on 02-24-2011 6:54 AM
Hi,
Im a valid user in our ECC. I noticed that almost everyday, during my first initial attempt to login, my account is getting locked immediately. So I have no other choice but to ask my coleague to unlock my account. My problem is how do I determine what is causing my account to lock. I suspect that either there is someone trying to access using my account or that there is a process running automatically in the background that uses my account with a wrong password. BTW, the problem started to happen when I changed my password.
Can anybody help me identify the cause of the problem?
Thanks in advance
Jun
It Seems that Your user id is mapped with some RFC connection and this could be a reason your id getting log. You can check it on SM20, or RZ20. You can find the information there.
Regards,
Subhash
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Thanks for the immediate feedback.
I checked from sm20 and saw several attempts to login using my account. The security audit message log of which is 'RFC/CPIC Logon Failed, Reason=53, Type=R.
I checked sm59 for my ECC, BI and PI as I thought that these systems maybe connecting to my ERP using my account but I cant see where the problem is. Any idea on other areas I can check?
Thanks
Reason =53 means user was already locked becuase of incorrect logon.
Hence we need to figure out when was the first time incorrect password supplied.
In SM20 what selection options you are using, Please use your user ID and select all check boxes related to logon viz. dialog/RFC/CPIC.. and longer duration, may be a week logs
It cannot go from unlock to lock in first incorrect password (assuming your system parameter atleast has value 3)
If you catch that point, mostly you will be able to trace.
Try the following steps as it was posted in one of the forums. Atleast this will rule out if the account is being locked by RFC call.
I've managed to resolve this after a lot of time spent trying!
The note suggested by SAP was 171805 which explains how to trace RFC's in more detail. This is somewhat messy and gives you loads of information, none of it very readable. As I mentioned ST01 and SM20 didn't display information about the source of the RFC, just the fact that the logon failed.
The trick that finally worked was mentioned in note 91980 - there is a profile parameter:
rfc/signon_error_log (default value is -1)
That if it's set to 1 then a short dump is generated for each failed RFC log on - this gave me more details about the source of the RFC call, including the system, machine name, function module called etc.
The profile can be set dynamically in RZ11 so is quick and easy to use once you know how.
In my case it was our BW system - the SM59 destination in the BW system had had the username / password removed, so the system was trying to use the Username specified in the Partner Profile in WE20 - which for some reason was mine! Presumably it was then trying to log on with a blank password. (sorry not a BW expert!)
Hope this information helps someone else in the future - it was quite a tricky one to diagnose and resolve, but easy once you know how!
Hope this helps.
Thanks,
Naveed
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.