cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

"User Not in validity period" in Managed System Configuration - Create Users (Java)

Go to solution
Matt_Fraser
Active Contributor

on ‎02-12-2014 10:41 PM

0 Kudos

The basic error is that during Managed System Configuration of the Java stack of my Solution Manager system -- and for any Java system, for that matter -- in Step 6 "Create Users" I have a persistent error status of "User Not in validity period" for the SAPSUPPORT user.  The user already exists, because it was created successfully during the ABAP portion of the Managed System Config.  Furthermore, the "Update Existing User" action did successfully assign the three Java roles (SAP_JAVA_NWADMIN_CENTRAL_READONLY, SAP_JAVA_SUPPORT, and SAP-J2EE-ENGINE.SAP_JAVA_SUPPORT).  I have confirmed that the SAPSUPPORT user, the SOLMAN_ADMIN user, my own user account, and every other possibly relevant service user account I can think of is active, valid, not locked, etc.  Yet, still I cannot get past this error.

This is a SolMan 7.1 sps10 system, so the corrections from Notes 1748202 and/or 1684720 are already in place.  Furthermore, I have already created a role with Spml_Read_Action and Spml_Write_Action and assigned it to my own user and SOLMAN_ADMIN, as described in Note 1647157.  Every discussion thread or Note I've found in searching indicates these should solve the problem, but I still have the problem.

So, has anyone run into this and resolved it?  Or have ideas of where else to look for the mysterious validity period?

Thanks, and best regards,

Matt

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Matt_Fraser
Active Contributor
‎02-13-2014 9:43 PM
0 Kudos

Good grief.  I just noticed a piece of fine print back on Step 4, under "SAP Solution Manager System as Managed System", which says "Do not re-use the solman_admin user as administrator user."  Not sure why, but anyway, I replaced it with my own user account in the Java Parameters, went back to Step 6, and executed the "Provide Existing User" option.  This time the light turned green!

Now I'm having new trouble creating the second user, SM_COLL_<SID>, but it appears to be a different error.  I'm not sure if it's related yet, or not, so I'll keep this thread open until I determine that.

DAYS I've been working on this!  Aargghh!

Show replies
Show replies
Matt_Fraser
Active Contributor
‎02-19-2014 6:42 PM
0 Kudos

I have now solved the issue for the SM_COLL_<SolManSID> user.

This user was also reporting "User Not in validity period", same as SAPSUPPORT, except the root cause was different.  In the activity log I was seeing an error of "The managed system UME did not process the request.  Check details."  Drilling into details the exception was "java.lang.IllegalArgumentException: SPML Web Service returned : Exception when creating user :The given ID is null!"  I tried creating the user manually in SU01, but I would still get an error.  Then I deleted the user and tried creating it manually using the Java stack's UME instead, and that failed, which puzzled me.  Eventually I determined that the root cause was that the SAPJSF user lacked the SAP_BC_JSF_COMMUNICATION role (it had only SAP_BC_JSF_COMMUNICATION_RO, i.e. the 'read-only' version), which meant that actions taken from the Java UME could only read the data, not modify it, although actions taken from the ABAP stack were fine.  Since the managed system config was trying to execute a UME action, this is why it was failing.  The solution was to assign the missing role to SAPJSF, and further, to restart the Java stack (actually, easy enough to just restart the whole Solution Manager system).  Naturally, since the SLD is part of the same system, that meant waiting for the middle of the night, so I had to wait a day to find out if it worked, but it did.

Of course, now I'm at the very end of the Managed System Configuration, and the last step is yet another restart of the Java stack, to enable all the various changes.  So, technically I won't know until tomorrow whether everything is working.  However, all the various lights in the process are now green, so I have a high level of confidence.

I think it would have been useful if the documentation at the start of the procedure had mentioned checking that SAPJSF had this role, so that the necessary stack restart could have been performed in advance.  This would have saved a lot of time and grief.

Best regards,

Matt

Answers (5)

Answers (5)

former_member588287
Explorer
‎10-08-2020 9:52 PM
0 Kudos

If you are doing the solman setup for a a java system, GO to step 4 and scroll down. There you will find below screen where you have to enter java parameters. Click the "test logon" button. It should be successful. if not then your cause of the error lies here. TRY

1) checking your administrator user password.

2) Take a restart of all the diagnostic agents of the system which "you are trying to connect" .

Eg: if your solman system is ABC and the system which you are trying to connect is XYZ, take a restart of all the diagnostic agents of system XYZ.

Show replies
Show replies
Matt_Fraser
Active Contributor
‎10-15-2020 4:24 PM
0 Kudos

Hi there,

I appreciate you're trying to be helpful and add value in the Community, but you do realize that this is a 6-1/2 year-old question, answered (with answer accepted) also 6-1/2 years ago? And, in fact, the solution at the time turned out to be something significantly different from this.

Cheers,
Matt
(SAP Community Moderator)

Former Member
‎11-03-2015 10:06 PM
0 Kudos

Just in case the above solution does not works for you, go to JAVA UME of the managed system and set "Valid to" date as empty/blank. By default system will save it as Dec 31, 2500 12:00:00 AM. It fixed the issue for me.

Show replies
Show replies
Matt_Fraser
Active Contributor
‎02-13-2014 9:35 PM
0 Kudos

Thank you, Karthik and Jansi, for your suggestions.  I double-checked everything, as you suggested, but nothing had changed.

  • The SAPSUPPORT user is indeed within validity in SU01. 
  • The Java UserAdmin tool shows the same. 
  • The managed system, in this case, is the Solution Manager system itself (though this error applies to other managed systems as well). 
  • I double-checked Note 1647267, but it is not valid for my system (we are on sps10, and that Note is included in sps5, I think).  In any case, we aren't getting the error messages suggested in that Note.
  • I double-checked, and yes, the UME is configured to use the productive client in the ABAP stack as the user store.
  • SOLMAN_ADMIN (the user entered in Step 4) is also within date validity.  I went through each role assigned and generated profiles for a few, but that made no difference.  I temporarily assigned SAP_ALL to this user, but that didn't make a difference either.  The user has all the roles that the System Preparation/Basic Configuration assigned to it, which is quite a few.  The logon test in Step 4 is working fine.
  • The diagnostic agent is running fine, for both ABAP and Java.
  • Finally, I tried Karthik's suggestion of completely deleting and recreating the SAPSUPPORT user, but unfortunately this didn't make any difference, either.

The symptom is exactly that described in Note 1748202:  "The java users for Managed Systems have an error status: "User not in validity period" although they are valid."  However, this Note was delivered in sps5, so there's nothing to apply for us.

I'm continuing to dig myself, and hopefully will find something soon.  I do appreciate your thoughts.

Best regards,

Matt

Show replies
Show replies
francois_keen
Participant
‎02-13-2014 11:47 PM
0 Kudos

Hi Matt,

I have the exact same error message "User Not in validity period"
I'm on solman SP10 with the latest version of central  note 1875627
That issue "User Not in validity period" happens for the SAPSUPPORT user creation and only on our dual stack managed systems [BI system on NW 7.3, yes I know i will have to segregate the stacks at some point - the issue however doesnt happen for me when doing solman self-managed system config]
The solman wizard doesnt complain for the <managed_system_SID>~ABAP SAPSUPPORT but only for the <managed_system_SID>~JAVA SAPSUPPORT
I havent found much spare time to find what is causing the wizard to complain. Technically this is just more a cosmetic issue but anything in my case, if i cant find anything i may end up opening an OSS message...

Cheers
Francois

Matt_Fraser
Active Contributor
‎02-13-2014 11:54 PM
0 Kudos

Hi Francois,

Are you entering an administrator user (e.g., one with SAP_ALL or SAP_J2EE_ADMIN, etc) from your managed system in Step 4 (Enter System Parameters)?  Also, have you created the SPML_FULL_ACCESS role on your managed system Java stack and assigned it to your administrator user as described in Note 1647157?

Regards,

Matt

francois_keen
Participant
‎02-14-2014 3:47 AM
0 Kudos

Hi Matt,

Thank you for your reply and pointing me the note 1647157.

Unfortunately, I knew about the note 1647157, and in my managed system deployment/config documentation, the note is part of my very first pre-req check before going trough the managed system setup wizard.

Yes I'm using SM_ADMIN_<solman_SID> [entered in step 5 Enter System Parameters] and yes, this admin user has the custom role Z_SPML_FULL_ACCESS_ROLE which has UME actions Spml_Read_Action + Spml_Write_Action

It gives me a "SPML Provider successfully installed and configured (full access)" when doing the URL test http://managed_systemFQDN/:<port>/spml/provisioning

I'm all good pre-reqs-wise, I will need to take time to figure out what is wrong or eventually i will raise an OSS message.

best regards

Francois

Matt_Fraser
Active Contributor
‎02-19-2014 6:44 PM
0 Kudos

Check that the SAPJSF user in your managed system has both the ABAP roles SAP_BC_JSF_COMMUNICATION and SAP_BC_JSF_COMMUNICATION_RO.  If you add a role to this user, you will need to restart your Java stack for the change to take effect.  Lacking the non-RO role can prevent the Java UME from successfully adding or changing data in the ABAP user store, which will cause creation of Java users in a dual-stack system to fail during the Managed System Configuration.

francois_keen
Participant
‎03-06-2014 3:22 AM
0 Kudos

Hi Matt

thanks for the tip. i think the cause of my problem is somewhere else, i do have a dual stack managed system which is actually fine with the user <managed_system_SID>~JAVA SAPSUPPORT check. On all my systems only have SAP_BC_JSF_COMMUNICATION_RO for SAPJSF. So there must be something else elsewhere.

i hope i can find some spare time to dig a bit deeper, but since Diagnostics is all working nicely apart from this user check, this is just low priority on my todos!

Thanks again for having taken time to share your results.

Best regards

Francois

Matt_Fraser
Active Contributor
‎03-06-2014 3:18 PM
0 Kudos

Francois, I think perhaps you misunderstood me.  In your dual-stack systems, SAPJSF must have SAP_BC_JSF_COMMUNICATION.  Having the RO role is not sufficient.  Either add the non-RO role, or replace the RO role with the non-RO role (I don't think you actually need both, just one or the other, and in this case the non-RO role is the one that is needed.

Best regards,

Matt

Former Member
‎02-13-2014 4:02 AM
0 Kudos

Hi,

you need to check the user validity in managed system, I am sure you verified so ,

After review sap note  1647267, it might be the cause that solman_Setup will not able to connect the user store of managed system.

- in solution manager you set the productive client as UME master client? if not change.

- check the admin user you defined in step 5 enter system parameters has full access n managed system, this is the user used for user creation in managed system

also make sure your DIA agents also running fine, which system information, user status are get it updated via diagnostic agent from Java only  host to solman.

Thanks

Jansi

Show replies
Show replies
Former Member
‎02-13-2014 3:11 AM
0 Kudos

Hi Matt.

Check the validity date( from and to) of the user sapsupport in su01.

Also check in the link useradmins for java instance user.

otherwise delete and recreate and check it.

Rg,

karthik

Show replies
Show replies
Ask a Question