cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

runtime workbench and netweaver administrator could not be accessed

fanglin_ye
Participant

on ‎01-30-2013 10:03 AM

0 Kudos

Hello all,

we are using PI 7.11 und i have to change my password every three month because of security policy. Yesterday i changed my passowrd. Now i can login in ABAP stack, ESR and ID. But i cannot login in runtime workbench and netweaver administrator. I've restarted the AS Java. It didn't help. What's wrong here? Is there J2EE Visual Administrator in PI? Because i coundn't see the default trace without netweaver admionistrator. thx.

regards,

Fanglin

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

robertot4s
Active Participant
‎01-30-2013 11:45 AM
0 Kudos

Hi Fanglin,

What error are you getting from RWB/NWA?

The J2EE Visual Administrator has been replaced with the NWA. You can access to the default trace through the AL11 transaction:

usr/sap/<SYSID>/DVEBMGS00/j2ee/cluster/server0/log

Regards,

Roberto

Show replies
Show replies
fanglin_ye
Participant
‎01-30-2013 11:59 AM
0 Kudos

Hi Roberto,

thx for your reply. In the log file i found the error:

#2.#2013 01 30 12:56:40:572#+0100#Error#com.sap.engine.services.security.authentication.loginmodule.ticket#
#BC-JAS-SEC#security#001517754FF500440000000100003A12#1992350000000004#sap.com/com.sap.xi.rwb#com.sap.engine.services.security.authentication.loginmodule.ticket#J2EE_GUEST#0##1244149D6AD411E2C0FA0000001E669E#1244149d6ad411e2c0fa0000001e669e#1244149d6ad411e2c0fa0000001e669e#0#Thread[HTTP Worker [@680077959],5,Dedicated_Application_Thread]#Plain##
Ticket signing certificate does not uses DSA algorithm. Remove the ticket signing certificate from the TicketKeystore, create new certificate that uses the DSA algorithm, and import it into the TicketKeystore.#

#2.#2013 01 30 12:56:40:572#+0100#Error#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#
#BC-JAS-SEC#security#001517754FF500440000000200003A12#1992350000000004#sap.com/com.sap.xi.rwb#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#J2EE_GUEST#0##1244149D6AD411E2C0FA0000001E669E#1244149d6ad411e2c0fa0000001e669e#1244149d6ad411e2c0fa0000001e669e#0#Thread[HTTP Worker [@680077959],5,Dedicated_Application_Thread]#Plain##
Authentication stack: [sap.com/com.sap.xi.rwb*rwb].
[EXCEPTION]
com.sap.security.api.ticket.TicketException: Ticket signing certificate does not uses DSA algorithm.

But how can i resolve the problem?

regards,

Fanglin

robertot4s
Active Participant
‎01-30-2013 12:11 PM
0 Kudos

Hi,

There is information in the SDN about this error:

http://wiki.sdn.sap.com/wiki/display/TechTSG/(ASJava)(Security)P010+-+SAPLogonTicketKeypair+doesn't+...

But if you haven't changed anything, it sounds weird...

Try to delete the temporary files of your browser.

Regards,

Roberto

fanglin_ye
Participant
‎01-30-2013 2:52 PM
0 Kudos

Hi,

in ABAP stack a new profile parameter "ticket_only_by_https" was added by administrator. Maybe that is why i can login in the system using https link but not using http link. thx.

regards,

Fanglin

naveen_chichili
Active Contributor
‎01-30-2013 3:08 PM
0 Kudos

Hi Fanglin,

Please check with your Basis/security team so that they can trace the exact error and would be able to help you.

Regards,

Naveen.

fanglin_ye
Participant
‎01-30-2013 3:21 PM
0 Kudos

Hi Naveen,

Basis team said to me, two new profile parameter "SystemCookiesDataProtection" and "SystemCookiesHTTPSProtection" in java stack were also added. Is that the reason?

If i have to change the links to https (e.g. runtime workbench and netweaver administrator) on the page, which pops up after the transaction code SXMB_IFR is given. How?

Regards and thx,

Fanglin

naveen_chichili
Active Contributor
‎01-30-2013 3:29 PM
0 Kudos

Hi Fanglin,

>>>If i have to change the links to https (e.g. runtime workbench and netweaver administrator) on the page, which pops up after the transaction code SXMB_IFR is given. How?

The links for popups will be maintained in Exchange profile...Were there any recent changes in you exchange profile?

Regards,

Naveen

fanglin_ye
Participant
‎01-30-2013 4:05 PM
0 Kudos

Hi Naveen,

there is no changes in exchange profile.

I have tried to change the settings in exchange profile. But it didn't work. For example the parameter "com.sap.aii.connect.rwb.httpport" is required. If the parameter has a value, then there is a http link on the web page. How i can disable the parameter? thx.

Regards,

Fanglin

naveen_chichili
Active Contributor
‎01-30-2013 4:25 PM
0 Kudos

Hi,

Could you please ask your security team to check if you have below roles to your user

1)  SAP_J2EE_ADMIN

2) SAP_XI_USER_DISPLAY_J2EE

Also try to open nwa directly using link 

http://<hostname>:<port no.>/nwa

Thanks and Regards,

Naveen

fanglin_ye
Participant
‎01-31-2013 7:18 AM
0 Kudos

Hi,

thx for your reply. I have checked, my user has the two roles. The http link to NWA dosen't work.

regards,

Fanglin

Ask a Question