Question
How to change Deployment Environment (DE) admin user password in IBM Business Automation Workflow (BAW)?
You have gone through the security audit in your IBM BAW environment and it indicated that the Deployment Environment (DE) admin user password has not been changed since day one of IBM BAW installation. So, you have decided to correct this and change the password.
Answer
As you know, a certain number of users are present after IBM BAW in a so-called file-based repository and DE admin is one of them. So, you don't have control over this user's password in your external provider (LDAP).
Another important aspect is - this user is used in a number of places in BAW configuration as an admin user and even though in most of the places its corresponding security alias (J2C) is used there is still a handful of places where the password is explicitly specified. You need to take care of those places.
IBM has its documentation for this matter but after I went through the documented steps I could still see an error in the logs suggesting that an old password is still used somewhere. The error looked like this -
com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4513E The password match failed for the 'deadmin' principal name.
Clearly, the error is suggesting that not all of the places were updated.
Upon further testing on my own and examining the logs more in detail I discovered in ffdc logs that the mismatch of passwords was pointing to Filenet.
So, I started to dig into that area of the Product and found the following article:
https://www.ibm.com/support/pages/cwwim4513e-password-match-failed-admin-principal-name
That looked promising but it had couple more caveats to it.
Here I'm providing a full set of steps that finally worked for me and I no longer see any errors in the logs and my new DE admin password is working fine -
- Follow all the steps from an IBM infocenter article.
- Login to ACCE console:
- If you're on BAW 190x then the ACCE console is hosted under navigator desktop, so, the URL for this console would look something like:
https://host:port/navigator/?desktop=acce
(NOTE: it has to be deployed using the corresponding plugin, you can find more information here)
- If you're on BAW 2102 or above then ACCE is again deployed as normal console, so, you can reach it via the following URL:
https://host:port/acce
Use DE admin user credentials to login to ACCE console.
Open -> Properties tab->System User Password, and update the password for DE admin there.
Restart the whole env - you should be all set now and there should be no any exceptions in the logs.
- If you're on BAW 190x then the ACCE console is hosted under navigator desktop, so, the URL for this console would look something like:
Comments
0 comments
Please sign in to leave a comment.