on 01-13-2014 6:04 PM
I'm running the latest of SPAM, 1.0 SP9, PL 04.
During the password check of DDIC, OS Specific and DB specific, its failling with
Error message:
OS user password does not work, please reenter: System error: Logon failure: the user has not been granted the requested logon type at this computer.
Saying my SAPServiceSID doesn't work.
I've logged into the server with the account. Works. Password works. I have it admin rights to the server.
I'm even running SUM from the server using SAPServiceSID and doesnt work.
I found note 927637 but I fail to see how to resolve my issue.
Im updating a dual stack 731.
any tips?
I think I found the issue, I will confirm after I speak with the DOMAIN Team.
GPO setting, Computer Configuration\Windows settings\security settings\local policies\user rights management\log on as a service.
When I check that GPO, my sapserviceSID isn't listed.
I will confirm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There was a similar discussion in the past and I could see that this was fixed by disabling the password policy on the system. Maybe you can try that.
Regards
RB
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Please check few thing.
How many sapstartsrv is running on the server. Are all of the same version....
Please check as many times if there are different version of sapstartsrv running the issue happens.
Have you already check 5,6,7,8 and 9...as its posted in the blog before.
1563660 - sapcontrol, <sid>adm authorization issues (SUM)
Thanks
Rishi abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The access to critical methods of the Web service is protected (currently by default: Start, Stop,
RestartInstance, Shutdown, StartSystem, StopSystem, J2EEControlProcess, SendSignal, OSExecute,
J2EEEnableDbgSession, J2EEDisableDbgSession, SetProcessParameter, EnqRemoveLocks). The list of
protected methods can be changed by using the start profile parameter “service/protectedwebmethods”
(blank separated list of method names). To use these methods one has to provide a valid OS user and
password via HTTP basic authentication encoded as UTF8 or must use a trusted connect. The service will
verify the given credentials, and grant permission only to valid users that additionally have execute
permission on the sapstartsrv executable file. Otherwise the request will fail with “Invalid Credentials" or
"Permission denied" fault string. Missing credentials when accessing a critical method will result in HTTP
error 401. Windows users may be given in format <domain>\<user> or <user>@<domain>. On Unix
sapstartsrv will ignore the domain user part. On Windows sapstartsrv will try any trusted domain if no domain
is given.
Question is, Permission to execure SAPSTARTSRV.
Do they mean at the OS Level? If my SapServiceSID is a local admin of the server, he must have those persmissions...or is it elsewhere they are talking>?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Here is the log
1 ETQ201 Entering upgrade-phase "PREP_PRE_CHECK/PROFREAD" ("20140113134920")
2 ETQ367 Connect variables are set for standard instance access
4 ETQ399 System-nr = '00', GwService = 'sapgw00' Client = '000'
4 ETQ399 Environment variables:
4 ETQ399 auth_shadow_upgrade=<null>
1 ETQ200 Executing actual phase 'PREP_PRE_CHECK/PROFREAD'.
1 ETQ399 Phase arguments:
2 ETQ399 Arg[0] = ''
4 ETQ399 Starting dialog 'Passwords' at 20140113134920.
1 ETQ359 RFC Login to: System="OT4", AsHost="SD01CUDB0105" Nr="00", GwHost="SD01CUDB0105", GwService="sapgw00"
2 ETQ232 RFC Login succeeded
4 ETQ010 Date & Time: 20140113134935
1 ETQ233 Calling function module "RFCPING" by RFC
1 ETQ234 Call of function module "RFCPING" by RFC succeeded
4 ETQ010 Date & Time: 20140113134935
4EETQ399 Dialogue validator 'OSValidator' failed with 'OS user password does not work, please reenter: System error: Logon failure: the user has not been granted the requested logon type at this computer.
'.
4 ETQ399 Repeat dialog since input validation failed.
Hi,
Is this SAP system a part of network domain??
If yes, see if the below note helps
Also check whether SAPServiceSID is part of local administrators group.
Regards,
Nirmal.
I ran GPEDIT and checked who had local run rights and sapservicesid was there.
But i did this test
C:\Windows\system32>runas /user:DOMAIN\Service-Account-Name cmd.exe
And yes, it prompted me for the password for SAPSERVICESID, I gave it, and it opened a CMD prompt and I was logged in as a different user.
So it it not a Group policy issue. Must be a web service issue rights
ALso, In the SUM password field, if I put in a incorrect password I get:
OS user password does not work, please reenter: System error: Logon failure: unknown user name or bad password.
But when I put the proper password, I get a different error.
OS user password does not work, please reenter: System error: Logon failure: the user has not been granted the requested logon type at this computer.
Hello,
Please go through the below note:
1563660 - sapcontrol, <sid>adm authorization issues (SUM)
Regards,
Nirmal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.