cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Where is the password for user SDM stored in sap system?

Go to solution
former_member183107
Contributor

on ‎09-09-2014 10:32 PM

0 Kudos

Hi SAP Gurus,

We recently changed the password of the user j2ee_admin in our dual stack system where our UME is ABAP.

Now, we have made changes in the su01 and configtool but after the system restart, the user id j2ee_admin is getting intermittently locked.

On starting the the JSPM/SDM, we found it still uses the old password so wanted to know that from where does the user SDM picks up the password and starts.

Searched few blogs and found that it reads from secstore of configtool. Could you please help.

Regards,

Himanshu

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member185239
Active Contributor
‎09-10-2014 10:46 AM
0 Kudos

Hi Himanshu,

Password for SDM is stored in secure storage if the parameter

sdm/password is maintained in secure storage.If this parameter is not maintained then it uses the password of j2ee_admin/administrator from the parameter maintained in admin/password/<SID>.

If the parameter sdm/password is not maintained then you need to maintain the same password for j2ee_admin user present in secure storage while reseting the SDM password.

Then take a restart of Java system and continue with the password.

follow the sapnote

1910179 - How to change password of SDM

With Regards

Ashutosh Chaturvedi

Show replies
Show replies
divyanshu_srivastava3
Active Contributor
‎09-10-2014 11:06 AM
0 Kudos

yes, that is another method but then it moves to secure store forever from SDM repository.

former_member183107
Contributor
‎09-10-2014 6:35 PM
0 Kudos

Thanks Ashu.

My question now is i want to check whether the password of j2ee_admin which we updated is updated correctly or not. In order to check this, i thought of starting SDM using new password but still it is taking the previous password. Since, SDM password should mathc in secore store,this got me confused.

Could you please help.

Regards,

Himanshu

divyanshu_srivastava3
Active Contributor
‎09-10-2014 6:49 PM
0 Kudos

I believe simply by sdmrepository.sdc - check for time stamp with encode password.

If encoded password is not getting updated after changing then the parameter is set.

Former Member
‎09-10-2014 6:51 PM
0 Kudos

Check SecStore.properties file for parameters already mentioned by . If you have sdm/password parameter in that file then update SDM pasword from SDM GUI.

former_member183107
Contributor
‎09-10-2014 6:57 PM
0 Kudos

Yes i can see the below entry in secstore.properties file:-

sdm/password=kB9szqC6Q/12EJ3fkrkmZmhR1i5TmjSYIsnx4xqvzwh0Ik4im6LmVw\=\=

$internal/mode=encrypted

What does that mean?

Does that mean if i am starting SDM using old password then the password maintained in secstore is the still the old one and not the new one?

Regards,

Himanshu

Former Member
‎09-10-2014 7:09 PM
0 Kudos

This means that your SDM Repository has been protected with its own password and SDM Repository and j2ee_admin passwords are now separate entities and not synchronized.

former_member183107
Contributor
‎09-10-2014 7:38 PM
0 Kudos

Thanks Roman. Now the issue is that user j2ee_admin is getting locked intermittently after we updated the new password in our UME(ABAP) and secstore(configtool) and the system log(SM21) says:-

DIA  013 001 J2EE_ADMIN SESS           US  1 User J2EE_ADMIN locked due to incorrect logon

Any help on this?

Regards,

Himanshu

former_member185239
Active Contributor
‎09-10-2014 7:45 PM
0 Kudos

Hi Himanshu,

Keep the same old password for j2ee_admin both in secure storage and UME.

Then reset the password of SDM. (keep the same password of j2ee_admin)

Take a restart of java stack.

With Regards

Ashutosh Chaturvedi

former_member183107
Contributor
‎09-10-2014 8:02 PM
0 Kudos

Yes Ashu. Before doing the above i am looking for the root cause which is causing the user j2ee_admin to get locked intermittently in 001 client. Any idea on that?

Regards,

Himanshu

divyanshu_srivastava3
Active Contributor
‎09-10-2014 8:05 PM
0 Kudos

You might have used this user in some RFC and that could be the reason for unlock.

This generally happens in PI and Solman system.

Did you put a trace on this user to find out from where it is coming.

former_member183107
Contributor
‎09-10-2014 8:31 PM
0 Kudos

Yes it's a PI system. Had put the trace but got nothing. Checked all the RFC's but none is using the user j2ee_admin. Also checked the incoming RFC's from the solman but found no luck.

Any advise?

Regards,

Himanshu

divyanshu_srivastava3
Active Contributor
‎09-10-2014 8:33 PM
0 Kudos

In that case, why set the old password for j2ee_admin again ?

divyanshu_srivastava3
Active Contributor
‎09-10-2014 8:43 PM
0 Kudos

Try with audit logs and lock time from su01 you can get last changed time.

Filtering can get you more details on it.

Refer- 1493272 - A user gets locked automatically

Answers (2)

Answers (2)

Reagan
Advisor
Advisor
‎09-10-2014 12:35 AM
0 Kudos

If you have changed the password of the J2EE_ADMIN then you should update that in the securestore of Configtool and restart the J2EE stack.

When you start JSPM it asks for the SDM password and not the J2EE_ADMIN user password.

Regards

RB

Show replies
Show replies
former_member183107
Contributor
‎09-10-2014 12:46 AM
0 Kudos

Yes correct RB.

Done what you have mentioned. Now the issue is the password of SDM. It take s the old one not the new one. As per my understanding it should take the new one as the secure storage is updated with the new password.Could you please help me with the concept of user SDM and its password repository.

Regards,

Himanshu

divyanshu_srivastava3
Active Contributor
‎09-10-2014 7:32 AM
0 Kudos

The himanshu,

SDM password which is SDM gui password is used by SDM and JSPM just for logging into SDM.

The password is encrypted and stored in sdmrepository.sdc file.

Also, updating any password doesn't require a restart.

Regards

Reagan
Advisor
Advisor
‎09-10-2014 7:48 AM
0 Kudos

After updating the password in the secure store did you click on the save button at the top of the confiigtool ?

Could you supply the error log that is pointing to incorrect password please ?

Regards

RB

former_member183107
Contributor
‎09-10-2014 6:37 PM
0 Kudos

Yes after updating I have saved it. There is no error log which points towards the incorrect password.

Just want to check whether the updated password in secore store of config tool is the new one or still the old one.

Regards,

Himanshu

divyanshu_srivastava3
Active Contributor
‎09-09-2014 11:14 PM
0 Kudos

Hi Himanshu,

SDM uses encrypted administrator credentials stored which are stored secure store to use deploy service.

If you have changed the password, updated in secure store and is correct, the you should be able to logon to VA.

If not, then

Goto /usr/sap/SID/DVEMBGSXX/SDM/program/config and open sdmrepository.sdc file to see the values of SecStore.properties and SecStore.Key are pointing to correct path. You can verify this from configtool or config.properties in configtool folder.

If you are not able to save this password in configtool, then refer 1228507 - Config Tool does not properly save password in Secure Store


Regards,

Divyanshu

Show replies
Show replies
former_member183107
Contributor
‎09-10-2014 12:32 AM
0 Kudos

Thanks Divyanshu for the reply.

After changing the password for j2ee_admin in secstore(config tool) and restart of system, I am able to open VA in my system. My issue is that user j2ee_admin is getting locked intermittentlyin 001 client for which we checked all the RFC's and sld, but nowhere j2ee_admin is mentioned.

Also, when i tried to open SDM i could not open it with the new password. It opened with the old password,so thus got confused whether the password got updated in secstore properly or not.

Please help.

Regards,

Himanshu

divyanshu_srivastava3
Active Contributor
‎09-10-2014 6:58 AM
0 Kudos

Hi Himanshu,

What is have said above is for administrator/j2ee_admin user not sdm gui user.

You open SDM with it own password however it uses j2ee_admin or administrator for the deploy service. If j2ee_admin password in not updated you get errors during deployment.

However, if you have problem with SDM user itself, you can reset the password using below process

Reset SDM Password in Unix and Windows Environment - Portal - SCN Wiki

Also, you don't need to restart j2ee engine after updating the password in configtool.

Refer 701654 - Deployment aborts due to wrong J2EE Engine login information

Regards

Ask a Question