cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User getting locked

Former Member

on ‎02-24-2011 6:54 AM

0 Kudos

Hi,

Im a valid user in our ECC. I noticed that almost everyday, during my first initial attempt to login, my account is getting locked immediately. So I have no other choice but to ask my coleague to unlock my account. My problem is how do I determine what is causing my account to lock. I suspect that either there is someone trying to access using my account or that there is a process running automatically in the background that uses my account with a wrong password. BTW, the problem started to happen when I changed my password.

Can anybody help me identify the cause of the problem?

Thanks in advance

Jun

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member185031
Active Contributor
‎02-24-2011 7:06 AM
0 Kudos

It Seems that Your user id is mapped with some RFC connection and this could be a reason your id getting log. You can check it on SM20, or RZ20. You can find the information there.

Regards,

Subhash

Show replies
Show replies
Former Member
‎02-24-2011 8:26 AM
0 Kudos

Hi,

Thanks for the immediate feedback.

I checked from sm20 and saw several attempts to login using my account. The security audit message log of which is 'RFC/CPIC Logon Failed, Reason=53, Type=R.

I checked sm59 for my ECC, BI and PI as I thought that these systems maybe connecting to my ERP using my account but I cant see where the problem is. Any idea on other areas I can check?

Thanks

ImtiazKaredia
Active Contributor
‎02-24-2011 8:43 AM
0 Kudos

In SM20 check the terminal name column.

It will give the idea where it is used.

Former Member
‎02-24-2011 9:15 AM
0 Kudos

Hi,

Thanks for the reply. I checked the terminal column in sm20 and it is blank.

ImtiazKaredia
Active Contributor
‎02-24-2011 9:24 AM
0 Kudos

Hi,

Please check the row where the message has failed Reason = 1

Former Member
‎02-24-2011 9:50 AM
0 Kudos

Hi,

I dont see a line with REASON=1. All I see is REASON=53.

Thanks

ImtiazKaredia
Active Contributor
‎02-24-2011 9:59 AM
0 Kudos

Reason =53 means user was already locked becuase of incorrect logon.

Hence we need to figure out when was the first time incorrect password supplied.

In SM20 what selection options you are using, Please use your user ID and select all check boxes related to logon viz. dialog/RFC/CPIC.. and longer duration, may be a week logs

It cannot go from unlock to lock in first incorrect password (assuming your system parameter atleast has value 3)

If you catch that point, mostly you will be able to trace.

Former Member
‎02-24-2011 2:27 PM
0 Kudos

Try the following steps as it was posted in one of the forums. Atleast this will rule out if the account is being locked by RFC call.

I've managed to resolve this after a lot of time spent trying!
The note suggested by SAP was 171805 which explains how to trace RFC's in more detail. This is somewhat messy and gives you loads of information, none of it very readable. As I mentioned ST01 and SM20 didn't display information about the source of the RFC, just the fact that the logon failed.
The trick that finally worked was mentioned in note 91980 - there is a profile parameter:
rfc/signon_error_log (default value is -1)
That if it's set to 1 then a short dump is generated for each failed RFC log on - this gave me more details about the source of the RFC call, including the system, machine name, function module called etc.
The profile can be set dynamically in RZ11 so is quick and easy to use once you know how.
In my case it was our BW system - the SM59 destination in the BW system had had the username / password removed, so the system was trying to use the Username specified in the Partner Profile in WE20 - which for some reason was mine! Presumably it was then trying to log on with a blank password. (sorry not a BW expert!)
Hope this information helps someone else in the future - it was quite a tricky one to diagnose and resolve, but easy once you know how!

[;

Hope this helps.

Thanks,

Naveed

JPReyes
Active Contributor
‎02-24-2011 2:35 PM
0 Kudos

Did you check your Solman RFC's?... Check RZ20 -> Security -> RFCLogon in your boxes

Regards

Juan

Former Member
‎02-25-2011 12:27 AM
0 Kudos

Hi Imtiaz,

Yesterday, my account was locked 5 times so I have to unlock it 5 times also. The duration I specified in sm20 was 1 day and it should have captured the period where my account status went from unlock to lock.

Thanks

Former Member
‎02-25-2011 12:28 AM
0 Kudos

Hi Naveed,

Thanks for the input. Will set the profile rfc/signon_error_log (default value is -1) to 1 and I'll check what the log will say.

Thanks

Ask a Question