User id locked in BW system without logon attempts by user

Similar Messages

• The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError) Log on failed. Ensure the user name and password are correct. (rsLogonFailed) Logon failure: unknown user name or bad

  The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError)
  Log on failed. Ensure the user name and password are correct. (rsLogonFailed)
  Logon failure: unknown user name or bad password 
  am using Windows integrated security,version of my sql server 2008R2
  I have go throgh the different articuls, they have given different answers,
  So any one give me the  exact soluction for this problem,
  Using service account then i will get the soluction or what?
  pls help me out it is urgent based.
  Regards
  Thanks!

  Hi Ychinnari,
  I have tested on my local environment and can reproduce the issue, as
  Vaishu00547 mentioned that the issue can be caused by the Execution Account you have configured in the Reporting Services Configuration Manager is not correct, Please update the Username and Password and restart the reporting services.
  Please also find more details information about when to use the execution account, if possible,please also not specify this account:
  This account is used under special circumstances when other sources of credentials are not available:
  When the report server connects to a data source that does not require credentials. Examples of data sources that might not require credentials include XML documents and some client-side database applications.
  When the report server connects to another server to retrieve external image files or other resources that are referenced in a report.
  Execution Account (SSRS Native Mode)
  If you still have any problem, please feel free to ask.
  Regards
  Vicky Liu
  Vicky Liu
  TechNet Community Support

• System Error: Logon failure: unknown user name or bad password

  Hello experts,
  my system NW2004s (SPS14.1) is producing a lot of the following error messages caused by the internal user Guest... The system user Guest has all the necessary rights using a service user.
  *getting mapped math - java.io.IOException: Logon failure: unknown user name or bad password*
  at java.io.WinNTFileSystem.canonicalize0(Native Method)
  at java.io.Win32FileSystem.canonicalize(Win32FileSystem.java:333)
  at java.io.File.getCanonicalPath(File.java:513)
  at com.sapportals.wcm.repository.util.file.StdFileImpl.getCanonicalPath(StdFileImpl.java:74)
  at com.sapportals.wcm.repository.util.file.StdFileImpl.getCanonicalFile(StdFileImpl.java:70)
  at com.sapportals.wcm.repository.manager.sfs.FSRepositoryManager.startUpImpl(FSRepositoryManager.java:141)
  at com.sapportals.wcm.repository.manager.AbstractRepositoryManager.start(AbstractRepositoryManager.java:538)
  at com.sapportals.wcm.crt.CrtThreadSafeComponentHandler.tryToStart(CrtThreadSafeComponentHandler.java:246)
  at com.sapportals.wcm.crt.CrtThreadSafeComponentHandler$1.run(CrtThreadSafeComponentHandler.java:252)
  at java.util.TimerThread.mainLoop(Timer.java:432)
  at java.util.TimerThread.run(Timer.java:382)
  I am not sure about the severity of the error. I can observe the error message almost every minute in the Log file and I have the impression that this message occours more often before the portal has more "problems" in general and is for a short time not accecible (it freezes and sometimes a java server restarts itself). I am asking myself if this error message could give a hint for the system crash we have had today. (a restart of the host was needed.)
  However I would like to know what causes the error message?
  It is a critical error message? It means can it cause a system crash? Or is it not important?
  What can I do to solve the problem?
  I appreciate your helful answers.
  Thanks in advance.
  Thomas

  I think the password for the proxy account needs to be changed (expired)
  Arthur My Blog

• User showing locked in SU01 but not in BP-Internet User and vice versa

  Hello,
  Why is it when when a user is locked in their CRM SU01 it won't show that that same user is locked on their BP-Internet User Tab and vice versa. We are eexperiencing issues where our web users are getting locked out. Are support team only has access to the web users BP-Internet User tab. When the suport team goes to unlock the user the lock check box is not checked in the BP. But when you go to the SU01 the account is showing as locked and vice versa, we're seeing the BP lock box checked but on the SU01 it says the account isn't locked. Isn't the BP-Internet User tab reading off of the SU01 account?
  Thank You very much,
  Alex

  Hi,
  From your question, I infer that the BP and CRM are using multiple User Management Engines (UMEs). If you have a centralized UME, you should not experience this issue. Please post back with complete details.
  Rgds,
  Raghu

• After system copy sysdba, and dbm user locked in maxdb

  Hi,
  I have done system copy (SCM 5.0 / LiveCache 7.6), after I have restored maxdb / livecache database, (SYSDBA, DBM) users are locked, I am not able to unlock the user, can someone help me.
  What is teh way to unlock (SYSDBA, DBM), how can I do that.
  thanks for your help in advance.
  sahmad

  Hello, do you have the oper user?

• User Account locked

  Hi All,
  My DB Version: 10.2.0
  OS: Solaris
  my users complaining that there account are getting locked after some time but previously this is not happening why

  Most probably the account was locked after too many failed logon attempts that submitted an invalid password or one of the other password related restrictions has been exceeded. Check the profile for the user account.(FAILED_LOGIN_ATTEMPTS )

• How to Use 'uid' for AD Users Without Domain Name For User Log in OAM

  How to Use 'uid' for synchronized Active Directory (AD) Users into Oracle Internet Directory (OID) Without Domain Name For User Logins in OIDDAS and OAM
  We successfully integrated OAM 11g with EBS R12.1.3 Now all the AD user id's stored in fnd_users table as [email protected]
  How can we remove @abc.com
  We are using OID 11g and OAM 11g
  Found the similar note for OID 10G: How to Use 'uid' for AD Users Without Domain Name For User Logins in OIDDAS and SSO [ID 580480.1]
  We are in OID 11g.
  Any help on this greatly appreciated.

  I couldn't find any reference that could be helpful -- Please log a SR and see if this is supported and if the steps are available.
  Thanks,
  Hussein

• Contractual User Type: 11 Multi-Client/System

  Hi,
  In BW 3.5 we had option to select Contractual User Type: 11 Multi-Client/System under Licence Data of Users.
  However, in BI 7.0, we do not see option 11 Multi-Client/System at all.
  Can you please advise,why this is not there? Is it replaced by some other type?
  Best Regards,
  UR

  Hello,
  you can select the available license types in transaction USMM (Tab User types). Check before you use license type 11 if there is only the need for it. In general you don't need license type 11 in a common SAP environment.
  Regards,
  Milan

• Remote Desktop Gateway 2008 R2 - logon attempt failed

  I've already read through a lot of threads regarding this. Our RDGW has been working for approx 2 years. Suddenly now, some clients start to get the "logon attempt failed" when they are using rdgw. It does seems to be an increasing problem..
  - Redirection in IIS is OK, checked out!
  - Blank page appears when i try to logon to http://rdgw.server.com/rpc - This is OK.
  I see NO non-normal entries at all in event viewer on the gateway server.
  The only thing I get in event viewer on the client is:
  TerminalServices-ClientActiveXCore/Microsoft Windows-TerminalServices-RDPClient/Operational:
  EventID: 1026 - RDP CLientActiveX is disconnected (reason= 50331649)
  EventID: 1025 - Connection with multiple transport is disconnected(not correct - google translate from locale)
  This is the only thing I can see in the logs, it pops right after I get the: "The logon attempt failed"
  I think a certificate issue is excluded since most of my clients can connect - all certs er valid.
  We got people externally and locally that are experiencing this issue (I've forced rdgw to be sure on the local clients) So most likely this problem has nothing to do with external/internal.  
  On those computers who are unable to logon using rdgw, none accounts works(i've even tried domain admin). So the problem is not user-based either.
  Since the "the logon attempt failed" pops within a second I was'nt sure if the traffic even got to our RDGW, so I checked with wireshark, and I can see that the gw is responding in ssl back to the client. Still there is no entries in the log on the rdgw
  server..
  Any suggestions?
  thanks

  Hello all,
  Something that worked for me : 
  On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative
  Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
  Under Connections, right-click the name of the connection, and then click Properties.
  In the Properties dialog box for the connection, on the General tab, select the server authentication and encryption settings that are
  appropriate for your environment, based on your security requirements and the level of security that your client computers can support.
  In the Properties dialog
  box for the connection, on the Log on Settings tab,
  uncheck the box Always prompt for password
  Click OK.

• Log of HTTP Requests & LogOn Attempts

  Hello,
  Is it possible to see in a log file which http requests are send to the J2EE Engine?
  Same question for logon attempts with user-id or client certificates?
  Greetings,
  Bart

  Sorry, seems that I forgot the links:
  http://help.sap.com/saphelp_nw04/helpdata/en/c1/0534420793ab04e10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/9f/4b51421705be30e10000000a155106/frameset.htm

• User gets locked by an external system but which one?

  Hi,
  In an abap system, we have changed the password of our administration user. Afterwards, this user gets locked every 5 minutes, obviously because the user and old password has been used to set up communication from another system to the abap system. An RFC connection for instance or whatever. Sure it is possible to check all the systems you can think of to see if the user has been used for such a purpose. But how can you see in the system itself where the call comes from that locks it? I have tried the gateway tracefile but without success. Any suggestions?
  Regards,
  GK

  Hello,
  I would try transaction STAD.
  There you should find entries of type RFC with your user.
  If you double-click on the line, you get the details. Click on the RFC button.
                                as Client             as Server
  No. of targets                   0                     1
  Click on the highlighted 1 under "as server".
  You should get the needed info : the remote destination
  Target         TEST_DEV
  User ID        TESTOC
  RFC Caller     OCHRETIE
  Local  destin. bt1suk17v1_DEV_02                IP address xx.xx.xx.xx
  Remote destin. bt1suk16v1_DXI_68                IP address yy.yy.yy.yy
  Hope this helps
  Olivier

• SLD User gets locked; four unsuccessful logons every 15 minutes

  I have a landscape with a PI with the SLD on it. I defined a user with the name SLDUSER and the appropriate authorizations. The PI is a Unicode system, like all systems in the landscape.
  There were already some application servers (CRM, Banking Services, Composition Environment) connecting to this SLD and everything went fine.
  Now I added another application server, an ERP, for FI-CAx (NW 7.02). As the business partners are distributed via XI through the PI system, the ERP needs to connect to the SLD, too.
  I set it up as usual:
  - sldapicust: host, port, SLDUSER, password. (What is weird is that there is no test button as in all the other systems ... maybe that depends on the installed EhPs.)
  - This generated the destinations (type T = TCP/IP) SLD_UC and SLD_NUC automatically.
  - I created destinations SAPSLDAPI and LCRSAPRFC manually in sm59, type T = TCP/IP, set them to Unicode, entered the same (two different) Registered Server Programs that are used in these destinations on all the other servers (CRM, PI, BaS).
  - I ran rz70, entered the host and gateway, activated, executed the data collection.
  SLDCHECK runs successfully on the ERP system!
  The technical system for the BS1 showed up in the SLD as expected.
  - I configured the clients / business systems on the SLD.
  Now begins the problem. The SLDUSER is now getting locked all the time! It's definitely the ERP system causing it - when I prevent it from accessing the PI (by changing the hosts file on the operating system), the problem stops.
  I activated everything critical related to logons and RFCs in sm19 and looked at the logs in sm20. This is what it looks like:
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     User SLDUSER Locked in Client 001 After Erroneous Password Checks
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  17.08.2011     19:55:05     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  17.08.2011     19:55:05     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  And it goes on like this. So what happens is this: Every 15 minutes, at :10, :25, :40, :55, there are four unsuccessful logons with SLDUSER. With the fifth logon it gets locked.
  Again:
  - This stops when I make the PI inaccessible to the ERP.
  - SLDCHECK still works completely fine in ERP - until the SLDUSER is locked, of course; then it stops working in all connected systems. It does not result in unsuccessful logons on the PI.
  - When I run rz70 on the ERP and run the data collection this also reports success and does not create unsuccessful logons on the PI.
  - I have not used the SLDUSER in any other locations besides sldapicust.
  So what the hell is wrong with this system?!

  I have created a separate user SLDUSER_ER1 just for use in the sldapicust in the new ERP system that causes the problem. Still SLDUSER is getting locked (not SLDUSER_ER1)!
  I powered down this ERP system ER1, just to make absolutely sure it is causing the problem - indeed the unsuccessful logon attempts every 15 minutes stopped right away.
  As a workaround and for narrowing down the problem I have created separate users SLDUSER_CR1 etc. for each of the other systems in the landscape (CRM and so on) - indeed those do not get any unsuccessful logon attempts.
  I have deleted all four SLD-related destinations in ER1 and recreated them from scratch (SLD_NUC and SLD_UC being generated when running rz70). I also used the "delete all batch jobs" button in rz70.
  Still, SLDUSER is getting locked.
  I checked on the PI system in C:\usr\sap\PI1\DVEBMGS00\j2ee\cluster\server0\log\system\httpaccess\responses_00.0.trc and see it is indeed the IP of the ERP system that gets the error 401 exactly at the times when the unsuccessful logon attempts occur:
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [140]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [79]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [62]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [47]
  As the ERP has no Java instance and the sldapicust does not contain the SLDUSER (but the new SLDUSER_ER1) it is a mystery to me what it is that is still running every 15 minutes in the ERP and tries to use SLDUSER.
  I went through the entries in SECSTORE and could not find any use of SLDUSER (only of SLDUSER_ER1, as it should be).
  Edited by: Monika Eggers on Oct 2, 2011 3:08 PM

• User XISUPER locked due to incorrect logon

  Hi all,
  We are facing one major problem as
  Time               Ty.       Nr       Cl.      User         Tcod MNo     Text
  00:17:56           DIA      002      700    SAPJSF               US1     User XISUPER locked due to incorrect logon
  in system log.
  We checked all the RFC connections all are fine.
  What would be the issue?
  Regards,
  Shivraj C.
  Edited by: Shiv Chalke on Jul 27, 2009 8:24 AM

  Hi,
  >>>We checked all the RFC connections all are fine.
  in most cases such issues are very easy to track
  just check out documentation on where the XISUPER is used
  for example for SLD access from PI - SLDAPICUST, etc.
  so just check it out and you will know in a flash
  Regards,
  Michal Krawczyk

• Lock sys and system user

  Dear all,
  We have 10.2.0.4 on solaris 10.
  Currently we had I.T audit on our environment and auditor commented to lock sys and system user and use one user with any name (not oracle generic name) and grant him sys and system privilege and to use this user for admin purposes. is this right ?.. is this recommended ?
  Please advise

  Hello,
  I think it's not a right way to lock SYS.
  More over, if you connect as OS Administrator (root for Unix/linux) on the server and use
  OS Authentification then, you can connect on SYS AS SYSDBA anyway.
  So, in fact, it's not possible to lock out SYS even if you execute the following:
  ALTER USER SYS ACCOUNT LOCK;If you want to prevent access on SYS you should set a complex and long password and
  apply the same rule for the Administrator / root OS user.
  These passwords must be known by very few and well - identified people and written nowhere
  (in any files or scripts).
  More over, you should limit DBA roles to SYS and SYSTEM and remove this powerful Role
  from other Oracle Users.
  Then, you may enable session AUDIT so as to control the connexion on the database and,
  create a LOGON TRIGGER so as to check the login, workstation, program of the end users
  who connect to the database.
  On 10g, EM DBConsole shows an alert everytime a User is connected with SYS.
  Please, find enclosed, an interesting document written by Pete Finigan on this topic:
  http://www.insight.co.uk/files/presentations/Hacking%20and%20securing%20Oracle.pdf
  Hope this help.
  Best regards,
  Jean-Valentin

• Creating Support Messages from Satellite System without SolMan user account

  Hi
  We are having some problems with users "creating support message" from our ECC system  to SolMan, if the user does not have a user account in Solution Manager.
  It is not correct, that users from Satellite systems can create support messages from these systems, without the user having an account in Solution Manager? And that the user is identified by the business partner for the user, that must exist in the Solution Manager system ?
  We have set up the RFC for the supportmessages between SolMan and the ECC system as trusted RFC, with the "Current user" as the user, but how should this be set up, if the user does not have an account in the Solution Manager system. If we enter a user with the right authorizations in the RFC, will the messages that come through not just appear as created by that user, instead of the ECC user and corresponding business partner ?
  Regards
  Lars

  Hi,
  you can use the use the user for the RFC-Connection in that case. I have customizied a similar scenario. In my scenario the System from which the message was created, is the business partner (SOLD-TO-PARTY). For that you have to create a communication user (i.e SOLMAN<SYSID>). In TA SM59 in the satellite-system you assign this user for the connection. (Don't forget to assign the user to the role "SAP_SV_FDB_NOTIF_BC_ADMIN"). Now, it schould be possible to create messages from the satellite system to the solution manager. Additionally you should create business-partner for each user of the satellite system, by using TA DSWP>EDIT>CREATE BUSINESS PARTNER.
  With this TA, it is easy to create BP for each satellite system.
  Best regards
  Marc