When you unzip GlassFish 4.1, the Administration user has no password set. This was introduced quite some time ago to simplify the developer experience. For obvious security reasons, the remote admin capabilities are also disabled. So the default Admin user is ‘admin’ and its password is empty.

To enable remote Admin, you should first define a password for the admin user and then enable remote admin. The trick is that the change-admin-password command is asking the admin password, in that case you should leave it empty.

./asadmin change-admin-password

Enter admin user name [default: admin]> [leave it empty to use the default value]

Enter the admin password> [make sure to leave this field empty]

Enter the new admin password> myS3cur3Passw0rd!

Enter the new admin password again> myS3cur3Passw0rd!`

Command change-admin-password execute

You can now enable the securre-admin.

./asadmin enable-secure-admin

Enter admin password for user "admin"> [fill in the new password you have set]

You must restart all running servers for the change in secure admin to take effect. Command enable-secure-admin executed successfully.

And just restart the domain and you are all set!

./asadmin restart-domain domain1

The ‘empty admin password’ is mentionned in the initial page of the first chapter of the Administration Guide.

Originaly posted on The Aquarium blog.