Solution Manager 4.0 Security
Hi all,
If anybody has experience with the Solution Manager 4.0 Security, could you please share the list of authorization objects used for implementation of Solution Manager for the following scenarios:
1. Implementation & Distribution,
2. Roadmaps,
3. E-Learing,
4. Service Desk,
5. ChaRM (Change Request Management),
6. Solution Monitoring,
7. Diagnostics,
8. Solution Reporting.
I would appreciate your help in this regard.
Thanks
Hi Balaji,
here is a list of roles in solution manager:
http://help.sap.com/saphelp_sm40/helpdata/en/f9/35023b6b33162ee10000000a11402f/content.htm
Hope that helps,
Frank.
Similar Messages
-
Role of Solution Manager in SAP Security.
Hi
Can anyone help me to understant the role of SAP Solution Manager in SAP Security. Link to any relevant document is appreciated.
Thanks you all.Hi,
First understand and decide what each consultant is going to do in the system. Like Technical Consultant will take care of Installation, Setting Up Landscape, Setting up TMS etc.
Project Manager will create projects, Handle roadmaps etc.
Segregating this way will help you defining the Roles in the system. I would also suggest you to have authorization Matrix in a Spreadsheet.
The authorization can also be categorized based on Operational processing.
Check this link.
http://help.sap.com/saphelp_sm40/helpdata/en/24/c7baad86044eacb7203cdd341211a9/content.htm
For authorization in Servicedesk.
Check page 35 in this link.
https://websmp207.sap-ag.de/~sapidb/011000358700001197002005E/Addtional_Information.pdf
http://help.sap.com/saphelp_nw2004s/helpdata/en/52/6714a9439b11d1896f0000e8322d00/content.htm
Rewads point if help ful
Thanks
Pankaj Kumar -
Problem during SAP Solution Manager Migration - create secure store
Hi all,
I have a problem during a migration of my SAP SOLUTION MANAGEER from Linux ORACLE to AIX 6.1 ORACLE 10.2.0.4
Release SOLUTION MANAGER 4.0 KERNEL 700
I have done the export of the database and now i start with the import.
SAPINST stopped at Create Secure Store phase and this is the log of SercureStoreCreate.log file.
Unhandled exception
Type=Segmentation error vmState=0x00000000
J9Generic_Signal_Number=00000004 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000033
Handler1=09001000A1271B80 Handler2=09001000A1269C20
R0=0000000000000000 R1=0FFFFFFFFFFFD460 R2=0000000000000010 R3=0000000000000010
R4=000000000000000B R5=09000000089B70A0 R6=0000000111BBE829 R7=0000000000000018
R8=0000000111C23D58 R9=000000003A470000 R10=0000000111B99CB8 R11=09000000089CD638
R12=0900000008970594 R13=000000011000D0C0 R14=0000000111BBE7B8 R15=0000000110096400
R16=00000001110EC8B0 R17=0000000111C23FD8 R18=09001000A12753A8 R19=0000000000000013
R20=0000000111C23FB8 R21=0000000111BBE848 R22=0000000110096480 R23=0000000000000000
R24=0000000000000000 R25=0000000110001098 R26=0000000110096400 R27=0000000110016870
R28=0000000000000000 R29=07000000001DD260 R30=000000000000000B R31=0000000000000010
IAR=09000000089CD638 LR=00000001108BB6C0 MSR=A00000000000D032 CTR=09000000089CD638
CR=4222422420000004 FPSCR=8202200000000000 XER=2000000482022000
FPR0 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR1 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR2 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR3 4530000000000000 (f: 0.000000, d: 1.934281e+25)
FPR4 4330000000400000 (f: 4194304.000000, d: 4.503600e+15)
FPR5 4330000000000000 (f: 0.000000, d: 4.503600e+15)
FPR6 3fb9999999999999 (f: 2576980480.000000, d: 1.000000e-01)
FPR7 3c63333333333333 (f: 858993472.000000, d: 8.326673e-18)
FPR8 0000000082024000 (f: 2181185536.000000, d: 1.077649e-314)
FPR9 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR10 4330000000000000 (f: 0.000000, d: 4.503600e+15)
FPR11 4077f00000000000 (f: 0.000000, d: 3.830000e+02)
FPR12 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR13 4071f40000000000 (f: 0.000000, d: 2.872500e+02)
FPR14 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR15 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR16 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR17 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR18 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR19 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR20 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR21 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR22 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR23 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR24 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR25 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR26 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR27 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR28 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR29 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR30 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR31 0000000000000000 (f: 0.000000, d: 0.000000e+00)
Module=/usr/java14_64/jre/bin/libj9jit23.so
Module_base_address=0900000008998000
Target=2_30_20070530_12820_BHdSMr (AIX 6.1)
CPU=ppc64 (4 logical CPUs) (0x80000000 RAM)
JVMDUMP006I Processing Dump Event "gpf", detail "" - Please Wait.
JVMDUMP007I JVM Requesting System Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/core.20110907.081216.6947032.dmp'
JVMDUMP010I System Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/core.20110907.081216.6947032.dmp
JVMDUMP007I JVM Requesting Snap Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/Snap0002.20110907.081216.6947032.trc'
JVMDUMP010I Snap Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/Snap0002.20110907.081216.6947032.trc
JVMDUMP007I JVM Requesting Java Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/javacore.20110907.081216.6947032.txt'
JVMDUMP010I Java Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/javacore.20110907.081216.6947032.txt
JVMDUMP013I Processed Dump Event "gpf", detail "".
Could please help me for finishing the migration?
Thanks in advance
AndreaHi,
this is the a part of sapinst.log:
ERROR 2011-09-07 10:12:18.24
FCO-00011 The step createSecureStore with step key |NW_Doublestack_OneHost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR ( Last error reported by the step :Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
Unhandled exception
Type=Segmentation error vmState=0x00000000
J9Generic_Signal_Number=00000004 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000033
Handler1=09001000A1271B80 Handler2=09001000A1269C20
R0=0000000000000000 R1=0FFFFFFFFFFFD460 R2=0000000000000010 R3=0000000000000010
R4=000000000000000B R5=09000000089B70A0 R6=0000000111BBE829 R7=0000000000000018
R8=0000000111C23D58 R9=000000003A470000 R10=0000000111B99CB8 R11=09000000089CD638
R12=0900000008970594 R13=000000011000D0C0 R14=0000000111BBE7B8 R15=0000000110096400
R16=00000001110EC8B0 R17=0000000111C23FD8 R18=09001000A12753A8 R19=0000000000000013
R20=0000000111C23FB8 R21=0000000111BBE848 R22=0000000110096480 R23=0000000000000000
R24=0000000000000000 R25=0000000110001098 R26=0000000110096400 R27=0000000110016870
R28=0000000000000000 R29=07000000001DD260 R30=000000000000000B R31=0000000000000010
IAR=09000000089CD638 LR=00000001108BB6C0 MSR=A00000000000D032 CTR=09000000089CD638
CR=4222422420000004 FPSCR=8202200000000000 XER=2000000482022000
FPR0 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR1 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR2 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR3 4530000000000000 (f: 0.000000, d: 1.934281e+25)
FPR4 4330000000400000 (f: 4194304.000000, d: 4.503600e+15)
FPR5 4330000000000000 (f: 0.000000, d: 4.503600e+15)
FPR6 3fb9999999999999 (f: 2576980480.000000, d: 1.000000e-01)
FPR7 3c63333333333333 (f: 858993472.000000, d: 8.326673e-18)
FPR8 0000000082024000 (f: 2181185536.000000, d: 1.077649e-314)
FPR9 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR10 4330000000000000 (f: 0.000000, d: 4.503600e+15)
FPR11 4077f00000000000 (f: 0.000000, d: 3.830000e+02)
FPR12 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR13 4071f40000000000 (f: 0.000000, d: 2.872500e+02)
FPR14 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR15 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR16 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR17 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR18 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR19 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR20 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR21 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR22 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR23 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR24 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR25 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR26 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR27 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR28 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR29 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR30 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR31 0000000000000000 (f: 0.000000, d: 0.000000e+00)
Module=/usr/java14_64/jre/bin/libj9jit23.so
Module_base_address=0900000008998000
Target=2_30_20070530_12820_BHdSMr (AIX 6.1)
CPU=ppc64 (4 logical CPUs) (0x80000000 RAM)
JVMDUMP006I Processing Dump Event "gpf", detail "" - Please Wait.
JVMDUMP007I JVM Requesting System Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/core.20110907.081216.6947032.dmp'
JVMDUMP010I System Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/core.20110907.081216.6947032.dmp
JVMDUMP007I JVM Requesting Snap Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/Snap0002.20110907.081216.6947032.trc'
JVMDUMP010I Snap Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/Snap0002.20110907.081216.6947032.trc
JVMDUMP007I JVM Requesting Java Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/javacore.20110907.081216.6947032.txt'
JVMDUMP010I Java Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/javacore.20110907.081216.6947032.txt
JVMDUMP013I Processed Dump Event "gpf", detail ""..).
Thanks
Andrea -
Hello,
I'm responsible to setup Solution Manager to provide Enterprise Support to the customer. I would like my customer to use Solution Manager by using Internet VPN connection. In the middle of preparation, I have some questions for Solution Manager Security. Because our company has very strict security policy, I need to make sure the questions below and make report to the manager.
1. To follow our companyu2019s security policy, I need to select the port. Could you please let me know which port# do we need to open? I think port# 80 and 443 are required to use Internet connection. Are there any required port #?
2. What kind of Standard User Authentication does Solution Manager have? (Basic Authentication, Digest Authentication or other?)
3. I would like to restrict any unauthorized access. What kind of access control does Solution Manager have? (Like Service Market Place, is there any authentication before entering first screen?)
4. Is it possible to access both HTTP and HTTPS? If so, is it possible to restrict to HTTP connection? I think HTTPS is much safer.
I read the Security Guide downloaded from Service Market Place, but still have questions. I really need someoneu2019s help.
Thank you in advance.
Best Regards,
NatsumiHi Natsumi,
Your question addresses general topics of SAP NetWeaver Web Application Server.
Please find some answers below and I would recommend to check the standard documentation.
>
Natsumi Kimura wrote:
>1. To follow our companyu2019s security policy, I need to select the port. Could you please let me know which port# do we need to open? I think port# 80 and 443 are required to use Internet connection. Are there any required port #?
>
port #80 is the default port for http, port #443 is the default port for https.
You can define your own port numbers to provide access.
>
Natsumi Kimura wrote:
> 2. What kind of Standard User Authentication does Solution Manager have? (Basic Authentication, Digest Authentication or other?)
>
SAP Solution Manager 7.0 is based on SAP NetWeaver and is using the same authentications options.
>
Natsumi Kimura wrote:
> 3. I would like to restrict any unauthorized access. What kind of access control does Solution Manager have? (Like Service Market Place, is there any authentication before entering first screen?)
>
The first screen is the logon screen. Users needs to have logon data (user, password) to access the Work Center.
The URL for the Key User is accessible in the Internet (and may be further restricted to dedicated IP address by additional network infrastructure).
See section "4.4 Internet Communication Framework" in Security Guide.
See section "4.5 Secure Socket Layer (SSL) for HTTP Connections" in Security Guide.
>
Natsumi Kimura wrote:
> 4. Is it possible to access both HTTP and HTTPS? If so, is it possible to restrict to HTTP connection? I think HTTPS is much safer.
>
Yes, it's possible to offer HTTPS connection, only.
Helpful links:
[Application Help - Additional Information on Network Security|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/0a/0a2e12ef6211d3a6510000e835363f/content.htm]
[Security Guide SAP Solution Manager 7.0 EHP 1 and SP 19 |http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000718044&_OBJECT=011000358700000310012009E]
[How-To install&configure the SAP Web Dispatcher|http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000722611&_SCENARIO=01100035870000000202&_OBJECT=011000358700000121752008E]
Best regards,
Ruediger -
Error while inserting into secure store when installing solution manager
hi all,
I have problem when the installation of solution manager try to insert into secure store,
the installation completed creating the secure store, but at the inserting the error raised...
i need your helps,
Thanks in advancedthi is the insallation log:Import Monitor jobs: running 0, waiting 0, completed 30, failed 0, total 30.
INFO 2010-12-29 15:06:23.972
Execute step extractMigrationCheckerArchive of component |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_ABAP_Import_Dialog|ind|ind|ind|ind|5|0|NW_ABAP_Import|ind|ind|ind|ind|0|0
INFO 2010-12-29 15:06:25.315
Execute step runPackageChecker of component |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_ABAP_Import_Dialog|ind|ind|ind|ind|5|0|NW_ABAP_Import|ind|ind|ind|ind|0|0
INFO 2010-12-29 15:06:25.378
Switched to user: s01adm.
INFO 2010-12-29 15:06:25.409
Creating file C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS\package_checker.java.log.
INFO 2010-12-29 15:06:25.409
Switched to user: s01adm.
INFO 2010-12-29 15:06:25.425
Working directory changed to C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS.
INFO 2010-12-29 15:06:25.425
Output of C:\j2sdk1.4.2_29-x64\bin\java.exe -classpath migcheck.jar -showversion com.sap.inst.migcheck.MigrationChecker -checkPackages -installDir "C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS" -packageFile "W:\soman cd instation export2-442\DATA_UNITS\EXP4\DATA\SAPSTR.LST" -trace all is written to the logfile package_checker.java.log.
INFO 2010-12-29 15:06:25.675
Execution of the command "C:\j2sdk1.4.2_29-x64\bin\java.exe -classpath migcheck.jar -showversion com.sap.inst.migcheck.MigrationChecker -checkPackages -installDir "C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS" -packageFile "W:\soman cd instation export2-442\DATA_UNITS\EXP4\DATA\SAPSTR.LST" -trace all" finished with return code 0. Output:
java version "1.4.2_29"
Java(TM) Platform, Standard Edition for Business (build 1.4.2_29-b01)
Java HotSpot(TM) 64-Bit Server VM (build 1.4.2_29-b01, mixed mode)
INFO 2010-12-29 15:06:26.269
Execute step runObjectChecker of component |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_ABAP_Import_Dialog|ind|ind|ind|ind|5|0|NW_ABAP_Import|ind|ind|ind|ind|0|0
INFO 2010-12-29 15:06:26.331
Switched to user: s01adm.
INFO 2010-12-29 15:06:26.362
Creating file C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS\object_checker.java.log.
INFO 2010-12-29 15:06:26.378
Switched to user: s01adm.
INFO 2010-12-29 15:06:26.378
Working directory changed to C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS.
INFO 2010-12-29 15:06:26.378
Output of C:\j2sdk1.4.2_29-x64\bin\java.exe -classpath migcheck.jar -showversion com.sap.inst.migcheck.MigrationChecker -checkObjects -dbType ORA -tskDir "C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS" -strDirs "W:\soman cd instation export1-442\DATA_UNITS\EXP1\DATA;W:\soman cd instation export1-442\DATA_UNITS\EXP2\DATA;W:\soman cd instation export2-442\DATA_UNITS\EXP3\DATA;W:\soman cd instation export2-442\DATA_UNITS\EXP4\DATA" -trace all is written to the logfile object_checker.java.log.
INFO 2010-12-29 15:06:28.878
Execution of the command "C:\j2sdk1.4.2_29-x64\bin\java.exe -classpath migcheck.jar -showversion com.sap.inst.migcheck.MigrationChecker -checkObjects -dbType ORA -tskDir "C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS" -strDirs "W:\soman cd instation export1-442\DATA_UNITS\EXP1\DATA;W:\soman cd instation export1-442\DATA_UNITS\EXP2\DATA;W:\soman cd instation export2-442\DATA_UNITS\EXP3\DATA;W:\soman cd instation export2-442\DATA_UNITS\EXP4\DATA" -trace all" finished with return code 0. Output:
java version "1.4.2_29"
Java(TM) Platform, Standard Edition for Business (build 1.4.2_29-b01)
Java HotSpot(TM) 64-Bit Server VM (build 1.4.2_29-b01, mixed mode)
INFO 2010-12-29 15:06:29.487
Execute step unpackJ2EEINSTALL of component |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0
INFO 2010-12-29 15:06:30.347
Execute step createSecureStore of component |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0
INFO 2010-12-29 15:06:30.847
Switched to user: s01adm.
INFO 2010-12-29 15:06:30.878
Creating file C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS\SecureStoreCreate.log.
INFO 2010-12-29 15:06:30.878
Switched to user: s01adm.
INFO 2010-12-29 15:06:30.878
Working directory changed to C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ORA\CENTRAL\AS.
INFO 2010-12-29 15:06:30.878
Output of C:\j2sdk1.4.2_29-x64\bin\java.exe -classpath "C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/launcher.jar" -Xmx256m com.sap.engine.offline.OfflineToolStart com.sap.security.core.server.secstorefs.SecStoreFS "C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/lib/iaik_jce.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/exception.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/logging.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar" create -s S01 -f
sapdev/sapmnt/S01/SYS/global/security/data/SecStore.properties -k
sapdev/sapmnt/S01/SYS/global/security/data/SecStore.key -enc -p XXXXXX is written to the logfile SecureStoreCreate.log.
INFO 2010-12-29 15:06:31.628
Execution of the command "C:\j2sdk1.4.2_29-x64\bin\java.exe -classpath "C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/launcher.jar" -Xmx256m com.sap.engine.offline.OfflineToolStart com.sap.security.core.server.secstorefs.SecStoreFS "C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/lib/iaik_jce.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/exception.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/logging.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar" create -s S01 -f
sapdev/sapmnt/S01/SYS/global/security/data/SecStore.properties -k
sapdev/sapmnt/S01/SYS/global/security/data/SecStore.key -enc -p XXXXXX" finished with return code 0. Output:
SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
Store with encryption and a key phrase created.
WARNING[E] 2010-12-29 15:06:31.738
CJS-30226 Host: 'sapdev' or port: 'undefined' or dbSid: 'D01' is in an inconsistent state or undefined.
ERROR 2010-12-29 15:06:31.753
FCO-00011 The step createSecureStore with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR .
and this is the secureStoreCreate.log:
SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
Store with encryption and a key phrase created.
and this is the stepLogMessages.xml:
<message type="warning" timestamp="2010-12-29 15:10:53.982">Host: 'sapdev' or port: 'undefined' or dbSid: 'D01' is in an inconsistent state or undefined.</message>
<message type="trace" timestamp="2010-12-29 15:10:53.982">JS Callback has thrown unknown exception. Rethrowing.</message>
</messageStack>
</stepMessages>
thanks for your fast response -
Can Solution Manager manage all the security for all of our SAP Landscape?
Hello Solman gurus - We're looking at Solution Manager once again. I had installed it for incident management back several years ago during our original go-live - and it fell by the wayside after go-live. My question is related to the latest and greatest version - can it actually to the administration of security roles, profiles, etc. of all of our SAP systems from within Solution Manager?
Much thanks, Ken LittleSound like Central User Administration to me.....
-
Solution manager security setup
Hi All,
We are trying to restrict the access at Business scenario level in Blueprint within Solution Manager. Any pointers to achieving this will be highly appreciated.
Example - We have created a Project Id - ABC within which we want to segregate access by business scenarios such as FICO, SD etc.
Thanks for your invaluable inputs
Regards
VijayaHi,
I would suggest for every business scenario a Solman project to be created. Please go through the below SAP Help content, which gives detailed description:
http://help.sap.com/saphelp_sm40/helpdata/EN/44/060727cdaa2ab6e10000000a1553f7/content.htm
You should then be able to restrict access at project level for usergroups.
Regards,
Nagendran
Edited by: Nagendran Govindarajan on Nov 28, 2008 11:58 AM -
Questions on "FAQ - SAP Solution Manager for VARs"
Hi,
I just got through the FAQ - SAP Solution Manager for VARs, but have some further questions:
For me it is not quite clear which connections are necessary for which VAR scenrio.. currently we have setup the service desk in our solman. Customer's aren't linked to the solman yet - we have saprouter-saprouter connections. Connecting them via SAP support backbone is an interesting option, especially for incident management. To get this working we should follow note 1124718 right?
But what about the other scenarios like maintenance optimizer and ewa monitoring? I guess for that we definitly need to build up RFC connections to each relevant customer system (~300+x)?! I think it will be hard to handle so many connections - just consider if a customer is cancalling the maintenance contract, everything needs to be removed again... best would be to have a central communication point...
For MOPZ we need up-to-date system information. So everyone is talking about SLD. Do you also recommend this option? There we need again a connection (direct to SolMan SLD or via external SLD on customer side).
According to the FAQ there is a workaround for ewa monitoring for customers with security doubts.. is this also working for non-ABAP components? We need SMD and WI for generating ewas for JAVA systems...
With regards to Enterprise Support contract: ewa only need to be monitored for productive systems? Can a customer be charged if they want to have ewas monitored for other sytems too? How long do we need to keep the ewas (1 month, 3 months, half year) before they are deleted? Are there any specific requirements?
All the work to get these scenarios working.. is this covered within the Enterprise Support contract? Can the customer be charged for work thats done by the VAR in their system (e.g. RFC connections, SDCCN, SLD,...)?
Sorry for this long text.. hope you have some helpful ideas!
Regards,
RichardHello Richard,
(1) regarding network connections see document [Draft:Technical Support Network Connections for VAR Scenario|http://service.sap.com/~form/sapnet?_SHORTKEY=00200797470000089947&_OBJECT=011000358700000880802009E] as overview and with a lot of detailed information.
(2) yes, you have to setup once all your customer connections at the beginning but then only add/remove with customer contract changes
(3) the workaround by sending by email can handled a anexception. EWA has to be done for productive systems like nowadays done by SAP. Additional EWA services could meas additional business case for a VAR - that's contract between VAR and customer.
(4) whatever you think may be a business to sell - do it ! (and get a monetary bonus from your boss
Kind regards
Heinrich -
Using container managed form-based security in JSF
h1. Using container managed, form-based security in a JSF web app.
A Practical Solution
h2. {color:#993300}*But first, some background on the problem*{color}
The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
- Username
- Group
- Password
The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
1. Start up your app server and log into the admin interface (http://localhost:4848)
2. Drill down into Configuration > Security > Realms.
3. Here you will see the default realms defined on the server. Drill down into the file realm.
4. There is no need to change any of the default settings. Click the Manage Users button.
5. Create a new user by entering username/password.
Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
h2. {color:#993300}*Step 2: Create the project*{color}
Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
1. Start by creating a new Visual Web JSF project.
2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
1. login.jsp (A Visual Web JSF file)
2. loginproxy.jspx (A plain JSPX file)
3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
Code follows for each of the files:
h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
<navigation-rule>
<from-view-id>/login.jsp</from-view-id>
<navigation-case>
<from-outcome>loginproxy</from-outcome>
<to-view-id>/loginproxy.jspx</to-view-id>
</navigation-case>
</navigation-rule>
NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:textField binding="#{login.username}"
id="username" style="position: absolute; left: 216px; top:
96px"/>
<webuijsf:passwordField binding="#{login.password}" id="password"
style="left: 216px; top: 144px; position: absolute"/>
<webuijsf:button actionExpression="#{login.button1_action}"
id="button1" style="position: absolute; left: 216px; top:
216px" text="GO"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>h3. *login.java -- implent the
button1_action() method in the login.java backing bean*
public String button1_action() {
setValue("#{requestScope.username}",
(String)username.getValue());
setValue("#{requestScope.password}", (String)password.getValue());
return "loginproxy";
}h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html"
pageEncoding="UTF-8"/>
<html>
<head> <meta
http-equiv="Content-Type" content="text/html;
charset=UTF-8"/>
<title>Logging in...</title>
</head>
<body
onload="document.forms[0].submit()">
<form
action="j_security_check" method="POST">
<input type="hidden" name="j_username"
value="${requestScope.username}" />
<input type="hidden" name="j_password"
value="${requestScope.password}" />
</form>
</body>
</html>
</jsp:root>
{code}
h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
target page, placed in the secure folder to test access*
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:staticText id="staticText1" style="position:
absolute; left: 168px; top: 144px" text="A Secure Page"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>
{code}
h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
*web.xml will be used to define:*
- Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
- Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
- Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
*sun-web.xml will be used to define:*
- This is where you map a Role to the Users or Groups that are allowed to use it.
+I know this is confusing the first time, but basically it works like this:+
*Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
{code}
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name/>
<form-login-config>
<form-login-page>/faces/login.jsp</form-login-page>
<form-error-page>/faces/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
{code}
h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
{code}
<security-role-mapping>
<role-name>User</role-name>
<group-name>Users</group-name>
</security-role-mapping>
{code}
h3. {color:#ff6600}*Almost done!!!*{color}
h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
h3. {color:#ff6600}*_Gotcha #1_*{color}
You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
h3. {color:#ff6600}*_Gotcha #2_*{color}
Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
*DONE!!!*
h2. {color:#993300}*_Here's how it works:_*{color}
1. The user requests the a page from your context (http://localhost/MyLogin/)
2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
5. The user enters username and password and clicks a button to submit.
6. The button's action method stores away the username and password in the request scope.
7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
9. The hidden username and password fields grab the username and password variables from the request scope.
10. The loginproxy page is automatically submitted with the magic action "j_security_check"
11. j_security_check notifies the container that authentication needs to be intercepted and handled.
12. The container authenticates the user credentials.
13. If the credentials fail, the container forwards the request to the login.jsp page.
14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
+Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
+The user is now at the secure welcome page.+
If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
Kerry RandolphIf you want login security on your web app, this is one way to do it. (the easiest way i have seen).
This method allows you to create a custom login form and error page using JSF.
The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
I'm new to programming, so none of this may be a good practice, or may not be secure at all.
I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
--Kerry -
Creating a new user in solution manager?
Dear All,
How to create a new user in solution manager for creating an incident?prathish5,
I did this in our SolMan by following the instructions provided by a SAP document called: "Service Desk VAR Setup Master Data". I got it from the Support Portal, though I can't seem to find it now so I can't provide a link at this time.
Anyway, assuming that your SolMan is already able to download your master data (and/or your customers', if you are a VAR), these are the steps suggested by the guide:
1) The message creator (aka Key User) should have the following authorization roles:
SAP_SUPPDESK_CREATE
SAP_SUPPCF_CREATE
SAP_SMWORK_BASIC
SAP_SMWORK_INCIDENT_MAN
See also SAP note 834534.
A best practice is to create a Z copy of all of these roles (use transaction PFCG), so you can manage them and change them around if you need to. Just make sure to "activate" all the authorizations of your copy of the roles:
- Open the roles in tr. PFCG;
- Select Authorizations, and choose Change authorization data;
- If you get a yellow semaphore, be sure to review the authorizations and fill them according to your security policy. You can assign global permissions for all the authorization objects by double-clicking the yellow semaphore;
- Generate the profile, then go back and save the role;
2) Following the guide, with tr. SU01 I created a Template user and called it KEY_USER (make sure the user type is actually Template) and assigned to it the Z roles you created in the step above;
3) If your SolMan is working properly, you can now use report AI_SDK_SP_GENERATE_BP (tr. SA38) to create the Business Partners and SAP users automatically. The report will log in the Support Portal and read the users which are authorized to open a SAP tickets, and create a BP and user for each of them. Use the Template user KEY_USER created in step 2 as a "Reference user" and all the new users will automatically get the correct autorizations. Also if your SAP Connect (tr. SCOT) is correctly configured, you can choose to send an automatic mail to each user, with their login and generated password.
Otherwise, you can manually create a user with transactions SU01 and BP - be sure to fill the "Identities" table here - the report AI_SDK_SP_GENERATE_BP makes all these things automatically so it's definitely your best bet.
4) Your users should now be able to log in with the SAPgui and use transaction CREATE_NOTIF to create a new message in your SolMan. Also if you have done the preparation steps correctly they should also be able to log in your Incident Manager using their browser, and open a message there and also review their past messages.
Those are just a quick insight of the steps you need to do. This is NOT an easy thing to configure, at least it wasn't for me; if you don't have a reliable guide to follow you're going to struggle: I strongly suggest you browse through the SAP documentations (also the blogs) - http://service.sap.com/xsearch is your best friend!
I hope this helps a little bit. Good luck. -
Getting an error while installing Solution Manager 7.0
I'm tring to install Solutionmanger 7 SR2 on a windows 2003 32bit Server. and facing this issue. I have US_export_policy.jar and local_policy.jar are installed properly. But still getting following issue...
SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
com.sap.security.core.server.secstorefs.FileIOException: I/O error on file "
SOLMANSTM/sapmnt/STM/SYS/global/security/data/SecStore.key".
at com.sap.security.core.server.secstorefs.KeyHandler.writeKeyIntoFile(KeyHandler.java:618)
at com.sap.security.core.server.secstorefs.KeyHandler.setNewKeyInFile(KeyHandler.java:666)
at com.sap.security.core.server.secstorefs.Crypt.setNewKeyInFile(Crypt.java:502)
at com.sap.security.core.server.secstorefs.SecStoreFS.createStoreWithEncryption(SecStoreFS.java:1739)
at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:842)
at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
Caused by: java.io.FileNotFoundException:
SOLMANSTM\sapmnt\STM\SYS\global\security\data\SecStore.key (The specified network name is no longer available)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
at com.sap.security.core.server.secstorefs.KeyHandler.writeKeyIntoFile(KeyHandler.java:611)
... 10 more
Please help.> I face this problem while installing SOLMAN 7.0 EHP1 for MAXDB on Windows 2003 . DO you have any idea what happens with my installation?*
I HIGHLY recommend not using a 32bit operating system for Solution Manager, you will run into lots of problems and issues concerning memory usage and limitations of the 32bit platform.> 08.06.11 10:21:42 com.sap.inst.jload.Jload logStackTrace
> SEVERE: com.sap.dbtech.jdbc.exceptions.DatabaseException: [-907]: Space for user session exhausted
It seems that the maximum memory on 32bit is reached already. Decrase the CACHESIZE of the database, restart the database and press "retry" in sapinst.
This will not be the only problem you will get, use a 64bit server and at least 8 GB memory for Solution Manager.
Markus -
Error while installing SOLUTION MANAGER 7.0 EHP 1
Hi Experts.
I face this problem while installing SOLMAN 7.0 EHP1 for MAXDB on Windows 2003 . DO you have any idea what happens with my installation?*
*(Before installing this, I have more than 80GB hard disk and 4Gb RAM on Server)*An error occurred while processing option SAP Solution Manager 7.0 EhP1 > SAP Systems > MaxDB > Central System > Central System( Last error reported by the step: Execution of JLoad tool 'C:\j2sdk1.4.2\bin\java.exe -classpath "C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ADA\CENTRAL\AS\install\sharedlib\launcher.jar" -showversion -Xmx512m com.sap.engine.offline.OfflineToolStart com.sap.inst.jload.Jload "C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/lib/iaik_jce.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/sharedlib/jload.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/sharedlib/antlr.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/sharedlib/exception.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/sharedlib/jddi.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/sharedlib/logging.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/sharedlib/offlineconfiguration.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/sharedlib/opensqlsta.jar;C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar;C:\sapdb\programs\runtime\jar\sapdbc.jar" -sec TST,jdbc/pool/TST,
SAPDEMO/sapmnt/TST/SYS/global/security/data/SecStore.properties,
SAPDEMO/sapmnt/TST/SYS/global/security/data/SecStore.key -dataDir "C:\Documents and Settings\Administrator\Desktop\SOLMAN\SOLMAN JAVA Component\51040439\DATA_UNITS\SOLMAN_JAVA_EXPORT_JDMP" -job "C:\Program Files\sapinst_instdir\SOLMAN\SYSTEM\ADA\CENTRAL\AS\IMPORT.XML" -log jload.log' aborts with return code 1. SOLUTION: Check 'jload.log' and 'C:/Program Files/sapinst_instdir/SOLMAN/SYSTEM/ADA/CENTRAL/AS/jload.java.log' for more information.
Once I went and check jload.java.log and jload.log, there's something relate to space disk. Here are the log for the 2 files:
Jun 8, 2011 10:21:42 AM com.sap.inst.jload.Jload main
SEVERE: couldn't connect to DB
Jun 8, 2011 10:21:42 AM com.sap.inst.jload.Jload logStackTrace
SEVERE: com.sap.dbtech.jdbc.exceptions.DatabaseException: [-907]: Space for user session exhausted
at com.sap.dbtech.jdbc.packet.ReplyPacket.createException(ReplyPacket.java:65)
at com.sap.dbtech.jdbc.ConnectionSapDB.throwSQLError(ConnectionSapDB.java:1061)
at com.sap.dbtech.jdbc.ConnectionSapDB.execute(ConnectionSapDB.java:689)
at com.sap.dbtech.jdbc.ConnectionSapDB.execute(ConnectionSapDB.java:563)
at com.sap.dbtech.util.security.AuthenticationManager.<init>(AuthenticationManager.java:78)
at com.sap.dbtech.jdbc.ConnectionSapDB.doConnect(ConnectionSapDB.java:405)
at com.sap.dbtech.jdbc.ConnectionSapDB.<init>(ConnectionSapDB.java:136)
at com.sap.dbtech.jdbc.DriverSapDB.connect(DriverSapDB.java:246)
at com.sap.sql.jdbc.NativeConnectionFactory.createNativeConnection(NativeConnectionFactory.java:215)
at com.sap.sql.connect.OpenSQLDataSourceImpl.createConnection(OpenSQLDataSourceImpl.java:522)
at com.sap.sql.connect.OpenSQLDataSourceImpl.getConnection(OpenSQLDataSourceImpl.java:276)
at com.sap.inst.jload.db.DBConnection.connectViaSecureStore(DBConnection.java:105)
at com.sap.inst.jload.db.DBConnection.connect(DBConnection.java:149)
at com.sap.inst.jload.Jload.main(Jload.java:583)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
And this's jload.log:
8.06.11 10:21:42 com.sap.inst.jload.Jload main
SEVERE: couldn't connect to DB
08.06.11 10:21:42 com.sap.inst.jload.Jload logStackTrace
SEVERE: com.sap.dbtech.jdbc.exceptions.DatabaseException: [-907]: Space for user session exhausted
at com.sap.dbtech.jdbc.packet.ReplyPacket.createException(ReplyPacket.java:65)
at com.sap.dbtech.jdbc.ConnectionSapDB.throwSQLError(ConnectionSapDB.java:1061)
at com.sap.dbtech.jdbc.ConnectionSapDB.execute(ConnectionSapDB.java:689)
at com.sap.dbtech.jdbc.ConnectionSapDB.execute(ConnectionSapDB.java:563)
at com.sap.dbtech.util.security.AuthenticationManager.<init>(AuthenticationManager.java:78)
at com.sap.dbtech.jdbc.ConnectionSapDB.doConnect(ConnectionSapDB.java:405)
at com.sap.dbtech.jdbc.ConnectionSapDB.<init>(ConnectionSapDB.java:136)
at com.sap.dbtech.jdbc.DriverSapDB.connect(DriverSapDB.java:246)
at com.sap.sql.jdbc.NativeConnectionFactory.createNativeConnection(NativeConnectionFactory.java:215)
at com.sap.sql.connect.OpenSQLDataSourceImpl.createConnection(OpenSQLDataSourceImpl.java:522)
at com.sap.sql.connect.OpenSQLDataSourceImpl.getConnection(OpenSQLDataSourceImpl.java:276)
at com.sap.inst.jload.db.DBConnection.connectViaSecureStore(DBConnection.java:105)
at com.sap.inst.jload.db.DBConnection.connect(DBConnection.java:149)
at com.sap.inst.jload.Jload.main(Jload.java:583)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
Edited by: Bui Tony on Jun 8, 2011 5:06 AM> I face this problem while installing SOLMAN 7.0 EHP1 for MAXDB on Windows 2003 . DO you have any idea what happens with my installation?*
I HIGHLY recommend not using a 32bit operating system for Solution Manager, you will run into lots of problems and issues concerning memory usage and limitations of the 32bit platform.> 08.06.11 10:21:42 com.sap.inst.jload.Jload logStackTrace
> SEVERE: com.sap.dbtech.jdbc.exceptions.DatabaseException: [-907]: Space for user session exhausted
It seems that the maximum memory on 32bit is reached already. Decrase the CACHESIZE of the database, restart the database and press "retry" in sapinst.
This will not be the only problem you will get, use a 64bit server and at least 8 GB memory for Solution Manager.
Markus -
Error while installing Solution manager
Hi,
It is urgent Please.
I am trying to install Solution manager 4.0 on Linux and Maxdb.
But during Phase Configure UME i am getting below error.
ERROR 2007-12-17 16:48:16
CJSlibModule::writeError_impl()
CJS-30059 J2EE Engine configuration error.<br>DIAGNOSIS: Error when configuring J2EE Engine. See output of logfile umconfigurator.log: '
java.lang.ClassNotFoundException: com.sap.security.tools.UMConfiguratorLoad
at com.sap.engine.offline.FileClassLoader.findClass(FileClassLoader.java:691)
at com.sap.engine.offline.FileClassLoader.loadClass(FileClassLoader.java:600)
at com.sap.engine.offline.FileClassLoader.loadClass(FileClassLoader.java:578)
at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:79)
TRACE [iaxxejsbas.hpp:460]
EJS_Base::dispatchFunctionCall()
JS Callback has thrown unknown exception. Rethrowing.
ERROR 2007-12-17 16:48:16
FCO-00011 The step runUMConfigurator with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|1|0|NW_CI_Instance|ind|ind|ind|ind|11|0|NW_CI_Instance_Configure_Java|ind|ind|ind|ind|3|0|NW_UME_Configuration|ind|ind|ind|ind|1|0|NW_UME_Configuration_Doublestack|ind|ind|ind|ind|1|0|runUMConfigurator was executed with status ERROR .
Can anybody please give me the solution on this.
Vinnu.1. Check the rights of the user with which you are installing.
2. Check if any firewall is running.
3. Check the JDK version, you should go with j2sdk1.4.2_09.
regards
tamilboy -
Solution Manager Service Desk - Segregation and Customization of HR Tickets
All -
The Solution Manager Service Desk is a great tool for incident management in a system landscape that includes SAP, as well as other technologies.
I wanted to find out whether tickets that contain sensitive information (HR-related) can be segregated and "hidden" from support team members that are not supporting any HR functions.
Also, is there a way, assuming tickets can be segregated by function or support team, that the email message users receive upon the creation of the ticket can be custom tailored?
Thank you in advance!
Scott WatsonHi Scott,
Yes it is possible and there are various ways to achieve it
for e.g you can use the security concept below to hide from non relevant team members using
authorization object CRM_ORD_LP
check this link
http://wiki.sdn.sap.com/wiki/display/SMAUTH/CRM_ORD_LP
also this one
http://wiki.sdn.sap.com/wiki/display/SMAUTH/UC00035
hope this resolves issue
Regards
Prakhar -
Install ECC 6.0 and Solution Manager on same server Error (MaxDB/Linux)
I have installed Solution manager on one server and then ECC 6 also in the same server with another SID. during the installation it errored out at phase "SLD configuration" with UME error , J2EE_ADMIN locked etc..we checked the user id and noticed it got locked in ECC 6 system and we unlocked it.
But after the ECC installation the solution manager java engine is not coming up error with "com.sap.security.core.ume.service failed" error. Prior to the ECC installation the Solution Manager J2EE was working.
thanks in advance
Mathewerror in the /j2ee/cluster/server0/log/defaultTrace.1.trc
is as follows
#1.5#00137256A483001E0000001700006F190004163784D40864#1150327614343#com.sap.engine.core.Framework##com.sap.engine.core.Framework#######SAPEngine_System_Thread[impl:5]_61##0#0#Fatal#1#/System/Server#Plain###Critical shutdown was invoked. Reason is: Core service com.sap.security.core.ume.service failed. J2EE Engine cannot be started.#
When I looked at using jcmon the dispacher is up and the server0 and SDM is down
Maybe you are looking for
-
Help! Using multiple ipods on same account - for education
Hi, I'm a primary school teacher and have just purchased 5 ipods to use with Year 2 students in the classroom. Is there any way of syncing the songs and/or short movies to all 5 ipods? I don't mind paying for these things once but not 5 times each ti
-
I have a problem converting Corel Raw file in addobe pdf 11 someone can hlp me i am lousing all my work thank you luca
-
Is there a way to switch the right Ctrl with the mouse's rick click tab in the new X1 carbon?
Hi, I just bought my new X1 Carbon and I was looking for a way to have the tab with the right click function (generally it is showed as a small window with the mouse arrow on it in bigger keybords) instead of the right ctrl button. Thank
-
Yesterday I deleted the e-mail account associated with my Apple ID. I have still been able to sign into iTunes, however, I would obviously like to change my Apple ID to a current, recently acquired e-mail. When I go into the site to change the ID to
-
Hi, All: I am trying to migrate a application coded by VC++ to TestStand+CVI. This application opens multiple serial com ports and send commands to test targets, and get responses from these targets. The VC++ application creates multiple thread,