on 07-27-2013 12:53 PM
Hi,
One user id is getting locked every day at same time automatically with wrong password .
When we check SUIM for change documents we see that value for the lock as 128 ( incorrect password)
and the tcode for the lock is KRNL. and we dont have any other information regarding this.
we have cheked table USR02 as well but did not find any more information
We are manually unlocking everyday as of now but don know the exact reason why is it being locked.
We also checked for any jobs running on the same user id and also any RFC connetions using this user id but did not find any in RFSDES.
The user id is getting locked at alomost same time every day so We dont believe its a manual attempt.
today iam configured the sm19 system log configure this log showing below imformation
Report DSVAS_APPL_CSA_UPD_TASKSTATUS Started |
Successful RFC Call RFC_PING (Function Group = SRFC) |
Password check failed for user BASIS in client 100 |
RFC/CPIC Logon Failed, Reason = 1, Type = S |
Successful RFC Call RFC_PING (Function Group = SRFC) |
Password check failed for user BASIS in client 100 |
RFC/CPIC Logon Failed, Reason = 1, Type = S |
Password check failed for user BASIS in client 100 |
RFC/CPIC Logon Failed, Reason = 1, Type = R |
Successful RFC Call RFC_PING (Function Group = SRFC) |
Password check failed for user BASIS in client 100 |
RFC/CPIC Logon Failed, Reason = 1, Type = S |
Successful RFC Call RFC_PING (Function Group = SRFC) |
Password check failed for user BASIS in client 100 |
User BASIS Locked in Client 100 After Erroneous Password Checks |
RFC/CPIC Logon Failed, Reason = 1, Type = S |
Successful RFC Call RFC_SYSTEM_INFO (Function Group = SRFC) |
RFC/CPIC Logon Failed, Reason = 53, Type = S |
Successful RFC Call RFC_PING (Function Group = SRFC) |
RFC/CPIC Logon Failed, Reason = 53, Type = S |
Successful RFC Call RFC_PING (Function Group = SRFC) |
RFC/CPIC Logon Failed, Reason = 53, Type = S |
RFC/CPIC Logon Failed, Reason = 53, Type = R |
Please check the same and let us know if there is any other way to find out REASONS why the user id is being locked and please also let us know if there are any logs to find the same.
Hi,
Try to create and activate user audit profile using sm19. Then check results in SM20.
It is surely because of some remote call on your current system.
Regards,
Divyanshu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi divyanushu,
activated user audit profile using sm19 and checked results in SM20.also its showing below log
from production server RFC is calling but prd rfcis working fine i dont know what is happening inside
Report DSVAS_APPL_CSA_UPD_TASKSTATUS Started |
Successful RFC Call RFC_PING (Function Group = SRFC) |
Password check failed for user BASIS in client 100 |
RFC/CPIC Logon Failed, Reason = 1, Type = S |
Successful RFC Call RFC_PING (Function Group = SRFC) |
Password check failed for user BASIS in client 100 |
RFC/CPIC Logon Failed, Reason = 1, Type = S |
Password check failed for user BASIS in client 100 |
RFC/CPIC Logon Failed, Reason = 1, Type = R |
Successful RFC Call RFC_PING (Function Group = SRFC) |
Password check failed for user BASIS in client 100 |
RFC/CPIC Logon Failed, Reason = 1, Type = S |
Successful RFC Call RFC_PING (Function Group = SRFC) |
Password check failed for user BASIS in client 100 |
User BASIS Locked in Client 100 After Erroneous Password Checks |
RFC/CPIC Logon Failed, Reason = 1, Type = S |
Successful RFC Call RFC_SYSTEM_INFO (Function Group = SRFC) |
RFC/CPIC Logon Failed, Reason = 53, Type = S |
Successful RFC Call RFC_PING (Function Group = SRFC) |
RFC/CPIC Logon Failed, Reason = 53, Type = S |
Successful RFC Call RFC_PING (Function Group = SRFC) |
RFC/CPIC Logon Failed, Reason = 53, Type = S |
RFC/CPIC Logon Failed, Reason = 53, Type = R |
regards
suresh
Hi Suresh,
If happening at particular time set the following parameter active in RZ11 maybe 10 minutes before this usual lock period. This will generate more information in trace files and short dump to tell you where RFC is being access from that locks the user
rfc/signon_error_log
So that you can receive additional information about the cause of the login problem when an RFC login fails, or to receive no short dump for compatibility reasons, you must include the profile parameter"rfc/signon_error_log" in the profile file on the corresponding application server.
can analyze the content of the dump using the ABAP short dump analysis
If you set the value of the profile parameter to 0 (that is,
rfc/signon_error_log = 0), no ABAP short dump is written, but an entry
is created in the syslog.
Parameter description :
If you set the value of the profile parameter to 1 (that is,
rfc/signon_error_log = 1), the system outputs the short dump
"CALL_FUNCTION_SIGNON_REJECTED" every time a logon error occurs. You
can analyze the content of the dump using the ABAP short dump analysis
transaction (Transaction ST22).
Kind Regards,
Johan
Since this is obviously an RFC login, there are two possible sources: an SAP system or an external program.
The first is more common and fairly easy to find. You just need to check ALL your SAP systems (ABAP and Java) for RFC destinations using that user. It might be one you don't expect! If your SOL system is also serving for SLD duty, then you also have to check the SLD configuration in all SAP systems.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Suresh,
Well, at least you know which user it is, Basis/100, and what time exactly it happened every day.
Maybe you can start a trace-by-userid slightly before the time it will happened, and also check where is this RFC came from during that time (dev_rfc log, sm59).
In the meantime, you can change the user-type to either System or Service user, depending if you need to login via SAPGUI or not).
I hope this will help you.
Regards,
Andre
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Suresh,
What I mean by trace-by-userid is via transaction ST01-->RFC calls and in "General Filters" you can put the user-name specific for this trace.
Check this wiki (this case it's authorization-trace, but you need to change to RFC user-trace): http://wiki.sdn.sap.com/wiki/display/PLM/Authorization+Trace+in+transaction+ST01
Then I assume you will get more info from this trace-file after 4:30 pm today, don't forget to sett the "trace off" afterwards.
I hope this will help you.
Regards,
Andre
How to check who changed password. when I had same issue I checked that no one changed password with SU01 and in SUIM change logs no info available who changed password earlier also. Then how come suddenly password mismatches? And I am thinking how to trace the person by whom password is mismatching in RFC connections.
Message was edited by: Jeevakiran polipalli
Hi Suresh ,
Check Solution Manager 's RFC ,if this User maintained there for login and password maintained correctly .
Thanks
Manas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Just wanted to ask how many system are connected to that system.
Can you please run this program in all the system connected to this system and you can check from the list where its used.
RSRFCCHK
Did you recently change the kernel of CI but the Application server is still on the old kernel. I had this issue once because of that once.
Thanks
Rishi Abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.