GRC AC 5.3 SP06 UME Logon Issue

Similar Messages

• UME logon screen change

  Hi all,
  i have a requirement in which i want to replace the UME logon screen with a light weight JSP page .
  this JSP page will conatian two input field (for user id and password)and a button to logon to application.
  this page with take the inputs from user and authenticate the details entered with the UME user details and allow the user to login to portal.
  can anebody help me out in this !!!
  thanks in advance,
  Madhvika

  Hi Madhvika,
  Go through this link.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/371e9d90-0201-0010-c39c-fd2956154ab3
  You can make a copy of "com.sap.portal.runtime.logon" par file and recreate umlogonpage.jsp
  REgards,
  Vishal
  PS: Reward points if answer is helpful.

• Drill down functionality logon issue.

  Hi Experts,
  Recently we implemented SAP NW04s EP 7.0 and SAP BW.
  We are following SAP logon tickets mechanism. We created a System Object in Portal to display the BW reports on the Portal.
  Users can logon to the Port6al and access the BW iViews and execute the BW reports properly. All the functionalities are working fine except for the BW Drill down fucntionality. When the users logon to the portal with their UserId and Password they can execute the normal BW Reports. But when the users drilldown the report it is asking to enter BW System User id and Password again.
  This logon issue happening for only BW Drilldown reports created either with local  BW system Or source systems R/3, CRM etc..
  The portal certificates were imported properly on the BW system in the cert list, ACL list, profile parameters are specified correctly.
  Regards
  Ravi

  Hello Ravi,
  Am not sure if this will work but you can try resetting the BW password.
  We have faced an issue on similar lines which got resolved by resetting backend system password.
  Let me know what happens.
  Regards,
  Ritu

• Ume.logon.branding_image to a valid URL

  Hello Friends,
  I know that : "As of EP6 SP2, it is possible to change the branding image without having to modify code. Instead, you can set the user management property ume.logon.branding_image to a valid URL. For example:
  ume.logon.branding_image=/irj/newImage.gif.
  ume.logon.branding_image=http://www.company.com/Image.gif"
  On my system if i try to save the modifications the URL changed to
  ume.logon.branding_image=http\://www.company.....
  http\:// and not http://
  Could you please help me?
  Regards,
  Fth

  Hello,
  usually this occurs, or in cases of developing on unix/luinux/C/etc. it's required to set special commands like '/' or ':' out of their funktionality, the funktionality will be disabled with the presetting of the backshlash command sign '\'.
  So the stringset executing will be not interupted until the last sign is processed.
  Perhaps you should check your system environment at first.
  It seems, that the string processes a locally adress. In Windows environments such appearances occurs often, it also like a adress-string if you're typing in the browser a local file to show, here you must start like "file\://'
  I hope  it was helpfully and nearly correct.
  br.ct

• Not able to find "ume.logon.anonymous_user.mode" in UME service

  Hi,
  I am not able to find "ume.logon.anonymous_user.mode" parameter in the "com.sap.security.core.ume.service" service in config tool path "Global Configuration | Server | Services". We are in EP7 SP14.
  Can i get this parameter anywhere else.
  regards
  Marcus.

  Hi,
  try to check in Clusttered configuration\server\services and let me know the results.
  narsi

• WEB Gui logon issue.

  Dear Support,
  I've activated the SAP Webgui and it is working fine. The problem is that the username and password textboxes on login screen are disabled with a message 'via popup' and when i click logon a popup ask me for the username and password. I want to enable these textboxes so that despite a popup occur user can input their information directly on logon page.
  Please help me to resolve this issue. Thanks in advance
  With best regards,
  Basis Team

  Dear Edgar,
  Thanks a lot for your prompt reply. I've made the settings you specify and now the text boxes are visible. but when i enter username and password and press logon button then it give me the following error:
  "Erorr start here
  The URL http://172.16.100.180:8000/sap/bc/gui/sap/its/webgui was not called due to an error.
  Note
  The following error text was processed in the system T01 : Communication failure
  The error occurred on the application server ideskesc_T01_00 and in the work process 0 .
  The termination type was: IMC_CANCEL_TX
  The ABAP call stack was:
        Method: IF_HTTP_EXTENSION~HANDLE_REQUEST of program CL_HTTP_EXT_ITS===============CP
        Method: EXECUTE_REQUEST of program CL_HTTP_SERVER================CP
        Function: HTTP_DISPATCH_REQUEST of program SAPLHTTP_RUNTIME
        Module: %_HTTP_START of program SAPMHTTP
  Error ends here".
  Please help and guide me to resolve this issue.
  Thanks a lot.
  Basis Team.
  Edited by: Basis team on Jun 19, 2009 9:06 AM

• SAP GUI710 Logon issue

  Hi , all
  Now , i am using SAP GUI710 , Patch level 3,   i have an issue , if i leave the sec untouched for about 5 minutes , GUI will log off itself , and give me this information:
  CD1: connection to partner " ..........: sapdp00" broken
  WSAECONNRESET: connection reset by peer
  though i can logon again , but this really boring me , every 5 minute , if no activity , then auto logoff and i need to logon again.
  what is the problem , how to fix this ? thanks.

  Hello,
  If this happens for all the users , pl check the SAP instance parameter  value rdisp/gui_auto_logout.
  If it is 0 there wont be any auto log out.
  set the value in seconds means if you set it at 300 it will log out automaticaly after 5 secs.
  Pl try this . Dont forget to restart the server after making the changes.
  Award if resolved.
  Regards

• IOS Remote Desktop Client Logon Issue Prompts to Logon 3 Times with RDGW

  I have an issue when connecting from the Remote Desktop client iOS on multiple iPads/users.
  First a little background: We have an RDS Web Access / RDS Gateway (2012 R2) setup and properly configured. We can logon using it just fine from the Mac OS version of the app, Android version of the app, or from a Windows PC. When we try to
  connect via the iOS app we get the prompt to logon 3 times. Due to security reasons, we do not want them to store their credentials on the iPads, which is the only method I have found to eliminate the triple password entry. It only prompts once on the Mac
  OS version, Android version or from a Windows PC.
  The password isn't being entered incorrectly and the servers are not registering any Audit Failures for the logon attempts. Can you assist?
  Additionally I would like to recommend the addition of a feature to be able to setup remote resources but prompt for the password on app launch for security reasons. That way they would have to enter it once but then they could access any resources needed.
  Thanks,
  Nate L

  I am not comfortable posting the entire log file but let me give you the high level summary. The settings section for the active connection:
  [2014-Jun-17 12:45:23] RDP (0): Final rdp configuration used: {
      activeUsername = "domain\username";
      arcTimeout = 1800;
      configurationVersion = 8;
      console = 0;
      gatewayId = XXXXXXXX;
      host = "InternalServerHostName.domain.local";
      label = "";
      mouseMode = "-1";
      offsetX = 0;
      offsetY = 0;
      peerIp = "ExternalRDSGatewayIP";
      port = 3389;
      previousMouseMode = 1;
      previousUtilityBar = 0;
      screenshotScale = "0.125";
      soundMode = 1;
      swapMouseButtons = 0;
      type = rdp;
      utilityBar = "-1";
      zoomFactor = 1;
      connections =    
          ...bunch of addresses...
      host = "ExternalRDSGatewayHostName";
      id = XXXXXX;
      port = 443;
      temporary = 1;
      type = rdp;
      kCFProxyTypeKey = kCFProxyTypeNone;
  It then attempts to connect to the InternalServerHostName.domain.local.
  [2014-Jun-19 09:40:01] RDP (0): Resolved 'InternalServerHostName.domain.local' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
  [2014-Jun-19 09:40:01] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
  [2014-Jun-19 09:40:01] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2014-Jun-19 09:40:02] RDP (0): Showing credentials dialog
  It then displays the same settings again with the exception of an additional line after the gatewayId line:
  gwAutodetectState = kConnectionGwAutodectedForceGW;
  Then it goes through the interface list, not using any proxy, correlation id, then resolves name:
  [2014-Jun-19 09:40:10] RDP (0): Resolved 'ExternalRDSGatewayHostName' to 'ExternalRDSGatewayIP' using NameResolveMethod_Unknown(0)
  [2014-Jun-19 09:40:11] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 217
      User Message : The gateway failed to connect with the message: 403 Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. 
  [2014-Jun-19 09:40:11] RDP (0): Error message: The gateway failed to connect with the message: 403 Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. 
  )(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
  [2014-Jun-19 09:40:11] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
  [2014-Jun-19 09:40:11] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2014-Jun-19 09:40:11] RDP (0): Showing credentials dialog
  Then it displays the same settings again except for the gwAutodetectState line changing to:
  gwAutodetectState = kConnectionGwAutodectedHTTPSTried;
  Then it connects ok. I went to our firewall (MS Forefront TMG) and monitored for traffic from the iPad iOS App (based on network it is on). I don't see the initial connection attempt at all, which is expected because according to the log above it looks
  like it tries to connect to the host directly...which it shouldn't?
  Then in the second attempt I see it trying to go to http://ExternalRDSGatewayHostName:443/remoteDesktopGateway/ which again it shouldn't be doing because that URL (the remoteDesktopGateway) is not part of the RDSGW or RDSWA 2012 R2 IIS
  config or am I missing something? It should be going to Rpc or RDWeb right? or do I need to allow that path through too?
  Thanks,
  Nate

• Logon issues when connecting to the R/3 system via System Template

  Hi All,
  I have created a System object for connecting to the R/3 system.
  the R/3 system is on ITS server.
  i have set the connector properties, ITS server details, User Management properties.
  Connector Porperties: Application Host: -
  , logical system name -
  , SAP client---,SID---, System number -
  server port-----,System type : sap_R3
  ITS server details : ITS host name, ITS path :/scripts/wgate, Protocal :http
  Usermanagement properties :    Logon method : SAPLogontickets, user mappingtype : Admin/user.
  Alias :Given the alias for the system created.
  i have also checked with the connection tests. The ITS Connection is green. but the connection test for the connector is red.
  Also the Portal user is not the same as the SAP backend user. So for this i have also made the user mapping, Under System Administration ---> Usermapping . ( we are using EP6.0)
  When i finally created a SAP trasaction iview based on the Alias. and tried to preview it. it is  showing me the error   "
  Name or password is incorrect, please reenter" .
  but in the preivew if i give the user id and password which i have mapped under the user mappings  it is entering the SAP trasaction.
  kindly suggest what can be the issue?
  Thanks & Regards,
  Kavitha

  Hi All,
  Thanks for all your replies. And sorry from my side for the late reply.
  I have followed all the suggestions made by every one of you.
  Also Arun, i have checked with the blogs that you have sent. All the settings done by me are exactly the same as defined in the blogs.
  but still the same error persists.  also When i tried to Login with the same user id as that of portal . It is working fine.
  Also while going through the blogs i have found that.. While doing the Connection tests. One of the test,  Connection test for the connectors is failed. i am unable to know the reason for failure.
  is this because of this reason, is the iview is asking for the re entering of user id and password ?
  kindly help.
  Also in most of the blogs i have found that for searching the  Message server. When we are not sure of name of the message server the  go to Transaction SMICM..... Where should this Tcode be entered. is it in the r/3?
  Thanks & regards,
  M.Kavitha harika.

• GRC AC 10: Emergency Access Management, Logon button is disabled (GRAC_SPM)

  Hello Gurus,
  I have configured Emergency Access Management in GRC AC 10.
  GRC Box (SID) : GR1 client 100
  Backend ERP system : D24 client 100
  The FIREFIGHTER in GRC system : FFUSER1
  Z_SAP_GRAC_SUPERUSER_MGMTUSER
  Z_SAP_GRC_FN_BASE
  Z_SAP_GRC_NWBC
  In the Backend ERP system the FIREFIGHTER ID: ABC wants to access the FIREFIGHTER(FFUSER1)
  Hence in NWBC (Setup >Superuser Assignment>Firefighter ID) the assignment is done.
  ABC(FIREFIGHTER ID) <--->FFUSER1(FIREFIGHTER)
  Now the User login the GRC system using FFUSER1 assigned following roles
  Z_SAP_GRAC_SUPERUSER_MGMTUSER
  Z_SAP_GRC_FN_BASE
  Z_SAP_GRC_NWBC
  Z_SAP_GRAC_SPM_FFID
  and runs Transaction: GRAC_SPM
  and he is able to see that ABC is assigned .
  Now the user clicks on "Logon" and the status changes from green to "RED".
  A new SAP screen opens asking credintials for Backend ERP system D24 client 100
  The User enters his own Id : ABC and password and logs in.
  Runs the necessary transactions and logs out using transaction: /nex
  The session in GRC is still running and now the "LOGON button" is disabled , he comes out of that screen too.
  When the user tries to login again using FFUSER1 to do more task , the "LOGON Button" is seen disabled.
  and clicking the "unlock" button also doesn;t help.
  When checked in SM04, no live session is reflected .
  How can we "enable" the LOGON button in the transaction : GRAC_SPM for the same FIREFIGHTER (FFUSER1) assigned for Firefighter ID (ABC) ??
  As it is now not possible to click "LOGON" button and the status is "RED".
  Please let me know your opinion .
  Thank You.
  Regards,
  Premjit

  Thanks to All

• Playmemories logon issues - Mac Mavericks 10.9.3/ILCE6000

  I've just purchased the ILCE6000 and am unable to logon to Playmemories.  On my Mac I click on Sign In and nothing happens at all.  
  On the camera having connected to wireless network okay I get the list of apps available but when selecting one to download I get prompted to confirm I have a Sony Entertainment Account and on selecting 'Yes' nothing happens and the camera appears to seize up as to get it to do anything I have to power off/on.
  Any ideas for solutions will be much appreciated.
  Thanks
  Solved!
  Go to Solution.

  Solved my own issue. Sites were blocked by Sky Broadband Shield. Now set to allow online gaming and all connecting okay.

• Crystal Reports logon issue across firewall - Transport error:communication

  Hi,
  We are facing an error when we try to logon to the BO server using the crystal reports tool (Crystal Reports Enterprise XI Release 2 ) outside the firewall. The login is working fine when inside the firewall. The BO server is on a unix box within the customer network and we are trying to login from a PC (using Crystal Reports Enterprise XI Release 2) which is outside that network. The following are the errors we get when trying to logon using authentication as "Enterprise" and system name as "fully qualified server name:6400"
  1. Without including any IP addresses in the PC host file we get "Transport error:communication failure" on login.
  2. When I included the IP and name of the BO server in the PC host file (xx.xx.xx.xx host name) we get an error - "CMS host 'xxxx' address was resolved properly,but cannot be reached to establish a CMS connection.Verify your router/firewall allows communication on port 6400."
  (The IP address I include in the PC host file is the actual IP address of the BO server)
  3. I know we have natted IP addresses.. and the IP address of the BO server appears to be different when I do a ping to the BO server from outside the customer network i.e from the external PC. When I include the IP address in the host file (which I get from the ping <servername> outside the customer network from my PC) I get "Transport error:communication failure".
  The port 6400 has been opened in the firewall. We are able to login to the CMC link and the Info view without any issues.
  It will be great to get some advise on this as it has become a high priority issue in our workspace now.
  Thanks,
  Reeti

  Hi All,
  I had a breakthrough in logging to BOX1R2 Crystal Reports client outside the firewall. The following was done in our case:
  1. Open the port 6400 on the server to allow traffic from outside the firewall.
  2. Add the following command at the end in the cmsLAUNCH command line in ccm.config (ours is a BO server on Sun OS)
  -port FQDN:6400 -requestport XXXX
  The -port parameter was explicitly specified to make CMS explicitly listen on port 6400.
  The -requestport parameter was added to configure the server to register a fixed port (which has external access) with the CMS rather than letting it choose a dynamically selected one...so XXXX can be any port which is not allocated to any app and is also open in the firewall)
  Thanks,
  Reeti

• Logon issue with Integrated ESS in ECC 6.0

  Hello,
  We are upgrading to ECC 6.0 from 4.6C. We do not plan to use Portal. PZM3 is not allowed in ECC 6 as 'Screen flow logic' services are not permitted. We had a SSO enabled in the 4.6C system from Win NT using the NT Auth service -- which let users go into ESS services w/o any prompt for login. Currently the ESS services in ECC 6.0 asks for login during first logon after that it doesn't prompt. Can we do the same thing (like that of 4.6C) in the new Integrated ESS(iESS) by using existing tickets issued by Win NT? If not is their any other way SSO can be achieved by not using Portal but by just using iESS? Please advise. Thank you.

  Hi Kshitij,
  SAP note 858138 provides some information about external authentication that is available with SAP Netweaver and points to the related documentation.
  Best regards,
  Klaus

• Linked Server : The old "Login failed for users "NT Authority\Anonymous Logon" issue

  Two SQL Servers: SQL Server 2008 sp3 and SQL Server 2014We are transitioning from 2008 to 2014.  We have need of some linked servers whilst this is ongoing.
  We've used them before, and indeed I set them up quite easily or so I thought.
  On the 2014 server, I can test the connection and everything ok.  If I logon to the linked server instance (ie the 2008 server) on the 2014 server, and connect to 2014 server, and test, I get the Error: 18456 Login failed error message.
  If I create a linked server on any instances of the 2008 server pointing to the 2014 server, no problems whatsoever going in that direction.
  Note that I'm selecting "Be made using the login's current security context"
  The 2008 sql server services is using a domain account as it's logon, whereas the 2014 server is using Managed Service Accounts.
  I've checked the SPN's and they all seem to be set ok.
  I then thought that perhaps there was an inconsistency with the Managed Service Account not being recognised (although does work when actually on the 2014 server).  I then changed (using Sql Server config manager) the account being used for the MSSQLSvc
  from the managed service account to the same account used by the 2008 sql server.  This seems to have produced a certain degree of success.  I can now test the connection from my local ssms and the 2008 server and these work ok for the most part. 
  I presumed I had a workaround and did further testing, however it doesn't always seem to run true.  This could of course be due to me not taking the same steps to reproduce the original workaround.
  This is effectively a transient condition as eventually we won't need the linked servers, however, they are needed for at least the next 2-3 months.
  Could anyone help explain the nature of this problem and where I'm going wrong?
  Regards
  Ian

  Hello,
  In addition to what Ashwin has asked (though the anonymous error message kind of gives it away):
  It does sound (I know you have you checked, but SPNs can be tricky devils) like an SPN issue or delegation issue
  The first thing I would point you to is the Kerberos Checking Tool for SQL Server. It's pretty new but in my testing it's been very accurate. Download, run it, and check the output:
  http://www.microsoft.com/en-us/download/details.aspx?id=39046
  Secondly, I would point you to this entry (yes, made by me):
  http://www.seangallardy.com/2014/05/using-kerberos-with-sql-server-part-1-double-hop/
  The reason why it works when you login from the 2008 server or the 2014 server and go to either or is because you're not double-hopping. You're local to the server, there is no delegation involved.
  Sean Gallardy | Blog
  MCM 2008
  MCSM:Data Platform Charter Member

• Active Directory RDP Logon Issue

  I have a problem logging on to my test domain, here are the setup and symptoms
  Domain Prod:   ua.here.someplace.com
  Domain Test:   ua.test-here.someplace.com
  Domains totally separate DNS and WINS, although they are on the same subnets.
  From my admin workstation I find I cant login to the test domain with the following format;
  SEE ATTACHED
  I cant figure out why.
  DCDIAG in both domains is clean.  All DNS entries listed in netlogon.dns are in the proper locations, I checked line by line.
  Event logs say "Access Denied", as if it were a bad password, otherwise clean
  But most perplexing, when I spin up a clean Virtual Windows 7 pro box (same DNS as admin workstation), Everything starts to work!!
  I have deleted everything in credential manager on the admin workstation (including from cmd line with cmdkey.exe), including all the temp files in Local, LocalLow, and roaming, and all the Temp files with Internet Explorer.  No change.
  I am at a loss :(
  Can the fact that the NetBIOS name is the same for both prod and test be an issue???  but I cant see how...
  BlankMonkey

  Hi,
  In order to solve this issue more efficiently, I need to clarify some information.
  Firstly, those failed logon attempts, are they all logon attempts via RDP? What specific error do you see when logon attempts fail?
  Secondly, the access denied event in Event Logs, would you please post out a complete version?
  You also mentioned that after you brought a clean Virtual Windows 7 pro box, everything started to work, so what is the version of the former problematic machine?
  Here are some related links below for your references:
  The system cannot log on due to the following error: access is denied
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b458262e-7be7-49d6-9f14-bd0cbbccc226/the-system-cannot-log-on-due-to-the-following-error-access-is-denied
  Error message when you use Remote Desktop Connection to connect to a Windows Vista-based computer: "The requested session access is denied"
  http://support.microsoft.com/kb/954369
  Users Can Log On Using User Name or User Principal Name
  http://support.microsoft.com/kb/243280
  If these links above are not helpful, please get back to us with necessary information at your earliest convenience.
  Best Regards,
  Amy Wang