on 12-25-2013 3:02 AM
Hi All,
We have a situation where TMS RFCs stop working, because the user TMSADM gets locked.
We have reset the password for TMSADM in each system & maintained it in each and every possible RFC that is related to the current configuration.
At first everything was fine & the configuration was activated & distributed throughout all the systems.
After a few days we found that some RFCs were last edited by user TMSADM (only for systems that are in a specific transport group) & the authorization test for them were getting failed due to wrong user name & password maintained.
In case we manually specify the password in the RFCs, the authorization test is successful.
So the issue here is that TMSADM is modifying the password maintained in the RFCs. We have maintained exactly same password for user TMSADM in each & every system, so does anyone have an idea to rectify this issue.
Best Regards,
Tanmeya
P.S.: We tried to reset the password for user TMSADM using the steps as per below link -
Changing the Password of User TMSADM - Change and Transport System - SAP Library
But the program give the below message "Function Module TMS_SEC_CHANGE_PWD not found" during execution. The execution was incomplete & brought a greater level of inconsistency. Our Domain Controller is ECC 6.0 EHP 5.
Hi,
Can you please go in Se37 and check the function module TMS_SEC_CHANGE_PWD.
See if it is active.
Thanks
Rishi Abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
As per the note please check what is the domain controller release
1568362 - TMSADM password change
Should the system landscape be large then we can automate the process.
7.30 got a new handling concerning TMSADM password to fulfil SAP product standards.
Some fix
1691028 - Fix for TMS_UPDATE_PWD_OF_TMSADM
Thanks
Rishi Abrol
Hi Rishi,
As per SAP Note# 1414256, extract below -
Known limitations:
You must deactivate the SNC protection option before you change the TMSADM password. In systems with the highest Quality of Protection (QoP) level, you must reduce the QoP level so that non-secure connections are allowed.
After you change the TMSADM password, you can activate the SNC protection option again. Afterwards, you can set the QoP level back to the highest protection level if required.
Would you be able to guide me on how to achieve the same?
Also as you have mentioned that SAP Note# 1515926 should be applied prior to execution of report TMS_UPDATE_PWD_OF_TMSADM, it is not applicable for our ERP & CRM environments. The thing here is that we are using ERP DEV system as Domain Controller for TMS.
Let me know your thoughts.
Also the SAP Note# 1691028 is not applicable in the Domain Controller system.
Best Regards,
Tanmeya
Hi All,
Happy New Year!
Thanks for all your help.
Report TMS_UPDATE_PWD_OF_TMSADM is nothing less of a magic!
Applied SAP Notes# 1515926 & their dependencies in all systems of the Domain.
FM(s) had a problem in 2 systems due to some earlier incomplete SAP Note# implementation.
After rectifying the same, password was reset across all the systems in the Domain & the configuration became consistent.
Best Regards,
Tanmeya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tanmeya
For the account TMSADM same password should be maintained through out the landscape?
While running the report TMS_UPDATE_PWD_OF_TMSADM what should be provided in the destination field, when I enter the RFC name TMSADM@SID.DOMAIN_SID I get a warning asking to input sid and domain.
Please clarify
Thanks in advance.
Hi Balaji,
Yes, this report sets the same password for TMSADM user in all systems that are a part of your TMS config.
Thus the password you are specifying must comply with the ABAP password policy activated across all systems in your TMS.
Regarding field "Destination Pattern" under Options, you can leave the entry as-is to "TMSSUP@<sid>.<domain>".
No need to replace <sid> & <domain>, by specific values. This will be taken care by the report itself.
This option is available in newer versions only.
Hope it helps.
Best Regards,
Tanmeya
Hi,
Kindly delete your tms configuration for all the system and reconfigure tms configuration for all the system. I hope it will work..Let try and let me know.
After reconfigure tmsadm password will come default.
Thank you
Mahendran
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tanmeya,
TMS_UPDATE_PWD_OF_TMSADM should sure work ,,i have changed the password recently
Rableen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rableen,
I re-tried to execute the report after application of the suggested SAP Notes#.
Had 2 pop-ups with below message during the execution:
"The function module is not active or contains no code."
"The function module "TMS_SEC_CHANGE_PWD" cannot be used for 'remote' calls."
Above messages appeared as error in the logs & execution RC was 0012.
Any suggestions?
Best Regards,
Tanmeya
Hi Rishi,
FM exists in the system in Active state.
However, I just checked & found that the SID(s) for which I was receiving the errors, displayed below error while trying to display FM in SE37 -
Message no. FL023
The function group TMSC_I that you want to change contains inconsistencies.
You cannot change function module TMS_SEC_CHANGE_PWD.
Use the Function Builder repair tool to remove the inconsistencies from the function group. You can then change the function module as planned.
To open the repair tool, on the initial screen of the Function Builder, choose Utilities -> Repair func. group.
I guess resolving this would let the report run fine.
Best Regards,
Tanmeya
Hi,
Please check the below note and see if after running the check mentioned in the note solves your issue.
1634194 - How to repair Function Group
Thanks
Rishi Abrol
HI Tanmeya,
Use the report TMS_UPDATE_PWD_OF_TMSADM from 000 client of your domain controller ,
It will ask the password three times provide from domain controller which pass your password policy.
for more infomation follow the note 1414256 - Changing TMSADM password is too complex,,,,,
Rableen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tanmeya,
Please check and implement the note 1515926 - Update #1 to Security Note 1414256 in all the managed system.
Check the note - 1568362 - TMSADM password change (in Should the system landscape be large then we can automate the process) and 1414256 - Changing TMSADM password is too complex.
"
The program can terminate with three failed logon attempts or other serious problems.
For SAP systems with a status lower than SAP NetWeaver 7.30 the program generates the destinations for the user TMSADM as described in SAP Note 761637. For SAP systems as of level SAP NetWeaver 7.30 the system stores the password of the user TMSADM in the secure storage for the TMS application and does not use the procedure described in SAP Note 761637."
Changing the Password of User TMSADM - Change and Transport System - SAP Library
Rg,
Karthik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Karthik,
As per SAP Note# 1414256, extract below -
Known limitations:
You must deactivate the SNC protection option before you change the TMSADM password. In systems with the highest Quality of Protection (QoP) level, you must reduce the QoP level so that non-secure connections are allowed.
After you change the TMSADM password, you can activate the SNC protection option again. Afterwards, you can set the QoP level back to the highest protection level if required.
Would you be able to guide me on how to achieve the same?
My concern is that I was able to find QoP level maintained for some CRM & ERP systems.
Best Regards,
Tanmeya
User | Count |
---|---|
84 | |
10 | |
9 | |
8 | |
6 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.