cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

J2EE_ADMIN gets locked when accessing SAP J2EE Engine - System info

Former Member

on ‎03-26-2012 4:42 PM

0 Kudos

Dear SAP gurus,

I tried to patch the Java stack of my SAP ERP system using JSPM but it got stopped with the following error:

"Cannot login to the SAP J2EE Engine using user and password as provided in the Filesystem Secure Store. Enter valid login information in the Filesystem Secure Store using the SAP J2EE Engine Config Tool. For more information, see SAP note 701654."

I followed the note but unfortunately the solution provided did not work.

This is when I realized that J2EE_ADMIN gets locked when I access to SAP J2EE Engine - System info. I access into SAP ABAP Stack (java client) using J2EE_ADMIN without problems but I cannot access to the following link:

http://<SAP host>:50000/monitoring/SystemInfo

I have to go back to ABAP (su01) in order to unlock J2EE_ADMIN after using it to access the above link.

The only logs I could find are on /usr/sap/<SID>/DVEBMGS00/work/dev_w0

***LOG US1=> Login, Wrong Password (J2EE_ADMIN ) [sign.c       4539]

Do you guys have any idea how can I find the reason why J2EE_ADMIN is getting locked continuously?

Thanks in advance, Marc

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎12-08-2012 12:29 PM
0 Kudos

i think this Note 669848 - Unlocking the
Administrator User on the J2EE Engine/AS Java could help.

Show replies
Show replies
Former Member
‎03-27-2012 8:44 AM
0 Kudos

Hi Marc,

To be more specific, see if you have specified the password in Global Configuration under point 3.

Br,

Venky

Show replies
Show replies
Former Member
‎03-27-2012 9:10 AM
0 Kudos

Thanks Venky,

I couldnt change "ume.superadmin.password" as  Premsukh suggested. I tried to enter a new password but the characters from old one cannot be removed...

Regards, Marc

former_member182307
Contributor
‎03-27-2012 11:13 PM
0 Kudos

Do you have any diagnostic agent trying to connect to this j2ee server ?

Former Member
‎03-28-2012 8:46 AM
0 Kudos

Hi Steve,

Diagnostics Agents are not running on this server.

Thanks, Marc

Former Member
‎03-28-2012 9:19 AM
0 Kudos

dev_server0 log shows the following (those entries occur at the same time the j2ee_admin user gets locked):

[Thr 1131587904] Wed Mar 28 08:01:16 2012

[Thr 1131587904] ***LOG S98=> STISearchConv, no conv (30762341) [r3cpic_mt.c  6129]

[Thr 1131587904]

*****************************************************************************

*

[Thr 1131587904] *  LOCATION    CPIC (TCP/IP) on local host with Unicode

[Thr 1131587904] *  ERROR       no conversation found with id 30762341

[Thr 1131587904] *

*  TIME        Wed Mar 28 08:01:16 2012

[Thr 1131587904] *  RELEASE     700

[Thr 1131587904] *  COMPONENT   CPIC (TCP/IP) with Unicode

[Thr 1131587904] *  VERSION     3

[Thr 1131587904] *  RC          473

[Thr 1131587904] *  MODULE      r3cpic_mt.c

[Thr 1131587904] *  LINE        6130

[Thr 1131587904] *  COUNTER     5235

[Thr 1131587904] *

[Thr 1131587904] *****************************************************************************

[Thr 1131587904]

*****************************************************************************

*

[Thr 1131587904] *  LOCATION    CPIC (TCP/IP) on local host with Unicode

[Thr 1131587904] *  ERROR       illegal parameter value ( function=SAP_CMTIMEOUT2 /

*              parameter=conversation_ID / value=30762341 )

[Thr 1131587904] *

*  TIME        Wed Mar 28 08:01:16 2012

[Thr 1131587904] *  RELEASE     700

[Thr 1131587904] *  COMPONENT   CPIC (TCP/IP) with Unicode

[Thr 1131587904] *  VERSION     3

[Thr 1131587904] *  RC          769

[Thr 1131587904] *  MODULE      r3cpic_mt.c

[Thr 1131587904] *  LINE        7346

[Thr 1131587904] *  COUNTER     5236

[Thr 1131587904] *

[Thr 1131587904] *****************************************************************************

Former Member
‎12-07-2012 8:41 PM
0 Kudos

Hi Marc,

Have you able to figured this out, we have a similar kind of issue. Can you please share us the solution for this?

nirmal_konchada
Active Contributor
‎03-27-2012 8:32 AM
0 Kudos

Hi,

Try to find out if you are using J2EE_ADMIN in some RFC's. You can check this in RFCDES table.

Also try to find the audit logs for the user.

If still you are not able to find out then you can try using some other admin user id in secure store.

Regards,

Nirmal.K

Show replies
Show replies
Former Member
‎03-27-2012 9:04 AM
0 Kudos

Thanks Nimal.

I could access to java stack with another user. However, I need to solve the issue with j2ee_admin as this is the user to access Visual admin and patch java components.

Regards, Marc

Former Member
‎03-27-2012 4:19 PM
0 Kudos

I ran an audit log for j2ee_admin user and I got the following logs after unlocking j2ee_admin:

27.03.201213:26:00J2EE_ADMIN<host>
SAPMSSY1RFC/CPIC Logon Failed, Reason = 1, Type = R
27.03.201213:27:00J2EE_ADMIN<host>
SAPMSSY1Password check failed for user J2EE_ADMIN in client 100
27.03.201213:27:00J2EE_ADMIN<host>
SAPMSSY1RFC/CPIC Logon Failed, Reason = 1, Type = R
27.03.201213:28:00J2EE_ADMIN<host>
SAPMSSY1Password check failed for user J2EE_ADMIN in client 100
27.03.201213:28:00J2EE_ADMIN<host>
SAPMSSY1RFC/CPIC Logon Failed, Reason = 1, Type = R

It points that there is an RFC that is being executed every min with Incorrect logon data (client, user name, password) but I couldnt figure out where this comes from.

Any suggestions?

Thanks in advance, Marc

Former Member
‎03-26-2012 5:57 PM
0 Kudos

Hi,

Check whether the J2ee_admin password which is provided on configtool and the password is the same.

None of the RFC or JCO should contain j2ee_admin for the login .

If you found no issues with the above, try to change the password make sure you change in Configtool also.

Thanks,

Subhash.G

Show replies
Show replies
premsukh_bishnoi
Contributor
‎03-26-2012 8:15 PM
0 Kudos

Hi,

Please  check point III in SAP Note No. 865424.

Surely it will solve your issue.

Regards, Premsukh

Former Member
‎03-27-2012 8:58 AM
0 Kudos

thanks Subhash,

I already have changed the "admin/password/<SID>" to turn it the same as j2ee_admin but it look like it does not changed (I am counting the characters of the password as this is hidden).

Non RFC contains the j2ee_admin for login.

The weird thing is that I cannot login on Visual Administrator even if j2ee_admin is unlocked. "User Authentication failed".

Regards, Marc

Former Member
‎03-27-2012 9:01 AM
0 Kudos

Thanks for your answer Premsukh but the note you suggested is related to SAP * user and not j2ee_admin user.

Regards, Marc

Former Member
‎03-27-2012 8:46 PM
0 Kudos

Marc,

1)Are you sure the client copy was done from 001 client where j2ee_admin user will come from?

2) Restart the cluster node after password reset in configtool  from jcmon  for password to take effect .

3) Sap* is the emergency user where you can activate it  and login to VA , you need to restart the instance for that  .

Thanks,

Subhash.G

Former Member
‎03-28-2012 8:40 AM
0 Kudos

Thanks Subhash,

>1)Are you sure the client copy was done from 001 client where j2ee_admin user will come from?

no client copy was done.

>2) Restart the cluster node after password reset in configtool  from jcmon  for password to take effect .

I already tried that but unfortunately did not work.

>3) Sap* is the emergency user where you can activate it  and login to VA , you need to restart the instance for >that  .

Why do i need the SAP* user?I just want to discover what i locking the j2ee user...

Ask a Question