cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Account locking issue... a bit of a stab in the dark!

Former Member

on ‎04-07-2009 11:24 AM

0 Kudos

I'm encountering a problem on our ERP6 System where my account (I'm one of the Basis guys) gets locked out due to incorrect logons every couple of hours. My password hasn't changed and I can unlock it using another account and log on as normal - until it gets locked again in a few hours.

I've checked everything I can to see what's doing this, but simply can't find the cause.

I've tried a full trace, but this just shows the account getting locked, not the cause.

I've checked scheduled jobs and RFC's and they are not doing it as far as I can see.

I just wondered if anyone has any other ideas what can cause an account to get locked out, but somehow managed to avoid anything being logged in the trace files?

Thanks to anyone who can help!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎04-23-2009 9:27 AM
0 Kudos

I've managed to resolve this after a lot of time spent trying!

The note suggested by SAP was 171805 which explains how to trace RFC's in more detail. This is somewhat messy and gives you loads of information, none of it very readable. As I mentioned ST01 and SM20 didn't display information about the source of the RFC, just the fact that the logon failed.

The trick that finally worked was mentioned in note 91980 - there is a profile parameter:

rfc/signon_error_log (default value is -1)

That if it's set to 1 then a short dump is generated for each failed RFC log on - this gave me more details about the source of the RFC call, including the system, machine name, function module called etc.

The profile can be set dynamically in RZ11 so is quick and easy to use once you know how.

In my case it was our BW system - the SM59 destination in the BW system had had the username / password removed, so the system was trying to use the Username specified in the Partner Profile in WE20 - which for some reason was mine! Presumably it was then trying to log on with a blank password. (sorry not a BW expert!)

Hope this information helps someone else in the future - it was quite a tricky one to diagnose and resolve, but easy once you know how!

Show replies
Show replies
Former Member
‎04-07-2009 11:52 AM
0 Kudos

First you have to analyse User trace with STAD or SM20 or ST01, then you can find any hint of the same. Or anybody are trying to loggin to server with your User ID. If you have SAP* UserID you can anylyse this easily.

Regards

Chandra

Show replies
Show replies
Former Member
‎04-07-2009 11:56 AM
0 Kudos

Hi

Thanks for your reply but as I mentioned I have already tried a trace and the only event it logs is the account being locked, not what causes it.

That's with every option in ST01 ticked.

Former Member
‎04-08-2009 11:55 AM
0 Kudos

Hello Martin, what do you see in SM21 ? you will see the" User XXXXX locked due to incorrect logon"

and try to doubleclick on this entery you will see the workprocess number and something like this :

02312 Dialog work process No. 000 XXXXXX HOSTNAME 1 SAPMSSY1 X Miscellaneous SUSR

Are you see information like this ? Regards.

JPReyes
Active Contributor
‎04-08-2009 12:36 PM
0 Kudos

Check RFC's.... you might have used your user to create an RFC connection from another system that is locking your account... so check all systems.

Also in SM20 you should be able to see the name of the PC/Server from where the logon attempt failed... that will give you a good lead.

Regards

Juan

Former Member
‎04-08-2009 2:07 PM
0 Kudos

Hi

SM20 shows my account being locked each time it happens - it's always at 40 minutes past the hour, on a two hourly cycle I think.

The entry is as follows:

Hostname: our central instance

time: 11.40:47

Username: mine

Terminal: blank

Transaction: blank

Program: SAPMSSY1

Message: User DOLPHINM Locked in Client 500 After Erroneous Password Checks

Double-clicking brings up the following:

SL AUM

____________________________________________________

Short Text

User &B Locked in Client &A After Erroneous Password Checks

The user was locked due to multiple incorrect logon attempts.

JPReyes
Active Contributor
‎04-08-2009 4:06 PM
0 Kudos 
SM20 shows my account being locked each time it happens - it's always at 40 minutes past the hour, on a two hourly cycle I think.

That only reasures the theory that theres a job using your "user" that runs every couple of hours... just check in SM37 with jobs run at that time... then check the periodicity of the jobs... also check if the jobs call an RFC... you'll have to check in all systems that connect to that one.

Also if the user gets locked... most likely the job or the step of the job will fail.

Regards

Juan

Former Member
‎04-09-2009 7:28 AM
0 Kudos

Hi yes done all of that some time ago - RFC trace doesn't show anything and there isn't a job as far as I can tell, and certainly not a failing job.

It's as though some internal process is trying to use my account, but no idea why!

Ask a Question