cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

user id getting locked automatically in regular intervals of time.

Former Member

on ‎07-27-2013 12:53 PM

0 Kudos

Hi,

One user id is getting locked every day at same time automatically with wrong password .

When we check SUIM for change documents we see that value for the lock as 128 ( incorrect password)

and the tcode for the lock is KRNL. and we dont have any other information regarding this.

we have cheked table USR02 as well but did not find any more information

We are manually unlocking everyday as of now but don know the exact reason why is it being locked.

We also checked for any  jobs running on the same user id and also any RFC connetions using this user id but did not find any in RFSDES.

The user id is getting locked at alomost same time every day so We dont believe its a manual attempt.

today iam configured the sm19 system log configure this log showing below imformation

Report DSVAS_APPL_CSA_UPD_TASKSTATUS Started
Successful RFC Call RFC_PING (Function Group = SRFC)
Password check failed for user BASIS in client 100
RFC/CPIC Logon Failed, Reason = 1, Type = S
Successful RFC Call RFC_PING (Function Group = SRFC)
Password check failed for user BASIS in client 100
RFC/CPIC Logon Failed, Reason = 1, Type = S
Password check failed for user BASIS in client 100
RFC/CPIC Logon Failed, Reason = 1, Type = R
Successful RFC Call RFC_PING (Function Group = SRFC)
Password check failed for user BASIS in client 100
RFC/CPIC Logon Failed, Reason = 1, Type = S
Successful RFC Call RFC_PING (Function Group = SRFC)
Password check failed for user BASIS in client 100
User BASIS Locked in Client 100 After Erroneous Password Checks
RFC/CPIC Logon Failed, Reason = 1, Type = S
Successful RFC Call RFC_SYSTEM_INFO (Function Group = SRFC)
RFC/CPIC Logon Failed, Reason = 53, Type = S
Successful RFC Call RFC_PING (Function Group = SRFC)
RFC/CPIC Logon Failed, Reason = 53, Type = S
Successful RFC Call RFC_PING (Function Group = SRFC)
RFC/CPIC Logon Failed, Reason = 53, Type = S
RFC/CPIC Logon Failed, Reason = 53, Type = R

Please check the same and let us know if there is any other way to find out  REASONS why the user id is being locked and please also let us know if there are any logs to find the same.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

divyanshu_srivastava3
Active Contributor
‎07-29-2013 7:43 AM

Hi,

Try to create and activate user audit profile using sm19. Then check results in SM20.

It is surely because of some remote call on your current system.

Regards,

Divyanshu

Show replies
Show replies
Former Member
‎07-29-2013 12:03 PM
0 Kudos

Hi Suresh,

                Password for user id Basis is changed and not updated in your RFC connection , thats why it is getting locked at all the times , please change the password of basis in client 100 and update the same in your RFC connection.

             Hope it might works.

Thanks and Regards,

Kunal Gahlot

Former Member
‎07-29-2013 1:07 PM
0 Kudos

Hi divyanushu,

activated user audit profile using sm19 and checked  results in SM20.also its showing below log

from production server RFC is calling but prd rfcis working fine i dont know what is happening inside

Report DSVAS_APPL_CSA_UPD_TASKSTATUS Started
Successful RFC Call RFC_PING (Function Group = SRFC)
Password check failed for user BASIS in client 100
RFC/CPIC Logon Failed, Reason = 1, Type = S
Successful RFC Call RFC_PING (Function Group = SRFC)
Password check failed for user BASIS in client 100
RFC/CPIC Logon Failed, Reason = 1, Type = S
Password check failed for user BASIS in client 100
RFC/CPIC Logon Failed, Reason = 1, Type = R
Successful RFC Call RFC_PING (Function Group = SRFC)
Password check failed for user BASIS in client 100
RFC/CPIC Logon Failed, Reason = 1, Type = S
Successful RFC Call RFC_PING (Function Group = SRFC)
Password check failed for user BASIS in client 100
User BASIS Locked in Client 100 After Erroneous Password Checks
RFC/CPIC Logon Failed, Reason = 1, Type = S
Successful RFC Call RFC_SYSTEM_INFO (Function Group = SRFC)
RFC/CPIC Logon Failed, Reason = 53, Type = S
Successful RFC Call RFC_PING (Function Group = SRFC)
RFC/CPIC Logon Failed, Reason = 53, Type = S
Successful RFC Call RFC_PING (Function Group = SRFC)
RFC/CPIC Logon Failed, Reason = 53, Type = S
RFC/CPIC Logon Failed, Reason = 53, Type = R

regards

suresh

Former Member
‎07-29-2013 1:26 PM
0 Kudos

Hi Suresh,

If happening at particular time set the following parameter active in RZ11 maybe 10 minutes before this usual lock period. This will generate more information in trace files and short dump to tell you where RFC is being access from that locks the user

rfc/signon_error_log

So that you can receive additional information about the cause of the login problem when an RFC login fails, or to receive no short dump for compatibility reasons, you must include the profile parameter"rfc/signon_error_log" in the profile file on the corresponding application server.

can analyze the content of the dump using the ABAP short dump analysis

If you set the value of the profile parameter to 0 (that is,

rfc/signon_error_log = 0), no ABAP short dump is written, but an entry

is created in the syslog.

Parameter description :

If you set the value of the profile parameter to 1 (that is,

rfc/signon_error_log = 1), the system outputs the short dump

"CALL_FUNCTION_SIGNON_REJECTED" every time a logon error occurs. You

can analyze the content of the dump using the ABAP short dump analysis

transaction (Transaction ST22).

Kind Regards,

Johan

Former Member
‎08-29-2014 8:32 AM
0 Kudos

Combination of SM19/20 and the parameter rfc/signon_error_log have proven very valuable on multiple occasions for me.

Former Member
‎07-29-2013 2:24 PM
0 Kudos

Since this is obviously an RFC login, there are two possible sources:  an SAP system or an external program. 

The first is more common and fairly easy to find.  You just need to check ALL your SAP systems (ABAP and Java) for RFC destinations using that user.  It might be one you don't expect!  If your SOL system is also serving for SLD duty, then you also have to check the SLD configuration in all SAP systems.

Show replies
Show replies
Former Member
‎07-28-2013 5:19 PM
0 Kudos

Hi Suresh,

Well, at least you know which user it is, Basis/100, and what time exactly it happened every day.

Maybe you can start a trace-by-userid slightly before the time it will happened, and also check where is this RFC came from during that time (dev_rfc log, sm59).

In the meantime, you can change the user-type to either System or Service user, depending if you need to login via SAPGUI or not).

I hope this will help you.

Regards,

Andre

Show replies
Show replies
Former Member
‎07-29-2013 5:27 AM
0 Kudos

Dear Andre,

exactly evening 04.30pm i put the trace for that user id that related log also i mentioned please check that log

regards

suresh

former_member188883
Active Contributor
‎07-29-2013 7:35 AM
0 Kudos

Hi Suresh,

Password check failed for user BASIS in client 100

Could you check which RFC destinations have user BASIS defined in the connection parameters.

Mostly it could be RFC from another SAP system to your ECC system where user is getting locked.

Hope this helps.

Regards,

Deepak Kori

Former Member
‎07-29-2013 7:53 AM
0 Kudos

Hi Suresh,

                Password for user id Basis is changed and not updated in your RFC connection , thats why it is getting locked at all the times , please change the password of basis in client 100 and update the same in your RFC connection.

             Hope it might works.

Thanks and Regards,

Kunal Gahlot

Former Member
‎07-29-2013 10:41 AM
0 Kudos

Hi Suresh,

What I mean by trace-by-userid is via transaction ST01-->RFC calls and in "General Filters" you can put the user-name specific for this trace.

Check this wiki (this case it's authorization-trace, but you need to change to RFC user-trace): http://wiki.sdn.sap.com/wiki/display/PLM/Authorization+Trace+in+transaction+ST01

Then I assume you will get more info from this trace-file after 4:30 pm today, don't forget to sett the "trace off" afterwards.

I hope this will help you.

Regards,

Andre

Former Member
‎07-29-2013 1:02 PM
0 Kudos

Dear kunal,

I maintained same password this issue happend in my solution manager server please help me slove this issue

former_member1086178
Discoverer
‎07-25-2016 6:52 PM
0 Kudos

How to check who changed password. when I had same issue I checked that no one changed password with SU01 and in SUIM change logs no info available who changed password earlier also. Then how come suddenly password mismatches? And I am thinking how to trace the person by whom password is mismatching in RFC connections.

Message was edited by: Jeevakiran polipalli

Manas_Vincit
Active Participant
‎07-28-2013 2:53 PM
0 Kudos

Hi Suresh ,

Check Solution Manager 's RFC ,if this User maintained there for login  and password maintained correctly .

Thanks

Manas

Show replies
Show replies
Former Member
‎07-28-2013 12:37 PM
0 Kudos

Hi,

Just wanted to ask how many system are connected to that system.

Can you please run this program in all the system connected to this system and you can check from the list where its used.

RSRFCCHK

Did you recently change the kernel of CI but the Application server is still on the old kernel. I had this issue once because of that once.

Thanks

Rishi Abrol

Show replies
Show replies
Ask a Question