https://blogs.oracle.

com/pa

Changing passwords of OBIEE Environment In case A Company has

password change management policy and expects encrypted passwords.

Areas where password should be changed and the sequence:

1. Change WebLogic Embedded LDAP User's Password in WebLogic Admin Console (weblogic, OracleSystemUser,
BISystemUser).

2. Enter new credentials for BISystemUser in FMW EM Console.

3. Change weblogic user credentials in the boot.properties file for each server.
Restart all OBIEE Services.

TEST: Weblogic Servers should start, Should be able to login as Embedded LDAP Users.

NOTE: If any issues troubleshoot in the above areas after changes.

4. Change External LDAP Authenticator Principal Users password (User account used to retrieve the Users and
Groups from the LDAP Server).
Restart all OBIEE Services.

TEST: Should be able to see the list of Users and Groups from External LDAP Authenticator.

TEST: Should be able to login as both Embedded and External LDAP Authenticator Users.

NOTE: If any issues troubleshoot in the above area after changes.

Stop all OPMN (BI Components) Services.

5. Change the password for all the DataSources connection pool details in WebLogic Admin Console.
NOTE: This step can also be done through WLST Scripting and System MBean in FMW EM Console

6. Change the Scheduler DB Schema User password in FMW EM Console (for DEV_BIPLATFORM).
NOTE: This step can also be done through WLST Scripting and System MBean in FMW EM Console

7. Change the passwords for the Data Sources that are been used in the RPD (like Usage Tracking, etc).

8. Change the Database Schema Users passwords (for DEV_BIPLATFORM, DEV_MDS, etc) at the Database Level.
NOTE: If the OBIEE is installed without shipped-in essbase, Password Changing steps are completed at this step.

TEST: All the OPMN (BI Component) Services should start (except the Essbase related services) and be in alive state.

TEST: Should be able to login as both default and external LDAP Users.

NOTE: If any issues troubleshoot in the above area after changes.

NOTE: If Shipped-in Essbase is installed along with OBIEE, continue below steps.

9. Change the Database Schema password stored in Registry properties file (generate a new reg.properties file).

10. Change the Database Schema password in the EPM System Registry.

11. Change Essbase Monitoring Credentials.

12. Change the Database Schema password for Essbase Studio

Restart all OBIEE Services (Start all BI Component Services).

TEST: All the OPMN (BI Component) Services should start and be in alive state.

TEST: Should be able to login as both default and external LDAP Users.

NOTE: If any issues troubleshoot in the above area after changes.

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 1 of 19
 https://blogs.oracle.com/pa

1. Change WebLogic Embedded LDAP User's Password in

WebLogic Admin Console

In the WebLogic Admin Console Domain Structure Security Realms myrealm Users and
Groups tab Users tab Click on the Username reset the password in passwords tab.

Change the password for all the Users existing in the WebLogic Embedded LDAP (like weblogic,
BISystemUser, etc)

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 2 of 19
 https://blogs.oracle.com/pa

2. Enter new credentials for BISystemUser in FMW EM Console

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 3 of 19
 https://blogs.oracle.com/pa

3. Change weblogic user credentials in the boot.properties file

for each server.

Restart all Services (Both WebLogic and BI Components Services)

After restart of WebLogic Servers the entries in boot.properties file get encrypted.

Admin Server and bi_server1 should run successfully.

Successfully able to login to WebLogic admin Console, FMW EM and OBIEE after the above changes

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 4 of 19
 https://blogs.oracle.com/pa

4. Change External LDAP Authenticator Principal Users

password

Save and Click on Activate Changes.

Even though it says No restarts are necessary. It doesnt list the Users and Groups from external LDAP
Authenticator and also unable to login as External LDAP Users.

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 5 of 19
 https://blogs.oracle.com/pa

Restart all Services (Both WebLogic and BI Components Services)

Able to view the list of External LDAP Users and Groups.

Successfully able to login to OBIEE as both Embedded and external LDAP users after the above
changes.

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 6 of 19
 https://blogs.oracle.com/pa

5. Change the password for all the Data Sources connection

pool details in WebLogic Admin Console

Login to WebLogic Admin Console http://obiee-hostname.com:7001/console (as weblogic user)

Change the password for all the available Data Sources:

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 7 of 19
 https://blogs.oracle.com/pa

6. Change the Scheduler DB Schema User password in FMW EM

Console (for DEV_BIPLATFORM).

Login to FMW EM Console http://obiee-hostname.com:7001/em (as weblogic user)

Lock and Edit Configuration

Change the Password, Apply and Activate Changes

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 8 of 19
 https://blogs.oracle.com/pa

7. Change the passwords for the Data Sources that are been
used in the RPD (like usage tracking, etc).

Using Oracle BI Administration Tool open the RPD in Online mode

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 9 of 19
 https://blogs.oracle.com/pa

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 10 of 19
 https://blogs.oracle.com/pa

8. Change the Database Schema Users password at Database

machine Level.

Check the account status of the DB Schema Users

Where welcome1 is the new password.

If the OBIEE is installed without shipped-in essbase, Password Changing steps are completed at
this step.
If Shipped-in Essbase is installed along with OBIEE, continue below steps.

9. Change the Database Schema password stored in Registry

properties file (generate a new reg.properties file).

Essbase Server uses a database schema password stored in the reg.properties file.

Change ESSBASE Registry properties as follows:

The updateRegProperties.py is located at:

$ORACLE_BASE/products/fusionapps/bi/bifoundation/install (for BI Apps)

$ORACLE_HOME/bifoundation/install (for OBIEE 11g)

Where $ORACLE_HOME=C:\Oracle\Middleware\Oracle_BI1

Syntax is:
updateRegProperties.py biHome biInstance DbUrl DbUserName DbNewPassword DbDriverClass

Run the following command to update registry:

Go to WLST prompt and run below cmd or if wlst is in path then execute below cmd

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 11 of 19
 https://blogs.oracle.com/pa

C:\Oracle\Middleware\Oracle_BI1\common\bin\wlst.cmd
C:\Oracle\Middleware\Oracle_BI1\bifoundation\install\updateRegProperties.py %BIHOME%
%BIINST% jdbc:oracle:thin:@<databasehostname>:1521/orcl PROD_BIPLATFORM newpassword
oracle.jdbc.OracleDriver

Where

%BIHOME% = C:\Oracle\Middleware\Oracle_BI1
%BIINST% = C:\Oracle\Middleware\instances\instance1

E.g.:
C:\Oracle\Middleware\Oracle_BI1\common\bin>wlst.cmd C:\Oracle\Middleware\Oracle_
BI1\bifoundation\install\updateRegProperties.py C:\Oracle\Middleware\Oracle_BI1
C:\Oracle\Middleware\instances\instance1 jdbc:oracle:thin:@raghav2140630.us.oracle.
com:1521/orcl AHR_BIPLATFORM Oracle123 "oracle.jdbc.OracleDriver"

Output:

Note: The solution can be simple if your company security rules agree for a clear text
entry of the password in the above reg.properties file.
We are exercising all these steps so that we can enter an encrypted password.

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 12 of 19
 https://blogs.oracle.com/pa

10. Change the Database Schema password in the EPM System

Registry.

The DB Schema User password will also be present in the epm system registry

You can see this in encrypted form by executing the below bat file:

The Report gets saved under and can be opened in Browser as html page:

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 13 of 19
 https://blogs.oracle.com/pa

We need to change this Encrypted DB Schema User Password in the EPM System Registry also:

Change EPM Registry as follow:

$BIInstance/config/foundation/11.1.2.0/epmsys_registry.sh updateencryptedproperty
HOST/database_conn/@dbPassword DbNewPassword

Example of $BIInstance is <INSTANCE_DIR>/config/BIInstance/config/foundation/11.1.2.0

C:\Oracle\Middleware\instances\instance1\config\foundation\11.1.2.0>epmsys_regis
try.bat updateencryptedproperty HOST/database_conn/@dbPassword Oracle123

Output:

Ignore if any exceptions occur.

Our target is to check if this statement appears or not:

The new value of the property has been encrypted and updated on the component.

Now if you run below command it will display the new encrypted dbPassword:

If not you can also check the value in html format by rerunning the epmsys_registry.bat

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 14 of 19
 https://blogs.oracle.com/pa

HTML Report:

11. Change Essbase Monitoring Credentials.

Login to FMW EM Console

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 15 of 19
 https://blogs.oracle.com/pa

12. Change the Database Schema password for Essbase Studio

Note: The solution can be simple if your company security rules agree for a clear text entry of
the catalog.password in the below server.properties file.
We are exercising all these steps so that we can enter an encrypted password.

Follow the Steps as below:

************************************************************************************************

1. Make sure Essbase Studio Server is not running.

2. Rename server.jar from release 11.1.2.3.504 to server504.jar (provided separately) and copy it to the
$ORACLE_HOME/products/Essbase/EssbaseStudio/Server folder in the installed environment in the folder

3. Copy $ORACLE_HOME/products/Essbase/EssbaseStudio/Server/scripts.template/encryptPassword.sh.template
(not available so use the attached file) to
$ORACLE_INSTANCE/EssbaseStudio/essbasestudio1/bin/encryptPassword.sh

4. Edit the encryptPassword.sh script by settting $ORACLE_HOME, $JAVA_HOME and $ORACLE_INSTANCE

variables and also fixing classpath: the line
CPATH="$EPM_ORACLE_HOME/products/Essbase/EssbaseStudio/Server/server.jar:$EPM_ORACLE_HOME/com
mon/config/11.1.2.0/hit-common.jar:$EPM_ORACLE_HOME/common/jlib/11.1.2.0/registry-api.jar"

should be replaced with

CPATH="$EPM_ORACLE_HOME/products/Essbase/EssbaseStudio/Server/server504.jar:$EPM_ORACLE_HOME/
common/config/11.1.2.0/hit-common.jar:$EPM_ORACLE_HOME/common/jlib/11.1.2.0/registry-api.jar".

5. Add following line password.encryption.version=2 into the

$ORACLE_INSTANCE/EssbaseStudio/essbasestudio1/bin/server.properties file.

6. Launch ./encryptPassword.sh <unencrypted password> from

$ORACLE_INSTANCE/EssbaseStudio/essbasestudio1/bin. It will generate the encrypted password
and print it to the command line console.

7. Use the encrypted password to replace the catalog.password property value in

$ORACLE_INSTANCE/EssbaseStudio/essbasestudio1/bin/server.properties.

8. Now remove the server504.jar file and the password.encryption.version=2 entry from server.properties file

9. Can also remove encryptPassword.bat|sh file from the $ORACLE_INSTANCE/EssbaseStudio/essbasestudio1/bin

10. Start Essbase Studio Server

************************************************************************************************

Rename the attached server.jar as server504.jar and placed it under below location

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 16 of 19
 https://blogs.oracle.com/pa

Copy the attached encryptPassword.bat.template as encryptPassword.bat to

Replace the $ORACLE_HOME, $ORACLE_INSTANCE and $JAVA_HOME variables as per

environment values, Edit the CPATH with server504.jar in the encryptPassword.bat file

Add password.encryption.version=2 in server.properties file

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 17 of 19
 https://blogs.oracle.com/pa

Launch the encryptPassword.bat

Syntax:
encryptPassword.bat Oracle123

Encrypted password is displayed on the command Prompt, Copy this value to server.properties
file
NOTE: Make sure there are no spaces in this password (parameter and its value)

BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 18 of 19
 https://blogs.oracle.com/pa

Now remove the server504.jar file and the password.encryption.version=2 entry from
server.properties file

Also remove encryptPassword.bat|sh from $ORACLE_INSTANCE/EssbaseStudio/essbasestudio1/bin

Restart all OBIEE Services (Start all BI Component Services).

Attachements/Files needed to fulfill the task: Change the Database Schema password for
Essbase Studio
Server504.jar (already renamed from server.jar)
This file can also be picked up from Oracle EPM 11.1.2.3.504 environments if EPM products are also
implemented from below location C:/Oracle/Middleware/EPMSystem11R1/products/Essbase/EssbaseStudio/Server

encryptPassword.bat.template (text given in the same file in next page)

encryptPassword.sh.template (text given in the same file in next page)

Edited encryptPassword.bat looks like this:

rem set script variables ORACLE_HOME, ORACLE_INSTANCE, JAVA_HOME

set ORACLE_HOME=C:\Oracle\Middleware\Oracle_BI1
set ORACLE_INSTANCE=C:\Oracle\Middleware\instances\instance1
set JAVA_HOME=C:\Oracle\Middleware\Oracle_BI1\jdk

set EPM_ORACLE_INSTANCE=%ORACLE_INSTANCE%
set EPM_ORACLE_HOME=%ORACLE_HOME%

set CPATH=%EPM_ORACLE_HOME%/products/Essbase/EssbaseStudio/Server/server504.jar;%EPM_ORACLE_HOME%/common/config/11.1.2.0/hit-
common.jar;%EPM_ORACLE_HOME%/common/jlib/11.1.2.0/registry-api.jar

echo java -DEPM_ORACLE_INSTANCE=%ORACLE_INSTANCE% -cp %CPATH% com.hyperion.cp.config.EncryptPassword %1

%JAVA_HOME%/bin/java -DEPM_ORACLE_INSTANCE=%ORACLE_INSTANCE% -cp %CPATH% com.hyperion.cp.config.EncryptPassword %1

******************************************************************************************************
Documented against OBIEE (11.1.1.7.x) release where Essbase (11.1.2.3.003) & Essbase Studio (11.1.2.2.200)

******************************************************************************************************
BI Oracle CEAL Team, Author: Veera Raghavendra Rao Koka (Updated on 03-Mar-2015) Page 19 of 19