25 Replies Latest reply: Jan 29, 2014 1:10 PM by Reagan Benjamin RSS

SAP NetWeaver Application Server Java

Bastian Victor
Currently Being Moderated

Hello,

 

I changed the authorization method to client-cert without configuration and saved it. Now I have no chance to access nwa to reset it:

 

  Error: Unauthorized

  SAP Technology Troubleshooting Guide

Details:
No details available.

 

What can I do? Any ideas?

 

Best regards,

Bastian

 

PS: UNIX Server...

  • Re: SAP NetWeaver Application Server Java
    Roman N
    Currently Being Moderated

    What is your version of AS Java? For J2EE 7.00 you can modify authentication stack as described in Note 957355 - Cannot log on to the Visual Administrator or deploy via SDM. I don't know if it's relevant for more recent releases. In any way it's make sense to perform backup of your system before doing anything.

  • Re: SAP NetWeaver Application Server Java
    Kiran Kumar Nekkanti
    Currently Being Moderated

    go to this path /sapmnt/SID/global/security/data

     

    comment all entries in icm_filter_rules.txt and restart application.

  • Re: SAP NetWeaver Application Server Java
    Himanshu sharma
    Currently Being Moderated

    Hi,

    Please send us the error logs.

     

    Regards,

    Himanshu

  • Re: SAP NetWeaver Application Server Java
    Bastian Victor
    Currently Being Moderated

    Hi all,

     

    I compared our development system (this one works) with the error q-system:

     

     

    How can I change the method back?

     

    Best regards,

    Bastian

  • Re: SAP NetWeaver Application Server Java
    Reagan Benjamin
    Currently Being Moderated

    Hello

    Please check the latest default trace file present at /usr/sap/SID/JC00/j2ee/cluster/server0/log

     

    Regards

    RB

    • Re: SAP NetWeaver Application Server Java
      Bastian Victor
      Currently Being Moderated

      Hello,

       

      what should I look for?

       

      Regards,

      Bastian

      • Re: SAP NetWeaver Application Server Java
        Reagan Benjamin
        Currently Being Moderated

        Hello

        Like I said before you need to check the latest default trace file

        cd /usr/sap/SID/JC00/j2ee/cluster/server0/log

        ls -latr

        check the file that is called defaultTrace.trc (the latest one)

         

        Regards

        RB

        • Re: SAP NetWeaver Application Server Java
          Bastian Victor
          Currently Being Moderated

          Hello,

           

          this is are the latest entries:

           

          #2.0 #2013 08 30 17:38:44:217#+0200#Warning#com.sap.engine.services.deploy.server.TransactionManager#

          com.sap.ASJ.dpl_ds.0005540#BC-NWA-INC-DEV#sap.com/tc~lm~itsam~nwa~tools~ear#C0000AE10323003A00000004002D0028#12496550000000001##com.sap.engine.services.deploy.server.TransactionManager####1FDF3D5E118A11E3C06D000000BEAEA6#1fdf3d5e118a11e3c06d000000beaea6#1fdf3d5e118a11e3c06d000000beaea6#0#Deploy Parallel Start Thread 2#Plain##

          Global [startApp] operation of application [sap.com/tc~lm~itsam~nwa~tools~ear] finished with non-critical warnings for [97] ms on server process [12496550]: #

           

          #2.0 #2013 08 30 17:38:44:217#+0200#Warning#com.sap.engine.services.deploy.server.TransactionManager#

          com.sap.ASJ.dpl_ds.0005541#BC-NWA-INC-DEV#sap.com/tc~lm~itsam~nwa~tools~ear#C0000AE10323003A00000005002D0028#12496550000000001##com.sap.engine.services.deploy.server.TransactionManager####1FDF3D5E118A11E3C06D000000BEAEA6#1fdf3d5e118a11e3c06d000000beaea6#1fdf3d5e118a11e3c06d000000beaea6#0#Deploy Parallel Start Thread 2#Plain##

          Global [startApp] operation of application [sap.com/tc~lm~itsam~nwa~tools~ear] finished with non-critical warnings for [97] ms on server process [12496550]: [

          >>> Warnings <<<

              1). Cannot load servlet [com.sap.lm.itsam.testmbean.TestMbeans]. Error is: [java.lang.ClassNotFoundException: com.sap.lm.itsam.testmbean.TestMbeans

          ------------------------- Loader Info -------------------------

          ClassLoader name: [sap.com/tc~lm~itsam~nwa~tools~ear]

          Loader hash code: 128a8aa5

          Living status: alive

          Direct parent loaders:

             [system:Frame]

             [interface:webservices]

             [interface:cross]

             [interface:security]

             [interface:transactionext]

             [library:webservices_lib]

             [library:opensql]

             [library:jms]

             [library:ejb20]

             [service:p4]

             [service:ejb]

             [service:servlet_jsp]

             [sap.com/tc~lm~itsam~ui~application~api]

          No resources !

          ---------------------------------------------------------------].

              2). Cannot load servlet [com.sap.tc.lm.itsam.nwa.tools.web.example.regservlet.RegisterExampleMbean]. Error is: [java.lang.ClassNotFoundException: com.sap.tc.lm.itsam.nwa.tools.web.example.regservlet.RegisterExampleMbean

          ------------------------- Loader Info -------------------------

          ClassLoader name: [sap.com/tc~lm~itsam~nwa~tools~ear]

          Loader hash code: 128a8aa5

          Living status: alive

          Direct parent loaders:

             [system:Frame]

             [interface:webservices]

             [interface:cross]

             [interface:security]

             [interface:transactionext]

             [library:webservices_lib]

             [library:opensql]

             [library:jms]

             [library:ejb20]

             [service:p4]

             [service:ejb]

             [service:servlet_jsp]

             [sap.com/tc~lm~itsam~ui~application~api]

          No resources !

          ---------------------------------------------------------------].]#

           

          #2.0 #2013 08 30 17:38:55:393#+0200#Warning#com.sap.engine.services.deploy.server.TransactionManager#

          com.sap.ASJ.dpl_ds.0005540#BC-NWA-SOV#sap.com/tc~lm~itsam~ui~tspreg~app#C0000AE10323001B00000004002D0028#12496550000000001##com.sap.engine.services.deploy.server.TransactionManager####1FDF3D5E118A11E3C06D000000BEAEA6#1fdf3d5e118a11e3c06d000000beaea6#1fdf3d5e118a11e3c06d000000beaea6#0#Deploy Parallel Start Thread 5#Plain##

          Global [startApp] operation of application [sap.com/tc~lm~itsam~ui~tspreg~app] finished with non-critical warnings for [223] ms on server process [12496550]: #

           

          #2.0 #2013 08 30 17:38:55:393#+0200#Warning#com.sap.engine.services.deploy.server.TransactionManager#

          com.sap.ASJ.dpl_ds.0005541#BC-NWA-SOV#sap.com/tc~lm~itsam~ui~tspreg~app#C0000AE10323001B00000005002D0028#12496550000000001##com.sap.engine.services.deploy.server.TransactionManager####1FDF3D5E118A11E3C06D000000BEAEA6#1fdf3d5e118a11e3c06d000000beaea6#1fdf3d5e118a11e3c06d000000beaea6#0#Deploy Parallel Start Thread 5#Plain##

          Global [startApp] operation of application [sap.com/tc~lm~itsam~ui~tspreg~app] finished with non-critical warnings for [223] ms on server process [12496550]: [

          >>> Warnings <<<

              1). com.sap.ASJ.web.000607 (Failed in component: sap.com/tc~lm~itsam~ui~tspreg~app, BC-NWA-SOV) Initialization of servlet [TechSysProReg] failed. Check init() method of servlet. Error is: [java.lang.NoClassDefFoundError: com/sap/sld/api/std/tech/SLD_ApplicationSystem]]#

           

          #2.0 #2013 08 30 17:39:18:602#+0200#Error#com.sap.portal.prt.runtime.broker#

          #EP-PIN-PRT#tc~epbc~prtc~api#C0000AE10323004900000000002D0028#12496550000009623##com.sap.portal.prt.runtime.broker#Guest#0##1FDF3D5E118A11E3C06D000000BEAEA6#1fdf3d5e118a11e3c06d000000beaea6#1fdf3d5e118a11e3c06d000000beaea6#0#Application [55]#Plain##

          Could not start portal service: com.sap.ip.bi.web.portal.deployment.bideployment

          [EXCEPTION]

          com.sapportals.portal.prt.service.ServiceException: Error while retrieving service: com.sap.ip.bi.web.portal.deployment.bideployment

              at com.sap.portal.prt.service.ServiceManager.get(ServiceManager.java:270)

              at com.sap.portal.prt.broker.PortalModuleItem.load(PortalModuleItem.java:226)

              at com.sap.portal.prt.om.ObjectsManager.craeteObejctHandle(ObjectsManager.java:221)

              at com.sap.portal.prt.om.ObjectsManager.getObjectHandle(ObjectsManager.java:141)

              at com.sap.portal.prt.broker.PortalAppBroker.getPortalModule(PortalAppBroker.java:324)

              at com.sap.portal.prt.container.PortalLifecycleHandler.onStart(PortalLifecycleHandler.java:46)

              at com.sap.engine.services.servlets_jsp.server.deploy.impl.WebContainerProvider.start(WebContainerProvider.java:707)

              at com.sap.engine.services.servlets_jsp.server.deploy.impl.WCEAppThreadInitializer.run(WCEAppThreadInitializer.java:77)

              at com.sap.engine.services.deploy.server.utils.concurrent.impl.CleanRunnable.run(CleanRunnable.java:54)

              at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

              at java.security.AccessController.doPrivileged(Native Method)

              at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:185)

              at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:302)

          Caused by: com.sap.portal.prt.broker.PortalServiceNotFoundException: Could not retrieve portal service: com.sap.ip.bi.web.portal.deployment|bideployment

              at com.sap.portal.prt.broker.PortalAppBroker.getPortalService(PortalAppBroker.java:504)

              at com.sap.portal.prt.service.ServiceManager.getPortalServiceItem(ServiceManager.java:431)

              at com.sap.portal.prt.service.ServiceManager.get(ServiceManager.java:220)

              ... 12 more

          Caused by: com.sap.portal.prt.om.ObjectNotAvailableException: Object: [com.sap.ip.bi.web.portal.deployment|bideployment] load failed

              at com.sap.portal.prt.om.ObjectsManager.craeteObejctHandle(ObjectsManager.java:232)

              at com.sap.portal.prt.om.ObjectsManager.getObjectHandle(ObjectsManager.java:141)

              at com.sap.portal.prt.broker.PortalAppBroker.getPortalService(PortalAppBroker.java:499)

              ... 14 more

          Caused by: com.sap.portal.prt.broker.PortalServiceInstantiationException: Could not instantiate implementation class com.sap.ip.bi.webapplications.deployment.services.BIDeploymentService of Portal Service com.sap.ip.bi.web.portal.deployment|bideployment because: Error occured during the instansiation process. Check the cause exception for more details.

              at com.sap.portal.prt.broker.PortalServiceItem.createServiceInstance(PortalServiceItem.java:303)

              at com.sap.portal.prt.broker.PortalServiceItem.getServiceInstance(PortalServiceItem.java:204)

              at com.sap.portal.prt.broker.PortalServiceItem.load(PortalServiceItem.java:578)

              at com.sap.portal.prt.om.ObjectsManager.craeteObejctHandle(ObjectsManager.java:221)

              ... 16 more

          Caused by: java.lang.InstantiationException: com.sap.ip.bi.webapplications.deployment.services.BIDeploymentService

              at java.lang.Class.newInstance0(Class.java:340)

              at java.lang.Class.newInstance(Class.java:308)

              at com.sap.portal.prt.broker.PortalServiceItem.createServiceInstance(PortalServiceItem.java:291)

              ... 19 more

           

          #

           

          #2.0 #2013 08 30 17:39:53:377#+0200#Error#com.sapportals.wcm.service.scheduler.SchedulerTime#

          #EP-KM-FWK-RF#sap.com/com.sap.netweaver.bc.sf.service#C0000AE10323005100000003002D0028#12496550000010992#sap.com/com.sap.km.application#com.sapportals.wcm.service.scheduler.SchedulerTime.setAvailableTimeZones()#Guest#0##1FDF3D5E118A11E3C06D000000BEAEA6#1fdf3d5e118a11e3c06d000000beaea6#1fdf3d5e118a11e3c06d000000beaea6#0#Application [54]#Plain##

          The specified time zone is not found in SchedulerTime config class#

           

          #2.0 #2013 08 30 17:39:53:568#+0200#Error#com.sapportals.wcm.service.scheduler.SchedulerTime#

          #EP-KM-FWK-RF#sap.com/com.sap.netweaver.bc.sf.service#C0000AE10323005100000004002D0028#12496550000010992#sap.com/com.sap.km.application#com.sapportals.wcm.service.scheduler.SchedulerTime.setAvailableTimeZones()#Guest#0##1FDF3D5E118A11E3C06D000000BEAEA6#1fdf3d5e118a11e3c06d000000beaea6#1fdf3d5e118a11e3c06d000000beaea6#0#Application [54]#Plain##

          The specified time zone is not found in SchedulerTime config class#

           

          #2.0 #2013 08 30 17:39:53:601#+0200#Error#com.sapportals.wcm.service.scheduler.SchedulerTime#

          #EP-KM-FWK-RF#sap.com/com.sap.netweaver.bc.sf.service#C0000AE10323005100000005002D0028#12496550000010992#sap.com/com.sap.km.application#com.sapportals.wcm.service.scheduler.SchedulerTime.setAvailableTimeZones()#Guest#0##1FDF3D5E118A11E3C06D000000BEAEA6#1fdf3d5e118a11e3c06d000000beaea6#1fdf3d5e118a11e3c06d000000beaea6#0#Application [54]#Plain##

          The specified time zone is not found in SchedulerTime config class#

           

          #2.0 #2013 08 30 17:52:44:100#+0200#Error#com.sap.aii.af.service.trex.TrexScheduler#

          #BC-XI-CON-AFW#com.sap.aii.af.lib#C0000AE10323006C00000000002D0028#12496550000002995##com.sap.aii.af.service.trex.TrexScheduler.TrexScheduler: run()#Guest#0##F20CBDC4118911E3B2AFCAC8124D9F04#f20cbdc4118911e3b2afcac8124d9f04#f20cbdc4118911e3b2afcac8124d9f04#0#Application [44]#Plain##

          TrexException - couldn't get Trex configuration for index. Message: Class: com.sap.aii.af.service.trex.TrexException : TrexException in Method: TrexManager: getTrexConfiguration(). Couldn't get Trex configuration for index. Message: Class: com.sap.aii.af.service.trex.TrexException : SLDException in Method: Util: getIndex(). Couldn't get the SLD instance name. Therefore the index ID couldn't be inititialized. - Message: Failed to initialize ExchangeProfile properties. Reason: Unable to read configuration data (ExchangeProfile/aii.properties); To-String: com.sap.aii.af.lib.sld.SLDException: Failed to initialize ExchangeProfile properties. Reason: Unable to read configuration data (ExchangeProfile/aii.properties).#

  • Re: SAP NetWeaver Application Server Java
    Bastian Victor
    Currently Being Moderated

    Hi all,

     

    I found something in security_00.1.log:

     

    #2.0 #2013 09 03 07:45:20:330#+0200#Info#/System/Security/Authentication#

    #BC-JAS-SEC#security#C0000AE10323017100000001002D0028#12496550000000004#sap.com/tc~lm~itsam~ui~mainframe~wd#com.sap.engine.services.security.authentication.logincontext.table#Guest#0##5D02A13F13D311E39F88000000BEAEA6#5d02a13f13d311e39f88000000beaea6#5d02a13f13d311e39f88000000beaea6#0#Thread[HTTP Worker [@938955880],5,Dedicated_Application_Thread]#Plain##

    LOGIN.FAILED

    User: N/A

    IP Address: 10.181.32.42

    Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd

    Authentication Stack Properties:

            policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd

            realm_name = Upload Protected Area

     

    Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details

    1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception             true       java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=PPO", S/N=0) not found.

            \#1 trusteddn1 = CN=QEC,OU=I0020082622,OU=SAP Web AS,O=SAP Trust Community,C=DE

            \#2 trustediss1 = CN=QEC,OU=I0020082622,OU=SAP Web AS,O=SAP Trust Community,C=DE

            \#3 trustedsys1 = QEC,100

            \#4 ume.configuration.active = true

    2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          false                 false     

    3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          false                 true       #

     

     

    and in security_audit_00.1.log:

     

    #2.0 #2013 09 03 07:45:13:396#+0200#Info#/System/Security/Audit/Logon#

    #BC-JAS-SEC-UME#com.sap.security.core.sda#C0000AE10323016F00000002002D0028#12496550000000004#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0##0E6FED5B13CD11E3A2A9000000BEAEA6#0e6fed5b13cd11e3a2a9000000beaea6#0e6fed5b13cd11e3a2a9000000beaea6#0#Thread[HTTP Worker [@1243300871],5,Dedicated_Application_Thread]#Plain##

    Logon failed    | LOGIN.ERROR    | null    |     | Login Method=[default], IP Address=[10.181.32.42], UserID=[m24891], Reason=[Cannot authenticate the user.]#

     

    Regards,

    Bastian

    • Re: SAP NetWeaver Application Server Java
      Maria Dias
      Currently Being Moderated

      Hi Bastian,

       

      Did you solved the problem? We have the same issue (Error: Unauthorized) when trying to access to nwa and the same message text in security log.

       

      Thanks and Best Regards

    • Re: SAP NetWeaver Application Server Java
      Rishi Abrol
      Currently Being Moderated

      Hi,

      Can you please let me know what exactly you changed so that i can tell you the method to change it.

       

      Second thing if you have changed the authentication rule you can change them in config tool.

       

      To solve this you need to change the Authschemes.xml file.

       

      In the file, change the authscheme template for "uidpwdlogon".

      <!--  References for Authentication Schemes, this section must be after authschemes -->

       

       

          <authscheme-refs>

              <authscheme-ref name="default">

                  <authscheme>uidpwdlogon</authscheme>

              </authscheme-ref>

       

       

              <authscheme-ref name="UserAdminScheme">

                  <authscheme>uidpwdlogon</authscheme>

              </authscheme-ref>

          </authscheme-refs>

       

       

      You can refer below link for Changing the authschemes.xml File   http://help.sap.com/saphelp_nw73/helpdata/en/1a/3afd4e641b8f42ac07bb77fe30375b/content.htm

       

      Restart your server.

       

      Or you can take the reference of the dev system.

       

      Thanks

      Rishi Abrol

      • Re: SAP NetWeaver Application Server Java
        Kevin Maerz
        Currently Being Moderated

        Hello!

         

        I have the similar problem as above.

         

        I changed my authschemes.xml to:

         

        <?xml version="1.0" encoding="UTF-8"?>

        <!--  Configuration File for Authentication Schemes -->

        <!-- $Id: //shared_tc/com.sapall.security/dev/src/_deploy/dist/configuration/shared/authschemes.xml#5 $ from $DateTime: 2004/01/22 15:00:46 $ ($Change: 14214 $) -->

        <document>

         

             <authschemes>

                <!--  authschemes, the name of the node is used -->

                <authscheme name="uidpwdlogon">

                    <!-- multiple login modules can be defined -->

                    <authentication-template>

                      ticket

                    </authentication-template>

                    <priority>20</priority>

                    <!-- the frontendtype TARGET_FORWARD = 0, TARGET_REDIRECT = 1, TARGET_JAVAIVIEW = 2 -->

                    <frontendtype>2</frontendtype>

                    <!-- target object -->

                    <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>

                </authscheme>

         

                <authscheme name="certlogon">

                    <authentication-template>

                        client_cert

                    </authentication-template>

                    <priority>21</priority>

                    <frontendtype>2</frontendtype>

                    <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>

                </authscheme>

         

                <authscheme name="basicauthentication">

                    <authentication-template>

                        ticket

                    </authentication-template>

                    <priority>20</priority>

                    <frontendtype>2</frontendtype>

                    <frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>

                </authscheme>

         

                <authscheme name="header">

                    <authentication-template>

                        header

                    </authentication-template>

                    <priority>5</priority>

                    <frontendtype>2</frontendtype>

                    <frontendtarget>com.sap.portal.runtime.logon.header</frontendtarget>

                </authscheme>

         

                <!-- Reserved 'anonymous' authscheme added for being in the list of authschemes -->

                <authscheme name="anonymous">

                    <priority>-1</priority>

                </authscheme>

         

            </authschemes>

         

            <!--  References for Authentication Schemes, this section must be after authschemes -->

         

            <authscheme-refs>

                <authscheme-ref name="default">

                    <authscheme>uidpwdlogon</authscheme>

                </authscheme-ref>

         

                <authscheme-ref name="UserAdminScheme">

                    <authscheme>uidpwdlogon</authscheme>

                </authscheme-ref>

            </authscheme-refs>

         

        </document>

         

        But error continues...

        I am running also 7.3, but on a Windows System.

         

        Is my authschemes.xml correct now? Any ideas where I can change the way you are authorized by default back to form?

         

        Thanks and regards

        Kevin

  • Re: SAP NetWeaver Application Server Java
    Prabhakar BR
    Currently Being Moderated

    Hi,

     

    Can you try this ..

     

    login configtool :

    switch to confuguration mode

    goto Configurations -> authentication -> UME User Store

                                -> configuration -> basic

                                                                    - ticket

     

    and change it back to default values.

     

    BR,

    Prabhakar

  • Re: SAP NetWeaver Application Server Java
    Kevin Maerz
    Currently Being Moderated

    Yes, of course. See attachment. I just pasted the lines which where generated during this restart.

     

    Thanks and regards

    Kevin

Actions