Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Users gets locked by incorrect logon

Go to solution
Former Member

‎04-10-2008 4:11 PM

0 Kudos

Hi All,

One user ID gets locked frequently by incorrect password logon.How Do i find from where somebody is trying to connect with wrong passowrd? If this is happening by any RFC how do I find from which system it is coming ?

Please advice.

Thanks,

Suman

1 ACCEPTED SOLUTION

Go to solution
Bernhard_SAP
Employee
Employee

‎04-11-2008 12:50 PM

0 Kudos

Hi Suman,

first step is to identify, if the logon attempts are coming regularly (for instance every day, hour,... at the same time) or after a special event.

If you know, when you expect the next attempt, you need to trace the login. SM20 is not really necessary, but makes it easier to find the workprocess, through which the attempt has been processed.

To trace the login attempt:

[SAP Note 495911|https://service.sap.com/sap/support/notes/495911]

To identify, from which host/system the attempt has been started:

[SAP Note 171805|https://service.sap.com/sap/support/notes/171805]

Good luck!

b.rgds, Bernhard

5 REPLIES 5

Go to solution
Former Member

‎04-10-2008 7:11 PM

0 Kudos

Hi Suman,

You might want to look at another approach to resolve this, however this is one option I take to do a quick lookup on RFC's.

If you do not have too many systems, then an easy step you could take is to export table RFCDES and check field U="desired_name" in the field.

"U= " mentions the user name defined in an RFC. By this you can ensure that the user that is getting locked is not defined in an RFC by mistake.

Hope this helps

Abhishek

Go to solution
Former Member

‎04-10-2008 9:10 PM

0 Kudos

You will get RFC login information for a user if you have the security audit log activated (SM20). It will also tell when a login is failed due to incorrect password

Go to solution
Former Member
In response to Former Member

‎04-10-2008 9:16 PM

0 Kudos

Hi Alex,

I have to go through so much pain for system audit not being enabled . Cant do anything too about it.

Go to solution
Former Member
In response to Former Member

‎04-11-2008 6:35 AM

0 Kudos

Try trx ST03N and imediately switch on Sm19

Go to solution
Bernhard_SAP
Employee
Employee

‎04-11-2008 12:50 PM

0 Kudos

Hi Suman,

first step is to identify, if the logon attempts are coming regularly (for instance every day, hour,... at the same time) or after a special event.

If you know, when you expect the next attempt, you need to trace the login. SM20 is not really necessary, but makes it easier to find the workprocess, through which the attempt has been processed.

To trace the login attempt:

[SAP Note 495911|https://service.sap.com/sap/support/notes/495911]

To identify, from which host/system the attempt has been started:

[SAP Note 171805|https://service.sap.com/sap/support/notes/171805]

Good luck!

b.rgds, Bernhard