on 03-26-2012 4:42 PM
Dear SAP gurus,
I tried to patch the Java stack of my SAP ERP system using JSPM but it got stopped with the following error:
"Cannot login to the SAP J2EE Engine using user and password as provided in the Filesystem Secure Store. Enter valid login information in the Filesystem Secure Store using the SAP J2EE Engine Config Tool. For more information, see SAP note 701654."
I followed the note but unfortunately the solution provided did not work.
This is when I realized that J2EE_ADMIN gets locked when I access to SAP J2EE Engine - System info. I access into SAP ABAP Stack (java client) using J2EE_ADMIN without problems but I cannot access to the following link:
http://<SAP host>:50000/monitoring/SystemInfo
I have to go back to ABAP (su01) in order to unlock J2EE_ADMIN after using it to access the above link.
The only logs I could find are on /usr/sap/<SID>/DVEBMGS00/work/dev_w0
***LOG US1=> Login, Wrong Password (J2EE_ADMIN ) [sign.c 4539]
Do you guys have any idea how can I find the reason why J2EE_ADMIN is getting locked continuously?
Thanks in advance, Marc
i think this Note 669848 - Unlocking the
Administrator User on the J2EE Engine/AS Java could help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marc,
To be more specific, see if you have specified the password in Global Configuration under point 3.
Br,
Venky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
dev_server0 log shows the following (those entries occur at the same time the j2ee_admin user gets locked):
[Thr 1131587904] Wed Mar 28 08:01:16 2012
[Thr 1131587904] ***LOG S98=> STISearchConv, no conv (30762341) [r3cpic_mt.c 6129]
[Thr 1131587904]
*****************************************************************************
*
[Thr 1131587904] * LOCATION CPIC (TCP/IP) on local host with Unicode
[Thr 1131587904] * ERROR no conversation found with id 30762341
[Thr 1131587904] *
* TIME Wed Mar 28 08:01:16 2012
[Thr 1131587904] * RELEASE 700
[Thr 1131587904] * COMPONENT CPIC (TCP/IP) with Unicode
[Thr 1131587904] * VERSION 3
[Thr 1131587904] * RC 473
[Thr 1131587904] * MODULE r3cpic_mt.c
[Thr 1131587904] * LINE 6130
[Thr 1131587904] * COUNTER 5235
[Thr 1131587904] *
[Thr 1131587904] *****************************************************************************
[Thr 1131587904]
*****************************************************************************
*
[Thr 1131587904] * LOCATION CPIC (TCP/IP) on local host with Unicode
[Thr 1131587904] * ERROR illegal parameter value ( function=SAP_CMTIMEOUT2 /
* parameter=conversation_ID / value=30762341 )
[Thr 1131587904] *
* TIME Wed Mar 28 08:01:16 2012
[Thr 1131587904] * RELEASE 700
[Thr 1131587904] * COMPONENT CPIC (TCP/IP) with Unicode
[Thr 1131587904] * VERSION 3
[Thr 1131587904] * RC 769
[Thr 1131587904] * MODULE r3cpic_mt.c
[Thr 1131587904] * LINE 7346
[Thr 1131587904] * COUNTER 5236
[Thr 1131587904] *
[Thr 1131587904] *****************************************************************************
Hi,
Try to find out if you are using J2EE_ADMIN in some RFC's. You can check this in RFCDES table.
Also try to find the audit logs for the user.
If still you are not able to find out then you can try using some other admin user id in secure store.
Regards,
Nirmal.K
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I ran an audit log for j2ee_admin user and I got the following logs after unlocking j2ee_admin:
27.03.2012 | 13:26:00 | J2EE_ADMIN | <host> | SAPMSSY1 | RFC/CPIC Logon Failed, Reason = 1, Type = R | |
27.03.2012 | 13:27:00 | J2EE_ADMIN | <host> | SAPMSSY1 | Password check failed for user J2EE_ADMIN in client 100 | |
27.03.2012 | 13:27:00 | J2EE_ADMIN | <host> | SAPMSSY1 | RFC/CPIC Logon Failed, Reason = 1, Type = R | |
27.03.2012 | 13:28:00 | J2EE_ADMIN | <host> | SAPMSSY1 | Password check failed for user J2EE_ADMIN in client 100 | |
27.03.2012 | 13:28:00 | J2EE_ADMIN | <host> | SAPMSSY1 | RFC/CPIC Logon Failed, Reason = 1, Type = R |
It points that there is an RFC that is being executed every min with Incorrect logon data (client, user name, password) but I couldnt figure out where this comes from.
Any suggestions?
Thanks in advance, Marc
Hi,
Check whether the J2ee_admin password which is provided on configtool and the password is the same.
None of the RFC or JCO should contain j2ee_admin for the login .
If you found no issues with the above, try to change the password make sure you change in Configtool also.
Thanks,
Subhash.G
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks Subhash,
I already have changed the "admin/password/<SID>" to turn it the same as j2ee_admin but it look like it does not changed (I am counting the characters of the password as this is hidden).
Non RFC contains the j2ee_admin for login.
The weird thing is that I cannot login on Visual Administrator even if j2ee_admin is unlocked. "User Authentication failed".
Regards, Marc
Marc,
1)Are you sure the client copy was done from 001 client where j2ee_admin user will come from?
2) Restart the cluster node after password reset in configtool from jcmon for password to take effect .
3) Sap* is the emergency user where you can activate it and login to VA , you need to restart the instance for that .
Thanks,
Subhash.G
Thanks Subhash,
>1)Are you sure the client copy was done from 001 client where j2ee_admin user will come from?
no client copy was done.
>2) Restart the cluster node after password reset in configtool from jcmon for password to take effect .
I already tried that but unfortunately did not work.
>3) Sap* is the emergency user where you can activate it and login to VA , you need to restart the instance for >that .
Why do i need the SAP* user?I just want to discover what i locking the j2ee user...
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.