cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP* User missing in QVM client

Go to solution
Former Member

on ‎11-25-2007 4:38 AM

0 Kudos

Hi All,

I have 2 issues related to SAP default users. (SAP* & DDIC)

1 - We have a 3 landscape systems. (DVM, QVM, PRD). Suddenly I dont know how, sap* user is missing in 200 Client in QVM. Tried to find if anybody deleted it, no records found in Tcode SUIM.

2 - SAP* & DDIC user in client 000, 001 in QVM got locked due to incorrect password attempts, how to login to these clients now, how can I reset their password.

For above issues do we need to do client copy again from DVM system, to get things working again.

Please suggest any documentation/guide to manage these SAP default users.

Thanks

Rupali S

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-26-2007 8:33 AM
0 Kudos

I tried creating user sap* using Tcode SU01, but it does'nt allow me to create the user as it says SUPER group does'nt exists. No it is the situation where SAP*, DDIC users are locked in all the clients (000, 001, 066) & missing in 200, 210 clients.

I am not sure what shud i do now...how to get these users back in running.

Thanks

Rupali S

Show replies
Show replies
Former Member
‎11-26-2007 9:14 AM
0 Kudos

Rupali,

Follwo the following steps,

Prerequisite:

profile parameter login/no_automatic_user_sapstar = 0

If this parameter is not 0 then Set the profile parameter login/no_automatic_user_sapstar to 0 then restart SAP.

Now you have to delete sap* from DB:

sqlplus /nolog

connect / as sysdba

DELETE * from sap<sid>.usr02 where bname='sap' and mandt=<your client where sap is locked>;

commit;

(Note: sap<sid> is the owner of sap table, it may be different in your system, you can search it with the following query:

select username from dba_users;)

Now login to your client where sap* is locked, using sap* and password pass. you will be able to login. Change the password of DDIC thro SU01.

Repeat the process for all the clients where sap* is locked.

Now you will need to deal with the scenerio where sap* and ddic are missing,

Open a notepad in the server type the following,

clientcopy

source client = <client where sap* and ddic are working>

target client = <client where sap* and ddic are missing>

select * from sap<sid>.usr02 with key '000DDIC'

Save the file as pwd.ctl

Now from cmd prompt run

R3trans pwd.ctl

Once done, Login to the client where sap* and ddic are missing as

DDIC and password = password of DDIC in the client which you specified as source client.

Hope this works!

Cheers!

Bidwan

Former Member
‎11-26-2007 11:29 AM
0 Kudos

Hi Bidwan,

That was very beautifully explained & written down by you, thank you for your response.

I have done the following steps...

1 - Deleted SAP* from table USR02 (clients 000, 001, 066, 200) & renamed SAP* to SAP*_Old in 210 client.

2 - Verified the instance profile settings "login/no_automatic_user_sapstar=0" - Settings are correct.

3 - Now I am able to login to client 200 & 210 as SAP* & password PASS.

4 - But I am still unable to login to 000, 001, 066 - it says too many failed attempts.

so now what do you recommend, I have not yet restarted our systems as we will not get downtime till tomorrow morning.

Former Member
‎11-26-2007 11:37 AM
0 Kudos

& 1 more thing I forgot to mention, we have SQL Server 2005, not Oracle DB.

I appretiate once again for the responses from you & Srinivas.

Can I get back to you'll for ny future issues if I have ??

I am working as Basis consultant & I am totally fresher in this field, so facing certain issues to handle for which I appretiate such help.

Thanks

Rupali

Former Member
‎11-27-2007 5:21 AM
0 Kudos

Rupali,

Good to hear that its working in 200 and 210.

For client 000, as suggested earlier please do this (i have modified it this time to suit your scenerio), please use the exact commands below,

Open a notepad in the server type the following,

clientcopy

source client = 200

target client = 000

select * from sap<sid>.usr02 with key '000SAP*'

Save the file as pwd.ctl

Now from cmd prompt run

R3trans pwd.ctl

Once done, Login to the 000 with sap* and password pass( i am assuming the password for sap* in 200 is pass, else use the current password of sap* in 200). Once successful repeat for client 001 by simply replacing the target client as 001.

Please feel free to open a question in this forum whenever you need a solution.

Cheers!

Bidwan

Former Member
‎11-27-2007 8:38 AM
0 Kudos

Hi Bidwan,

We restarted our QVM system & since then SAP* is working in all clients now with pwd as PASS. I changed the password for DDIC user in 200, 210 client & am able to login with tht user as well.

But in client 000, 001, 066 DDIC user, I am not able to set new password, it is still locked & gives error message "Password logon not allowed (too many failed attempts)". How should I remove this message which comes above the password box in the password panel in Tcode SU01. Should I use the script you gave me for sap*. if yes then opening cmd prompt directly at system level, I can run tht script ??

clientcopy

source client = 200

target client = 000

select * from sap<QVM>.usr02 with key '000DDIC*'

Save the file as pwd.ctl

Now from cmd prompt run

R3trans pwd.ctl

Lastly it is said I need to create SAP* user again through SU01 to create user master record, as SAP hardcoded is been utilised currently, so in all clients I have to create SAP* again. But then how will I do so...since DDIC is locked & i login to 000, 001, 066 as SAP*

When trying to create SAP* & DDIC I cannot add "SUPER" user group, (there is an option of USER GROUP "SUPER") - is it mandtory to add this user group for SAP* & DDIC user. Check in your system & let me know.

Thanks Again

Rupali

Answers (3)

Answers (3)

Former Member
‎11-27-2007 10:09 AM
0 Kudos

Issue resolved.

Rupali

Show replies
Show replies
Former Member
‎11-27-2007 10:12 AM
0 Kudos

Great!

Former Member
‎11-27-2007 8:39 AM
0 Kudos

Hi Bidwan,

We restarted our QVM system & since then SAP* is working in all clients now with pwd as PASS. I changed the password for DDIC user in 200, 210 client & am able to login with tht user as well.

But in client 000, 001, 066 DDIC user, I am not able to set new password, it is still locked & gives error message "Password logon not allowed (too many failed attempts)". How should I remove this message which comes above the password box in the password panel in Tcode SU01. Should I use the script you gave me for sap*. if yes then opening cmd prompt directly at system level, I can run tht script ??

clientcopy

source client = 200

target client = 000

select * from sap<QVM>.usr02 with key '000DDIC*'

Save the file as pwd.ctl

Now from cmd prompt run

R3trans pwd.ctl

Lastly it is said I need to create SAP* user again through SU01 to create user master record, as SAP hardcoded is been utilised currently, so in all clients I have to create SAP* again. But then how will I do so...since DDIC is locked & i login to 000, 001, 066 as SAP*

When trying to create SAP* & DDIC I cannot add "SUPER" user group, (there is an option of USER GROUP "SUPER") - is it mandtory to add this user group for SAP* & DDIC user. Check in your system & let me know.

Thanks Again

Rupali

Show replies
Show replies
Former Member
‎11-27-2007 9:06 AM
0 Kudos

Rupali,

1. in Client 000, 001, 066 did you try to unlock the user first before trying to change its password? If not, unlock the user first(using the 'Lock' icon button) and then change password.

2. The script is used when a user is locked in one client ( where there is no other users present through which you can unlock) and working properly in the other client. Please dont get confused.

3. You dont have to create SAP* again. You already have it working. When you deleted the old sap* user and made sure login/no...... parameter =0 and then u logged in with sap/pass, the new sap already got generated. This new user yu are currently using.

Hope this makes clear.

Cheers!

Bidwan

Former Member
‎11-27-2007 10:06 AM
0 Kudos

Hey Bidwan,

Thank you very much my issue has been completly resolved. QVM client is up & running with SAP* & DDIC user properly configured.

We do have to create the SAP* user again once deleted from user master record, as the sap* which is used with pwd PASS is at hardware level/hardcoded & its information is not recorded in User master record, this was told to me by my seniors., This piece of information may be helpful for you.

Thanks Again

Rupali S

Former Member
‎11-25-2007 1:41 PM
0 Kudos

Hello,

1)first of all you have to check in USR02 table whether sap* is existed or not.

you cant get any information in SUIM. please try to execute the report RSSCD100_pfcg.

which shows every change record for the users and also for the roles.

2) No need to do client copies for that tell me one thing how can u perform client copies with login to the target client.. please delete the sap* user from the unix level. for that u have to use the command

delete from (dtabasehostname).USR02 whereMANDT=client no and BNAME=SAP*;

EG: my database host name sapvbw and my client no is 100 then i have to use same syntax like this: delete from sapvbw.usr02 where MANDT=100 and BNAME=SAP*

but ensure that your profile parameter login/no_user_automatic_sapstar=0.

NOTE: iam sure this is not a good practice but you dont have another option.

if you require any further information please feel free to reach out me.

Regards,

Sree

Show replies
Show replies
Ask a Question