Portal Login Failure

Similar Messages

• ISE 1.3 Sponsored Guest Portal Login Failure

  Hello Team,
  Ive created a guest account in the sponsor portal for a test guest user, however the state remains in "created" state.
  Now when the user tries to log on via the sponsored guest portal the error back is "invalid username or password".
  In ISE logs it says :
  Overview
  Event
  5418 Guest Authentication Failed
  Username
  bnawaz01 
  Endpoint Id
  Endpoint Profile
  Authorization Result
  Actions
  Troubleshoot Authentication
  View Diagnostic Messages
  Audit Network Device Configuration
  View Network Device Configuration
  View Server Configuration Changes
  -->Authentication Details
  Source Timestamp
  2014-12-24 08:49:05.551
  Received Timestamp
  2014-12-24 08:49:05.553
  Policy Server
  DC1-ISE-DMZ01
  Event
  5418 Guest Authentication Failed
  Failure Reason
  Account is not yet active.
  Resolution
  Root cause
  Username
  bnawaz01
  User Type
  GuestUser
  Endpoint Id
  Endpoint Profile
  IP Address
  Authentication Identity Store
  Guest Users
  Identity Group
  GuestType_Contractor (default)
  Audit Session Id
  Authentication Method
  PAP_ASCII
  Authentication Protocol
  PAP_ASCII
  Service Type
  Network Device
  Device Type
  Location
  NAS IP Address
  NAS Port Id
  NAS Port Type
  Authorization Profile
  Posture Status
  Security Group
  Response Time 
  Any ideas why this might be, if im doing something wrong and how to fix?
  Thank you
  Bilal

  I have had the same issue, the fault is caused by the time zone in the sponsor groups being set by default to UTC, so if you are in London the accounts wont become available until UTC time. The best practice is to add a local time zone and remove UTC at initial configuration
  To resolve this create a new local time zone in Guest Access>Settings>Guest Locations and SSIDs then under Guest Access>Configure>Sponsor Groups amend the time zone properties in each sponsor group
  One other problem is if you do not remove this at initial configuration you don't seem to be able to get rid of UTC, not really an issue unless you forget when creating new sponsor groups

• Portal Login id and Credatinal pass to dot net application

  Hi Experts,
  I want to know is it possible to pass the portal login id and other details like Name and organization to an dotnet application.
  If it is then how can we do it.
  Please do the needfull. Important
  Regards,
  Swapnil

  Hi Sarbjeet,
  I first thought of creating URL Iview and passing the user id and other required details as parameter to that URL Iview.
  Then reading your mail i thought of creating a web dynpro java application and then pass all the required values to the url in the application only but i am confussed how i will call the dot net application.
  If you have a better suggestion please let me know how to do it.
  Regards
  Swapnil

• ADF Application and Oracle Portal Login Page

  We have developed ADF application and deployed it in Oracle AS 10.1.2 along with the custom JAAS module, which is working fine with the application custom login page. As a next page, I want to use Oracle Portal login page for the authentication and authorization.
  How can I accomplished it? Any idea?
  Thanks,
  AP

  Shay,
  1. I created blank ADF project
  2. I copied myreport.jsp file (this one was generated by Oracle Report Builder) under ..ViewController/public_html directory
  3. Created directory 'lib' under ViewController/public_html/WEB-INF/lib
  4. Copied reports_tld.jar file under the directory created in 3.
  5. Created simple jspx page with the af:link (btw af:goLink does not exists in JDev 12c), set 'destination' to myreport.jsp
  After the steps above I could not even compile the application, many problems too many to list here, Basically JDev is trying to build the project with .jsp file generated in Report Builder and is unable to.
  So to be sure we are on the same page: I am trying to embed JSP report files generated by Report Builder into ADF project, then create EAR file and deploy on standalone WLS. Finally execute JSP web only report.

• Redirect to Portal Login page from portlet

  We have lots of applications on the portal and many of them need the logged in user information to provide the right display context. For example, "My Notes" where notes are stamped with the user's login id. Our portlet applications show exception messages when the user id is unavailable. Pressing a refresh button takes them to the portal login page.
  Does anyone know how to redirect to the portal login page? Here is how I would like it to work: A user has the application up beyond the session timeout period and does something that causes the page to submit. At the application server we look for the logged in user ID which is missing due to session timeout and we send them to the portal login page.
  Thanks! Mike

  Hi James,
  <br />
  <br />I fear this isn´t possible to do with ADDT, as it will - when using its Restrict Access To Page behaviour - always redirect to the page you specified in the Control Panel.
  <br />
  <br />However you can help yourself with a simple custom PHP redirect script
  <i>(place it @ @ line 1 of your document)</i> which checks whether the "kt_login_id" Session Variable is set, and if it´s not set, redirect to a different login page:
  <br />
  <br /><?php<br />if (!isset($_SESSION['kt_login_id'])) {<br />header('Location: http://www.example.com/directory/login.php') ;<br />}<br />?>
  <br />
  <br />Hint: users who login via a different login page will still be redirected to ADDT´s default login page when logging out
  <br />
  <br />Cheers,
  <br />Günter Schenk
  <br />Adobe Community Expert, Dreamweaver

• How to access Sap portal login user in ejb web service

  Hi,
  I wnt to access SAP Portal login user in my ejb application which resides on the same server.
  I am using following code
  try {
       IUser user =null;                         IWDClientUser wdUser = WDClientUser.getCurrentUser();
                                user = wdUser.getSAPUser();
                           } catch (WDUMException e) {
                                // TODO Auto-generated catch block
                                e.printStackTrace();
  Some additional jar files are required for this?
  The same code works fine with webDynpro but not with ejb.
  Thanks in advance     
  Best regards,
  Nilesh

  Thanks for reply.
  I have already added com.sap.security.api in my EJB module project classpath. How to add the same in EJB application Project (application-j2ee-engine.xml)?
  Best regards,
  Nilesh

• SSL VPN Login failure issue

  Hello,
  I am having an issue with some users trying to login to our SSL VPN (Anyconnect) via ASA5505 8.2(1).  Authentication is done via AD.  From the same computer, the client finds the DNS name and unlocks the login username and password.  When I enter a username and password and click connect, it is instantly rejected with login failure with the following event log:
  Function: ConnectMgr::setPromptAttributes
  File: .\ConnectMgr.cpp
  Line: 2657
  Invoked Function: setPromptAttributes
  Return Code: -33554423 (0xFE000009)
  Description: GLOBAL_ERROR_UNEXPECTED
  Error text:
  Login failed.
  If I change the user account to another user (from the same PC), login works perfectly fine - this is only happening with 3 or 4 users - I have compared the user accounts of a failing account and a successful account and they are identical in AD. 
  This has been driving me crazy - as a work around for the failing users, I just created a temporary account which works perfectly fine.  The request doesn't even seem to hit the ASA (there is nothing in the logs that show a failed attempt).  Still troubleshooting and looking at certificate's at this point.  Any help/suggestions would be greatly appreciated!!  Thanks.
  Regards.
  After a little more testing, seems somehow related to users being in to many groups in AD.      
  Message was edited by: Rich Viola

  Hello,
  If the website is unavailable or in this case, the website is missing several characters(charts, canvas, etc or some other objects), usually could be an issue with the rewrite engine.
  Solution (workaround):
  You may use smart tunnel for this website, so the rewrite engine will not override any content, and it will display the website as it should.
  You can implement it as follow:
  Add a Bookmark
  Bookmark for the service and clicking the Enable Smart Tunnel option in the Add or Edit Bookmark dialog box.
  For further information you can find it here:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/webvpn.html#wp1272236
  Let me know how tit works out!
  Please don't forget to rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• Not able to pass portal login page with valid credentials using WebDispatch

  Hi,
  We are implementing SAP BillerDirect Portal. To make BillerDirect Portal available over the internet, we Configured SAP WebDispatcher with SSL termination.  We followed the steps mentioned in SAP Help Documentaion for SAP WebDispatcher with SSL termination.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/76/6d4fa247d0d647b5bd40745400d873/frameset.htm
  We created certificate  and send it to CA (TrustCenter CA). We received the CA response and we imported the certificate.
  AS mentioned in the help document, we configured the SAP Web Dispatcher profile to support SSL termination
  We tried to access our BillerDirect Portal over the internet using below link
  https://company.com/bd
  We are getting login page, once we enter correct user ID and Password, portal is not loading (not going to next page) portal remains on same login page.
  If we enter invalid credentials portal login page is giving u201CUser Authentication Failedu201D error.
  If we try to access any portal login pages which brings a pop-up for login, login gets succeeded and we are able to see next pages
  Examples
  1)     https://company.com/bd/admin/xcm/init.do
  2)     https://company.com/monitoring/SystemInfo
  All pages which bring up portal login page without pop-up, not able to pass through portal login screen.
  We Tried the ProxyMapping option on Dispatcher using Visual admin. This option also didnu2019t work for us.
  Here is the WebDispatcher Profile
  SAPSYSTEMNAME = xxx
  SAPGLOBALHOST = xxxxx
  SAPSYSTEM = 00
  INSTANCE_NAME = W00
  DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386
  DIR_EXECUTABLE = $(DIR_CT_RUN)
  Accesssability of Message Server
  rdisp/mshost = hostnameofportalserver with FQDN
  ms/http_port = 8101
  Configuration for medium scenario
  icm/max_conn = 500
  icm/max_sockets = 1024
  icm/req_queue_len = 500
  icm/min_threads = 10
  icm/max_threads = 50
  mpi/total_size_MB = 80
  SAP Web Dispatcher Ports
  icm/server_port_0 = PROT=HTTPS,PORT=443
  icm/server_port_1 = PROT=HTTP,PORT=80
  icm/HTTPS/verify_client = 0
  SAP Web Dispatcher Web Administration
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=D:\usr\sap\xxx\W00\data\icmanroot\admin,AUTHFILE= D:\usr\sap\xxx\SYS\global\security\data\icmauth.txt
  Parameters for the SAP Cryptographic Library
  ssl/ssl_lib = D:\usr\sap\xxxW00\sapcrypto.dll
  ssl/server_pse = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
  ssf/name = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
  ssf/ssfapi_lib =  D:\usr\sap\xxx\W00\sapcrypto.dll
  sec/libsapsecu =  D:\usr\sap\xxx\W00\sapcrypto.dll
  wdisp/ssl_cred = D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
  Parameters for Using SSL to the backend server
  wdisp/ssl_encrypt = 1
  wdisp/ssl_auth = 1
  wdisp/ssl_cred = D:\usr\sap\xxxW00\sec\SAPSSLC.pse
  wdisp/ssl_certhost = hostnameofportalserver with FQDN
  wdisp/ssl_ignore_host_mismatch = true
  #ICM Parameters
  icm/HTTP/j2ee_0 = PREFIX=/, HOST =hostnameofportalserver with FQDN PORT=50000,SPORT=50001, SSLENC=1,TYPE=1, CRED =D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
  We also tried below options in WebDispatcher profile but we are getting same problem.
  wdisp/add_client_protocol_header = true
  wdisp/add_clientprotocol_header = 1
  wdisp/ssl_ignore_host_mismatch = true
  #ICM Parameters
  icm/HTTPS/forward_ccert_as_header = true
  icm/HTTPS/trust_client_with_issuer = *
  icm/HTTPS/trust_client_with_subject = *
  we also tried
  wdisp/ssl_encrypt = 0
  wdisp/ssl_auth = 0
  we also tried
  wdisp/ssl_encrypt = 2
  wdisp/ssl_auth = 2
  We are not able to resolve issue. Please help us on resolving this issue.
  Thanks
  Praveen

  ' in Host Names is not allowed. Our hosname has '_'.
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/67/be9442572e1231e10000000a1550b0/frameset.htm

• After creating a contained database, getting a login failure error while trying to connect to it.

  After creating a contained database and a user with passowrd under the same database, I tried connecting to the contained database. I entered the server name, login credentials and went to the connection properties tab to select the contained database using
  <browse server> option under "connect to database". Here I get the login failure error.
  TITLE: Browse Server for Database
  Failed to connect to server <servername>\<login>. (Microsoft.SqlServer.ConnectionInfo)
  But when I manually enter the Database name instead of selecting from the <browse server> option the connection gets through.
  Is this a Bug ? Has anyone else faced this error?

  Hello,
  Is this a Bug ? Has anyone else faced this error?
  It's not a bug, it's working as intended. Contained users don't have instance level permissions and cannot "login" to the instance (which is what the "browse" button is attempting). In order for it to work, the database name must be in the connection string
  (which with the browse button, it will not be).
  Welcome to contained users, they aren't for everyone.
  Sean Gallardy | Blog | Microsoft Certified Master

• Dynamic Text in SAP portal login page

  Hi All,
  I want to display some text information in the SAP Portal login page.Is it possible to display dynamic text in the login page?
  Can anybody help in this?
  Regards,
  V Karthi

  Check the following links as well.
  [Customizing Portal Login Page;
  [Portal Login Page Customization;
  Check all 3 weblogs.
  Regards
  Puneet

• SQL Server 2012 syspolicy_purge_history job causes cross-instance login failures w. EraseSystemHealthPhantomRecords

  I have unique service accounts set up for multiple instances on the same SQL Server 2012.
  When step 3 of the inbuilt syspolicy_purge_history job(Erase Phantom System Health Records) runs, it appears to attempt to run against every instance on the server despite being passed the instance path!
  The SQLServer's powershell script call:
  if ('$(ESCAPE_SQUOTE(INST))' -eq 'MSSQLSERVER') {$a = '\DEFAULT'} ELSE {$a = ''};
  (Get-Item SQLSERVER:\SQLPolicy\$(ESCAPE_NONE(SRVR))$a).EraseSystemHealthPhantomRecords()
  so with instances SERVER\X this runs as...
  (Get-Item SQLSERVER:\SQLPolicy\SERVER\X).EraseSystemHealthPhantomRecords()
  SERVER\X's job will run and I will see login failures in the error logs of SERVER\Y and SERVER\Z for the service account set up for instance X.
  It seems Microsoft's only 'accepted solution' to this problem is for me to compromise my security by escalating the access of these service accounts?
  Has anyone else run into and corrected this failure?

  Hi Atombath,
  When you install multiple instances on one Server, and  the SQL Server’s powershell scripts are the same in inbuilt syspolicy_purge_history job steps. However, when you start PowerShell by right clicking
   syspolicy_purge_history job, you will find it will point to their own instance. I do a test in my SQL Server 2012,
   it will not across instance to collect the error logs. So I recommend you use its original powershell scripts for the syspolicy_purge_history job.
  Sometimes, if you run the syspolicy_purge_history job on a clustered instance, the syspolicy_purge_history SQL Server Agent job may fail due to using the computer node name instead of the virtual server name. For more information, see:
  http://support.microsoft.com/kb/955726/en-us
  In addition, you can use different service account for your multiple SQL Server instances on the same Server. And make sure the accounts that you created get added to the sysadmin fixed server role, the accounts are also set in the three Agent roles (SqlAgentUserRole,
  SqlAgentReaderRole, and SqlAgentOperatorRole).
  Regards,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• Historical Reporting Client Login Failure - UCCX 7.0(1)

  We're experiencing intermittent login failures with the Historical Reporting Client, extract from the log file below:
  1: 28/04/2010 11:58:25 %CHC-LOG_SUBFAC-3-UNK: Error # 35761 ,Description= Request timed out ,LastDllError= 0
  2: 28/04/2010 11:58:25 %CHC-LOG_SUBFAC-3-UNK:Authentication response was NOT received from (http://<ip address>/histRepWebSrvrComp/histRepClientsServlet)
  3: 28/04/2010 11:58:25 %CHC-LOG_SUBFAC-3-UNK:Login Error | Invalid server name or IP address. Check the server name or IP address and login again.
  4: 28/04/2010 11:58:30 %CHC-LOG_SUBFAC-3-UNK:Authentication response was NOT received from (http://ip address/histRepWebSrvrComp/histRepClientsServlet)
  5: 28/04/2010 11:58:30 %CHC-LOG_SUBFAC-3-UNK:Login Error | Invalid server name or IP address. Check the server name or IP address and login again.
  6: 28/04/2010 11:58:30 %CHC-LOG_SUBFAC-3-UNK:Connection to web server failed due to: 12017 : Operation cancelled
  7: 28/04/2010 11:59:05 %CHC-LOG_SUBFAC-3-UNK:Connection to web server failed due to: 12017 : Operation cancelled
  8: 28/04/2010 11:59:05 %CHC-LOG_SUBFAC-3-UNK:Failed to load authentication response due to empty XML buffer from authentication servlet)
  9: 28/04/2010 11:59:05 %CHC-LOG_SUBFAC-3-UNK:Login Error | Invalid server name or IP address. Check the server name or IP address and login again.
  Does anyone know why this may be happening as it's driving the customer mad. User can usually login after a few attempts.
  The authentication timeout is set to 15 seconds, surely this is more than enough time or should we increase the timer?
  Any advice much appreciated.

  Hi Robert
  Thanks for the response and all very good suggestions which should help Chris narrow down his particular issue.
  It's been about a year since we last looked at this so I'd quite forgotten most of the diagnostics we'd done however we did go through most of the same diagnostics ourselves but the resolution was hampered due to the fact we support the telephony/WAN and another third party supports the desktops and LAN infrastructure so after months of to and fro with the customer and their third party (and many, many man hours) we eventually left the risk with the customer and investigations never progressed any further.
  1.) Upgrade to UCCX 7.0SR5.  This is a very stable release of code with few open bugs or caveats against it.
              - Agreed. We also ran into other bugs which required an upgrade.
  2.) Verify that the active NIC is indeed at the top of the bindings order.  Just having it active isn't enough, there needs to be the further test of moving to the top of the bindings order.
              - We did check this.
  3.) Verify that the hosts file on the UCCX server(s) has the external IP and hostname of the server in it.
              - Did this too.
  4.) Check the remote locations to verify that the network is correctly configured, there are no line errors on the WAN circuits, no misconfiguration on the switch/router ports and that QOS is in place across the network.
              - This part of the investigation stalled due to another 3rd party supporting the onsite network however no WAN issues were found.
  5.) Try to take a test system that is on the same network as the one having HRC errors.  See if it's seeing the issues.  If not, progressively move out to other offices/locations until you replicate the issue and then see what has changed.  Something there should hopefully point to the cause of the error.
              - We did this also, using my laptop I connected from various locations and even when using the same network connection as the end user had no problems, we did note the successful connection attempts used a slightly different network route/DNS/WINS however again got nowhere with the third party supporting this aspect of the network.
  6.) Finally, you may want to consider creating external data warehouse servers so that your UCCX servers aren't serving up the HRC data.
              - Not an option for this customer, again this aspect of the service is a different third party on their own network and customer not willing to pay for additional servers for the telephony estate to provide this functionality when they only have a few CCX users.
  Regards
  June

• How to see / limit consecutive login failures?

  Hi, our server is running 10.4.7 server.
  In terms of hardening the machine against attacks, is there be default a limit to the number of failed logins that occur before an account is locked in some way?
  If not, is there a way to turn ON that security feaure?
  Where are login failures logged?
  Thanks!

  Yes, you can set a limit to login failures. The following assumes that you are using Open Directory and that your users are authenticating against the server's Open Directory database.
  For global policies =
  Open Server Admin > for the proper server select Open Directory > select Policy > select Passwords > adjust settings
  For a single user = this will override global policies listed above
  Open Workgroup Manager > browse users > select the account you wish to manage > Select the Advanced user settings > select Options > dialog box gives ability to limit access in a variety of ways.
  Authentication is logged =
  Server Admin > Open Directory > Logs > Password service server log

• Portal Login Broke after Db Upgrade to 9.0.1.3

  Hi -- My portal web page login doesn't work after upgrading my portal database version from 8.1.7.1 to 9.0.1.3. All the scripts I ran (Note 159657.1 and Chap. 7 of 9i Database Migration Manual) ran ok. I also applied whatever patches/fixes required to get Oracle 9iAS 1.0.2.2.2 working with database version 9 per the certification matrix pages. I am still using Oracle 9iAS 1.0.2.2.2 on the middle tier and have only upgraded the database version. Also, I am not using LDAP for authentication.
  After the database upgrade, the portal web login page comes up fine, but after I execute a login attempt I get a "Page Not Found" in my browser. This error shows up in apache's error_log:
  [Mon Oct 7 03:54:41 2002] [error] mod_plsql: /pls/ssodad/portal30_sso.wwsso_app_admin.ls_login ORA-1403
  ORA-01403: no data found
  ORA-06512: at "PORTAL30_SSO.WWSSO_APP_ADMIN", line 391
  ORA-06512: at "PORTAL30_SSO.WWSSO_APP_ADMIN", line 669
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30_SSO.WWSSO_LS_PRIVATE", line 358
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at line 8
  [Mon Oct 7 03:56:07 2002] [warn] mod_plsql: Stale Connection due to Oracle error 1400
  [Mon Oct 7 03:56:07 2002] [error] mod_plsql: /pls/ssodad/portal30_sso.wwsso_home.home ORA-1400
  ORA-01400: cannot insert NULL into ("PORTAL30_SSO"."WWCTX_SSO_SESSION$"."SUBSCRIBER_ID")
  ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 2215
  ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 1053
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 1261
  ORA-06512: at "PORTAL30_SSO.WWCTX_API", line 179
  ORA-06512: at "PORTAL30_SSO.WWSEC_APP_PRIV", line 529
  ORA-06512: at "PORTAL30_SSO.WWSSO_HOME", line 322
  ORA-06512: at line 8
  Everything worked fine prior to the upgrade. There are no invalid objects causing this and I can log into the portal database fine through a sqlplus session. Does anyone know why portal login is broke after database upgrade? Has anyone upgraded their portal database versions in place with this issue afterwards?
  Thanks for any help anyone can offer...!
  Kate

  Hi Benjamin,
  Thanks for your reply. I already had a working 9iAS Release 1 with a 8.1.7.1.0 database. All I did was upgrade the database from 8i to 9i on the database server. I also applied the jdbc patch on the 9iAS app server so a connection with the 9i database could be established. As far as I know, there's no portal configuration assistant step here because I already had a complete fully-functioning portal install before the database upgrade to 9i. Is there something I'm missing about your suggestion?
  Thanks.

• SP15 in Java engine failed, "Login Failure: all modules ignored"

  Hi
  During the installation of sp15 (with JSPM) failed, the sdm log shows:
  ERROR: Cannot connect to Host: [hostname] with user name: [J2EE_ADMIN]
  My instance was down so I started but now there is an error, when I try to log on to User management it give me the error: "Login Failure: all modules ignored".
  I checked the logs for the server and found the following:
  #1.5^H#0000000000000067000000250000596D00045A79FA4B224F#1225379843613#com.sap.engine.services.security.resource.ResourceHandl
  eImpl#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.resource.ResourceHandleImpl#J2EE_GUEST#0##n/a##da7
  065c0a69511ddb438000000000000#SAPEngine_Application_Thread[impl:3]_15##0#0#Error#1#/System/Security/Audit/J2EE#Java###ACCESS.
  ERROR: Authorization check for caller assignment to J2EE resource [ : : : ].#4#SAP-J2EE-Engine#session-pool#ge
  t_session_pool#ALL#
  #1.5^H#0000000000000067000000260000596D00045A79FA4B32AC#1225379843613#com.sap.engine.services.security.authentication.loginco
  ntext#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#J2EE_GUEST#0##n/a##da7
  065c0a69511ddb438000000000000#SAPEngine_Application_Thread[impl:3]_15##0#0#Error##Java###Caller not authorized.
  [EXCEPTION]
  #1#com.sap.engine.services.security.exceptions.BaseSecurityException: Caller not authorized.
          at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:627)
          at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:513)
          at com.sap.engine.services.security.resource.ResourceContextImpl.checkPermission(ResourceContextImpl.java:45)
          at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:119)
          at com.sap.engine.services.security.server.AuthenticationContextImpl.getSessionPool(AuthenticationContextImpl.java:39
  5)
          at com.sap.engine.services.security.server.AuthenticationContextImpl.getLoginContextFactory(AuthenticationContextImpl
  .java:740)
          at com.sap.engine.services.security.server.AuthenticationContextImpl.getLoginContext(AuthenticationContextImpl.java:2
  54)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at com.sap.engine.system.SystemLoginModule.initialize(SystemLoginModule.java:72)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
          at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:146)
          at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.forceLoggedInUser(SAPJ2EEAuthenticator.java:231)
          at com.sap.security.core.admin.ServletAccessToLogic.getActiveUser(ServletAccessToLogic.java:141)
          at com.sap.security.core.admin.UserAdminLogic.executeRequest(UserAdminLogic.java:438)
          at com.sap.security.core.admin.UserAdminServlet.doPost(UserAdminServlet.java:26)
          at com.sap.security.core.admin.UserAdminServlet.doGet(UserAdminServlet.java:19)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
          at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
          at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
          at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
          at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessio
  nMessageListener.java:33)
          at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
          at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
          at java.security.AccessController.doPrivileged(Native Method)
          at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
          at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  I found the SAP Note 971249 but Iu2019m not sure it applies and even I can log on into Visual administrator.
  Log for the Visual Administrator
  <!LOGHEADER[START]/>
  <!HELP[Manual modification of the header may cause parsing problem!]/>
  <!LOGGINGVERSION[1.5.3.7185 - 630]/>
  <!NAME[/usr/sap/SID/DVEBMGS00/j2ee/admin/log/./traces/visual_administration.trc]/>
  <!PATTERN[visual_administration.trc]/>
  <!FORMATTER[com.sap.tc.logging.ListFormatter]/>
  <!ENCODING[UTF8]/>
  <!FILESET[0, 5, 10000000]/>
  <!PREVIOUSFILE[visual_administration.4.trc]/>
  <!NEXTFILE[visual_administration.1.trc]/>
  <!LOGHEADER[END]/>
  #1.5^H#C000AC11873E00000000000100CEC78D00045A541BE7A040#1225217198758#com.sap.engine.services.adminadapter.gui.tasks.LoginTas
  k##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-1,5,main]##0#0#Error#1#/System/Server/VisualA
  dministrationTool#Java###Error while trying to login to host: null
  [EXCEPTION]
  #1#java.lang.NullPointerException
          at com.sap.engine.services.security.remoteimpl.login.RemoteLoginContextHelperImpl.login(RemoteLoginContextHelperImpl.
  java:72)
          at com.sap.engine.services.security.remoteimpl.login.RemoteLoginContextHelperImplp4_Skel.dispatch(RemoteLoginContextH
  elperImplp4_Skel.java:64)
          at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:319)
          at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:200)
          at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:136)
          at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessio
  nMessageListener.java:33)
          at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
          at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
          at java.security.AccessController.doPrivileged(Native Method)
          at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
          at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Thank you very much for your help.
  Best Regards

  hi
  we had the same issue some time back when we upgraded to SP15, we opened a OSS message and SAP had to come and fix the issue.
  It was some inconsistencies in -Config DB settings and they made quite a few changes in security/configurations/ticket(config tool)
  also
  one Java parameter was wrong(config tool - server config) :
  -Djava.security.policy=/java.policy  it should be -
  > Djava.security.policy=./java.policy (The DOT was missing)
  thank you
  Jonu Joy