cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Uninstalling a dialog instance removed domain accounts

Go to solution
Former Member

on ‎06-04-2015 2:43 PM

0 Kudos

We installed a new dialog instance on our QAS system. The system

previously had two instances that were clustered. We then uninstalled

the new dialog instance. When we uninstalled, we answered "yes" to the

question to remove OS accounts. The system uses SNC. Now we can't log

in using SNC. We get a message that says:

GSS-API(maj):Miscellaneous Failure

GSS-API(min):SPPI u2u-problem: please add Service principle to targe

targer="p:SAPServiceQAS@ABCD.ORG"

Error in SNC

I think the qasadm and SAPAServiceQAS domain accounts got deleted when

the new dialog instance was uninstalled. To try to resolve this issue, we tried to

reinstall the dialog instance. I think this recreated the qasadm and SAPServiceQAS domain accounts.

We got an error when sapinst tried to start the new instance. Errors in the dev_w* files say:

C ERROR: -1 in function SQLConnectWithRetry (SQLConnectWithRetry)

[line 2307]

C (18456) [28000] [Microsoft][SQL Server Native Client 10.0][SQL

Server]Login failed for user 'ABDC\SAPServiceQAS'.

I had our system administrator add gasadm and SAPServiceQAS into the

Administrators group on the two clustered servers, but we still get the

same error when we try to log in. The system is still up and we can

log in without using SNC (by entering the username and password).

I don't want to try to restart the system because it may not start.

What do we need to do?

Thanks,

Jerry

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

isaias_freitas
Advisor
Advisor
‎06-04-2015 9:54 PM
0 Kudos

Hello,

Even if you manually create the accounts, several other manual steps would have to be performed.

That is because Windows has an internal ID (called "SID") to identify the account, and when you set permissions at the filesystem (for example), the SID that is stored at the permission table, not the username itself.

Thus, you would have to at least:

- replace the permissions of all SAP folders; and

- replace the permissions of all shares related to SAP (e.g., "sapmnt").

You might also need to edit the SAP services ("SAP<SID>_xx" services) at the Windows Services, retyping the user Id/password there.

However, the only "supported solution" would be to completely uninstall and then reinstall this system.

You could check for "system copy" procedures. Depending on your SAP version, you can create a database backup (using DB tools) and use the system copy "target system" option to reinstall the system without losing the data.

You can find the system copy guides at:

http://www.service.sap.com/sltoolset ->

Software Logistic Toolset 1.0 ->

[Scroll down the page] System Provisioning ->

Installation: Systems Based on SAP NetWeaver 7.0 / 7.0 EHPs

Installation: Systems Based on SAP NetWeaver 7.1 and Higher

System Copy: Systems Based on SAP NetWeaver 7.0/7.0 EHPs

System Copy: Systems Based on SAP NetWeaver 7.1 or Higher

Regards,

Isaías

Show replies
Show replies
Former Member
‎06-05-2015 2:54 PM
0 Kudos

Isaias,

Thanks for the information.  The uninstall/reinstall sounds like what we will have to do.  I was hoping the solution wouldn't be that hard.  It might be a couple of weeks before we can try this.  The system is still up and usable.  We have some important projects going on now, so we don't want to take the system down to fix it.  I'll let you know what happens.

Thanks again,

Jerry

Former Member
‎06-30-2015 9:55 PM
0 Kudos

Hi Isaias,

We were able to get the system working again without uninstalling/reinstalling.  We did the following:

  • Recreated the environment variables for the qasadm account on the two cluster nodes.
  • Did the following on each of the cluster nodes to recreate the SAP services:
    1. Log into the NT machine as <sid>adm.
    2. Run 'sapstartsrv.exe'.
    3. Select "Uninstall Service + Unregister COM Interface"
    4. Specify your SID and System Number (NR) and click ok.
    5. Select "Install Service + Register COM Interface + Start Service
    6. Specify your SID and System Number (NR).
    7. Specify your startprofile (use the 'browse' button).
    8. Specify your user as (domain\sapservice<SID>
    9. Specify the passsword for the account.
  • Had out DBA created and run the "Repair Schema" script by using SCHEMA4SAP.VBS as described in SAP Note 551915.
  • Had our Network administrator run the following command:

          setspn -S SAPServiceQAS/name OUR_DOMAIN\SAPServiceQAS

This seems to have fixed the system.  Everything seems to be working fine.  I don't know if this was any better or faster that uninstalling and reinstalling the system.  I'm sure that would have worked too.  I appreciate your advice.

Thank you,

Jerry


Answers (0)

Ask a Question