Administrator Account locked on Netweaver 7.1 Java Stack

Hello all,
I try to find a possibility how I can unlock the administrator account in Netweaver Java stack 7.1
We do not have a double stack ABAP / JAVA installed so the solution with the SAP * falls off, I think
What should I do so I can unlock the administrator account in Java ?
Thanks in advance
Best regards
Vito

Hi Prabhat,
I have found a link which described my problem
the emergency user is actually the SAP* User
http://help.sap.com/saphelp_nwce711/helpdata/en/0b/50ad3e1d1edc61e10000000a114084/frameset.htm
Thanks
Best regards
Vito
Edited by: Vito Cecere on Jul 13, 2011 1:27 PM

Similar Messages

  • Administrator account locked/password was changed

    Hi All,
    Administrator account locked/password was changed. Is there any way to see the logs to see when this happened or by whom?
    Any way to lock this down then  it can't be changed by another administrator account? Limit it so it can only be seen/changed by  some people like A or B?
    Regards
    Trilochan

    Hi,
    I am able to see the log but we are having trouble reading them. They are not very straightforward i got some inforamtion about what a log contains in following link but the format is different from here.
    http://help.sap.com/saphelp_nw04/helpdata/en/03/37dc4c25e4344db2935f0d502af295/frameset.htm
    We are getting the log in this format so not able to find when and by whom.
    #1.5 #0017A438CB3C00240000023400001F1C00047F7D19D6AFB9#1266075187981#/System/Security/Usermanagement#sap.com/irj#com.sap.security.core.persistence#Guest#0####15e3ebd018b511df8b390017a438cb3c#SAPEngine_Application_Thread[impl:3]_0##0#0#Warning#1#com.sap.security.core.persistence#Java###Authentication failed on LDAP server: back end message #1#[LDAP: error code 49 - Invalid Credentials]#
    #1.5 #0017A438CB3C00240000023500001F1C00047F7D19D79CBB#1266075188044#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####15e3ebd018b511df8b390017a438cb3c#SAPEngine_Application_Thread[impl:3]_0##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest     | LOGIN.ERROR     | NONE = null     |      | Login Method=[default], UserID=[jb99532], IP Address=[64.25.25.7], Reason=[Authentication did not succeed.]#
    #1.5 #0017A438CB3C001D000001E700001F1C00047F7D1D2D5575#1266075243998#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####37476fe018b511dfc25b0017a438cb3c#SAPEngine_Application_Thread[impl:3]_16##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest     | USERACCOUNT.MODIFY     | USERACCOUNT = UACC.CORP_LDAP.066277700     |      | SET_ATTRIBUTE: lastpasswordchange=[0001266075243920], SET_ATTRIBUTE: passwordchangerequired=[false]#
    Regards
    Trilochan

  • Administrator Account locked

    hi,
    in our Portal the Administrator Account gets locked every 2-3 hours. we also change the password in the secure store.
    is there a chance to find out, why? a central log or something? i can't analyze every log, because we have 7 instances with each 4 servers.

    Hi Andre
    If you check the security logs in j2ee/cluster/server<n>/log/system, when the user gets locked you will see log entries from the failed authentication attempt, and more information including hopefully the IP address of the machine where the request comes from, and the login module stack used during the authentication. Maybe this information will help isolate the origin of the invalid administrator password.
    An alternative approach, which is dependent on the version of the AS Java is to activate some tracing.
    There is a new trace location available for problems such as this - com.sap.security.core.locking
    You can get the info from this location by adding it to the Log Configurator service in the Visual Administrator if it is available, and adjusting the severity accordingly. Then examine the defaultTraces when the user gets locked
    However it is easier in this case to use the web diagtool. Follow note 1045019 to deploy the web diagtool, if not done before
    Then to start the trace, follow example 2 and add just com.sap.security.core.locking and start the trace. The potential problem here is that the diagtool will be running for 2-3 hours while you wait for the user to be locked, however hopefully by just tracing location com.sap.security.core.locking the resultant log will not be too large. The diagtool will capture traces from all servers in a system
    If the location is not available in the diagtool then perhaps it is not available for your system SP
    When the user is locked, hopefully the trace will give you information about the origin IP, the stack trace and the auth stack used

  • ERROR WHILE APPLYING SP ON NETWEAVER 7.30 JAVA STACK

    Hi Experts,
    We are trying to apply Support pack on netweaver java stack using JSPM. While applying we are getting below error.
    I have attached deploy_api.0.log also. Can any one tel how to resolve this issue.
    Thanks & Regards,
    Jithin M

    Hi Sriram,
    As per 1882305 - Could not establish connection to AS Java for principal [test] note you shared i tried to apply below core components but same error i am getting
    SERVERCORE, ENGINEAPI, J2EE-FRMW, J2EE-APPS and CORETOOLS SCA
    Regards,
    Jithin M

  • Java Administrator account locks frequently

    In our java only system, the administrator user (and others) lock frequently with failed logins.  Is there a way to determine the source of the lock, such as the originating IP address?
    We have a complex landscape, and as of yet have been unable to find a RFC or other connection with invalid credentials.
    Thank you.

    I found the answer myself.  It is logged:
    usr\sap\<sid>\<instance>\cluster\server0\log\system\security.0.log
    com.sap.security.core.util.SecurityAudit#Plain###Guest     | LOGIN.ERROR     | NONE = null     |      | Login Method=[default], UserID=[adminstrator], IP Address=[xxx.xxx.xxx.xxx], Reason=[Authentication did not succeed.]
    Hope this helps someone else.

  • Windows 7: Trust Relationship Error - Local Administrator Account Locked.

    I have 2 Windows 7 Professional machines that recently locked me out citing the "Trust Relationship between this workstation and primary domain failed".
     I assumed all I would have to do is log in as local administrator and remove it from the domain and then re-add it.  When I tried to log on, it told me that I have the password was incorrect - which I knew it wasn't.  After a
    few tries I got a different message that said that the account was locked.  No idea how this could have happened.  Every other local account was locked as well.
    I checked the AD on our 2003 server and I didn't see anything out of the norm.  The computers were in the correct OU, and were not disabled in anyway.  I searched online for a solution, but they all required me to be able to log on to the local
    admin, which is disabled.  
    I tried to boot to Safe Mode with a Command Prompt and typed in: net user administrator /active:yes .
     It told me that the change had been made, but when I reboot it still shows the local account as disabled.
    Any suggestions would be greatly appreciated.  
    Edit: It is Windows 7 Professional x64 

    I have had this issue twice as well. However I have been always been able to log in with local admin rights. removing then rejoining to domain seems to never get things back to normal for me. Once it is reset and joined back to the domain all software just
    seems to be missing but still there at the same time. Like Antivirus shows its installed in c:\program files but its not running. If I go to domain users start menu everything is missing but go into c:\program files and its all there. So every time I have
    seen this error a reimage is what I do seems to work a lot better than dealing with the head aches. Sorry I was not any help but that is my two cents.

  • Administrator account locked...any solutions?

    the master password was not accepted when i tried to login to the system info link as an administrator on successful installation of the NW04(630). there was apparently nothing worng with the entered password......still, any solutions on how to unlock the account? also, to change password?

    If you are talking about J2EE stack, then you may look at the option to activate superadmin account (SAP*) through
    Config Tool => UME properties.
    Follow this link for more info:
    http://help.sap.com/saphelp_nw04s/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/content.htm
    Regards,
    Mike
    Message was edited by: Mike Puzankov

  • Visual Administartor account locked

    Hi,
    How to unlock vial administrator account. And also how to changes the password VA.Please help
    Thanks
    Kristene

    Hi,
    Check this thread-
    administrator account locked...any solutions?
    Regards,
    Moorthy

  • ABAP+JAVA System Copy -- Administrator account getting locked

    Hi,
    I am in the process of doing system copy of my portal to a new server. As per the SAP instructions, I had updated the JDK and SP levels of my EP to the latest supported ones.
    Now when i am doing JAVA Add-in Export of my system, SAPinst is throwing error that --
    "Error connecting to http://Entportal:50000/sap/monitoring/SystemInfoServlet. The provided user data might be incorrect or user might be locked.:
    and when I check the "administrator" user account, it is getting locked. Even though I manually unlock it and update the password is secure storage, still when I run SAPinst, again it is getting locked. I have also chnged the path of my temporary directory to c:\temp which has no spacees in it, according to SAP instructions.
    I have raised the issue through OSS, but still, in the mean time can sombody help me?
    Regards,
    Mandar

    Hi Akshay,
    I am not using any ID. SAPInst itself is trying to access systeminformationservlet using administrator account. at this stage it is failing to get the correct password and thats why my administrator account is getting locked.
    Regards,
    Mandar.

  • Prevent locking of Administrator account

    Hello,
    We'd like to expose our portal to the internet. This means everyone will be able to logon to the portal (after creating an UME user account). UME is configured to lock user accounts after 3 invalid login attempts.
    Now how can we prevent anonymous internet users to lock the Administrator account or other system accounts like ADSUser?
    The first option would be to implement this on the revert proxy, e.g. block requests containing j_user=Administrator either in the URL during a GET request or in the body during a POST request.
    However, because of performance reasons, especially because of the need to scan all POST requests, this option doesn't look very attractive.
    A second option would be to deploy a new JAAS LoginModule, configured to be always executed as the first one, that checks the username first and halts the login process if the username is Administrator and the request is coming from a certain IP (the reversed proxy), e.g. by throwing a RuntimeException in the login method (will that work? any other possibility besides throwing a RuntimeException?).
    This doesn't look as very clean solution either.
    What would be the best (safe, clean, easy) way to stop anonymous users from locking the Administrator user account?
    Thanks!
    Sigiswald

    At the end we decided to write a custom LoginModule anyway.
    import java.io.IOException;
    import java.net.InetAddress;
    import java.net.UnknownHostException;
    import java.util.ArrayList;
    import java.util.Arrays;
    import java.util.Iterator;
    import java.util.List;
    import java.util.Map;
    import javax.security.auth.Subject;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.callback.NameCallback;
    import javax.security.auth.callback.UnsupportedCallbackException;
    import javax.security.auth.login.LoginException;
    import com.sap.engine.interfaces.security.auth.AbstractLoginModule;
    import com.sap.engine.lib.security.LoginExceptionDetails;
    import com.sap.engine.lib.security.http.HttpGetterCallback;
    import com.sap.security.api.IUser;
    import com.sap.security.api.NoSuchUserException;
    import com.sap.security.api.UMException;
    * <p>
    * <div>This LoginModule either succeeds or fails, but in fact it
    * <u>never</u> authenticates the user. What is meant is that even if
    * all relevant methods of the LoginModule API - i.e. login and commit
    * - return true, indicating success, the Subject is never
    * authenticated. Therefore this LoginModule should <u>never</u> be
    * configured as SUFFICIENT.</div>
    * </p>
    * <p>
    * <div>The purpose of this LoginModule is to abort the authentication
    * process in case an unauthorized user tries to authenticate as
    * administrator and thus it stops unauthorized users from locking
    * administrator accounts.</div>
    * </p>
    * <p>
    * <div>This LoginModule accepts two optional configuration
    * options:<ul>
    * <li>ip_allow</li>
    * <li>ip_deny</li></ul>
    * The value of both options is a comma separated list of IPv4 ranges.
    * e.g.
    * <code>ip_allow=145.50.76.81,145.50.77.0-145.50.77.255,194.196.236.70-194.196.236.71</code>
    * The localhost is added implicitly.</div>
    * </p>
    * <p>
    * <div>If the IP address of the client that sent the HTTP request is
    * within the range(s) defined by ip_allow and is not within the
    * range(s) defined by ip_deny, authentication succeeds. If this is
    * not the case, authentication fails if the user tries to
    * authenticate by username (and password) and supplies the username
    * of an existing UME user that is assigned the internal_use_only
    * role. Otherwise, authentication succeeds.</div>
    * </p>
    * <p>
    * <div>To meet its purpose, i.e. prevent the locking of administrator
    * user accounts, this LoginModule <u>should</u> be configured as
    * <u>REQUISITE</u> and should be in the login stack <u>before</u> the
    * standard BasicPasswordLoginModule.</div>
    * </p>
    * @author smadou
    public final class AdministratorFilterLoginModule extends AbstractLoginModule {
      private static final String INTERNAL_USE_ONLY =
        LogonUtil.getRoleid("internal_use_only");
      private static final String IP_ALLOW = "ip_allow";
      private static final String IP_DENY = "ip_deny";
      private static boolean initialized;
      private static List IPRANGE_ALLOW = new ArrayList();
      private static List IPRANGE_DENY = new ArrayList();
      private CallbackHandler callbackHandler;
      private boolean succeeded;
      public void initialize(
        Subject subject,
        CallbackHandler callbackHandler,
        Map sharedState,
        Map options) {
        super.initialize(subject, callbackHandler, sharedState, options);
        this.callbackHandler = callbackHandler;
        this.succeeded = false;
        AdministratorFilterLoginModule.initialize(options);
      public boolean login() throws LoginException {
        try {
          if (ipAllowed()) {
            succeeded = true;
            return true;
        } catch (UnsupportedCallbackException e) {
          throwUserLoginException(e);
        } catch (IOException e) {
          throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
        String logonid = null;
        IUser user = null;
        String userid = null;
        try {
          logonid = getLogonid();
          user = logonid == null ? null : LogonUtil.getUser(logonid);
          userid = user == null ? null : user.getUniqueID();
        } catch (UnsupportedCallbackException e) {
          throwUserLoginException(e);
        } catch (IOException e) {
          throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
        } catch (NoSuchUserException e) {
          // TODO connect to NetWeaver logging API - DEBUG
          e.printStackTrace();
        } catch (UMException e) {
          throwUserLoginException(e);
        if (userid == null) {
          return true;
        if (user.isMemberOfRole(INTERNAL_USE_ONLY, LogonUtil.RECURSIVE)) {
          throwNewLoginException(
            "Access Denied to user with logonid "
              + logonid
              + " having role "
              + INTERNAL_USE_ONLY
              + "!");
        succeeded = true;
        return true;
      public boolean commit() throws LoginException {
        return succeeded;
      public boolean abort() throws LoginException {
        return succeeded;
      public boolean logout() throws LoginException {
        succeeded = false;
        return true;
      private static synchronized void initialize(Map options) {
        if (initialized) {
          return;
        IPRANGE_ALLOW.addAll(Arrays.asList(AddressRange.parseRanges("127.0.0.1")));
        try {
          IPRANGE_ALLOW.addAll(
            Arrays.asList(
              AddressRange.parseRanges(
                InetAddress.getLocalHost().getHostAddress())));
        } catch (UnknownHostException e) {
          // TODO connect to NetWeaver logging API - INFO
          e.printStackTrace();
        String ipAllow = (String) options.get(IP_ALLOW);
        String ipDeny = (String) options.get(IP_DENY);
        if (ipAllow != null && ipAllow.length() > 0) {
          IPRANGE_ALLOW.addAll(Arrays.asList(AddressRange.parseRanges(ipAllow)));
        if (ipDeny != null && ipDeny.length() > 0) {
          IPRANGE_DENY.addAll(Arrays.asList(AddressRange.parseRanges(ipDeny)));
        initialized = true;
      private String getClientIp()
        throws UnsupportedCallbackException, IOException {
        HttpGetterCallback hgc = new HttpGetterCallback();
        hgc.setType(HttpGetterCallback.CLIENT_IP);
        callbackHandler.handle(new Callback[] { hgc });
        return (String) hgc.getValue();
      private String getLogonid()
        throws IOException, UnsupportedCallbackException {
        NameCallback nc = new NameCallback("username: ");
        callbackHandler.handle(new Callback[] { nc });
        return nc.getName();
      private boolean ipAllowed()
        throws UnsupportedCallbackException, IOException {
        String clientIp = getClientIp();
        return match(IPRANGE_ALLOW, clientIp) && !match(IPRANGE_DENY, clientIp);
      private boolean match(List ipRanges, String ip) {
        for (Iterator i = ipRanges.iterator(); i.hasNext();) {
          AddressRange range = (AddressRange) i.next();
          if (range.match(ip)) {
            return true;
        return false;
    import com.sap.security.api.IRole;
    import com.sap.security.api.IRoleFactory;
    import com.sap.security.api.IUser;
    import com.sap.security.api.IUserFactory;
    import com.sap.security.api.NoSuchRoleException;
    import com.sap.security.api.NoSuchUserException;
    import com.sap.security.api.UMException;
    import com.sap.security.api.UMFactory;
    * @author smadou
    public final class LogonUtil {
      static final boolean RECURSIVE = true;
      static String getRoleid(String uniqueName) {
        try {
          IRoleFactory rf = UMFactory.getRoleFactory();
          IRole role = rf.getRoleByUniqueName(uniqueName);
          return role.getUniqueID();
        } catch (NoSuchRoleException e) {
          // TODO connect to NetWeaver logging API - WARN
          e.printStackTrace();
          throw new SecurityException(
            "NoSuchRoleException while getting role with unique name ""
              + uniqueName
              + "": "
              + e.getMessage());
        } catch (UMException e) {
          // TODO connect to NetWeaver logging API - WARN
          e.printStackTrace();
          throw new SecurityException(
            "UMException while getting role with unique name ""
              + uniqueName
              + "": "
              + e.getMessage());
      static IUser getUser(String logonid)
        throws NoSuchUserException, UMException {
        IUserFactory uf = UMFactory.getUserFactory();
        return uf.getUserByLogonID(logonid);
    * This code is based on
    * http: //drc-dev.ohiolink.edu/browser/fedora-core/tags/2.0/src/java/fedora/server/security/IPRestriction.java
    * @author smadou
    public final class AddressRange {
      private static final int IP_OCTETS = 4;
      private static final int OCTET_MIN = 0;
      private static final int OCTET_MAX = (int) Math.pow(2, 8) - 1;
      private long start;
      private long end;
      private AddressRange(long start, long end) {
        this.start = start;
        this.end = end;
      public boolean match(String address) {
        return match(parseAddress(address));
      private boolean match(long address) {
        return address >= start && address <= end;
      private static long parseAddress(String address) {
        String[] octets = address.split("\.");
        if (octets.length != IP_OCTETS) {
          throw new IllegalArgumentException("invalid adress: "" + address + """);
        long lAddress = 0;
        for (int i = 0, n = octets.length; i < n; i++) {
          lAddress += parseOctet(octets[ i ], n - i - 1);
        return lAddress;
      private static long parseOctet(String octet, int byteNum)
        throws NumberFormatException {
        long lOctet = Long.parseLong(octet);
        if (lOctet < OCTET_MIN || lOctet > OCTET_MAX) {
          throw new IllegalArgumentException("invalid octet: "" + octet + """);
        return lOctet * (long) Math.pow(Math.pow(2, 8), byteNum);
      private static AddressRange parseRange(String range) {
        String[] parts = range.split("-");
        if (parts.length > 2) {
          throw new IllegalArgumentException("invalid range: "" + range + """);
        long start = parseAddress(parts[0].trim());
        long end = parts.length == 1 ? start : parseAddress(parts[1].trim());
        return new AddressRange(start, end);
      public static AddressRange[] parseRanges(String ranges) {
        String[] parts = ranges.split(",");
        AddressRange[] addressRanges = new AddressRange[parts.length];
        for (int i = 0, n = parts.length; i < n; i++) {
          addressRanges[ i ] = parseRange(parts[ i ].trim());
        return addressRanges;

  • After trying to change permissions on my computer so others on my network can access files, my external Hard Drive has a lock on it and I can't access files. I've tried repairing permissions, logging in under another Administrator account, using Terminal

    After trying to change permissions on my computer so others on my network can grab files, my external Hard Drive has a lock on it and I can't access files. I've tried repairing permissions, logging in under another Administrator account, using Terminal to fix the problem, downloaded BatChmod but nothing works… Any other suggestions? I have an Imac running OS10.6.8.

    There is suddenly a lock icon on my external backup drive!
    Custom Permissions

  • Domain Administrator account being locked up by PDC

    Hi everyone,
    My PDC is locking up my domain administrator (administrateur in french) account.
    System event logs :
    The SAM database was unable to lockout the account of Administrateur due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please
    consider resetting the password of the account mentioned above.
    Level : Error
    Source : Directory-Services-SAM
    Event ID : 12294
    Computer : Contoso-PDC
    User : System
    There is absolutely no events in the security events log, not a single "Audit Failure" event for the "administrateur" account.
    I tried to change the name of the domain administrator account from "administrateur" to "administrator".
    Now there is "Audit failure" events poping up in the security event logs.
    Once again the Source Workstation is the PDC. I guess those events are there because it receive credential validation for an account who doesn't exist anymore since it have been renamed in "Administrator".
    Here is the detail log :
    An account failed to log on.
    Subject:
    Security ID: NULL SID
    Account Name: -
    Account Domain: -
    Logon ID: 0x0
    Logon Type: 3
    Account For Which Logon Failed:
    Security ID: NULL SID
    Account Name: Administrateur
    Account Domain: CONTOSO
    Failure Information:
    Failure Reason: Unknown user name or bad password.
    Status: 0xc000006d
    Sub Status: 0xc0000064
    Process Information:
    Caller Process ID: 0x0
    Caller Process Name: -
    Network Information:
    Workstation Name: CONTOSO-PDC
    Source Network Address: -
    Source Port: -
    Detailed Authentication Information:
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0
    This event is generated when a logon request fails. It is generated on the computer where access was attempted.
    The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
    The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
    The Process Information fields indicate which account and process on the system requested the logon.
    The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
    The authentication information fields provide detailed information about this specific logon request.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    On the PDC i checked :
    Services : None of them are started with the "administrateur" account
    Network Share : There is no network share ...
    Task Scheduler : None of the tasks are launch with the "administrateur" account.
    And the logon type (3:network) seem to indicate that the login comes from an other computer but i have nothing to look for, not a single IP.
    Any ideas?
    ps : Sorry for the probable english mistakes :(

    Hi,
    Thanks for you answers.
    San4wish :
    Lockout tool confirm that the domain administrator account is locked on my PDC. I didn't run eventcomb but i though it only helped parsing security event logs which i did "manually". Anyway i'll try eventcomb after this week end.
    About the conficker worm : I looked into it and this worm was exploiting a vulnerability in the server service. It have been patched by MS08-067 (KB958644) and this kb isn't available for Windows 2008 R2 and Windwos 2012 so i guess Windows 2008 R2 have
    fixed this vulnerabilty.
    So i doubt its a conficker type worm.
    Also i gave the PDC role to another DC (let's call him DC2) and now DC2 is locking the administrator account so it seems that the computer locking the account is doing it through the network and it's not something executed on the DCs.

  • Administrator User Account Locked

    Hi.
    I locked into my local portal with Admin user/pwd.
    It asks me to reset the pwd.
    I did it and I forgottenly given wrong password.
    When I tried to log in the portal with the Admin user/pwd, it is showing message as "Account Locked"
    Can anyone help on this issue.
    Regards
    Bala

    Hi Balachandar P,
    If you forgot or lock "Administrator or J2EE_ADMIN" password just follow below steps:
    <u><b>STEP-1: Enable "SAP*"</b></u>
    1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
    Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
    2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
    3.Double-click on the property "ume.superadmin.activated = TRUE"
    4.Double-click on the property "ume.superadmin.password=<Enter any password ex: abc123>"
    5.Save.
    6.Restart the engine.
    <u><b>STEP-2: Login with "SAP*" into portal</b></u>
    1. http://<host>:<Port>/useradmin/index.jsp
    2. Enter userid / password as" SAP* / <password ex: abc123>"
    3. Search for "Administrator" user
    4. Reset or change password for "Administrtor"
    <u><b>STEP-3: Disable "SAP*"</b></u>
    1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
    Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
    2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
    3.Double-click on the property "ume.superadmin.activated = FALSE"
    4.Save.
    5. Restart the engine.
    <u><b>STEP-4: Login with "Administrator"</b></u>
    1. http://<host>:<Port>/useradmin/index.jsp
    2. Enter userid / Password as "Administrator / <password>
    3. it will ask change password just change it.
    <b>Thanks,
    Nagaraju Parlapalli</b>

  • I cannot unlock the lock on administrator account

    Despite beeing logged into administrator account I can't unlock the lock when I go to System Preferences>Accounts , Time Machine, etc. Problem started since I lost my password. I managed to login into my account by logging as a guest and changing password for my own account (strange, but in fact it is possible to do that). I tried many solutions, but none worked (e.g. I set new account with administrator rights, but that one also is not allowed to unlock the lock).
    I hope there is a proper solution. I need my Time machine working back

    mikolajjj wrote:
    Yep, I tried that too As I wrote, on the new administrator account I also cannot unlock the lock.
    Why do you think should I take my Mac to Apple Store? Does it seems to you as a hardware problem? Or do they have some tricky ways to undo everything?
    Acctually I found kind of a tricky way on a web, but I follow its steps as a monkey so again with no succes. These are unix commands to abstract for me. Do you understand the logic? Do you think it might help with my problem?
    Or maybe I can login as root (somehow) and that could let me change password of my account?
    I understand that all the usual methods have failed for you, even though they work everytime for me, that being said there are only 2 reasons for this, there is something else wrong with your Mac or you are not able to type the commands as needed (I am not choosing which, just stating the obvious).
    Either way you now need hands on help, I do not advise tampering with the machine as the Root User, mistakes in Root mode will certainly make things worse.

  • Built-in Domain Administrator Account Repeated Locks

    This account was disabled years ago and is not used.  However, event 4740 are regularly generated,  It shows the calling computer name as one of our servers.  So, I logged into the that server and look in the local security event log and there
    are no references to account lockouts at the time the 4740s are generated on the domain controllers.
    I checked for services running on the server using administrator credentials and I checked for scheduled tasks using administrator credentials and I don't see anything on the server listed as caller computer.
    I renamed the "User logon name" for this account to something different so that would not longer be a match if something is try to authenticate using the logon name of "administrator."  However, this has not helped.  The account
    still generates the 4740.
    I checked the domain "Administrator" account again today and it was no longer disabled.  So, I disabled it again and will see if it still gets locked out again in the next 24 hours.
    How can an account with the user id changed still get locked out?  It seems very strange that the account can be locked out when the user name no longer matches anything that could have ever had that user id saved.
    What can be done to fix this issue?

    hi,
    If possible please do the following steps.
    Note: here I have taken user account name as User1
    1.Using ADSIEDIT changed the value of UserAccountControl attribute of the User1 account to 66082(numerical) i.e. 0x10222(in hex) and disabled it which is the sum of the following attributes:
    a. ACCOUNTDISABLE; PASSWD_NOTREQD; NORMAL_ACCOUNT; DONT_EXPIRE_PASSWORD
    b.    
    It’s current value was 0x10202 aka 66050 in dec (I believe this implies ACCOUNTDISABLE | NORMAL_ACCOUNT | DONT_EXPIRE_PASSWD)
    2.   Then for the account (in ADUC) do the following:
    a.  Unchecked the "user cannot change password" -> OK
    b. Right-clicked on the
    ‘user1’ account and selected reset password and kept it blank and clicked OK
     i.     
    This step is to set a NULL password for the User1 account and keep it disabled
    c.      
    Right-clicked on the User1 account and checked the "user cannot change password" again
    https://support.microsoft.com/en-us/kb/305144?wa=wsignin1.0

Maybe you are looking for

  • Getting error while installing OIM 11g r2 PS1

    Hi All, I Tried to install PS1, Earlier i got error (SOA(applied 11.1.1.7) and OWSM schemas got failed to create) while configuring schemas on weblogic domain configuration. For this i uninstalled 11.1.1.7 and i installed 11.1.1.6 on that i applied s

  • How to Get Worker Process ID(W3wp.exe) of Specific Sharepoint Application Pool(Not List of All)

    Hi Friends, I am using below command to find w3wp.exe ID which i have to attach in debugging,But it gives all W3wp.exe list C:\Windows\System32\inetsrv>appcmd list wp. I want to find only Specific 'Application Pool' w3wp.exe ID ? can anyone help me o

  • Re:How to close and reopen a document immediately?

    Original Message available here:<br /><a href="/webx?14@@.3c055358">Dave Sykes, "How to close and reopen a document immediately?" #, 15 Nov 2007 4:46 am</a><br /><br />> Dave Sykes - 04:46am Nov 15, 2007 Pacific<br /> I would like to close a document

  • How to skip the regristration part on new macbook? Go straight to login

    I have a 2007 macbook osx n I want to skip the beginning part of the setup n go to login . Is there anything I can type when I press in to command s to skip the regristration?

  • Building a glossary

    I want to add a simple glossary to my training--anyone have suggestions on how to start?  Ideally I'd like to be able to import a CSV with terms and definitions and have it autopopulate the content and a simple alphabetic navigation but I'm guessing