UNLOCKING DDIC

Hello to all the experts,
In SAPup during ACT_700 phase suppose if DDIC user in client 000 gets locked how can we unlock it. Please help!

Hi,
   mozam usually its not necessary to change the password of the user ddic during the upgrade.after the installation of shadow instance the password will be same as of the original instance. If in certain cases if the user got locked and u need to make changes at that time we need to change the password .
           In unix goto directory put/bin and execute the command ./sapup set DDICpwd.
           in windows goto directory put/exe and call ./sapup.exe set DDICpwd. .
AND if u want to change the password in shadow instance .
             In unix goto directory put/bin and execute the command ./sapup set shdDDICpwd.
             In windows goto directory put\exe and call .\sapup.exe shdDDICpwd.

Similar Messages

How to unlock DDIC & SAP* user in 000 client-Sybase database

Dear Experts,
Accidentally DDIC and SAP* user in 000 client has locked. We are using SYBASE ASE database. I know how to unlock user in other database (eg:update <sid>.USR02 set UFLAG = 0 where BNAME = '<user id>'' and mandt = <clinet number>;).
what is the equal query in Sybase.
Thanks, Jyothish

Hi Jyothish,
Please try below commands
Login to Sybase ASE database using
isql -Usa -S<SID> ( it will prompt for password)
use <DBSID>
To check the account status
select UFLAG from USR02 where BNAME ='SAP*' and MANDT='000'
go
To unlock the account
update USR02 set UFLAG=0 where BNAME='SAP*' and MANDT='000'
go
You may add schema owner SAPSR3.USR02 in the query if above query does not work.
Hope this helps.
Regards,
Deepak Kori

Error in ecc upgrade phase

Hi,
while upgrading ECC 4.7 to ECC 6.0, I am not able to start shadow instance. Following error is giving .
Aditionally I can able to open the shadow instance from GUI lavel. But unable to login through DDIC password. The ddic password has been locked. Can anyone advice me how to unlock the ddic password in the upgrade phase.
Starting shadow system ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
 SAPup error message
SAPup> ERROR: Starting system failed, rc=0
 To analyse the errors during start of shadow instance,
 view files 'STARTSFI.LOG' and 'DEVTRACE.LOG'
 in directory '/dsttemp/put/log'
 Repeat phase until shadow instance is started
 and you can log on instance number '21'.
 - "continue"
 - "cancel"
Enter one of these options [continue] :=
===============================================
===============================================
ERROR in PHASE STARTSAP_IMP
================================
=================================
SAPup> CHECKS AFTER UPGRADE PHASE STARTSAP_IMP WERE NEGATIVE !!!
 It is recommended that you repeat phase STARTSAP_IMP
 You can exit and restart the phase after the errors
 have been corrected. Alternatively, if you know that
 the error is not of concern, you may ignore it
 and continue with phase REPACHK2
 You are urged to repeat phase STARTSAP_IMP !
 - "repeat"
 - "init"
 - "exit"
 - "ignore"
Enter one of these options [repeat] := init
14:50:31 UPGRADE/EUIM: END OF PHASE STARTSAP_IMP
14:50:31 UPGRADE/EUIM: START OF PHASE STARTSAP_IMP
Starting system ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
waiting 20 seconds for system to come up ...
testing if system is available ...
 SAPup error message
SAPup> SYSTEM START failed, code -2
 -2: the test rfc did not work.
 Try to log on to the system with user DDIC.
 - "continue"
 - "cancel"
Enter one of these options or "help" [continue] :=
Enter one of these options or "help" [continue] :=
 SAPup message
SAPup> CHECKS AFTER UPGRADE PHASE STARTSAP_IMP WERE NEGATIVE !!!
 It is recommended that you repeat phase STARTSAP_IMP
 You can exit and restart the phase after the errors
 have been corrected. Alternatively, if you know that
 the error is not of concern, you may ignore it
 and continue with phase REPACHK2
 You are urged to repeat phase STARTSAP_IMP !
 - "repeat"
 - "init"
 - "exit"
 - "ignore"
Enter one of these options [repeat] :=
Appreciate for an immediate response ...
Thanks in advance

while upgrading ECC 4.7 to ECC 6.0, I am not able to start shadow instance. Following error is giving .
Aditionally I can able to open the shadow instance from GUI lavel. But unable to login through DDIC password. The ddic password has been locked. Can anyone advice me how to unlock the ddic password in the upgrade phase.
This doesn´t make sense. If you can´t start the shadow instance then you can´t logon to the system
Try the following:
cd <put-directory>/bin
./SAPup stopshd
set the parameter
login/no_automatic_user_sapstar = 0
in the instance profile of the shadown instance
then start the shadow instance
cd <put-directory>/bin
./SAPup startshd
Unlock the shadow instance using
./SAPup unlockshd
Try to logon with user SAP* and unlock DDIC.
Markus

Error while creating SAPJSF user

Hi all,
I am receiving following error despite manually creating sapjsf user in client 800. This is the trace from dev_usercheck.
Aug 31, 2010 6:05:16 AM ...eck.main() Path: Entering method
Aug 31, 2010 6:05:16 AM ...eck.main() Debug: Version: $Id: //shared_tc/com.sap.security.core.server/NW04S_09_REL/src/_compat/java/_core/com/sap/security/tools/UserCheck.java#2 $ from $DateTime: 2006/09/06 17:59:30 $ ($Change: 19873 $)
Aug 31, 2010 6:05:16 AM ...arseArgs() Path: Entering method
Aug 31, 2010 6:05:16 AM ...arseArgs() Debug: Using the following set of connect properties: {jco.client.client=800, jco.client.passwd=********, jco.client.user=DDIC, jco.client.sysnr=04, jco.client.ashost=zarrar}
Aug 31, 2010 6:05:16 AM ...arseArgs() Path: Exiting method
Aug 31, 2010 6:05:16 AM ...eck.main() Info: User management tool (com.sap.security.tools.UserCheck) called for action "checkCreate"
Aug 31, 2010 6:05:16 AM ...xception() Error: Exception during execution of the operation
[EXCEPTION]
com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: Password logon no longer possible - too many failed attempts
     at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:455)
     at com.sap.mw.jco.MiddlewareJRfc$Client.connect(MiddlewareJRfc.java:989)
     at com.sap.mw.jco.JCO$Client.connect(JCO.java:3193)
     at com.sap.security.tools.UserCheck.main(UserCheck.java:172)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
Aug 31, 2010 6:05:16 AM ...xception() Debug: Created file with error text at location "UserCheck.message"
Aug 31, 2010 6:05:16 AM ...eck.main() Info: Leaving with return code 4
Aug 31, 2010 6:05:16 AM ...eck.main() Path: Exiting method with 4
Kindly suggest.
Regards.

Issue resolved.
It was user ddic that was locked, unlocking ddic in client 800 resolved the issue.
Regards.

Unlock Table in DDIC

the /BI0/SCRM_PRCTYP table in DDIC was locked. cant figure out what to do to unlock it. Can someone help
Thanks,\

I'm not sure what you mean by "Is Locked"? What is the error message and what are you doing to get it.
You can see the locks in SM12. You can also delete them there. Just be careful not to remove a lock that is actually being used by a user. That could cause some database inconsistencies.
Regards,
Adam

STARTSAP_NBAS DDIC password locking out

Guys,
We are doing 4.6c upgrade to ERP6 and during STARTSAP_NBAS phase DDIC locking out and cant start SAP original system. We tried to unlock the password and also did the reset using SAPup reset DDICpwd. But its still locking out.
When we tried to login to the system using GUI through DDIC we can login but when we try reset the password in SU01 we are getting syntax error " The data object "*USH02" does not have a component called "PASSCODE"."
Please help
Reward points will be awarded for helpful answers
Thanks
Santosh

Hi Santosh,
The problem is clear that the table USH02 is not updated during upgrade
so that it is not synchronized with table USR02. Please check table
USH02 and USR02 table in database level, compare the PASSCODE field in
both tables. (most probably there is no PASSCODE field for USH02 in db
level as well). If so, you could do the following:
1. Change the DDIC password to 19920706 at the table level:
    update sapr3.usr02 set bcode='61D26428640DBAB5'
                          where bname='DDIC' and mandt='000';
2. Remove the lockflag
     update sapr3.usr02 set uflag=0;
3. Change the DDIC password to 19920706 for the upgrade using:
SAPUp set ddicpwd
4. Then restart the system, and login again.
Kind regards
Imre Takácsi-Nagy
Senior Support Consultant II.
SAP Global Support Center Austria
Netweaver WEB Application Server ABAP / JAVA

STARTSAP_NBAS Phase DDIC password locked

Guys,
We are doing 4.6c upgrade to ERP6 and during STARTSAP_NBAS phase DDIC locking out and cant start SAP original system. We tried to unlock the password and also did the reset using SAPup reset DDICpwd. But its still locking out.
When we tried to login to the system using GUI through DDIC we can login but when we try reset the password in SU01 we are getting syntax error " The data object "*USH02" does not have a component called "PASSCODE"."
Please help
Reward points will be awarded for helpful answers
Thanks
Santosh

Santosh,
1.First upgrade the Kernal to the latest available Version,then proceed with the upgradation.The version should be atleast 55.
2. Have a look at this SAP Notes: 955615.
3.Note 822379 - Known problems with Support Packages in SAP NW 2004s AS ABAP
4. Check whether you are using the correct Kernal (Unicode/Non-unicode).
5.What is the valus that you have given for the parameter:
login/password_downwards_compatibility"
This is a dynamic profile parameter; you can change it's value (using transaction RZ11) without restarting the system.
SAP recommendation
SAP recommends that you always import the latest version of the SPAM/SAINT update before you import any Support Packages.
You download the latest versions of the tp and R3trans executables from SAP Service Marketplace (see Note 19466).
Regards,
Karthick Eswaran

Errors in DDIC Activation phase during upgrade.

Hi,
Title: Errors in DDIC Activation phase during upgrade.
During preprocessing phase (phase ACT_UPG) we got many DDIC activation errors such as:
SAPup broke during phase ACT_UPG in module MAIN_SHDRUN / Shadow System Operations: SPDD and Activation.
DDIC ACTIVATION ERRORS and RETURN CODE in SAPACCI702.CPE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1EEDO519 "Data Element" "/BI0/OICH_AT" could not be activated
1EEDO519 "Data Element" "/BI0/OICREA_TIME" could not be activated
1 ETP111 exit code : "8"
We have searched the SDN, many posts say that we have to just activate them. But my question is where - in source system OR in Shadow system?
We assumed it is Source system (please correct if it is wrong), unlocked the system and logged in as normal user and tried to activate the Data Element. Now, it says "Search Help /BI0/OICH_AT is not active or contains no parameter". How to go about it?
If it is Shadow System, how can i unlock the system?
Many thanks,
Mohan.

Dear Mohan,
There are search helps configured for the dataelements in ACTUPG.ELG. These search helps were created by mistake by the system.
The search helps can be deleted manually in the shadow instance.
In this case you should remove these fields in se11 (in your shadow instance) as the Search help shouldn't exist.
You should do this step for all data elements shown in the log ACTUPG.ELG:
For example: SE11 -> /BI0/OICH_AT -> Change -> Tab "Further characteristics"
1. Goto SE11:
2. Select Data type and fill "/BI0/OICH_AT" and display
3. Select the tab "Further Characteristics" and
4. Remove the values for fields "Name" and "Parameters"
 then click on icon "Activate"
Please do the same for the other object.
But before performing above steps you need to unlock the shadow instance by the following command:
SAPup unlockshd <SID>
(if using SAPup)
SAPehpi unlockshd <SID>
(if using SAPehpi)
Also do not forget to lock the shadow system again after performing the steps and continuing the upgrade by the following command:
SAPup lockshd <SID>
(if using SAPup)
SAPehpi lockshd <SID>
(if using SAPehpi)
You can logon to your shadow system with any different user than DDIC.
Best Regards,
Abhishek
Edited by: Abhishek Srivastava on Oct 17, 2011 6:26 PM

How to unlock all users

Dear Guru's
I am having a situation as .........All users locked accidentally with superuser sap*& ddic . Then How to unlock them .........give me responce..........soon.please
Regard's
rajkumar

hi
you can do this using sql statements. Chekc the following link
http://sap.ittoolbox.com/documents/popular-q-and-a/sap-user-locked-4326
If you are not familiar with sql , better get help from DBA
THanks
Prince Jose

How to Unlock J2EE_GUEST user in portal

Hi
In my Portal "J2EE_GUEST' user is locked as a result i can't able to see the list of system avaliable in Visual Composer
When i tried to unlock the JE22_GUEST user in portal it is not allowing me to unlock the user
Please advise how can i unlock the J2EE_GUEST user in Portal
Thanks

Hi,
Incase if you are having the dual stack, ABAP+ JAVA , you can logon to the ABAP system using either the J2EE_ADMIN or DDIC and use the Tcode -SU01.
As soon as you log on to SU01 you would be asked to enter the user name .
Enter J2EE_GUEST and on the top right hand corner you have an option unlock.
As soon as you unlock, on the left hand side to unlcok, there is a change password option, you can also reset your password there.
Else log into the portal with a J2EE_ADMIN role and in user administration unlock the user
Hope this helps.
Cheers,
Sandeep Tudumu

How to reset ddic password for client 000 in MSSQL 2005 database

SAP = ECC6
DB = MSSQL 2005
client = 000
1. SAP* account was removed from the DB, can't be found in USR02 table.
2. Only left ddic account and was locked. How can i reset ddic password?
3. How can i unlock and reset my own password from the MSSQL database?

You can unlock and reset passwords for DDIC and for your own user id in the following way:
Please execute the below queries at your database level:
To unlock user ids:
SQL>update SAP<SID>.usr02 set flag=0 where bname="*user id*" and mandt=client number;
SQL>commit;
To reset the passwords:
SQL>update SAP<SID>.usr02 set bcode="encrypted password" where bname="*user id*" and mandt=client number;
SQL>commit;
Then log into the system and execute /$sync
hope this will help you.
Regards,
FAisal

Reseting User ddic uflag parameter in Client 00 On Iseries as400 v5r4m0

Hi
I am busy doing a homogenous system copy from my prd system to a new 4th system (for Migration possibilities). I know that at the end of my db copy it will prompt ,me to provide the ddic password. My source system ddic user id (prd) at the moment is locked. I intend backuping up the prd sytem tonight, but i need to reset user ddic first, as whatever gets backed up will come across.
Does anyone know how to reset the uflag paramter of ddic in client 000.
I have only two users in client 000 i.e ddic and sap* and i cant do anythign with sap* as it has no profiles attached to it.(security issue) I know how to do the unlock of the user in oracle i.e
Oracle
Update USR02 set UFLAG=0 where BNAME='DDIC' and MANDT=000.
Can anyone help on the as400 side.

Hi Morga,
If I understand correctly, you just need help how to issue SQL commands natively on the iSeries, is that right?
If so, that's how you'd proceed:
Sign on to the machine via green screen as user <sid>OFR and then type STRSQL. You'll then get as screen that allows you to enter the SQL statement like you suggested it for Oracle.
STRSQL is a product which does not come for free. So, if you do not have that installed, you could use SQLUTIL. SQLUTIL is free, but not per default on the system. (Search for library QGPTOOLS.)
In case you don't have it, read SAP note 68732 for more information of how to get it.
Hope that helps.
Best regards,
Dorothea

Unable to access user DDIC and SAP*

+Hi GURUS,+
+I installed solutionmanager 4.0 and i loggen in the system(000) with DDIC user and check the TCODE SICK.+
++When i restarted the server it was not allow me to login awith user DDIC and SAP in 000 client.++*
+It's giving error message:+
+Password log on nolonger possible too many times failed attempts.+
++Could you please help me out is there any way to set DDIC and SAP from windows level(i mean sap inst directry..usr/sap/<sid>/sys/profile)*
Regards
JAn

Hi,
Unlock it at Database level
UPDATE usr02 SET uflag = 0 WHERE bname = "SAP*" AND mandt = <client number>
Or
Run the sql query at sql prompt and then login to sap with sap* and password "pass".
SQL> delete from usr02 where mandt=<your login client> and banme='SAP*';
Rakesh

How to unlock a client

Hi everyone
I have an issue..
Can anybody tell me how to unlock a client from client 000..
In client 800 all users are locked.
Is there a way to do that..
thank you.
Kiran kumar.

Hi Kiran,
1. To lock or unlock a client only in an in R/3 System, run the following functions via tcode SE37:
1. SSCR_LOCK_CLIENT
2. SSCR_UNLOCK_CLIENT
Once we run these functions with a client as input, that client will be locked/unlocked. Actually this function set flag '' Client is locked temporarily for client copy" in client maintenance menu. And the client will be available for users DDIC and SAP*. If you try to login in that client as any user, system gives message that ' Client locked temporarily'.
Procedure to unlock the client
 1. Goto SE37
 2. Specify function module as SSCR_UNLOCK_CLIENT
 3. Click on icon Single test or F8.
 4. Specify the client which you want to lock and click on execute(F8).
2. If all the users are locked, they can be unlocked by
a) GO to command prompt type tp unlocksys <SID> pf=//usr/sap/trans/bin/TP_DOMAIN_<SID>.pfl;
b) or else try this command at ur sql plus query level
Go to cmd prompt.
Sqlplus /nolog
conn /as sysdba
this will take you to the sqlprompt.
Just execute the earlier commands there.
sqlplus>UPDATE SAP<schema>.usr02 set uflag=0 where mandt=<CLNT NO> and uflag=64;
this statement actually unlocks the users of that particular client. So, try for every client in that sap system.
c) You can delete sap*
Go to cmd prompt.
Sqlplus /nolog
conn /as sysdba
sqlplus>DELETE SAP<SID>.usr02 where mandt='CLIENT.NO' and bname=SAP*;
after doing this restart the system. So, that a new user with the name "sap" gets generated with password "pass". Provided the parameter is set login/no_automatic_user_sapstar= 0 (Automatic user SAP is permitted).

Password for sap* / ddic

Hi,
I am trying to reset the pw for sap* / ddic for the client 000. I searched this forum and got many options,I tried all of them. But none of them seems to work.
Now I am getting the error, logon no longer possible, too many failed attempts'.
I did update the users at USR02 table for locnt and uflag, I tried a custom abap program which i got from this forum, but nothing works.
Any help? Thanks,
If anyone one knows of not logging into client 000 for doing transports, please let me know. I have access to this box from different clients for sap* / ddic users. SAP document says that I need to logon to client 000 to do transports.
Regards,
Sundar.

Hi ,
If all the users are locked, they can be unlocked by
a)Try this command at ur sql plus query level
Go to cmd prompt.
Sqlplus /nolog
conn /as sysdba
this will take you to the sqlprompt.
Just execute the earlier commands there.
sqlplus>UPDATE SAP<schema>.usr02 set uflag=0 where mandt=<CLNT NO> and uflag=64; this statement actually unlocks the users of that particular client. So, try for every client in that sap system.
b) You can delete sap* user
Go to cmd prompt.
Sqlplus /nolog
conn /as sysdba
sqlplus>DELETE SAP<SID>.usr02 where mandt='CLIENT.NO' and bname=SAP*;
Note:-
After doing this restart the system. So, that a new user with the name "sap" gets generated with password "pass". Provided the parameter is set login/no_automatic_user_sapstar= 0 (Automatic user SAP is permitted).
regards,
kanthi

UNLOCKING DDIC

Similar Messages

Maybe you are looking for