sapjsf locks ABAP service user psswd: M ***LOG US1=> Login, Wrong Password
I have a PI system and a number of ABAP systems connecting to this.
I have defined a service user in PI for each ABAP system - SY_SID_999 (where SID is the SAP System ID and 999 is the client). Various connections (e.g., RFC, ABAP proxy) use these userid and I rely on the user name to identify the source of the activity within PI.
I was forced to change the password of one of these userids and, subsequently, to update connection details in RFCs etc within the source system. All went well for these connections.
Now, however, at 25 minutes past the hour, I get the following error in the PI system's developer trace
M ***LOG US1=> Login, Wrong Password (SY_SID_999 ) [sign.c 4545]
and the SM21 log says
10:25:47 DIA 000 100 SAPJSF US 1 User SY_SID_999 locked due to incorrect logon
SU01 change records show no changes to SY_SID_999 from the time I unlock it until 25 minutes past the hour when this error occurs.
The SM19 security audit log in the PI system has errors:
12.08.2009 10:08:18 SAPJSF localhost SAPMSSY1 Logon Failed (Reason = 53, Type = U)
Type=U means "user switch (internal call)" according to the documentation.
Reason 53 means "Too many failed password logon attempts"
These errors occur in bunches but without a consistent repetition interval. For example, there were 8 at 10:04:56/57 then 2 at 10:08:18 then a string of success messages as follows:
12.08.2009 10:08:18 SAPJSF localhost SAPMSSY1 Logon Successful (Type=U)
Then, at 10:25...
12.08.2009 10:25:47 SAPJSF localhost SAPMSSY1 User SY_SID_999 Locked in Client 100 After Erroneous Password Checks 12.08.2009 10:25:47 SAPJSF localhost SAPMSSY1 Logon Failed (Reason = 1, Type = U)
If I do not unlock the SY_SID_999 userid in the PI ABAP system, there will be no further errors in SM21 but if I do, at 25 minutes past the hour after the error pattern will repeat.
I have set the rfc/logon_error_log parameter to 3 in PI ABAP to trigger a short dump.
Internal notes from the short dump do not identify the who, what or where of the sign-on attempt...
Internal notes The termination was triggered in function "ab_xsignon" of the SAP kernel, in line 2725 of the module "//bas/710_REL/src/krn/rfc/absignon.c#4". The internal operation just processed is "CALY". Internal mode was started at 20090812112528. Caller system......: " " Caller.............: " " Caller client......: " " RFC user ID........: " " RFC client.........: 100 Login return code..: 20 Transaction code...: " " (Note: In releases < 4.0, no information on the caller is available)
The source system represented by the SY_SID_999 userid is an ABAP ONLY stack so has no sapjsf userid. (For the record, SY_SID_999 doesn't exist in client 999 of SID either - it's defined in the PI system to do work on behalf of SID client 999.)
So the question, after all that, is:
How do I identify the source of this password error?