on 11-10-2010 7:48 PM
I have gone through solution manager configuration both as myself and as user solman_admin. Recently the Solution manager system was changed to enforce a more complex password scheme. After changing my password, my account is now getting locked every few minutes due to incorrect logon attempts. The System log states that user SAPJSF from Terminal <solution Manager host name> is attempting to login with my userID and is locking it. so far I have made every change I know to make to all the accounts on the JAVA side and to any and all background jobs that are running to remove my userID from these entries. My account still gets locked and I have no idea where to find what task or process is locking the account.
Any ideas would be greatly appreciated.
Hi Sewll,
Please delete the user from SAP and recreate the user with solman_setup
issue because you have entered wrong password.
Thanks,
Rahul Yedapally
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am having the same issue. Did you find a solution? If so, please let me know.
Thanks!
OA
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Byram,
You if you cannot find the source, you may want to consider the following:
- copy the userID user to userID_2
- configure userID_2 on all the locations where the userID was used
- delete the userID user
- restart the system
If the restart fails after this, one can find the component using the
userID with wrong password.
If the restart works it is most probably a 3rd party monitoring software
using the userID user with incorrect credentials.
Hope this is helpful.
Regards,
Paul
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hell Paul, Thanks for your reply. it is actually my personal account that is getting locked. I've already created a second one to use while figuring out the problem. There are no other monitoring tools in the landscape, Just solution manager and it was not setup for monitoring until after this issue happened. I believe it was something that took place during the initial basic configuration of solution manager, using T-code SOLMAN_SETUP. I have since been back through solman_setup but could find no place where using my account would have triggered something to store the credentials and use them every few minutes.
Hi,
Please enable security audit in SM19 for your user id with all options. unlock your account and see what is causing it to lock your account from the audit log.
2nd option is to follow as per Paul's recommendation to copy your user id to temporary id. delete your id that gets locked. restart and see if you find any thing in SM21.
Regards,
Digesh
Good thought. I only see two available RFC listeners on the JCo RFC Provider section inside Visual Administrator. Neither are using the locked account. I'll poke around inside VA a bit more today. I suspect it is something in here.
As for the Audit tracing mentioned earlier. It doesn't show me any more detail than the system log itself shows. I know that SAPJSF is initiating the connection from the solution manager server and trying to logon with my account.
I have checked the audit log and it is not very helpful. Here are the results
Date Date/Time User Terminal name Transaction Code Program Message Text
11/12/2010 9:29:39 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:29:39 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:29:39 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:29:39 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:29:44 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:29:44 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:29:44 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:29:44 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:31:30 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:31:30 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 User BSEWELL Locked in Client 001 After Erroneous Password Checks
11/12/2010 9:31:30 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:31:30 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 53, Type = U)
11/12/2010 9:32:36 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 53, Type = U)
11/12/2010 9:32:36 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 53, Type = U)
Unfortunately I can't change the password back to what it was due to new profile parameters requiring certain password complexity values such as 1 digit, 1 special character, etc. My idea was to change my user type to System or service in this client only and set the password to the original. That would be a work around but I can't change the password strategy due to Customer requirements.
I did set a system trace to see if it would pick up anything.
System Trace revealed no activity for SAPJSF or BSEWELL at or around the time when the account was locked again.
Byram,
Please check RFCs in SM59. If your user id is saved in any RFCs with password, that could cause locking of user when it tries to connect.
Regards,
Digesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.