Privileges getting removed during initial load

Similar Messages

• CRM 5.0 - Error during Initial Load

  Hi,
  We have connected CRM 5.0 with ECC 5.0.
  During initial load we are getting error in the outbound queue of ECC system as 'Name or Password incorrect (Repeat Logon)'.
  Any idea, why is this happening. We have double checked the user id and password entered in SM59 is correct.
  Thanks in advance,
  Amit

  Hi Michael,
  Yes, I had checked on both the systems.
  Anyways, the problem is now solved, it seems the BASIS team did some goofup while configuring the RFC destinations. It is working now.
  Thanks for your help.
  Cheers,
  Amit

• Sysfail error during initial load

  Got sysfail error. Checked for shortdumps and found this
  MESSAGE_TYPE_X     SAPLCRMO
  'No external system (such as CRM) connected'
  Checked the RFC. Seems ok. Any idea?
  Get the parameters for the RFC conection.
      c_stshd-mass_queue = c_stshd-mass_data.
      PERFORM get_download_params_and_queue
              TABLES t_bapistructures
              USING c_stshd-objname
                    c_stshd-objclass
                    gv_destination
                    gv_rfc_queue
                    gv_server_release
                    i_bapicrmdh2
                    c_stshd-mass_queue
                    c_stshd
                    i_transfer_data
                    i_crmrfcpar
                    e_rfcoltp.
  Set variables
      e_synchronous_call = gv_synchronous_call.
  Raise an error if the destination of the foreign system could not be
  found. (Only during Initial Load, Upload, Compare and Requests).
      IF gt_rfcdest[] IS INITIAL AND
         NOT i_bapicrmdh2-ref_id IS INITIAL.
        MESSAGE x050(c_) WITH
                'No external system (such as CRM) connected'(007).
      ELSE.
        t_rfcdest[] = gt_rfcdest[].
      ENDIF.

  The  RFC Destination for Replication & Realignment (Clt 000) isn't set because only the root admin has access to clnt000 and he's in vacation. Could that be the problem?

• How to use more than one application server during initial load?

  Hi,
  we plan to use more than one application server in CRM during initial download in order to increase the number of parallel requests and to decrease the time for the initial load. Is there a way to allocate requests to more than one server? Is is possible via multiple rfc connections for consumer CRM in CRMRFCPAR?
  Thanks.
  Alexander Schiffer

  Hi Naresh,
  thanks for your answer. It has solved my problem. SMLG is the transaction that I was looking for.
  Two more OSS notes that helped me to guide our basis into the right direction:
  OSS 593058 - New RFC load balancing procedure
  OSS 1413986 - SMLG: Possibility to select a favorite type for Ext.RFCs
  Thanks again.
  Alexander Schiffer

• Error during Initial Load

  All:
    I have Idm set up. I am trying to run the initial load (Use Case : SAP NW Portal). The datasource is a LDAP active directory server (Microsoft AD). I get the following error while running job.
  XML and HTML version of the log do not show. Here is the "Text" version: ____________________________________________________________________________________
  <mx:INFO>Temporary customer license. Contact SAP to get a perpetual license</mx:INFO>
  <mx:INFO>CLASSPATH directory (E:\XIM\Identity Center\.) contains no class files.</mx:INFO>
  <mx:INFO>License will expire on 30. June 2008</mx:INFO>
  </mx:GENERAL>
  <mx:PASSES>
  <mx:PASS name="Job Initialization" title="Messages that occurred before the job was loaded" type="init" seq="0">
  <mx:MESSAGES>
  <WARNING seq="1">
  <mx:TEXT>_Failed loading JDBC Driver class com.microsoft.jdbc.sqlserver.SQLServerDriver_</mx:TEXT>
  <mx:TEXT>java.lang.ClassNotFoundException: com.microsoft.jdbc.sqlserver.SQLServerDriver</mx:TEXT>
  </WARNING>
  </mx:MESSAGES>
  </mx:PASS>
  <mx:PASS name="581C81F5-A703-4718-B063-E6A87DCD741A" title="ReadUsersFromLdap" type="Fromsource DSA" seq="1">
  <mx:MESSAGES>
  <mx:ERROR seq="1">
  <mx:TEXT>fromDSA.doSearch got exception, returning false</mx:TEXT>
  <mx:TEXT>javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
  I have set the CLASSPATH environmental variable. C:\Program Files\Microsoft SQL Server 2005 JDBC Driver\sqljdbc_1.1\enu\sqljdbc.jar and made the entry in the Console -> Options -> Java Tab.
  Why does it still keeping looking for it in the Installation Directory (E:\XIM\Identity Center\.)
  Help Please.
  Thanks
  S.

  All:
    The error here was not because of the JDBC driver but an authentication error. Got past this by assigning "Domain Admin" role to the AD user used to connect to the Directory Server.
  Thanks
  S.

• Perform rollback occurs during initial load of material

  Hi Gurus,
  When we try to do the initial load of materials, only some part of the materials are replicated to SRM. We have the R3AC1 filter of taking only the materials with Purchasing view. We have no other filter. Although there are 576 materials that match this filter, only 368 materials are replicated to SRM.
  One thing we have observed is that when we have a look at SM21 (System Log) we see "Perform rollback" actions. Below is the details of the log. Can anyone help on our issue?
  Details Page 2 Line 30 System Log: Local Analysis of sapsrmt                  1
  Time
  Tip
  Nr
  Clt
  User
  &#304;Kodu
  Grp
  N
  Text
  23:52:59
  DIA
  003
  013
  ALEREMOTE
  R6
  8
  Perform rollback
  Perform rollback
  Details
  Recording at local and central time........................ 29.11.2006 23:52:59
  Task......
  Process
  User......
  Terminal
  Session
  &#304;Kodu
  Program
  Cl
  Problem cl
  Package
  87262
  Dialog work process No. 003
  ALEREMOTE
  1
  SAPMSSY1
  W
  Warning
  STSK
  Further details for this message type
  Module nam
  Line
  Error text
  Caller....
  Reason/cal
  thxxhead
  1300
  ThIRoll
  roll ba
  No documentation for syslog message R6 8 exists
  Technical details
  File
  Offset
  RecFm
  System log type
  Grp
  N
  variable message data
  4
  456660
  m
  Error (Function,Module,Row)
  R6
  8
  ThIRollroll bathxxhead1300

  Hi,
  Some of our material groups were problematic. After removing these the problem is resolved.
  FYI

• Sales document types during initial load

  Hi Gurus,
  Landscape - SAP R/3 4.6 c, CRM - 4.0
  We are starting the initial load for the Sales documents, item categories etc.
  For the same, for the document types in R/3, we have the same document type in CRM.
  Question 1- Do I need to configure the partner determination, incompletion log etc for the document type before the initial load or I can do it later once the data is in CRM.
  Question 2- Is it mandatory that for all the doc types in R/3, we have the respective document type in CRM? Logically yes, if yes, where can I find the mapping? For example for OR in R/3, there is a TA in CRM.
  Request someone to answer this ASAP.
  thanks
  Yash

  Hi Yash,
  I think the behavior is just use the same code
  of Transaction Type in CRM and Order Type in R/3.
  Since partner determiniation using different partner
  function codes in CRM and R/3, maintained or not in R/3,
  you may still need to maintain it again in CRM.
  For document, what you can do just create same document
  type (Transaction type) for R/3 and CRM. And depends upon
  you sceneario (in CRM there are several scenarios such as
  document created in CRM and transfered to R/3 Or download
  R/3 document into CRM - no transaction in CRM).
  Especially for partner, you may need to setup data
  transfer CRM to R/3 or R/3 to CRM in CRM configuration.
  And in R/3 you need to define it in tcode PIDE.
  Hope this helps.
  Cheers,
  Gun.

• Error during initial load of object SI_CONNOBJ

  Hi All,
           I am not able to do initial load of object SI_CONNOBJ from OLTP R/3 to CRM using transaction R3AS. It is in "Abort" Status. When I am checking the relevant Bdoc generated for the same it is giving me the error as "No data records in transport structure BAPIMTCS Message no. IBSSI_CRMTO_MESSAGES010 ". Please help me in this regard.

  Hello Aishuman,
  I am not sure what your question is. Yes, of course, you must have connection objects in the IS-U system. Otherwise, what do you want do download to CRM? You must have have the middleware in general and also the adapter SI_CONNOBJ enabled in the IS-U system. I am sure you know, that an IS-U connection object is represented as an IBASE in CRM.
  Does a delta replication work (from IS-U to CRM and from CRM to IS-U)?
  Kind regards,
  Fritz

• SYSFAIL error SMQ2 during initial load of PLANTs

  Hello Everyone,
  We are on CRM50 and during the process of the initial download of plants not all plants were replicated. Now we are attempting another load using DNL_PLANT and getting the following error:
  Business partner ##1 does not exist. I have not seen this error before and I am not sure how to proceed.
  Thanks in advance for your help.
  Cheers
  Wiktor

  Hello Tiest,
  That did not seem to be the issue. I went through and validated the load objects and there was some new configuration in the sales area which I moved over. All other objects loaded correctly.
  When I executed DNL_PLANT got:
  Not all address numbers have yet been issued.
  More confused then before. Any other thoughts?
  Thanks for the help!
  Cheers
  Wiktor

• SMQ2 failure during Initial load - Unable to interpret 9.990. as number

  hi All,
  I perform the initial download of customizing objects from R/3(4.6C) to CRM 7.0.
  For object DNL_CUST_BASIS2 I received the "Unable to interpret 9.990.  as a number" error message.
  Could you give some hints how to solve this problem?
  I checked several posts with similar error messages, but none of them seemed to be related to my case.
  We just implemented note 777944 to update SMOFPARSFA in CRM to neglect the unicode check.
  I was able to download other customizing objects like DNL_CUST_BASIS, DNL_CUST_ACGRPB, DNL_CUST_ACGRPP, DNL_CUST_ADDR.
  My next step is to debug the queue, if you have further suggestions let me know.
  Thanks

  Hi,
  Please check my reply in the link
  Loading DNL_CUST_BASIS2: Unable to interpret "9.990. " as a number.
  Hope this will help.
  Thanks,
  Vikash.

• JCo3Proxy.logonSapi(String) Error during Initial Load of BW HANA Repository

  I am attempting to create a connection to a BH HANA system and get the following error:
  Error occurred in JCo3Proxy.logonSapi(String):
  com.sap.conn.jco.JCoException: (102) JCO_ERROR_COMMUNICATION: Initialization of destination BWHANA failed
  The repository was created just like all other ABAP repositories.  I can use the GUI to log in without issue.  This is an odd one.
  Its important to know this is repository DOES NOT point to the actual HANA DB, but to the BW ABAP connected system.
  Your thoughts?

  Hello Andrew,
  looks like an error with the login trough the IDM.
  It would be essential to mention which version of IDM you are using and pobably a screenshot of the repository configuration. Also have in mind that it is better not to use dialog user for the IDM - BW integration.
  What repository type you are using?
  If you want direct HANA DB connection you should use the repo type SAP HANA - the configurations there are slightly different than the standard ABAP repository ones.
  Please check the following in the ABAP Repo constansts:
  a) JCO_CLIENT_ASHOST - try with full hostname, sometimes it is not resolved correctly
  b) JCO_CLIENT_SYSNR - make sure you get the right value here, same systems using different DBs have different client system nymbers
  c) JCO_CLIENT_CLIENT - the client used for the connection
  d) JCO_CLIENT_USER - the user used for the connection, as i said it might not be a dialog user.
  Regards
  Todor

• Username and employee_id are not replicated during Initial load

  In our system we want to integrate HR in ECC (via BP in ECC) with BP in CRM.
  Our system consists of SAP ECC 6.0 and SAP CRM 5.0. HR is used for maintaining our (master)data. This all works fine, but when checking the replicated data (in CRM) there's some data missing. In CRM BP there is no EMPLOYEE_ID and USERNAME while they are in ECC BP. Is anyone familiar with this problem or does anyone know where I need to search for a solution.

  Thanks four your reply, but I already applied Note 550055. I also applied Note 934372. All the settings are right and the integration works fine. It just looks as the BDoc doesn't transfer the username and employee_id (these values are empty when I look at the BDoc).
  Concerning table T77S0,  entry HRALX/USRAC should handle the creation and linking of (not-existing) users in the target system (ie. CRM) but because the values aren't transferred I can't check whether this is the case.

• Handling password while initial load process

  Dear Experts,
  This is about password handling in IDM. While doing initial load, I do not want to bring passwords from my target systems (AD/SAP) into IDM.
  So which password(s) the users will use to login into target systems (AD/SAP) after initial load ? What can be achieved with pass "update system privilege trigger attribute" which is available in initial load job ?
  Is it something like, IDM creates a default password on initial load which is sent back to target systems(from which initial load was done) which changes the password for the target systems to this new default password ?
  Can we handle this default password being sent to target systems with the help of this pass "update system privilege trigger attribute" in initial load? so that this default password is not sent to target systems ??
  So if the default password is not sent back to target systems after initial load, then users will keep using their existing passwords for their login in the target systems. After that, If I need to assign UMEJAVA only privilege to the users, the password for the target systems will be changed with the default password being sent on email to the users. Since the password on AD is now changed, how the users gonna login into AD to check their emails for the
  new password ?
  It seems I have written a BIG query here .... sorry for that. But please let me know if any thing above does not make any sense.
  Also please share your views/expertise/best practice on the same.
  Many thanks in advance!
  Naveen
  Version: IDM 7.2

  Hi Naveen,
  Firstly to answer your query on what basis we decide he backend type for your UMEJAVA repository, its the business. If you want users to authenticate against AD, when they try to login to IDM UI, you have to configure the LDAP as backend and you have to choose datasource as Microsoft ADS (Deep Hierarchy) + Database (ume database).
  If you want the Users to authenticate against UME database, by default ume points to UME database and you need to create the users in the UME database.
  So, if you have configured AS JAVA with ADS+Database, in IDM you have to select the repository as SAP netweaver as Java (ldap backend)
  In the repository constants, there is an attribute called BACKED_REPOSITORY which should be your AD repository name that is configured.
  If you have a look at the AS JAVA connectors in the provisionign framework, in the create user plugin, IDM first checks for backend type. If it is LDAP backend, it just sets the JAVA account attibute, If the backend type is DB, IDM will create the user in the UME database.
  Considering your system details, i would suggest you the below approach.
  1. Configure your UMEJAVA with Microsoft ADS (Deep Hierarchy) + Database (ume database). For more information on how to configure your     
      UMEJAVA with LDAP backend refer to this link
  2. So, now the users who try to login to IDM UI or any app on AS Java, will be authenticated against your active directory.
  3. Perform the initial load from HR.
  4. Perform the initial load from AD.
  5. Perform the initial load from you AS UMEJAVA.
  6. Now, all the user information/role assignment information is loaded to IDM.
  7. Now lets discuss about password management. There are two things here
    a. Change password (by user)  - User changes password in IDM --> password changes are provisioned to AD and user can login with new password.
    b .Password reset self service. - User resets password in IDM --> password changes in AD (as UME is configured to use AD)
  Change password (by user)
  By default the users who are successfully authenticated when they try to login to IDM UI, will get access to self-services tab. To allow users to change the password on their own, you create the corresponding ordered tasks and maintain the access control tab for selfservice.
  So that when users wants to change their passwords, they can change on their own.
  How IDM will provision the new password to target system is something you have to configure the logic. For example, my sandbox looks like this.
  Password reset self-service.
  The user can reset their password on their own if they cannot remember their password. To implement this, look at this document. http://scn.sap.com/docs/DOC-17111
  Hope this helps. please let me know for any further queries.
  ~ Krishna.

• Portal Initial Load

  Good Afternoon
  I have managed to get the portal initial load working, and it is pulling all the requseted attributes i.e.
  ATTRIBUTES     displayname,email,fax,firstname,islocked,lastname,logonname,mobile,telephone,uniquename,
  validfrom,validto,timezone,password,ispassworddisabled,objectclass,datasource,locale,securitypolicy,certificate,
  companyid,city,country,pobox,zip,state,department,position,accessibilitylevel
  However I also need to pull the attribute that stores the mapped user id, which is found in the User Mapping for System Access Tab. I cannot find out what the name of this attribute is or whether it exists in the same table. Does anyone know?
  I need this attribute because an ldap backend is used for portal, and ldap does not use the same username as sap backend.
  Cheers
  Leo

  Hi Leonard
  Quite complex, isn't it?!
  From what I understood:
  As I think there's no SPML-attribute that matches your self-created LDAP-attribute "ABAP_username". As you said you need to map the Portal-userID to the IDS-MSKEYVALUE, which is your numeric ABAP-user.
  Maybe you could do an initial load from the LDAP-System as well, but only into a temporary database table (lets say LDAPTempDB) so you have the LDAP-username AND the ABAP-username in the database. You don't write the LDAP-data to the Identity Store, of course.
  In the Source-tab of the WriteLocalUsers (AS Java Load) you could then insert a more complex SELECT statement that returns not only the data from the ReadLocalJavaUsers-table but also from the LDAPTempDB.
  Example PseudoCode:
  SELECT P.*, L.ABAPID from PortalTempDB as P, LDAPTempDB as L WHERE Portal.UserID = LDAP.UserID
  In the Destination-tab of the WriteLocalUsers you can then access the LDAP.ABAPID in the MSKEYVALUE column.
  This solution contains extra-work because you have to keep an additional table up-to-date....
  An easier way would be if you include the LDAP in your IdM-Provisioning as well?! Then this extra-work has to be done anyway.
  Hope this helps?!
  Regards
  Michael

• Initial Load Strategy/Approach

  Hello Gurus,
    Does any has a strategy/approach to load 10 yrs of historical data during Initial load (Initial Extract Date is 01/01/2005) using BI Apps 11.1.1.8.1?
  Thanks,
  RK

  Years doesnt matter. What matters is the volume of data.
  If it is more than 5M, better to go with bulk loading.