11-03-2010 12:36 PM
Hi,
we have the following problem:
A user wants to login to CRM (portal) by Internet Explorer. In some cases the user cannot login into the system because after one try he gets the message that his user account is locked.
If the login is correct the error message is shown when the explorer is closed accidentally and the user wants to login to the system again.
I checked the profil-parameter login/fails_to_user_lock. It is set to 3.
Any ideas?
Regards
Bjoern
11-03-2010 12:47 PM
The user may have tried twice before and when he try again 3rd time the use will get locked. Is this issue for all the users or only one?
11-03-2010 12:54 PM
Hi,
If the parameter is set to 3, then the system should allow the user. However, if you are referring to the CRM portal, the backend parameter will not work.
If it is the backend system, enable SM19 audit log for the user to trace out if the ID is used by any one else with incorrect password.
Hope this helps!!
Rgds,
Raghu
11-04-2010 8:40 PM
If the parameter is set to 3, then the system should allow the user. However, if you are referring to the CRM portal, the backend parameter will not work.
May I ask where you get this info from? Someone tried to convince me of it once before but it did not fly...
Anyway, I assume that logon tickets are being used here, so no passwords are involved nor evaluated (unless the system is instructed to do so in rz10 --> see login/password_change_for_sso.
Cheers,
Julius
11-05-2010 4:59 AM
Hi Julius,
It my understanding that the user to lock parameter value is not considered when the user ID source is portal and not an ABAP system.
Rgds,
Raghu
11-05-2010 12:15 PM
Hi Raghu and Bjoern,
Take a carefull look at the discussion and particularly Patrick Whitty's comments in relating to the Java UME policy being evaluated (but not affecting the UME source's policy - AD or backend).
Cheers,
Julius
11-07-2010 12:11 PM
Hi Julius,
Thanks for pointing to the right thread. Was out of the doubt now
Rgds,
Raghu
11-04-2010 8:00 PM
Have you compared terminal ID's? Users terminal to the terminal referenced in SAP as doing the lock.
11-04-2010 8:31 PM
Good observation!
If the user closes the browser and the session state is held on the backend, then logging in via SAPgui or a iView to start the session_manager might be triggering some code in the backend to lock the user for multiple concurrent logins.
--> Check the program susr0001 to see whether there is any code in the exit there.
Note: locking the user has no effect once they are "on the inside" so the code in the exit which "only" locks is possibly useless anyway...
Cheers,
Julius
11-05-2010 8:55 AM
Hi Julius,
that´s really a good observation. I will check it because the user told me that he has closed the explorer. After that he has only one try to login again.
Regards.
Bjoern
11-05-2010 10:07 AM