on 12-31-2007 1:10 PM
Hello All,
I am not able to login into Visual Administrator.
Version = NW04s SP9
Exception message = Error while connecting com.sap.services.security.exceptions.BaseLoginException ; Access Denied
Tried the below options but in vain:
1. Reset of 'administrator' user-account.
2. Followed all the steps as mentioned in SAP Note - 957355
3. Followed the steps as mentioned in this link -> http://help.sap.com/saphelp_nw04/helpdata/en/99/281540bf1af72ee10000000a1550b0/frameset.htm
Please guide me as to how can I resolve this issue.
I was attempting to setup the Kerberos configuration..and since then this issue arose.
Awaiting Reply.
Thanks and Warm Regards,
Ritu
Hi All,
If you started getting this error after configuring some sort of SSO, then it is most likly that you have altered the authentication stack for the visual administrator buy mistake (as it can't use sso, login to it will fail). To fix this you need to follow the solution on note 957355, which sets the stack back to the basic password module.
Kind regards,
Cathal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Have you resolved this problem? I am getting the same error. I can login to Portal with Administrator user, but can't login to VA.
I have successfully configured SPNego with Active Directory as UME Datasource.
I have opened an OSS message with SAP as well.
Regards
Chandu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
did you have any solution for this problem? I have the same problem as well. We have never done any kind of spnego or other certification checks.
I can logon to webbased things with the Administrator account, but cannot logon to Visual Admin.
The whole problem emerged from SMD installation. The wizard reported a problem with when tried to login to the target system with the Administrator account to the P4 port. So I checked if I can logon with the Administrator account. I could to e.g. SystemInfo page or e.g. NWA. But I could not logon to Visual Admin.
Cheers
Hi Ritu
I see you already have taken the correct steps, so i cannot give you a quick solution.
1. Do you have a java-only system, or is it dualstack (abap + j2ee)?
2. Where are your users stored (abap ume, java db, ldap)?
3. Did you use spnego for the kerberos configuration?
Can you please check, if you can logon to the j2ee in your browser. For example to http://<yourhost>:<http_port>/nwa
Please try your adminstrator and if you have another user with admin rights.
Best regards, Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Michael,
Wish you a very Happy New Year
Regarding your queries:
1. Do you have a java-only system, or is it dualstack (abap + j2ee)?
--> Portal us running on Java stack only.
2. Where are your users stored (abap ume, java db, ldap)?
--> UME is connected with LDAP...(MS ADS)
3. Did you use spnego for the kerberos configuration?
---> Yes we did configure SPNego but it did not work.
So to confirm the configurations done (especially kerberos Login Module) I wanted to access Visual Admin
I am able to login into Portal + NWA using the administrator useraccount.
Please guide....
Warm Regards,
Ritu
Hi Ritu
Wish you a very Happy New Year
--> Thanks, i wish you the same
Sorry for the large post, i am guessing a bit here.
First, you can check your login module in the configtool:
which login stack is used?
Buttton "switch to configuration editor mode" -> configurations -> cluster_data -> server -> persistent -> com.sap.security.core.ume.service -> authschemes.xml
There is an entry called default, pointing to an authscheme, uippwdlogon in my example:
<authscheme-ref name="default">
<authscheme>uidpwdlogon</authscheme>
</authscheme-ref>
and uipwdlogon points to the login stack ticket:
<authscheme name="uidpwdlogon">
<authentication-template>
ticket
</authentication-template>
To see the login stack, in my example ticket, go back to:
configurations -> security -> configurations -> ticket -> ...
Second, if you can logon to nwa/irj with your administrator then you should be able to logon to the visual admin tool as well ...
- unless you have a local administrator (stored in j2ee user db) and one stored in the MS ADS, this could be seen in irj -> User Administration (select all data sources)
- unless you did authenticate with another method than basic authentication (kerberos ticket?) to nwa/irj, this can be checked with the diagtool, see sap note 982127
- (any other i forgot)
Further things you can try:
- if you have another user with admin rights, try to login to the visual admin with this user
- disconnect the MS ADS temporarily and try to login then
- i think you also should open a OSS message to get input from SAP support
Just come back, if you need further clarifications.
Best regards, Michael
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.