Tuesday, 17 January 2017

How to decrypt the weblogic password

To decrypt the WebLogic password follow the below steps

 1)Take the adminserver boot. Properties details

[appgvpk1@server5050 security]$ cat $EBS_DOMAIN_HOME/servers/AdminServer/security/boot.properties
#Sun May 08 17:51:57 EDT 2016
password={AES}RL4vuk2Y1rreNBi0EmKNt0x8zY10ckmKxmv+j64CGak\=
username={AES}YOyAsoH6TA9BvK2qxjayQh3NvkQ4W3/3pygLNc4vWUM\=
[appgvpk1@server5050 security]$

 2)create decrypt.py file in

 [appgvpk1@server5050 security]$ cd $EBS_DOMAIN_HOME/security

[appgvpk1@server5050 security]$ cat decrypt.py
from weblogic.security.internal import *
from weblogic.security.internal.encryption import *
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

# Take encrypt password from user
pwd = raw_input("Paste encrypted password ({AES}fk9EK...): ")

# Delete unnecessary escape characters
preppwd = pwd.replace("\\", "")

# Display password
print "Decrypted string is: " + clearOrEncryptService.decrypt(preppwd)
[appgvpk1@server5050 security]$

[appgvpk1@server5050 security]$ pwd
/erppwrc1/erpapp/fs2/FMW_Home/user_projects/domains/EBS_domain_erppwrc1/security

3) source the   setDomainEnv.sh

[appgvpk1@server5050 security]$ cd $EBS_DOMAIN_HOME/bin
[appgvpk1@server5050 bin]$ ls -ltr
total 56
drwxr-x--- 2 appgvpk1 oinstall  4096 May  7 15:29 service_migration
drwxr-x--- 2 appgvpk1 oinstall  4096 May  7 15:29 server_migration
drwxr-x--- 2 appgvpk1 oinstall  4096 May  7 15:29 nodemanager
-rwxr-x--- 1 appgvpk1 oinstall  2010 May  7 15:29 secureWebLogic.sh
-rwxr-x--- 1 appgvpk1 oinstall  2003 May  7 15:29 stopWebLogic.sh
-rwxr-x--- 1 appgvpk1 oinstall  2473 May  7 15:29 stopManagedWebLogic.sh
-rwxr-x--- 1 appgvpk1 oinstall  5704 May  7 15:29 startWebLogic.sh
-rwxr-x--- 1 appgvpk1 oinstall  3251 May  7 15:29 startManagedWebLogic.sh
-rwxr-x--- 1 appgvpk1 oinstall 17349 May  7 15:29 setDomainEnv.sh
[appgvpk1@server5050 bin]$. ./setDomainEnv.sh


4)run the decrypt password script
 
[appgvpk1@server5050 security]$ cd $EBS_DOMAIN_HOME/security
[appgvpk1@server5050 security]$ ls -ltr
total 40
-rw-r----- 1 appgvpk1 oinstall   486 May  7 15:29 decrypt.py
-rw-r----- 1 appgvpk1 oinstall 22654 May  7 15:29 XACMLRoleMapperInit.ldift
-rw-r----- 1 appgvpk1 oinstall    64 May  7 15:29 SerializedSystemIni.dat
-rw-r----- 1 appgvpk1 oinstall  2398 May  7 15:29 DefaultRoleMapperInit.ldift
-rw-r----- 1 appgvpk1 oinstall  3301 May  8 17:50 DefaultAuthenticatorInit.ldift
[appgvpk1@server5050 security]$

[appgvpk1@server5050 security]$ java weblogic.WLST decrypt.py

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Paste encrypted password ({AES}fk9EK...): {AES}RL4vuk2Y1rreNBi0EmKNt0x8zY10ckmKxmv+j64CGak\=
Decrypted string is: weblogic123

Monday, 9 January 2017

Different adop Patching Modes in Oracle E-Business Suite release 12.2.x

Test Mode
In test mode, adop does not apply the patch. Instead, it lists each file it would have copied, relinked, executed, or generated, and shows exactly what actions it would have performed had it applied the patch. It also runs AutoConfig in test mode to determine any impending changes to the configuration files. This allows you to see the effects of a patch on your system before you apply it.
To run adop in test mode, add the apply=no parameter to the adop command you would use if you were actually going to apply the patch. In test mode, adop will go through the process of applying the patch but will not perform any of the following actions:
  • Copy files from the patch directory to the Oracle E-Business Suite file system
  • Archive object modules into the product libraries
  • Relink executables
  • Generate forms, reports, PL/SQL libraries, or menu files
  • Run SQL or EXEC commands (commands that change the database)
  • Instantiate new configuration files
  • Update the patch information files
  • Update patch information and release version in the database
Downtime Mode
To optimize the process of upgrading to Oracle E-Business Suite Release 12.2, support is provided for the capability to apply Oracle E-Business Suite patches in downtime mode. When applying patches in this mode, adop will first confirm that the application tier services are down, and will then proceed to apply the patch to the run edition of the Oracle E-Business Suite database and file system. Downtime mode patching does not use an online patching cycle. The process of applying a patch in downtime mode completes more quickly than in online mode, but at the cost of increased system downtime.
To run adop in downtime mode, you use the following command line options. In this example, patch 123456 is applied in downtime mode:
$ adop phase=apply patches=123456 apply_mode=downtime
Preinstall Mode
Preinstall mode is generally used during the upgrade process to update AD utilities, apply pre-upgrade patches, or work around other patching issues. adop asks all startup questions except those relating to the database.
To run adop in preinstall mode, include preinstall=y on the adop command line. It performs the following actions:
  • Compares version numbers
  • Copies files
  • Relinks FND and AD executables
  • Saves patch information to the file system
Because adop does not read driver files in preinstall mode, it copies all product files in the patch to the APPL_TOP directory. Additionally, even if a file in the patch should be both in the APPL_TOP and in another directory (such as in $OA_HTML), adop copies the file only to the APPL_TOP.
In preinstall mode, adop validates codelevels against the files Preinstall_Codelevel_AD.txt and Preinstall_Codelevel_MP.txt. These files are located in the $APPL_TOP/admin directory, and contain codelevel information about AD and other products registered in the database tables.
Since no database connection is available in preinstall mode, adop tries to validate whether the current patch should be applied based on the codelevel information in these two files, as follows:
  • If Preinstall_Codelevel_AD.txt is missing from the APPL_TOP, adop will apply the patch in preinstall mode without validating the patch for codelevel compatibility.
  • If Preinstall_Codelevel_MP.txt is missing from the APPL_TOP, adop will proceed with patch application without validating the patch for codelevel compatibility of the entities.
  • If both files are missing, adop will not validate codelevels in preinstall mode.
Note the following restrictions when applying a patch in preinstall mode:
  • NLS patches cannot be applied on the instance.
  • Baseline or codelevel-introducing patches cannot be applied on the instance.
  • adop will not check to see if the patch is already applied on the system.
Important note - Run adop in preinstall mode only if the patch readme instructs you to do so.