt.v1.runtime.BoltStateMachine.handleFailure(BoltStateMachine.java:742)
at org.neo4j.bolt.v1.runtime.BoltStateMachine.handleFailure(BoltStateMachine.java:728)
at org.neo4j.bolt.v1.runtime.BoltStateMachine.access$500(BoltStateMachine.java:62)
at org.neo4j.bolt.v1.runtime.BoltStateMachine$State$1.init(BoltStateMachine.java:435)
at org.neo4j.bolt.v1.runtime.BoltStateMachine.init(BoltStateMachine.java:145)
at org.neo4j.bolt.v1.messaging.BoltMessageRouter.lambda$onInit$0(BoltMessageRouter.java:70)
at org.neo4j.bolt.runtime.MetricsReportingBoltConnection.lambda$enqueue$0(MetricsReportingBoltConnection.java:69)
at org.neo4j.bolt.runtime.DefaultBoltConnection.processNextBatch(DefaultBoltConnection.java:195)
at org.neo4j.bolt.runtime.MetricsReportingBoltConnection.processNextBatch(MetricsReportingBoltConnection.java:87)
at org.neo4j.bolt.runtime.DefaultBoltConnection.processNextBatch(DefaultBoltConnection.java:143)
at org.neo4j.bolt.runtime.ExecutorBoltScheduler.executeBatch(ExecutorBoltScheduler.java:170)
at org.neo4j.bolt.runtime.ExecutorBoltScheduler.lambda$scheduleBatchOrHandleError$2(ExecutorBoltScheduler.java:153)
at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1590)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
In my config file I can turn off security: dbms.security.auth_enabled=false and things will work. But I'd like to understand why/how I'm getting this error so I don't have to do that. In the administration tab of the desktop I've tried changing the password and it says it's successful but the error still remains?
Restoring to an identical version resolves issue. So good knowledge to have, back ups must be restored to identical versions. Or at least v3.3.5 restored to 3.4 will present this issue.