on 02-26-2014 4:47 AM
Hi Everyone,
We are using SUM SP09 to upgrade our PI 7.3 to SP08.
During the execution phase we encountered the following error:
Could not update components. Deployment of queue Queue_2014.02.19 at 23:21:47 completed with error Could not authenticate the given user with AS Java. Check that user and password are correct. com.sap.engine.services.dc.api.AuthenticationException: [ERROR CODE DPL.DCAPI.1148] Could not establish connection to AS Java on [HOSTNAME:50004]. Cannot authenticate the user. Wrong or missing security credentials (password) for principal [SAP*], or the specified principal has no permissions to perform JNDI related operations. javax.naming.NoPermissionException: Exception during getInitialContext operation. Wrong security principal/credentials. [Root exception is com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.] com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user. com.sap.engine.services.security.exceptions.BaseLoginException: Authentication did not succeed.
It is trying to perfrom JNDI activities with SAP* user. Why is it trying to AS Java with the SAP* user.
From the forums, i got that may be the superuser is activated. when i check the config tool in display mode, i see the value as TRUE.
But when i go into edit mode to revert it back to false, it is already set to false
We have checked the memory parameters, and they are fine. We do have the latest kernel and JVM.
Please help me solve the issue.
Thanks
Nanda
Hi Nanda,
Change the parameter in both global and local.
follow the steps :
1. Take out the java system from safe mode.
2. set the parameter element.resynch = force in bootstrap.properties
3. rename the dispatcher and server0 folder.
4. take the restart of java manually.
change the parameter to false , even it show false and save it.(performed this activity in global as well as local)
With Regards
Ashutosh Chaturvedi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Kiet,
We ended up doing a restore of the system prior to the upgrade start date and then redid the upgrade. The main reason we were not able change the superuser was because we were doing it in the wrong place.
Open config tool, go into edit mode and
follow the below path in config tool and reset the superuser password and give it a retry:
Cluster_config--> system--> custom_global--> cfg--> services--> com.sap.security.core.ume.service--> Propertysheet properties
thanks
Nanda
I was able to change the password of SAP* but in the error user J2EE_ADMIN was listed. User J2EE_ADMIN was not locked. Any idea on how to solved the issue? Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
After you set it to false (SAP* user) you should restart the instance and try again to redeploy it with j2ee_admin user
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vlad,
The value is already false, when i go into edit mode for ume.superuser parameter in config tool.
I did try to change it to true and then again back to false, but in both cases, when i'm in display only mode, the config tool shows the value as TRUE. I did restart after every change made.
I can't redeploy as j2ee_admin user, as we are in the middle of execution phase, and when i click repeat, it continues from where it left off.
Please let me know if you need more information
thanks
Nanda
Hi Nanda,
Have you tried this KBA
1724426 - Could not establish connection to AS Java 7.3
regards
kartik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sriram,
I checked the mentioned notes.
As you can see in the error log, it is "SAP*" user and not test user as per the note 1882305.
As for note 916050, i am not able to find any relevant solution in that.
From the DEPLOYMENT_RESULTS_44.log
Feb 25, 2014 9:59:11 PM [Info ]: Connecting to Deploy Controller on host HOSTNAME port 50004 with user SAP*.
The systems are up and running, including the shadow instance.
The P4 port is open and the service is up and running.
please let me know if you need more information.
User | Count |
---|---|
86 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.