10-20-2011 11:02 AM
Hello,
my user is locked within two minutes after unlocking it.
Its Netweaver PI System.
What can I do, to find out what program my user locks?
If already checked following:
- all connections in SM59
- JAVA Default Trace
- Exchange profile
Please advice
Regards Christian
10-20-2011 11:23 AM
Hi Christian,
Have you checked if your user is setted in some CommunicationChannels in PI System Directory?
10-20-2011 11:25 AM
Hi Christian,
Is this user a service id or an id which more than one people are using simultaneously.
You can run a trace (ST01) against your userId or can run a SM20 trace right from the time it started to happen.
The 6th column in SM20 output would name the program that the userID had used.
Warm Regards,
Kaushik
10-20-2011 12:27 PM
Hello,
the user is not set at any communication channel.
I don't see anything in st01 trace.
Is there a guide for sm20 trace?
10-20-2011 1:16 PM
Hello,
I've activated security auditlog now.
It's an RFC connection type R from the local host.
Seems to be from the JAVA stack.
10-20-2011 3:03 PM
10-20-2011 9:43 PM
nice sleuthing. wish you could get points for posting your solution, maybe it will help someone.
10-20-2011 11:09 PM
If you look in the RFC Security Best Practices wiki, you will find a section on "cardinality".
You are obviously suffering from cardinality issues...
You should fix them.
Cheers,
Julius
10-21-2011 7:17 AM
10-21-2011 9:14 AM
It is in the FAQ at the top of the page, in the main security page --> wikis -> best practices --> how to secure and analyze RFC connections.
Or via the [search|https://wiki.sdn.sap.com/wiki/dosearchsite.action?queryString=cardinalityANDRFC&where=conf_all&type=&lastModified=&contributor=&contributorUsername=] ...
Some (standard) scenarios do not by default support this cardinality requirement.
Cheers,
Julius