cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SDM Log: Cannot login to the SAP J2EE Engine using user and password as provided in the Filesystem Secure Store

Go to solution
former_member551676
Participant

on ‎11-22-2014 10:14 PM

0 Kudos

Hello there,

Would greatly appreciate if anyone could give some inputs or recommendation.

I faced this problem during SPS patching at 5.5 Execution phase.

note** My system is a dual stack

Trouble Ticket Report

Update to SAP NETWEAVER 7.0 (ABAP)SAP NETWEAVER 7.0 (JAVA)

SID................: XIP

Hostname...........: PISWESTP

Database...........: DB6

Operating System...: UNX

JDK version........: 1.6.0_81 SAP AG

SUM version........: 1.0.11.6

Source release.....: n/a

Target release.....: 7.00

ABAP stack present.: true

An error has occurred during the execution of the Deploy Java core components step with action execute. Service com.sap.sdt.j2ee.services.servicesimpl.SDMService failed with the following message:

Cannot execute Java process for deployList with parameters /usr/sap/XIP/SUM/sdt/tmp/deploy_list.txt.

You can find more information in the files /usr/sap/XIP/SUM/sdt/log/SUM/DEPLOY-JAVACORE_25.LOG and ProcessOverview.html.

SUM,execute,component-deploy-700,deploy-javacore,com.sap.sdt.j2ee.services.servicesimpl.SDMService,class com.sap.sdt.j2ee.tools.sdmprocess.SDMProcessException

important Log files as below

/usr/sap/XIP/SUM/sdt/tmp/deploy_list.txt

/sapmnt/XIP/patches/SAPJTECHS31_0-10003467.SCA

OperateSDM_165.LOG

Nov 23, 2014 4:49:51 AM  Error: Aborted: development component 'tc~sec~sso~app'/'sap.com'/'SAP AG'/'7.0026.20111228092803.0000'/'24', grouped by :

Cannot login to the SAP J2EE Engine using user and password as provided in the Filesystem Secure Store. Enter valid login information in the Filesystem Secure Store using the SAP J2EE Engine Config Tool. For more information, see SAP note 701654.

com.sap.sdm.serverext.servertype.inqmy.extern.DeployManagerAuthExceptionWrapper: Wrong security credentials detected while trying to obtain connection to the J2EE Engine.

(message ID: com.sap.sdm.serverext.servertype.inqmy.extern.EngineApplOnlineDeployerImpl.checkLoginCredentials.DMAUTHEXC)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I have performed sapnote 701654 - Deployment aborts due to wrong J2EE Engine login information

but still unable to proceed

In the Configtool: cluster-data  >Global Server configuration  >

services  >comp.sap.security.core.ume.service), the values are

ume.persistence.data_source_configuration = dataSourceConfiguration_database_only.xml

ume.login.guest_user.uniqueids=SAP*  

ume.superadmin.activated=TRUE

ume.superadmin.password= sample123

-----------------------------------------------------------------------------------------------

On Secure Store node

admin/user/XIP = SAP*

admin/password/XIP = sample123

During SUM 5.3 configuration, it requested for JAVA super admin SAP* password. I have key in 'sample123'

Summary
I believe this error below is the culprit

Nov 23, 2014 5:52:19 AM  Error: Aborted: development component 'tc~sec~sso~app'/'sap.com'/'SAP AG'/'7.0026.20111228092803.0000'/'26', grouped by :

Cannot login to the SAP J2EE Engine using user and password as provided in the Filesystem Secure Store. Enter valid login information in the Filesystem Secure Store using the SAP J2EE Engine Config Tool. For more information, see SAP note 701654.

com.sap.sdm.serverext.servertype.inqmy.extern.DeployManagerAuthExceptionWrapper: Wrong security credentials detected while trying to obtain connection to the J2EE Engine.

(message ID: com.sap.sdm.serverext.servertype.inqmy.extern.EngineApplOnlineDeployerImpl.checkLoginCredentials.DMAUTHEXC)

Would greatly appreciate if anyone could give some inputs or recommendation.

Best regards,

Alex

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member551676
Participant
‎01-13-2015 8:41 AM
0 Kudos

hi all,

Sorry for the late reply, but Issue has been solved,

What i did was, restore DB,  redo SUM.
noticed that my directory for

usr/sap/XIP/SYS/global

usr/sap/XIP/SYS/profile


are NOT softlink


thus i believe having different set of securestore values.


So i have change the global directory to link to /sapmnt/XIP/global

                                   profile directory to link to /sapmnt/XIP/profile

Show replies
Show replies

Answers (5)

Answers (5)

former_member551676
Participant
‎11-27-2014 11:02 AM
0 Kudos

***attached is the full log of SDM

sdmlog20141123.txt.zip
Show replies
Show replies
former_member185239
Active Contributor
‎11-27-2014 10:33 AM
0 Kudos

Hi Alex,

Try to follow the below steps :

1- Bring the system from safe mode to normal mode with the help of configtool.

2. Take a restart of the full system.

3. Reset the password of SDM keep the same password as j2ee_admin as it is dual stack.

4. Maintain the same password in the secure storage against the user j2ee_admin.

5. Maintain the same password of j2ee_admin user in the UME/ABAP database.

5.Take a full restart of the system.

6. Restart the SUM tool.

With Regards

Ashutosh Chaturvedi

Show replies
Show replies
former_member551676
Participant
‎11-27-2014 11:03 AM
0 Kudos

how about SAP* ?

SUM will be using SAP*, not j2ee_admin

* Taken from 5.3 Configuration phase of SUM tool

The update reconfigure user management engine (UME) so that only the SAP* user can access the system. The SAP* user is only active during the downtime phase of the update. The update program deactivates it after the downtime phase has finished and restores the original UME configuration.

Re: SDM Log: Cannot login to the SAP J2EE Engine using user and password as provided in the Filesyst...

former_member185239
Active Contributor
‎11-27-2014 11:21 AM
0 Kudos

Hi Alex,

What you are saying is true. Are you able to logon to the SDM using SAP*

Moreover SUM creates a copy of Secstore.properties file Jupgrade.properties in /global/security/data folder. It will be using that file so you need to reset the password of SDM and maintaining the same in securestorage.

With Regards

Ashutosh Chaturvedi

former_member551676
Participant
‎11-27-2014 1:49 PM
0 Kudos

Hi Ash,

Firstly thank you for you inputs, but how do i login to SDM using SAP* ?
I just tried using SDM's password and i was able to login in integrated mode.

For Visual Administrator,

I am able to login with j2ee_admin

I tried with SAP* will result in "Error in connecting",

From visual_administration.0.trc

Error#1#/System/Server/VisualAdministrationTool#Java###Error while trying to login to localhost: User not authorized.

I tried on purpose with a wrong password for SAP*, Visual Administrator will prompt me a messagebox saying authentication is wrong.

This is my current value for secorestore. ( currently SUM is at 5.5 Preprocessiong, only at 5.6 Execution, it will start to deploy )

Shouldnt the admin/user/xip should be j2ee_admin ?

Best regards,

Alex

added securestore screenshot, this is taken when SUM is still at 5.5  Preprocessing

former_member185239
Active Contributor
‎11-27-2014 2:08 PM
0 Kudos

Hi Alex,

First of all bring the java from safe mode to normal mode.(take a full restart)

Replace the user SAP* to J2EE_ADMIN.(maintain the same password as it is)

Take a full start

Start the SUM tool. Though it will be a time consuming.

With Regards

Ashutosh Chaturvedi

Former Member
‎11-25-2014 12:56 PM
0 Kudos

Hello Alex

Secure Store parameters:

admin/user/XIP = SAP*

admin/password/XIP = sample123

should have the value of "Administrator" user. I am not sure if SUM replaces the parameter values with that of SAP* user during execution. If you set these parameters to SAP*, you need to change them back to "Administrator". If you changed the password of "Administrator" user in UME, you need to maintain same password in admin/password/XIP. During execution, SDM reads logon parameter values from secure store to logon onto J2EE Engine.

Cheers,

Tapan

Show replies
Show replies
former_member551676
Participant
‎11-27-2014 2:01 AM
0 Kudos

HI Tapan,

My system is a dual stack, so the value for admin/user/<SID> would be 'j2ee_admin' by default
I believe for single stack system, it will have the default value of 'administrator' as you mentioned

Yes, SUM will change it to SAP* during downtime, after it is done, SUM will restore back to the original UME.

its just weird that during 5.5 Execution, it detects a wrong password.

Best regards,

Alex Lee

Additional information

* Taken from 5.3 Configuration phase of SUM tool

The update reconfigure user management engine (UME) so that only the SAP* user can access the system. The SAP* user is only active during the downtime phase of the update. The update program deactivates it after the downtime phase has finished and restores the original UME configuration.

divyanshu_srivastava3
Active Contributor
‎11-23-2014 6:11 AM
0 Kudos

Hi Alex,

It's a know reported issue.

you may follow above mentioned note or check below thread

Regards

Show replies
Show replies
former_member551676
Participant
‎11-27-2014 2:44 AM
0 Kudos

Hi Divyanshu

I just read the thread, there is still no solution on why SDM is still using old password after author changed it.

For my case it a little bit different as i am performing a SPS patching via SUM tool.
SUM tool will use SAP* to connect to SDM.

Sriram2009
Active Contributor
‎11-27-2014 3:18 AM
0 Kudos

Hi Alex

1. When you are performing the Support pack upgrade using SUM tool,Sum tool internal call in JAVA stack JSPM / SDM & ABAP stack SPAM /SAINT

2. SAP* user id is having some limitation, you have to use DDIC equivalent user id (Not DDIC), To start the SUM tool you have to use SIDADM user id

BR

SS

divyanshu_srivastava3
Active Contributor
‎11-27-2014 7:42 AM
0 Kudos

Hi Alex,

Have you tried using J2EE_ADMIN user as administrator(dual stack) in configtool ?

Regards,

former_member551676
Participant
‎11-27-2014 10:25 AM
0 Kudos

Hi Sriram,

The process of SUM will use SAP* to connect to SDM. I wouldnt want to change it to other user.

You can checkout the screenshot below, at Additional Information.

divyanshu_srivastava3
Active Contributor
‎11-27-2014 10:32 AM
0 Kudos

Yes, that is correct.

However, if you have done everything correctly, how come it's failing ?

Can you upload the full log once again.

Regards,

former_member551676
Participant
‎11-27-2014 11:01 AM
0 Kudos

SUM/sdt/log/SUM/DEPLOY-JAVACORE_32.LOG

Nov 23, 2014 10:07:00 AM [Error ]: The following problem has occurred during step execution: com.sap.sdt.j2ee.tools.sdmprocess.SDMProcessException: Cannot execute Java process for deployList with parameters /usr/sap/XIP/SUM/sdt/tmp/deploy_list.txt.

Return code condition success evaluated to false for process java for action ACTION_DEPLOY_LIST.


usr/sap/XIP/SUM/sdt/tmp/deploy_list.txt.

/sapmnt/XIP/patches/SAPJTECHS31_0-10003467.SCA




SUM/abap/log/sdmlog20141123.log

Attached

sdmlog20141123.txt.zip
Former Member
‎11-23-2014 5:56 AM
0 Kudos

Have you checked the below note:

1228507 - Config Tool does not properly save password in Secure Store

regards,

pavan

Show replies
Show replies
former_member551676
Participant
‎11-23-2014 6:06 AM
0 Kudos

hi Kumar,

Yes i am aware of this sapnote. I have use the recommended step 1 but still the same problem when repeat SUM.

Also i do no think it affect my system as JAVA is on SP31. If i drill down to component

(http://hostname:50200/monitoring/ComponentInfo),

All of them are SP24 and above

sap.com/SAP-JEECOR7.00 SP31 (1000.7.00.31.0.20140520160053)20141122111416
sap.com/SAP-JEE7.00 SP31 (1000.7.00.31.0.20140520160024)20141122111333


1228507 - Config Tool does not properly save password in Secure Store
This is issue has been fixed in SP23 of SAP J2EE Engine 6.40 and SPS17 of SAP J2EE Engine 7.00.


best regards,
Alex

Sriram2009
Active Contributor
‎11-23-2014 7:47 PM
0 Kudos

Hi Alex

Could you check this SAP KBA

1671795 - Incorrect configuration of the 'service.naming' policy configuration causes deployment to ...


BR

SS

former_member551676
Participant
‎11-27-2014 3:23 AM
0 Kudos

Actually i have gone through all the mentioned sapnotes. WIll double check again if i missed out anything.

1671795 - Incorrect configuration of the 'service.naming' policy configuration causes deployment to fail

701654 - Deployment aborts due to wrong J2EE Engine login information

1552513 - Deployment fails due to SDM connection issues to JAVA engine

Sriram2009
Active Contributor
‎11-27-2014 3:35 AM
0 Kudos

Hi Alex

If possible do the full restart and then try again in the same phase

BR

former_member551676
Participant
‎11-27-2014 3:49 AM
0 Kudos

Yes, point taken. previously i only did a Java restart, but not a system restart ( but stated in the sapnote, only require a java restart ? )

Will try this too on my next attempt.

Sriram2009
Active Contributor
‎11-27-2014 4:00 AM
0 Kudos

Do the full restart and then try again in the same phase. update the latest log

BR

Ask a Question