Creating Read Only User In Weblogic(SOA 11g)

In production environments, usually requirement is to change the default Weblogic password (to restrict it just to System Administrators) and create some kind of Read Only user for the Weblogic console. A colleague of mine documented these steps recently and hope these help anyone trying to perform this in QA/PROD environments.

1. Guest User Creation
Login to console as weblogic user and click on Security Realms -> myrealm ->Users and Groups

Click on New, enter Name & Password and then OK.

Click on the user which was created (guestuser) and below step ensures that we provide read only access
 to same. Click on Groups tab, choose Monitors group from left pane to right pane. Click on save. Once
    done logout from console (as weblogic) and login with new user to check access.

2. Weblogic Password Change
Login to console as weblogic user and click on Security Realms -> myrealm ->Users and Groups. Click on Weblogic and click on Passwords tab and update the new password and Save.

3. Node Manager Password Change
Login to console and click on Domain, click on Security ->  Advanced.

Update the password for the Node Manager user (weblogic) and click on Save.

4. Updating Weblogic and Node Manager passwords in Linux

     Login to fusion server using putty and navigate to the below directory.
·     Go to %domain_home%/config/nodemanager
·     Open nmpassword_properties
·     The file will hold encrypted values, replace all content with:
                  username=weblogic
                  password=new password
·     Restart the NodeManager
·     Check nmpassword_properties file for encrypted values
   Repeat same steps in its a multi node cluster environment.

 Changing the weblogic security file :
 Go to: %domain_home%/servers/{Managed Server}/security
 Open the boot.properties file
 Change the values to
              username=weblogic
              password=new password
  Perform same steps on other nodes and Restart Managed Servers.

Error while starting cluster: java.lang.RuntimeException: Failed to start Service "Cluster"

Can't start managed servers in a SOA cluster correctly, SOAInfra is in a failed state and see below errors in log file

Oracle Coherence GE 3.6.0.4  (thread=Cluster, member=n/a): Failure to join a cluster for 300 seconds; stopping cluster service.
Oracle Coherence GE 3.6.0.4  (thread=[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Error while starting cluster: java.lang.RuntimeException: Failed to start Service "Cluster" (ServiceState=SERVICE_STOPPED, STATE_ANNOUNCE)
        at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.start(Service.CDB:38)
        at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.start(Grid.CDB:6)
        at com.tangosol.coherence.component.net.Cluster.onStart(Cluster.CDB:637)
        at com.tangosol.coherence.component.net.Cluster.start(Cluster.CDB:11)

This maybe caused because of another cluster in same subnet having the same cluster name. To fix this error and start servers correctly go to admin console and click on Managed Server->Server Startup tab. Under arguments field set the below for each server of the cluster.

Let's say the 2 node names are host1.com, host2.com respectively.

On server startup on Node1 set

-Dtangosol.coherence.wka1=host1.com -Dtangosol.coherence.wka2=host2.com -Dtangosol.coherence.localhost=host1.com -Xmanagement:ssl=false,authenticate=false,autodiscovery=true

On server startup of Node2 set

-Dtangosol.coherence.wka1=host1.com -Dtangosol.coherence.wka2=host2.com -Dtangosol.coherence.localhost=host2.com -Xmanagement:ssl=false,authenticate=false,autodiscovery=true

Once done, save changes and restart the managed servers. Now the error should be gone.