IBM Support

Changing the tw_admin password in IBM Business Process Manager (BPM) after installation

Troubleshooting


Problem

After your install IBM Business Process Manager, you attempt to change the tw_admin password value. However, the following error occurs in the SystemOut.log file: CWLLG2003E: GetSubject for userName=tw_admin failed in ServiceLocator.

Symptom

The complete error in the SystemOut.log file is:
CWLLG2003E:  GetSubject for userName=tw_admin failed in ServiceLocator.  Error: javax.naming.AuthenticationException: Login failed: com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed. [Root exception is com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed.].
                                 javax.naming.AuthenticationException: Login failed: com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed. [Root exception is com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed.]
[..]
Caused by: com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed.
[..]
          Caused by: com.ibm.websphere.security.PasswordCheckFailedException: CWWIM4512E The password match failed.

Resolving The Problem

To change the tw_admin password after you installed IBM Business Process Manager, complete the following steps:

  1. Log on to the Process Administrative console using the administrative account. The administrative account has the user name and password that you specified when the product was installed.

  2. Change the password for the tw_admin account in the Process Administrative console.

  3. Log into the WebSphere Application Server Administrative Console.

  4. Change the BPMAdmin_Auth_Alias password through the WebSphere Application Server Administrative Console. To change the password, complete the following steps:
    1. Click Security > Global security.
    2. On the right side, under Authentication, click JAASConfiguration > J2C Authentication data.
    3. Navigate to BPMAdmin_Auth_Alias.
    4. Change the BPMAdmin_Auth_Alias password.

  5. Modify the tw_admin password for the roles that are associated with the tw_admin administrative user name using one of the following methods:
    • Go to Enterprise Applications > IBM_BPM_Teamworks_<node and server location> > User RunAs roles. For example: Enterprise Applications > IBM_BPM_Teamworks_Node01_Server01 > User RunAs roles.

      Change the password for the roles with which the tw_admin administrative user name is associated and apply the change. For example, if the twem and twuser roles are associated with the tw_admin user name, change the password for those roles.

    • Run the util\Security\bpmModifyMapRunAsRole.py utility to update the password for the administrative user for the system applications.

      Standalone environment:
      wsadmin -username user_name -password password -f bpmModifyMapRunAsRole.py -usr user -pwd pwd -nodeName node -serverName server
      where:
      user_name is the administrative user
      password is the administrative password
      user is the user to be set for the run as roles
      pwd is the pwd to be set for the run as roles
      node is the name of the node
      server is the name of the server


      Clustered environment
      wsadmin -username user_name -password password -f bpmModifyMapRunAsRole.py -usr user -pwd pwd -clusterName cluster
      where:
      user_name is the admin user
      password is the admin password
      usr is the user to be set for the run as roles
      pwd is the pwd to be set for the run as roles
      cluster is the name of the cluster


      Important: You must run the bpmModifyMapRunAsRole.py utility twice in a clustered environment. For example:
      wsadmin  -user username -password admin -f  
      C:\WAS_INSTALL_LOCATION\util\Security\bpmModifyMapRunAsRole.py -usr  tw_admin -pwd admin -clusterName BPM.AppTarget -applicationName Teamworks



      wsadmin  -user username -password admin -f
      C:\WAS_INSTALL_LOCATION\util\Security\bpmModifyMapRunAsRole.py -usr  tw_admin -pwd admin -clusterName BPM.Support -applicationName PerformanceDW


  6. Log out of the WebSphere Application Server administrative console.

  7. Restart the server.

Note:
For a Network Deployment clustered environment, replace the previous last two steps (#6 and 7) with the following steps:
  1. Synchronize the nodes that contain Process Center, Process Server, or Performance Data Warehouse cluster members. Complete these steps:
    1. In the administrative console, click System administration > Nodes.
    2. Select all of the nodes.
    3. Click Full Resynchronize.
    4. Stop and restart all of the clusters and servers.

  2. Restart the cluster members.

[{"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"8.0;7.5.1.1;7.5.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"8.0;7.5.1.1;7.5.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSFTBX","label":"IBM Business Process Manager Express"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"8.0;7.5.1.1;7.5.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Historical Number

79260;499;000

Document Information

Modified date:
15 June 2018

UID

swg21619258