cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sap* user locked on client 066

Go to solution
mandeep_kauldhar
Participant

on ‎07-23-2015 3:36 PM

0 Kudos

How can we unlock SAP* user on client 066?

I don't have any other user working as of now on 066. 

I faced information message during installation of ECC6 SR3, last phase 'run ABAP report', test logon to SID system fails.

i tried below options none of the worked:

  • delete user from usr02 and try logging in with sap*/ pass again same error message that sap* is locked.
  • restarted SAP server and tried login again.
  • SAP* on other client 800/000 works fine.
  • tried logging in with earlywatch/support(default password) or SUPPORT
  • I tried the option of creating a z* program on client 800 and do SQL update on field uflag for table USR02 also but same results SAP* is locked.

Is there any other default user on client 066 which i am not aware of? or any other way i can unlock sap* on 066.

Mandeep

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-24-2015 4:54 AM
0 Kudos

Hello,

Unlock the user from SQL level and try with the password 06071992 . Check the below links for more info.

Protecting Standard Users - SAP NetWeaver Application Server ABAP Security Guide - SAP Library

Securing User SAP* Against Misuse

regards,

pavan

Show replies
Show replies
mandeep_kauldhar
Participant
‎07-24-2015 12:31 PM
0 Kudos

I tried by deleting user in db. it still says user is locked. how u unlock user which does not exist in db but hard coded in sap?

Mandeep

Amarnath
Participant
‎07-24-2015 2:08 PM
0 Kudos

Hi Mandeep,

I too have faced a similar type of situation. I got to know the parameter "login/no_automatic_user_sapstar" was maintained in Instance profile. Please check and delete the parameter from that. This might help you.

Best Regards,

Amarnath

mandeep_kauldhar
Participant
‎07-24-2015 2:36 PM
0 Kudos

Hi Amarnath, The said parameter is set to '0' which means SAP* and DDIC are allowed. I am able to login to other clients like 000 and 800 but not 066. the asked parameter is not there in instance profile file at OS level.

Any other clue?

Thanks, Mandeep

Matt_Fraser
Active Contributor
‎07-24-2015 6:41 PM
0 Kudos

Actually, deleting the parameter may not achieve the desired result. At one point the default for this parameter changed from 0 to 1, so deleting it may activate the parameter. To be safe, set the parameter manually to 0, then restart the system. This way, you can be sure that the "automatic" SAP* user will exist if there is no SAP* user defined in the user master.

The "06071992" password hasn't been used as a default for some time. For a while now the initial SAP* password has been set by the user during the installation (i.e., the "master" password is used).

Mandeep, what kernel version does your system have? There was a known error with the old 7.00 kernel at certain patch levels (250 and 251 -- see Note 1459897).

Otherwise, are you sure, in your Z program, that you are deleting the user from client 066 in USR02, and not from the client the program is running in? If you don't have another user in 066 that you can use (and if you did, couldn't you use that user to reset the SAP* password there?), then you may need to do this from the SQL level and not from ABAP.

Cheers,

Matt

mandeep_kauldhar
Participant
‎07-24-2015 8:07 PM
0 Kudos

Thanks Matt, I already have this poarameter declared and set to 0 in default profile. (file default).

Password I am using the one filled as master password.

I am using kernel 721 Sup'Pkg.Lvl. 402 as per PAM; so as per Note 1459897this wont apply to this patch level.

Yes I am sure I deleted user from clnt 066. I used oracle SQL query at the same time to verify deletion before and after running deletion program from clnt 800.

The error (specifically a warning but I treat this as an error as it didn't go away) is occurring toward the end phase of installation of ECC6 SR3 (IDES system, we are a software company so IDES is our production system).  the phase name is 'Run ABAP report'.

After sunning this program I don't see entry in USR02 for user SAP* and client 066; I can login to other client though 000/800.

I don't have any other user in the client 066. as I said I tried earlywatch but didn't worked and don't see this in table usr02 If query on the table usr02 for earlywatch user.

Thanks

Mandeep

Answers (2)

Answers (2)

former_member302072
Discoverer
‎07-27-2015 3:40 AM
0 Kudos
  1. Please check if you are using the correct command to delete the user. Because the delete should work irrespective of whther user is locked or not.
  2. or try to change the user name of SAP* to SAP*.old in usr02 table (instead of deleting it) and then restart your server. SAP* user will be hard coded and will let you login with PASS(but make sure profile parameter allows it)
Show replies
Show replies
mandeep_kauldhar
Participant
‎07-27-2015 4:00 AM
0 Kudos

Honestly I tried few things one of them worked but deleting user from oracle back end was not working with sap* and PASS as password.

Thanks for your help all of you.

Mandeep

jinesh_jayan
Participant
‎07-24-2015 9:53 PM
0 Kudos

Mandeep,

Once you have logged into sql use the below command

SQL>delete from SAPSR3.USR02 where BNAME='SAP*' and MANDT=066;

MANDT is the client number.

Once you have deleted the entry of SAP* for client 066 , you should be able to login in using SAP* and password as PASS or the master password.

Show replies
Show replies
mandeep_kauldhar
Participant
‎07-24-2015 10:01 PM
0 Kudos

Jinesh, I already did that but still not able to login with PASS or master password, please see my first post. it say the user SAP* is locked... to many failed attempt.

Mandeep

former_member204080
Active Contributor
‎07-26-2015 1:01 PM
0 Kudos

HI Mandeep,

Please use below command to unlock sap* and try again .cross check you schema and replcae SAPSR3 in below command

SQL> update SAPSR3.USR02 set uflag=0 where BNAME='SAP*' and MANDT='006';

You should get output as 1 row updated  ,after this commit .If user doesnt exist then 0 rows updated

SQL> commit;

Commit complete.

Regards,

Murali

Ask a Question