Thursday, 27 January 2011

Error "CWWIM4512E The password match failed" seen using WebSphere Portal Express v7 on Linux

During the start-up of my WebSphere Portal Express v7 installation on Ubuntu ( I know, it's not supported, but it's fun ), I started seeing: -

...
21/01/11 23:02:32:665 GMT] 0000002a exception     W com.ibm.ws.wim.adapter.file.was.FileAdapter login CWWIM4512E The password match failed.
[21/01/11 23:02:32:666 GMT] 0000002a exception     W com.ibm.ws.wim.adapter.file.was.FileAdapter login
                                 com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4512E The password match failed.
        at com.ibm.ws.wim.adapter.file.was.FileAdapter.login(FileAdapter.java:2015)
        at com.ibm.ws.wim.ProfileManager.loginImpl(ProfileManager.java:3381)
...

in SystemOut.log.

Digging further, I found this rather useful Technote: -

CWWIM4512E error during login requires reset of user's password in file registry

which relates to the same problem, and links to this even more useful Technote: -

How to reset the administrator's password in the file registry

which outlines how to fix the problem, summarized below: -

i) Start the wsadmin client

/opt/IBM/WebSphere/AppServer/profiles/wp_profile/bin/wsadmin.sh -conntype NONE

ii) Update the password for the admin user - wpadmin in my case

$AdminTask changeFileRegistryAccountPassword {-userId wpadmin -password <PASSWORD>}
$AdminConfig save
quit

iii) Update the password in the Portal and WAS configuration - assuming that you're using the same ID for both admin roles

cd /opt/IBM/WebSphere/AppServer/profiles/wp_profile/ConfigEngine
./ConfigEngine.sh wp-change-portal-admin-user -DnewAdminId=uid=wpadmin,o=defaultWIMFileBasedRealm -DnewAdminPw=<PASSWORD> -DnewAdminGroupId=cn=wpsadmins,o=defaultWIMFileBasedRealm
./ConfigEngine.sh wp-change-was-admin-user  -DnewAdminId=uid=wpadmin,o=defaultWIMFileBasedRealm -DnewAdminPw=<PASSWORD>

iv) Restart Portal

v) Login to WAS admin ( Integrated Solutions Console )

Use the Manage Users and Groups link to reset the password for, in my case, wpadmin to be consistent with the above scripts.

vi) Re-run the process to update the WAS Admin password

cd /opt/IBM/WebSphere/AppServer/profiles/wp_profile/ConfigEngine
./ConfigEngine.sh wp-change-was-admin-user  -DnewAdminId=uid=wpadmin,o=defaultWIMFileBasedRealm -DnewAdminPw=<PASSWORD>

vii) Restart Portal

Job done :-)

It's worth re-stating that  this is only necessary where you're using a file-system based password e.g. using WIM with a file registry e.g.

/opt/IBM/WebSphere/AppServer/profiles/wp_profile/config/cells/dmhw500/fileRegistry.xml

as evidenced in: -

...
  <userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="" serverPassword="{xor}" realm="defaultWIMFileBasedRealm" ignoreCase="true" useRegistryServerId="false" primaryAdminId="uid=wpadmin,o=defaultWIMFileBasedRealm" registryClassName="com.ibm.ws.wim.registry.WIMUserRegistry"/>
...

/opt/IBM/WebSphere/AppServer/profiles/wp_profile/config/cells/dmhw500/security.xml

4 comments:

peter greaves said...

same thing happend to me after applying CF1 on Windows XP. these instructions fixed it, but i had to restart (port blocking i think) fully at one point.

now my portal starts lovely, clean logs etc.

thanks dave!

Dave Hay said...

@Peter - excellent, thanks for the feedback

Bruno Santos Dumont said...

When I try "cd /opt/IBM/WebSphere/AppServer/profiles/wp_profile/ConfigEngine
./ConfigEngine.sh wp-change-portal-admin-user -DnewAdminId=uid=wpadmin,o=defaultWIMFileBasedRealm -DnewAdminPw= -DnewAdminGroupId=cn=wpsadmins,o=defaultWIMFileBasedRealm"

Show the menssage: com.ibm.websphere.management.exception.ConfigServiceException: javax.management.JMRuntimeException: ADMN0022E: Acesso negado para a opera?Æo resolve no MBean ConfigService, devido a credenciais insuficientes ou vazias.
at com.ibm.websphere.management.configservice.ConfigServiceProxy.resolve(ConfigServiceProxy.java:480)...

Dave Hay said...

@Bruno, silly question, but you did actually enter the password ? The exception means: -

This exception has several causes.

1. WasUserid or WasPassword can be wrong

2. Extra spaces after WasUserid or WasPassword

3. WasRemoteHostName is not set to the right server

4 WasSoapPort is not the right port for the server

5. Special characters in password (ConfigEngine is further restricted vs WAS/Portal)

http://www-01.ibm.com/support/docview.wss?uid=swg21577984