- SAP Community
- Products and Technology
- Additional Q&A
- GRC 10.1 EAM getting Incorrect Password at Firefig...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC 10.1 EAM getting Incorrect Password at Firefighter Logon
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 12-17-2014 8:32 PM
Hi SCN community,
Kind of an odd ball issue I am seeing in GRC 10.1's emergency access area. We have one particular firefighter that is no longer allowing users to login as it through GRAC_EAM, while other firefighters work just fine. The error we are getting is either:
Incorrect Name/Password
Too many failed attempts account locked
I have attempted:
Reset the password of/unlocked the firefighter account (both to a set value, and the generate password), closed SAP, and tried to logon as the firefighter again
Ran EAM Master Data Sync through SPRO on our GRC box
I do not see any errors in SLG1 or ST22 (both GRC and the plug in system, in this case our ECC environment) that line up with the time of my attempts of trying to logon as the firefighter.
Has anyone seen this happen before, and how did you fix it? My next option im weighing is dropping the account and recreating it.
Thanks,
Josh
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Wanted to give everyone an update, the firefighter account is working and I am waiting for final word from SAP on if there was anything else they did. So far here is what was done...and this sounds like a troubleshooting 101 answer....:
1) We have CUA running and hooked up to our GRC and ECC environments
2) The password for the firefighter (FF01 from here on out) was set to deactivated in the production CUA environment
3) Logged into production CUA and went to SU01 --> Change Mode --> Logon Data Tab --> set the password to an initial password --> saved
4) back on the main screen of CUA I went and changed the password, this time using the change password option in CUA and selecting the child system and set its password to the same one from step 3
5) Double checked CUA and ECC to make sure everything was in sync and had the user try it again, only this time it worked.
I know its a simple answer but it got things working, hopefully this helps you guys.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Answers (4)
Answers (4)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Josh,
we are experimenting exactly the same issue with FF on an 4.7 ECC system and AC 10.1. since 17. December.
It is a horror, right before Xmas holidays.
Any further hints are highly appreciated.
Regards,
Ines
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
No luck on dropping and recreating the account. It still is passing the "wrong" password from GRC to the ECC environment, while other firefighters in the same system work just fine. Any ideas on where to go from here?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thanks everyone. To answer the questions posed in the above, yes the firefighter account (and all of our firefighter accounts) are service accounts and it and the rfc account are both unlocked and valid (Valid to is null). I have double checked the SPRO parameter and that is still valid and correct as well.
The issue appears to be with the password that GRC is passing to our ECC box for that one firefighter, other firefighters work just fine. I will drop the account and recreate it and see if that clears the issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
__Hi Josh,
is the fire fighter a Service (user type)?
If not please change this and reset the password to an Initial pw via SU01 (with the sign to create a new Password - Do not Change the intial pw later.
Only the Dialog User with use the GRAC_EAM should be a Dialog user.´
- Run Program Repository Object sync
- Run Programm EAM Master Data sync
Then try if it works.
If this not work:
Check if
- the real end user (Dialog user) has a SAP_GRAC_SUPER_USER_MGMT_USER role in the target/backend System (and if you allow centralized log on via GRC also in GRC)
- and the ff-user has the role SAP_SPM_FFID in the target / backend system
and repeat the steps abbove.
Hope this will help.
BR
Melanie
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Melanie,
We have exactly the same issue. Having checked all the pieces of the config, there's nothing amiss ... yet we have this error message. Here's a step by step of what has been checked.
- The human user in the GRC central instance is DIALOG and has the appropriate FF role for users
- The connector to the back end system works and this has been indicated by a successful repository object sync
- EAM Master data sync has been completed successfully
- In the backend system, the FFID has been setup as type service, the password has been initialized and the appropriate role has been assigned to it that's been configured in the central GRC instance
- The FFID has been assigned to an owner and the human user has been associated with the FFID, and a controller has been associated with it
- When the human user logs into the system and runs GRAC_EAM, they see the ID, with a green traffic light, and on attempting to logon, get this error in discussion
At this time, it's unclear what might be wrong as the entire setup seems correct.
Thanks,
Santosh
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
is the FF-user valid (user Validation date on tab "Logon"? Is the user locked.
Another thing could be the customzing.The role SAP_SPM_FFIDmust be maintained (SPRO -> GRC -> AccessControl-> Maintain Configuration Settings-> Emergency User Access 4010
or the rfc-user or pw is not the same in grc and the target System.
Otherwise the Basis must check the plug-in.
BR
Melanie
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Connection issue between SAP MII and SAP ECC in Product Lifecycle Management Q&A
- [SAP BTP Onboarding Series] Joule with SFSF – Common Setup Issues in Technology Blogs by SAP
- Taking Data Federation to the Next Level: Accessing Remote ABAP CDS View Entities in SAP HANA Cloud in Technology Blogs by SAP
- GITLAB AND FIORI CONFIGURATION in S/4 HANA SYSTEM #ATR in Technology Blogs by Members
- Uninstalling SAP System and Reuse SAP Server for new installation #ATR in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.