cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to define a Java system in solman_workcenter

Go to solution
symon_braunbaer
Participant

on ‎03-03-2014 6:10 PM

0 Kudos

Dear experts,

I am trying to define a Java system in our Solution Manager in order to be able to generate an .xml stack configuration file

for an upgrade. The diagnostics agent has been installed.

I am clicking on Configure System in solman_workcenter, a new web browser opens with a multi-step setup.

I am getting to step 6 to create users. My user store is an ABAP system. At this step, there are 2 users, that need to be

created automatically: SAPSUPPORT and SM_COLL_<SID>.

In the Action combobox, there are only 2 options - Do nothing and Provide Existing User, though no option to create those

users automatically...

The SAPSUPPORT user already exists, as it was created during defining the ABAP system. I have created the SM_COLL_<SID>

user manually in the useradmin panel of Java and I have assigned the suggested roles to it.

I have selected Provide Existing User, typed in the password and after clicking on Execute, the following error pops up:

User J2EE_ADMIN is not allowed to perform this request. Check SAP Note 1647157.

I have googled a little and found SAP Note 1647267 - Solution Manager adaptation to Java UME security, and downloaded

it on our Solution Manager, though it says "Cannot be implemented".

Though there is no way to say that this step is done and the point remains gray. Nevertheless, I decided to continue to the

next step 7, called Configure Automatically. When I click on Execute all, almost all the points are getting green, except for

WEB Services Logical Port Creation. It shows the following error: Java communication user is not operational. Activity aborted.

WHY ?? The user exists and is very well operational... !! Can I skip this point and go ahead ?


PLEASE help me !! Thanks 🙂

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-04-2014 7:24 AM
0 Kudos

Hello Symon,

Error clearly says that , you can not perform this step with administrative user 'J2ee_admin" .

You can use other id like e.g: your own id .

Note 1647157 clearly says :

Due to security reasons, the implicit permissions of the administration user that is created during the installation of an AS Java were removed. No end users, especially no powerful end users, should be able to read or change user data through the SPML service.

You can also create a user as mentioned in note 1647157 and use to perform this step.

Hope this helps.

Regards,
Archana

Show replies
Show replies
symon_braunbaer
Participant
‎03-04-2014 8:32 AM
0 Kudos

Hello Archana and many thanks for your reply.

Unfortunately your suggestion is not clear to me, therefore I would kindly ask you to be a little bit more specific 🙂

I am not getting where does this J2EE_ADMIN user is coming from... I am logged into the Solution Manager using a user, called solman_admin, for the Java managed system, I am specifying those SAPSUPPORT and SM_COLL_<SID> users, which I created manually...

So, if I create "a user as mentioned in note 1647157", where should I login with this user or where should I specify it ?? Please explain me exactly what do you mean...

Many many thanks !!

P.S.: Is it possible to skip the steps "Web Services Logical Port Creation" and "Generate System-level Metrics" ? Will I be able to generate a valid .xml stack file in MOPZ without those 2 steps ?

srinivasan_vinayagam
Active Contributor
‎03-04-2014 8:39 AM
0 Kudos

Dear Symon,

You can create or copy user from j2ee_admin and use that user.

You can copy J2EE_ADMIN user in JAVA  http://hostname:500<instance number>/useradmin

You can copy J2EE_ADMIN user in ABAP (Transaction SU01).

maintain same password for both users.

Thanks & Regards,

V Srinivasan

symon_braunbaer
Participant
‎03-04-2014 8:45 AM
0 Kudos

Hi Srini,

please specify - do you mean to create the user SM_COLL_<SID> as copy of J2EE_ADMIN ?

Thanks!

Former Member
‎03-04-2014 8:52 AM
0 Kudos

Hello Symon,

Based on the error message , I assumed that you are running managed system setup using "j2ee_admin" since admin users are not allowed for running setup configuration.

Please check note    1612514  - Solution Manager 7.1 SP Stack 03: recommended corrections

Current NW security policy implies that the "Create users" setup in Solution Manager transaction SOLMAN_SETUP (scenario "Managed system configuration") is failing for Java or double stack managed systems (including the Solution Manager system itself) and (some) users won't be created. There are two cases:

  • You encounter this error message: "An error occurred while processing the UME command READ_USER : SPML service failed to process searchRequestreply : <xxx> is not allowed to perform search request".

Action:The managed system Java setup user provided in "Enter System Parameters"needs to have additional permissions even though it is already an user with administrator privileges (see SAP note 1647157).

      • You encounter the error message: "An error occured while processing the UME command READ_USER from agent xxxx : no protocol: /nwaErrorPage. Please check SMD agent application logs", or other kind of errors.

Action:

Given that the SPML service (on the managed system) is not accessible (see also SAP note 1616058), you need to double check manually whether the user has been already created with the requested type (dialog or technical user) and the appropriate roles (UME & J2EE security). Else create the user using the managed system UME for independent Java stack systems, or using transaction SU01 (or the Central User Administration system) in case an ABAP back-end is used. Be aware that the step "CreateUsers" might list some roles that do not exist on the managed system, as the available roles vary with the managed system releases. In such case, simply ignore the assignments for the none existing roles. Finally provide the username and password in the step "Create users" using for each user the "Provide existing user" action.


As per the case 1 , you need to have additional privileges ,which note 1647157 suggests to create.

Since you have manually created user in the system , I feel you can ignore this step.

Regards,
Archana

srinivasan_vinayagam
Active Contributor
‎03-04-2014 8:53 AM
0 Kudos

Dear Symon,

Yes. Correct.

former_member118647
Active Participant
‎03-04-2014 11:24 AM
0 Kudos

Can you please check which user you have entered in step 4 - "Enter system parameter", you might have entered user "J2EE_ADMIN" here.

My suggestion is to create the role as mentioned in SAP note 1647157 and then assign this role to your J2EE_ADMIN user or the user which you have mentioned in step 4. After doing this repeat the
step for creation of user SM_COLL_<SID>

symon_braunbaer
Participant
‎03-17-2014 11:48 AM
0 Kudos

Thank you! This is the correct solution !!

Former Member
‎07-29-2014 4:09 PM
0 Kudos

Experienced similiar issue. The user in step 4 was set to a default user instead of techinical. In the UME configuration for DEFAULT user password was set to 90 days. This was the only difference between the two profiles. After chaning the user to Technical I was then able to complete step 6 without any errors. 

Answers (0)

Ask a Question