DDIC and SAP* locked due to bad logins
Hi!
I'm setting up a WAS 7.0/CRM5.1 system and have encountered som problems.
My DDIC and SAP* users have been locked in both the production client and the 000 client.
I found a note on how to solve this and that was to delete the SAP* from the USR02 table. Then the password would be PASS and I would be able to log on.
I deleted the SAP* user from client 000, but I stil can't log on! Should the user be deleted in the other clients as well or have I done something bad?
regards
rollo
- enter oslevel as user <sid>adm of ora<sid>
- on oracle use e.g. sqlplus, connect as sapr3 (resp. sap<SID) and enter <i>delete from usr02 where mandt = '000' and bname = 'SAP*';</i> then <i>commit;</i>
- as of WebAs 7.0 it's forbidden by default to logon as SAP* so you also have to set profile parameter and restart the system.
see also SAP note <a href="https://websmp201.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=68048&_NLANG=E">68048</a> and <a href="https://websmp230.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=0000862989&nlang=E">862989</a>
Similar Messages
-
Unable to access user DDIC and SAP*
+Hi GURUS,+
+I installed solutionmanager 4.0 and i loggen in the system(000) with DDIC user and check the TCODE SICK.+
++When i restarted the server it was not allow me to login awith user DDIC and SAP in 000 client.++*
+It's giving error message:+
+Password log on nolonger possible too many times failed attempts.+
++Could you please help me out is there any way to set DDIC and SAP from windows level(i mean sap inst directry..usr/sap/<sid>/sys/profile)*
Regards
JAnHi,
Unlock it at Database level
UPDATE usr02 SET uflag = 0 WHERE bname = "SAP*" AND mandt = <client number>
Or
Run the sql query at sql prompt and then login to sap with sap* and password "pass".
SQL> delete from usr02 where mandt=<your login client> and banme='SAP*';
Rakesh -
DDIC and SAP* changing into usertype system
In order to secure the Standard Users DDIC and SAP* against misuse i
planned to change them into SYSTEM accounts instead of DIALOG.
Is there, in case of a standard SAP implementation, any indications that
we shouldn´t do this?
In the guidelines and forums i couldn't find any arguments against
such a situation.
The SAP* accounts is further secured by setting the system profile
parameter 'logon/no_automatic_user_sapstar' to 1.
Thanks in advance for your reactions.
With kind regards,
Edwin StamAs of release 7.00 EhP1 there is a new procedure for this.
See --> Lock DDIC user but keep the RDD* jobs working. and the link to the help.sap.com documentation.
The users are already blocked from authenticating via trusted RFC. Changing the user type to system will also prevent them from being used on the issuing system for SAP Logon Tickets as well as attaching a SAPGui to a logon session in the backend systems. You can also disable the password in SU01 (which will delete the password hash).
Alcatraz for standard users...
Cheers,
Julius
Edited by: Julius Bussche on Dec 16, 2009 3:28 PM -
Hi
Kindly let me know the what is the difference between DDIC and SAP* .
SelvanHello ,
SAP* is the only user in the SAP System that does not require a user master record, SAP* has by default the password PASS, as well as unlimited system access authorizations.
To secure SAP* against misuse, you should at least change its password from the standard PASS. For security reasons, SAP recommends that you deactivate SAP* and define your own superuser.
The maintenance user for the ABAP Dictionary and software logistics, user DDIC.
The user master record for user DDIC is automatically created in clients 000 and 001 when you install your SAP System. User DDIC special privileges for certain operations. For example, DDIC is the only user that is allowed to log on to the SAP System during an upgrade.
"But, in which * Parameter Name* i have to activate"
login no_automatic_user_sapstar 1 -
Different between database lock and sap lock
Hi All,
What is different between database lock and sap lock why sap introduced locking mechanism.
Thanks
SantoshFrom a database perspective, every dialog step forms a physical and logical unit:
the database transaction.. The database lock administration can only coordinate
this type of database transaction. From an SAP point of view, however, this is
not sufficient, because SAP transactions, which are formed from a sequence of
logically related work steps that are consistent in business terms, are generally
made up of several dialog steps. SAP systems need to have their own lock
management. This is implemented using the enqueue work process. This also
ensures that the platform-independence of the lock management is maintained. -
When are DDIC and SAP* used in Client 066 and 001
Hi everyone,
Can someone please shed some light on when DDIC and SAP* users are supposed to be used in logging into client 066 and 001?
Your inputs will be greatly appreciated.
Thanks!
Divine Grace BanzonUser DDIC is a user with special privileges in installation, software logistics, and the ABAP Dictionary. The user master record is created in clients 000 and 001 when you install your R/3 System.
User SAP* is default superuser in SAP System, in the clients 000 and 001. A user master record is defined for SAP* when the system is installed. However, SAP* is programmed in the system and does not require a user master record.
Hope this will help.
-Pinkle -
WAS Portal User locked - Due to bad logon
Hi,
Is it possible to adjust user's bad logon attemp in WAS portal 6.4?
If a user enter wrong password more than three time, the system locked that user. It happened three times to admin user. We activated SAP* and unlocked the user.
If any one knows like how to increase the number of wrong password attempt...it would be great.
Thanks,Hi,
For increasing the logon attempts, you have to follow below steps:
Step 1: Go to <Driver>:\usr\sap\<System ID>\JCxx\j2ee\configtool --> Configtool.bat
ex: <b>C:\usr\sap\Y76\JC03\j2ee\configtool --> Configtool.bat</b>
Step 2: <b>cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service</b>
select property : "<b>ume.logon.security_policy.lock_after_invalid_attempts</b> = < <b>Enter Number</b>>"
ex: ume.logon.security_policy.lock_after_invalid_attempts = 6
Step 3: save
Step 4: Restart the Engine. -
User locking due to failed login attempts.
Hi,
Is there any way to find out the terminal name from which failed attempts made causing locking of user name?
With Best Regards,
RajkumarHi Rajkumar
I tries if the statistics of transaction STAD show the terminal id, too. However, when experimenting with this it seems to be the case that the terminal ID is only available if you are already authenticated at the system. Therefore, only the Security Audit Log with transaction SM19 and SM20 would log the required information.
Kind regards
Frank -
Re: what is difference between sap locking and database locking
hi,
what is difference between sap locking and database locking. Iam locked the table mara by using lock objects.
But iam unable to unlock the mara table. I give u the coding. Please check it.
REPORT zlock .
CALL FUNCTION 'ENQUEUE_EZTEST3'
EXPORTING
MODE_MARA = 'S'
MANDT = SY-MANDT
MATNR = 'SOU-1'.
call transaction 'MM02'.
CALL FUNCTION 'DEQUEUE_EZTEST3'
EXPORTING
mode_mara = 'E'
mandt = sy-mandt
matnr = 'SOU-1'.
IF sy-subrc = 0.
WRITE: 'IT IS unlocked'.
ENDIF.Hi Paluri
Here is the difference between SAP locks and Database locks, i will try to find the solution to your code.
Regards
Ashish
Database Locks: The database system automatically sets database locks when it receives change statements (INSERT, UPDATE, MODIFY, DELETE) from a program. Database locks are physical locks on the database entries affected by these statements. You can only set a lock for an existing database entry, since the lock mechanism uses a lock flag in the entry. These flags are automatically deleted in each database commit. This means that database locks can never be set for longer than a single database LUW; in other words, a single dialog step in an R/3 application program.
Physical locks in the database system are therefore insufficient for the requirements of an R/3 transaction. Locks in the R/3 System must remain set for the duration of a whole SAP LUW, that is, over several dialog steps. They must also be capable of being handled by different work processes and even different application servers. Consequently, each lock must apply on all servers in that R/3 System.
SAP Locks:
To complement the SAP LUW concept, in which bundled database changes are made in a single database LUW, the R/3 System also contains a lock mechanism, fully independent of database locks, that allows you to set a lock that spans several dialog steps. These locks are known as SAP locks.
The SAP lock concept is based on lock objects. Lock objects allow you to set an SAP lock for an entire application object. An application object consists of one or more entries in a database table, or entries from more than one database table that are linked using foreign key relationships.
Before you can set an SAP lock in an ABAP program, you must first create a lock object in the ABAP Dictionary. -
My software locks up while I have Firefox open and am seeking to login to either gmail or yahoo mail.
It works well until I get to the login screen ... and then locks and will not allow any keyboard or mouse work ... except that I can get to my taskmaster and close Firefox and then everything works.
Today, for the first time, it did it on another site.
Is there a 64bit iteration?
I am using the 32 bit Firefox ... the latest version (This all began with this upgrade) on a 64 bit/Windows 7.
Thanks. rgHi,
Please check if this happens in [https://support.mozilla.com/en-US/kb/Safe%20Mode Safe Mode]. Safe mode disables the installed '''Extensions''', and themes ('''Appearance''') in '''Tools''' ('''Alt''' + '''T''') > '''Add-ons'''. Hardware acceleration is also temporarily disabled - the manual setting is '''Tools''' > '''Options''' > '''Advanced''' > '''General''' > [https://support.mozilla.org/en-US/kb/Options%20window%20-%20Advanced%20panel?as=u '''Use hardware acceleration when available''']. All these settings/options/add-ons can also be individually or collectively disabled/enabled/changed in Firefox normal mode to check if an extension, theme, option or hardware acceleration is causing issues. Disabling/enabling hardware acceleration, and some types of add-ons in normal mode may require a Firefox restart.
[http://support.mozilla.com/en-US/kb/Uninstalling+add-ons Uninstalling Add-ons]
[http://kb.mozillazine.org/Uninstalling_toolbars Uninstalling Toolbars]
[https://support.mozilla.com/en-US/kb/Troubleshooting%20extensions%20and%20themes Troubleshooting Extensions and Themes]
[http://kb.mozillazine.org/Problematic_extensions Problematic Extensions]
[https://support.mozilla.org/en-US/kb/Options%20window Options]
You can check the Firefox version via '''Help''' ('''Alt''' + '''H''') > '''About Firefox'''. As of now officially only 64-bit Linux builds exist. There could be unofficial 64-bit Firefox for Windows. -
Document in Easy DMS and SAP DMS is lock cannot be accessed
Hello Guru,
Document in Easy DMS and SAP DMS is lock cannot be accessed. when check in Easy DMS the document 123 excel file is not accessible cannot be open, it has an icon on pencil with red circle sign.
when check in SAP GUi, the padlock is unlock, file cannot be open as well with error (File C:\EasyDMS\SAP_400\PRE1234567890 could not be accessed.
how can we fixed this and unlock the document excel so that we can open it. Please advise. ThanksHi,
based on your description it seems to me that this original file is currently checked out for editing. So maybe another user is
editing this file and so you cannot access it.
If no other user edits the file you can try to use the function 'Exit Edit mode' in the context menu of EasyDMS. This will checkin the file again and restore the last checked in version.
Best regards,
Christoph -
The seller did not restore the phone and when I tried to do it manually it locked the phone and is now asking for the login info in order to do anything with the phone. I contacted the seller and he is not responding. What do i do?
he knows his ID , if he did all whats in the link he can get his password back ?
how can i make him call applecare ? is there a way to speak to them from jordan ??
i have been trying to reach any1 in apple so they can communicate and help my friend (us) to make him remember it .
am not asking for the password or trying to get into the phone without using it , and i can take my money back though i need to help my friend as well since now he cant use it as well.
thanks kil -
I got a Iphone 4 from UK and got unlocked in india, can i take the software updates? will my phone get locked due to this?
Your phone was "hacked" to unlock it. So, if you update software or restore your phone, it will be re-locked to the carrier it was originally locked to in the UK.
-
i have a ipad which has been locked due to the owner claiming it was lost. I have had the serial no. checked and it is not stolen but I can't use it. I have talked to the owner many times who refuses to give me the password or has no idea what password was used.
Unfortuinately there is nothing that can be done.
If its locked its locked. This is a theft deterrant mechanism.
If you could unlock "stolen" ipads then there would be no purpose for the feature.
You will have to convince the owner you bought it correctly, or accept its no lonnger usable by you until the original owner removes the lock. -
I updated an iPod touch, an iPad 2, and an iPhone 4 to iOS 6, and all of them now will not connect to WiFi. They all give this wierd 404 error page from Apple and insist that I need to login to the network. What's the fix? None of the recommended fixes work in any of these devices. Reset device, reset network, renew lease, etc. None of them work.
Does the iPod work OK?
Does it charge when connect to the computer?
Does it appear in My Computer?
Look at the dock connector on the iPod. Compare with the iPod that does work/connect.
I suspect you have a 2G iPod. Those can only go to iOS 4.2.1
http://support.apple.com/kb/HT1353#iPod_touch_late2009
iPod touch (3rd generation)
iPod touch (3rd generation) features a 3.5-inch (diagonal) widescreen multi-touch display and 32 GB or 64 GB flash drive. You can browse the web with Safari and watch YouTube videos with Wi-Fi. You can also search, preview, and buy songs from the iTunes Wi-Fi Music Store on iPod touch.
The iPod touch (3rd generation) can be distinguished from iPod touch (2nd generation) by looking at the back of the device. In the text below the engraving, look for the model number. iPod touch (2nd generation) is model A1288, and iPod touch (3rd generation) is model A1318.
Maybe you are looking for
-
FBZG - Failed Bill of Exchange - copy previous document dates
Example Bill of Exchange configured 1 BoE per invoice Invoice 1 - dated 30 march 2010 1000EUR Run F110 and get document putting 1000EUR into Bills receivable When bill due 1000 EUR debit / credit bank / bank clearing Run F_72 bank clearing and bil
-
I want to update a column using select statment. The statement starts with select keyword and i have to update the value in the emp table. select deptno case deptno when 10 then update emp set sal=sal+100 when empno=empno else update emp set sal=sal+
-
Imesage & Facetime sign in not working after I restored iPod Touch 4G 8G..
Can someone shed light on this situation? The help would be nice because I'm not sure. Firmware: 6.1.5
-
I have a serial number and downloaded the normal install packages for CS6. Using my serial number failed. I wonder if this is because I only have a serial number for an educational version.
-
Come faccio a scaricare encore cs6 avendo io la suite CC2014?
Devo fare un dvd e ho scoperto che encore non esiste più, però ho letto in internet che è possibile scaricare encore cs6 se si è possesori della creative suite. La mia domanda è come faccio? Vale anche per la CC2014?