cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TMS configuration is inconsistent

Go to solution
tanmeya_mohan
Active Participant

on ‎12-25-2013 3:02 AM

0 Kudos

Hi All,

We have a situation where TMS RFCs stop working, because the user TMSADM gets locked.

We have reset the password for TMSADM in each system & maintained it in each and every possible RFC that is related to the current configuration.

At first everything was fine & the configuration was activated & distributed throughout all the systems.

After a few days we found that some RFCs were last edited by user TMSADM (only for systems that are in a specific transport group) & the authorization test for them were getting failed due to wrong user name & password maintained.

In case we manually specify the password in the RFCs, the authorization test is successful.

So the issue here is that TMSADM is modifying the password maintained in the RFCs. We have maintained exactly same password for user TMSADM in each & every system, so does anyone have an idea to rectify this issue.

Best Regards,

Tanmeya

P.S.: We tried to reset the password for user TMSADM using the steps as per below link -

Changing the Password of User TMSADM - Change and Transport System - SAP Library

But the program give the below message "Function Module TMS_SEC_CHANGE_PWD not found" during execution. The execution was incomplete & brought a greater level of inconsistency. Our Domain Controller is ECC 6.0 EHP 5.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-25-2013 4:57 AM
0 Kudos

Hi,

Can you please go in Se37 and check the function module TMS_SEC_CHANGE_PWD.

See if it is active.

Thanks

Rishi Abrol

Show replies
Show replies
tanmeya_mohan
Active Participant
‎12-25-2013 5:04 AM
0 Kudos

Hi Rishi,

TMS_SEC_CHANGE_PWD exists & is active in client 000 of the domain controller.

Best Regards,

Tanmeya

Former Member
‎12-25-2013 5:14 AM
0 Kudos

Hi,

As per the note please check what is the domain controller release

1568362 - TMSADM password change

Should the system landscape be large then we can automate the process.

  1. For this we implement SAP note # 1414256 (for releases <= 640 manual steps in SAP note # 761637 must still be applied)
    The note 1414256 contains report TMS_UPDATE_PWD_OF_TMSADM which must be run in the DC (domain controller) client 000. It should be noted that this report in itself does not support domain links.
  2. Should domain links exist then use SAP # note 1515926. The note should be applied to all systems of the connected domains. Once the note is applied start the report that is described in Note 1414256 on all of the domain controllers of the connected domains. That means executing TMS_UPDATE_PWD_OF_TMSADM in client 000 on all domain controllers.

7.30 got a new handling concerning TMSADM password to fulfil SAP product standards.

  1. When you run STMS for the first time (domain controller) in >= 7.30 system you get a pop-up with the same 3 options as you get when you run report TMS_UPDATE_PWD_OF_TMSADM.
  2. You should choose either option to fill TMSADM password. Please see below for details on each option. Please do not use the manual steps above for releases >= 7.30. Report TMS_UPDATE_PWD_OF_TMSADM can be used.

Some fix

1691028 - Fix for TMS_UPDATE_PWD_OF_TMSADM

Thanks

Rishi Abrol

tanmeya_mohan
Active Participant
‎12-27-2013 11:50 AM
0 Kudos

Hi Rishi,

As per SAP Note# 1414256, extract below -

Known limitations:

You must deactivate the SNC protection option before you change the TMSADM password. In systems with the highest Quality of Protection (QoP) level, you must reduce the QoP level so that non-secure connections are allowed.

After you change the TMSADM password, you can activate the SNC protection option again. Afterwards, you can set the QoP level back to the highest protection level if required.

Would you be able to guide me on how to achieve the same?

Also as you have mentioned that SAP Note# 1515926 should be applied prior to execution of report TMS_UPDATE_PWD_OF_TMSADM, it is not applicable for our ERP & CRM environments. The thing here is that we are using ERP DEV system as Domain Controller for TMS.

Let me know your thoughts.

Also the SAP Note# 1691028 is not applicable in the Domain Controller system.

Best Regards,

Tanmeya

Answers (5)

Answers (5)

tanmeya_mohan
Active Participant
‎01-02-2014 8:55 AM
0 Kudos

Hi All,

Happy New Year!

Thanks for all your help.

Report TMS_UPDATE_PWD_OF_TMSADM is nothing less of a magic!

Applied SAP Notes# 1515926 & their dependencies in all systems of the Domain.

FM(s) had a problem in 2 systems due to some earlier incomplete SAP Note# implementation.

After rectifying the same, password was reset across all the systems in the Domain & the configuration became consistent.

Best Regards,

Tanmeya

Show replies
Show replies
Former Member
‎08-22-2014 9:03 AM
0 Kudos

Hi Tanmeya

For the account TMSADM same password should be maintained through out the landscape?

While running the report TMS_UPDATE_PWD_OF_TMSADM what should be provided in the destination field, when I enter the RFC name TMSADM@SID.DOMAIN_SID I get a warning asking to input sid and domain.

Please clarify

Thanks in advance.

tanmeya_mohan
Active Participant
‎08-23-2014 6:24 PM
0 Kudos

Hi Balaji,

Yes, this report sets the same password for TMSADM user in all systems that are a part of your TMS config.

Thus the password you are specifying must comply with the ABAP password policy activated across all systems in your TMS.

Regarding field "Destination Pattern" under Options, you can leave the entry as-is to "TMSSUP@<sid>.<domain>".

No need to replace <sid> & <domain>, by specific values. This will be taken care by the report itself.

This option is available in newer versions only.

Hope it helps.

Best Regards,

Tanmeya

Former Member
‎08-25-2014 4:18 AM
0 Kudos

Thank you very much Tanmeya  for the response.


Former Member
‎12-30-2013 3:57 AM
0 Kudos

Hi,

Kindly delete your tms configuration for all the system and reconfigure tms  configuration for all the system. I hope it will work..Let try and let me know.

After reconfigure tmsadm password will come default.

Thank you

Mahendran

Show replies
Show replies
Former Member
‎12-25-2013 5:19 AM
0 Kudos

Hi Tanmeya,

TMS_UPDATE_PWD_OF_TMSADM should  sure work ,,i have changed the password recently


Rableen

Show replies
Show replies
tanmeya_mohan
Active Participant
‎12-29-2013 3:31 AM
0 Kudos

Hi Rableen,

I re-tried to execute the report after application of the suggested SAP Notes#.

Had 2 pop-ups with below message during the execution:

"The function module is not active or contains no code."

"The function module "TMS_SEC_CHANGE_PWD" cannot be used for 'remote' calls."

Above messages appeared as error in the logs & execution RC was 0012.

Any suggestions?

Best Regards,

Tanmeya

Former Member
‎12-29-2013 3:51 AM
0 Kudos

Hi Tanmeya

a) Can you please check if the FM TMS_SEC_CHANGE_PWD  is active in SE37

b) Once confirmed for point a above , then use the FM - TMS_UPDATE_PWD_OF_TMSADM

Thanks

tanmeya_mohan
Active Participant
‎12-29-2013 4:29 AM
0 Kudos

Hi Rishi,

FM exists in the system in Active state.

However, I just checked & found that the SID(s) for which I was receiving the errors, displayed below error while trying to display FM in SE37 -

Function group TMSC_I contains errors

Message no. FL023

Diagnosis

The function group TMSC_I that you want to change contains inconsistencies.

System Response

You cannot change function module TMS_SEC_CHANGE_PWD.

Procedure

Use the Function Builder repair tool to remove the inconsistencies from the function group. You can then change the function module as planned.

To open the repair tool, on the initial screen of the Function Builder, choose Utilities -> Repair func. group.

I guess resolving this would let the report run fine.

Best Regards,

Tanmeya

Former Member
‎12-29-2013 10:25 AM
0 Kudos

Hi,

Please check the below note and see if after running the check mentioned in the note solves your issue.

1634194 - How to repair Function Group


Thanks

Rishi Abrol

Former Member
‎12-29-2013 12:16 PM
0 Kudos

Hi Tanmeya

Please check if you are able to repair the function module and then rerun the program.

Thanks

Rishi

Former Member
‎12-30-2013 12:26 AM
0 Kudos

Hi,

Just one thing more to add that the all the notes it says that the report should be executed in the DC but i am still not sure that the will be called in another system or not so you can try the above step and see if repairs works.

Thanks

Rishi abrol

Former Member
‎12-25-2013 4:47 AM
0 Kudos

HI Tanmeya,

Use the report TMS_UPDATE_PWD_OF_TMSADM from 000 client of your domain controller ,

It will ask the password three times provide from domain controller which pass your password policy.

for more infomation follow the note 1414256 - Changing TMSADM password is too complex,,,,,

Rableen

Show replies
Show replies
Former Member
‎12-25-2013 4:38 AM
0 Kudos

Hi Tanmeya,

Please check and implement the note 1515926 - Update #1 to Security Note 1414256  in all the managed system.

Check the note - 1568362 - TMSADM password change (in Should the system landscape be large then we can automate the process) and  1414256 - Changing TMSADM password is too complex.

"

The program can terminate with three failed logon attempts or other serious problems.

For SAP systems with a status lower than SAP NetWeaver 7.30 the program generates the destinations for the user TMSADM as described in SAP Note 761637. For SAP systems as of level SAP NetWeaver 7.30 the system stores the password of the user TMSADM in the secure storage for the TMS application and does not use the procedure described in SAP Note 761637."

Changing the Password of User TMSADM - Change and Transport System - SAP Library

Rg,

Karthik



Show replies
Show replies
tanmeya_mohan
Active Participant
‎12-27-2013 11:51 AM
0 Kudos

Hi Karthik,

As per SAP Note# 1414256, extract below -

Known limitations:

You must deactivate the SNC protection option before you change the TMSADM password. In systems with the highest Quality of Protection (QoP) level, you must reduce the QoP level so that non-secure connections are allowed.

After you change the TMSADM password, you can activate the SNC protection option again. Afterwards, you can set the QoP level back to the highest protection level if required.

Would you be able to guide me on how to achieve the same?

My concern is that I was able to find QoP level maintained for some CRM & ERP systems.

Best Regards,

Tanmeya

Ask a Question