on 05-14-2009 7:39 AM
Dear SAP Gurus,
One of our administrative user-id's is getting blocked due to Incorrect logons which clearly states some one(not authorized) is trying to login via that user-id.
I would like to know is it possible to trace who is trying to login from that specific userid from which terminal.
Regards,
Ashish .A. Poojary
Issue Resolved !!!!
There was a scenario which had a wrong password hard coded.
It's working fine now.
Thx for your suggestions.
Regards,
Ashish .A. Poojary
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Ashish,
It is very difficult to trace that who is trying to lock that id knowingly. Because he or she may try from any of the machine on the network. But here are some tips to reach the machine.
Use SM21 (System Log) - It will show you the log for unsuccessful logon.
Trace the Machine name (Computer name from he/she trying to access)
Goto prompt and type
c:> traceert <COMPUTER NAME>
this will provide the details of TCP/IP Address of the computer. I thing now you can catch that person.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It is very difficult to trace that who is trying to lock that id knowingly. Because he or she may try from any of the machine on the network. But here are some tips to reach the machine.
SM20 shows you the terminal (Computer name) from where the logon was attempted.
User can also be getting locked because of and RFC or a job been triggered calling an RFC that has an incorrect password. (Been a non technical user I presume this is not the case)
Regards
Juan
I checked out by sm20.
No reults .
Could this be a possibility ???
In a program or scenario the username and password is hardcoded and a wrong password has been hard coded in the program.
Awaiting Response.
Regards,
Ashish .A. Poojary
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I checked out by sm20.
No reults .
Did you check that Security Audit is properly configured?.... set the parameters of the Audit via SM19 and then check the results on SM20, you won't find info if its not setup.
Read,
http://help.sap.com/saphelp_nw70/helpdata/EN/c7/69bcb7f36611d3a6510000e835363f/content.htm
Regards
Juan
go to SM21 ,give date range, there you can find the logs , double on the message which suggest user locked.. there you can find from which terminal it is happening..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
check in SM66 in which application server user logged in or in AL08
from there go to SM50 ro SM04
cheers,
Sudhakar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
As of my knowledge you can find out by security audit log (tcode sm20)
go to sm20 and give the dates range and set select events to select to only critical and click on message filter and check -> Critical User &B Locked in Client &A After Erroneous Password and execute.
narsi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.