User is locked.

Similar Messages

• How to find out which user has locked a particular record of a table

  Hi
  Is it possible to know - which user has locked a particular record (I know the primary key of the record) of a table
  Regards

  select     OS_USER_NAME os_user,
       PROCESS os_pid,
       ORACLE_USERNAME oracle_user,
       l.SID oracle_id,
       decode(TYPE,
            'MR', 'Media Recovery',
            'RT', 'Redo Thread',
            'UN', 'User Name',
            'TX', 'Transaction',
            'TM', 'DML',
            'UL', 'PL/SQL User Lock',
            'DX', 'Distributed Xaction',
            'CF', 'Control File',
            'IS', 'Instance State',
            'FS', 'File Set',
            'IR', 'Instance Recovery',
            'ST', 'Disk Space Transaction',
            'TS', 'Temp Segment',
            'IV', 'Library Cache Invalidation',
            'LS', 'Log Start or Switch',
            'RW', 'Row Wait',
            'SQ', 'Sequence Number',
            'TE', 'Extend Table',
            'TT', 'Temp Table', type) lock_type,
       decode(LMODE,
            0, 'None',
            1, 'Null',
            2, 'Row-S (SS)',
            3, 'Row-X (SX)',
            4, 'Share',
            5, 'S/Row-X (SSX)',
            6, 'Exclusive', lmode) lock_held,
       decode(REQUEST,
            0, 'None',
            1, 'Null',
            2, 'Row-S (SS)',
            3, 'Row-X (SX)',
            4, 'Share',
            5, 'S/Row-X (SSX)',
            6, 'Exclusive', request) lock_requested,
       decode(BLOCK,
            0, 'Not Blocking',
            1, 'Blocking',
            2, 'Global', block) status,
       OWNER,
       OBJECT_NAME
  from     v$locked_object lo,
       dba_objects do,
       v$lock l
  where      lo.OBJECT_ID = do.OBJECT_ID
  AND l.SID = lo.SESSION_ID
  hope this helps
  Zekeriya

• User getting locked while sending message sync via BPM. Please help

  Hi Experts,
     I have a sync - sync scenario where I am sending data synchronously from webservice to a sync RFC FM. I am using BPM and in BPM I have three steps
  1. Receive step - Opens Sync-Async Bridge
  2. Sync Send step
  3. Send step - Closes SYnc-Async bridge.
  This BPM solution is same as that give in the blog https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/1403 [original link is broken] [original link is broken] [original link is broken]
  When I test this scenario I am getting
  <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
  <SAP:Category>XIServer</SAP:Category>
  <SAP:Code area="INTERNAL">PL_TIMEOUT</SAP:Code>
  <SAP:P1 />
  <SAP:P2 />
  <SAP:P3 />
  <SAP:P4 />
  <SAP:AdditionalText />
  <SAP:ApplicationFaultMessage namespace="" />
  <SAP:Stack>Timeout condition of pipeline reached</SAP:Stack>
  <SAP:Retry>N</SAP:Retry>
  </SAP:Error>
  When I check the "Status monitor for Sync/Async communication" via SXMB_MONI, I found that my message is listed there with BPE status = "Wait".
  On double clicking my message I found that there is an error " User is locked. Please notify the person responsible".
  Why is my BPE struck in "Wait" stage and user is locked?
  What am I doing wrong? Am I missing any settings in SOAP sender communication channel?
  Please help me in resolving this problem.
  Regards
  Gopal

  Hi,
  Few months ago we had also problems with "locked user" in XI, in our case XIAPPLUSER was sometimes (b)locked.
  Perhaps note:
  721548 Changing the passwords of the XI 3.0 service users
  will help you.
  We removed and entered the service users again, with the password in CAPITALS and language blank.
  After that our problem was solved, I hope yours too.
  Regards
  Jack

• User showing locked in SU01 but not in BP-Internet User and vice versa

  Hello,
  Why is it when when a user is locked in their CRM SU01 it won't show that that same user is locked on their BP-Internet User Tab and vice versa. We are eexperiencing issues where our web users are getting locked out. Are support team only has access to the web users BP-Internet User tab. When the suport team goes to unlock the user the lock check box is not checked in the BP. But when you go to the SU01 the account is showing as locked and vice versa, we're seeing the BP lock box checked but on the SU01 it says the account isn't locked. Isn't the BP-Internet User tab reading off of the SU01 account?
  Thank You very much,
  Alex

  Hi,
  From your question, I infer that the BP and CRM are using multiple User Management Engines (UMEs). If you have a centralized UME, you should not experience this issue. Please post back with complete details.
  Rgds,
  Raghu

• Can not receive messages - user mailbox locked

  Suddenly my incoming messages stopped coming and a dialogue box appeard, saying: "The sending of password failed. The e-mail server (pop3) answered user mailbox locked."
  I've been in contact with my internet service provider and they found nothing wrong from their side. I can access my mail on the webmail and I can send email from my account.
  I've checked the way the server and the account is configured and everything seems to be ok and according to manuals from both the ISP and Thunderbird. How can I get may incoming mail working again? Hoping for help!

  Yes I asked. That was the first thing I did. And there's nothing wrong on the provider's side. They didn't lock the account and found it very unusual. They didn't know much about Thunderbird, however...
  But I got hands-on-help from my son yesterday and that might have (almost) solved it. Seems that Thunderbird can't have both IMAP and POP3 accounts running and there might have been something in this that disturbed the flow. He made a new inbox and things started to work again. But it's still not working 100 %.

• What report is run in SAP to get the DATE on which Users are locked ?

  Hello,
  What report is run in SAP to get the DATE on which Users are locked ?
  I have tried with RSUSR200 ,-- last logon ,last password change , but i did not get a option to find the date on which are Users are locked .
  Can anyone suggest what report should be executed to get the date on which Users are locked and by whom ?
  As a alternate , i  am usig SUIM to get extract this data but i am looking for a report .
  thanks & regards
  Ganesh

  Hi Ganesh,
  You can try the below link where many of the options are described:
  How i can check at what date perticular user was locked and who lock it?
  Regards,
  Nilanjan

• PI 7.0 service users are locked

  Hi guys,
  We have PI7.0 installed and configured properly.
  We created a custom product and software component version in SLD and when we are trying to import it in IR we get "Unable to read software component versions from System Landscape Directory". Just to let you know PI is on one host and SLD on another.
  It is obvious that something is wrong with users in the communication between IB and SLD.
  We have tried everything:
  1) notes 764176, 768148, 720717, 741214, found on relevant posts.
  2) Exchange profile checks, we added extra roles to PIREPUSER, we replaced PIREPUSER in Exchange Profile with PISUPER, creating all PI service users with user roles in ABAP part of SLD etc... When I changed something in ABAP part, I performed "assign roles to user groups" in VA of Java part.
  However, I noticed that in SLD's UME in Java some of the PI service users are locked and I am unable to unlck them, since when I try to do so with user j2ee_admin, I get "There was an error. Please contact administrator"
  Any ideas??
  Evaggelos

  Thanks to both guys. I will award points.
  The problem was caused due to some PI users that were locked on the J2EE part of XI, and therefore they could not connect to the SLD. I unlocked them through VA 's, Security Provider service.
  Evaggelos

• 'User is Locked' error while trying to start initial load

  While trying to start initial load of objects using R3AS, I am receiving error msg 'User is locked'. This rfc user is a dialog user with SAP_ALL. I even tried replicating using a new user, but ended up with same error. The user is not locked but still getting the same error msg via status 'SYSFAIL' in the queue. Any suggestions?
  Thnx,
  - AJ.

  AJ,
  The RFC user must be a <b>communication user or a system</b> user. I think you mentioned the RFC user is a dialog user, which would be wrong settings definitely.
  Also as mentioned by Marcin, ensure the passwords in the RFC destination of SRM and R/3 are the same as the passwords in SU01 of the respective systems. To ensure this, click on remote logon for the RFC destination in SM59. If the screen doesnot change, this means your systems are connecting through the RFC user without any problem.
  Please assign points, if answer is usefull !!
  Sundeep

• Service user XIISUSER  locked when resending multiple messages

  Hi All,
  Scenario: Idoc  to 2 file  receiver  (1 defined as a Business Service). We notice that occasionally when we send multiple idocs from R/3 or when we restart multiple messages from the same scenario, we will get a HTTP 401 error and will find our service user XIISUSER locked.
  i.Has anyone come across anything like this before?
  ii. In receiver determination, the "Terminate message processing with  Error(Restart Possible) radio button is chosen. Out of interest, what kind of error does this give if either 1 or the receivers cannot be found during runtime?

  Basically the error will be HTTP 401 Unauthorized and we will find XIISUSER locked. This usually happens when we send multiple idocs for the scenario or when we restart multiple messages that belongs to the scenario. By multiple i mean 5-10 messages and not a really big number.
  Once the XIISUSER is unlocked, I can just restart the message and it will be processed successfully. What I would like to know is what is causing the XIISUSER to be locked in the first place. can this be caused by the branching of the messages?

• User gets locked by an external system but which one?

  Hi,
  In an abap system, we have changed the password of our administration user. Afterwards, this user gets locked every 5 minutes, obviously because the user and old password has been used to set up communication from another system to the abap system. An RFC connection for instance or whatever. Sure it is possible to check all the systems you can think of to see if the user has been used for such a purpose. But how can you see in the system itself where the call comes from that locks it? I have tried the gateway tracefile but without success. Any suggestions?
  Regards,
  GK

  Hello,
  I would try transaction STAD.
  There you should find entries of type RFC with your user.
  If you double-click on the line, you get the details. Click on the RFC button.
                                as Client             as Server
  No. of targets                   0                     1
  Click on the highlighted 1 under "as server".
  You should get the needed info : the remote destination
  Target         TEST_DEV
  User ID        TESTOC
  RFC Caller     OCHRETIE
  Local  destin. bt1suk17v1_DEV_02                IP address xx.xx.xx.xx
  Remote destin. bt1suk16v1_DXI_68                IP address yy.yy.yy.yy
  Hope this helps
  Olivier

• CUA SU10 issue with users getting locked

  I did some role change using SU10 on CUA central system for 200 users. 45 of the users got locked with global admin lock in the child system for which I made the role changes.  These user locks are shown in the child system change documents log as changes by the CUA RFC user. I have this problem everytime I use su10. Why does this happen?  What can I do about it? Thanks, KT

  Hi Todd,
  propably you have some inconsistencies in your landscape....
  the cause of such 'unwanted' effects is the fact that if you change a user in your CUA central system, the whole user information is picked, then edited with you changes and afterwards distributed to all child systems.
  So what I could imagine in your example is as follows:
  User has a global lock in central system already, the particular child system did not have that information (user is still unlocked there). Several causes are possible, for instance the lock idoc did not get processed, Child system was not available/connected to CUA when the lock had been set,......).
  At the next update of that user (assign a role), the lock information from the central system is pushed to that child.
  Why?
  Because the design is to assure data consistency between central and child system. Therefore all the user information from central system is pushed to child at any user change. (that is also why you will see in SCUL 3 idocs for each user change (also user and profile idocs are pushed, even if you have changed the role assignement only).
  So what you could check is, if that users got the lock flag (128) already in the past somewhen.
  b.rgds, Bernhard

• Impact of J2EE_ADMIN / Administrator user getting locked

  Hi,
  What is the impact of J2EE_ADMIN / Administrator user getting locked in abap / java engines?  Will it effect startup of java server processes or java applications?  What are the other implications?
  Thanks,
  Abdul

  Hi Abdul,
  if the J2EE_ADMIN or Administrator user is locked then
  1. you cannot login to Visual Admin unless you define some other user with same authorization.
  2. any Jco-RFC using this user won't work.
  3. if you don't have any other user, you will have to activate SAP* user to unlock this user.
  Thanks,
  Sandeep

• SLD User gets locked; four unsuccessful logons every 15 minutes

  I have a landscape with a PI with the SLD on it. I defined a user with the name SLDUSER and the appropriate authorizations. The PI is a Unicode system, like all systems in the landscape.
  There were already some application servers (CRM, Banking Services, Composition Environment) connecting to this SLD and everything went fine.
  Now I added another application server, an ERP, for FI-CAx (NW 7.02). As the business partners are distributed via XI through the PI system, the ERP needs to connect to the SLD, too.
  I set it up as usual:
  - sldapicust: host, port, SLDUSER, password. (What is weird is that there is no test button as in all the other systems ... maybe that depends on the installed EhPs.)
  - This generated the destinations (type T = TCP/IP) SLD_UC and SLD_NUC automatically.
  - I created destinations SAPSLDAPI and LCRSAPRFC manually in sm59, type T = TCP/IP, set them to Unicode, entered the same (two different) Registered Server Programs that are used in these destinations on all the other servers (CRM, PI, BaS).
  - I ran rz70, entered the host and gateway, activated, executed the data collection.
  SLDCHECK runs successfully on the ERP system!
  The technical system for the BS1 showed up in the SLD as expected.
  - I configured the clients / business systems on the SLD.
  Now begins the problem. The SLDUSER is now getting locked all the time! It's definitely the ERP system causing it - when I prevent it from accessing the PI (by changing the hosts file on the operating system), the problem stops.
  I activated everything critical related to logons and RFCs in sm19 and looked at the logs in sm20. This is what it looks like:
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     User SLDUSER Locked in Client 001 After Erroneous Password Checks
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  17.08.2011     19:55:05     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  17.08.2011     19:55:05     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  And it goes on like this. So what happens is this: Every 15 minutes, at :10, :25, :40, :55, there are four unsuccessful logons with SLDUSER. With the fifth logon it gets locked.
  Again:
  - This stops when I make the PI inaccessible to the ERP.
  - SLDCHECK still works completely fine in ERP - until the SLDUSER is locked, of course; then it stops working in all connected systems. It does not result in unsuccessful logons on the PI.
  - When I run rz70 on the ERP and run the data collection this also reports success and does not create unsuccessful logons on the PI.
  - I have not used the SLDUSER in any other locations besides sldapicust.
  So what the hell is wrong with this system?!

  I have created a separate user SLDUSER_ER1 just for use in the sldapicust in the new ERP system that causes the problem. Still SLDUSER is getting locked (not SLDUSER_ER1)!
  I powered down this ERP system ER1, just to make absolutely sure it is causing the problem - indeed the unsuccessful logon attempts every 15 minutes stopped right away.
  As a workaround and for narrowing down the problem I have created separate users SLDUSER_CR1 etc. for each of the other systems in the landscape (CRM and so on) - indeed those do not get any unsuccessful logon attempts.
  I have deleted all four SLD-related destinations in ER1 and recreated them from scratch (SLD_NUC and SLD_UC being generated when running rz70). I also used the "delete all batch jobs" button in rz70.
  Still, SLDUSER is getting locked.
  I checked on the PI system in C:\usr\sap\PI1\DVEBMGS00\j2ee\cluster\server0\log\system\httpaccess\responses_00.0.trc and see it is indeed the IP of the ERP system that gets the error 401 exactly at the times when the unsuccessful logon attempts occur:
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [140]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [79]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [62]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [47]
  As the ERP has no Java instance and the sldapicust does not contain the SLDUSER (but the new SLDUSER_ER1) it is a mystery to me what it is that is still running every 15 minutes in the ERP and tries to use SLDUSER.
  I went through the entries in SECSTORE and could not find any use of SLDUSER (only of SLDUSER_ER1, as it should be).
  Edited by: Monika Eggers on Oct 2, 2011 3:08 PM

• SLD Data Supplier User is locked at regular intervals

  Dear Sirs,
  I have a Webdynpro application using two JCO connections to the backend to fetch data. One day it just stopped working. After some searching I found out that my SLD Data Supplier user was locked in the UME, due to too many failed logins. 
  When I unlocked this user everything worked again. Next morning when trying the application, the SLD Data supplier user was once more locked. If I lock it up it works, but it stops working again at fairly regular intervall (due to too many failed logins).
  The time it stops seems to be 15 minutes over each hour; however sometimes it seems to work for more than an hour some times less. This makes me belive that there is some kind of regular job which mess it up.
  Below is an extraction on what is going on in the logs around the time it stops working.
  I know others have had these kinds of error messages in conjunction with XI, but did not find a solution of the forum with fits me.
  Any hint on how I can solve the problem, or find out why the user gets locked is appriciated :=)
  java.lang.reflect.InvocationTargetException
  com.sap.engine.services.rfcengine.DefaultRequestHandler.handleRequest(JCO.Function function) anonimus J2EE_GUEST host.domain.com Server 0 XX_XXXXX
    Error 13:15:02:775 /System/Server 08/01/2006 java.lang.reflect.InvocationTargetException
  com.sap.engine.services.rfcengine anonimus J2EE_GUEST host.domain.com Server 0 XX_XXXXX
    Error 13:15:02:775 /System/Server 08/01/2006 java.lang.reflect.InvocationTargetException
  com.sap.engine.services.rfcengine anonimus J2EE_GUEST host.domain.com Server 0 XX_XXXXX
    Error 13:15:02:774 n/a 08/01/2006 Thrown: om.sap.mw.jco.JCO$J2EEAbapException: (126) SLD_CLIENT_EXCEPTION: AbapSLDRequestHandler.ping(): server connection *** failed *** on Tue Aug 01 13:15:02 CEST 2006 at com.sap.lcrabapapi.util.AbapSLDRequestHandler.raiseAbapException(AbapSLDRequestHandler.java:4184)... [see details]
  com.sap.lcrabapapi.ejb.AbapSLDRequestBean sap.com/com.sap.lcrabapapi J2EE_GUEST host.domain.com Server 0 XX_XXXXX
    Error 13:15:02:771 /Applications/SLD 08/01/2006 Caught a JCO.J2EEAbapException while processing a JCO request. Check the RFC engine for sanity and check your server logs and traces for more information.
  com.sap.lcrabapapi.ejb.AbapSLDRequestBean sap.com/com.sap.lcrabapapi J2EE_GUEST host.domain.com Server 0 XX_XXXXX
    Error 13:15:02:771 /Applications/SLD 08/01/2006 Caught a JCO.J2EEAbapException while processing a JCO request. Check the RFC engine for sanity and check your server logs and traces for more information.
  com.sap.lcrabapapi.ejb.AbapSLDRequestBean sap.com/com.sap.lcrabapapi J2EE_GUEST host.domain.com Server 0 XX_XXXXX
    Error 13:15:02:767 /System/Server 08/01/2006 User J2EE_GUEST, IP address
  Error processing an HTTP request. Http error [401] will be returned. The error is [Access Denied.No details available].
  com.sap.engine.services.httpserver n/a J2EE_GUEST host.domain.cp, Server 0 XX_XXXXX
    Error 13:15:02:742 /System/Server 08/01/2006 User J2EE_GUEST, IP address

  Hi Jørgen,
  This problem must be due to the user being entered with an incorrect password in one of your systems which accesses XI. I'm afraid the only way to find it is to go through all your systems' RFC destinations, transaction SLDAPICUST, and anywhere else the user info might be entered.
  I would normally recommend creating a separate user for each system accessing XI, so that in cases like this it is far easier to narrow down the search.
  Regards,
  Thorsten

• J2EE_ADMIN user getting locked frequently

  Hi SAP Guru's,
  The user J2EE_ADMIN in our nw2004s system is getting locked frequently. We have changed the password of this user in ABAP via SU01 & in JAVA in the secure store via configtool. The server was re-booted after doing these changes. Still the user J2EE_ADMIN is getting locked frequently. Also in SM21, we have a log <b>"J2EE_ADMIN locked due to incorrect logon"</b> for this locking which mentions the user as SAPJSF (Communication user between ABAP & JAVA).
  Is there a possibility that SAPJSF is locking the user J2EE_ADMIN ?? how & why ??
  Any help on this will be highly appreciated.
  Thanks,
  Sanjeev.

  have you solve this issue? we have the same!
  every half hour (xx:51:00 and xx:29:00), the J2EE_ADMIN user is locked by user SAPJSF transaction KRNL from the local host (terminal).
  We have changed the pass in secure store in configtool to the pass we used in abap.
  In "Visual Administrator" "Cluster>Server>Services-->Security Provider" the user have a checked box at "No password change required"
  We searched for other places with a wrong pass (Jco Connections = no J2EE_ADMIN used, SLD = no J2EE_ADMIN used), but found nothing.
  need help pls.
  regards
  chris

• Help solve OIM puzzle - OIM Authenticator == "weblogic user soft locked"

  Hi,
  I just completed an installation of IDAM 11g including OIM. I've done several, with different configurations, but this one is on Centos 64-bit.
  Everything seems to be working, but whenever I start the soa_server1 and oim_server1 managed server, I start seeing messages in the Adminserver stdout from <OIMAuthenticator>, saying that the weblogic user is "soft locked". If I go into OIM Admin, the 'WEBLOGIC' user is locked, and if I unlock that user in OIM Admin, the msgs from Adminserver change to "failed authentication" a few times, then I get the "soft locked" messages again.
  I've been trying to track this problem down for almost a week now. I'm "close" to understanding what might be going on, but I'm kind of at an impasse right now, so I figured I'd post what I've found thus far, and see if anyone here has any ideas.
  1) With this installation, I first installed a basic WebLogic domain, with a password (e.g., "password1").
  2) When I got to the IDAM installation, because there was a password policy, I had to use a password with upper-case in it (e.g., "Password1"), for all responses, except when it asked for the info for accessing the WebLogic Adminserver, in which case I responded with the original weblogic password (e.g., "password1").
  3) I have both the DefaultAuthenticator and the OIMAuthenticator in the security realm, with the DefaultAuthenticator at the top, above the OIMAuthenticator. Both authenticators are set to "SUFFICIENT".
  4) I think that SOMETHING is intermittently (~ every minute) trying to authenticate using the "weblogic" user, but whatever that is, it has the "wrong" password.
  5) My understanding is that normally, when OIM is installed, the 'WEBLOGIC' user is added to OIM, with an "empty" password, and I confirmed via sqlplus, that the USR_PASSWORD in the OIM USR table is indeed empty.
  6) I think that with the order that the authenticators are in, DefaultAuthenticator would attempt to authenticate, and then OIMAuthenticator would attempt to authenticate. Since both are set to SUFFICIENT, if an authentication against DefaultAuthenticator succeeds, the authentication would be considered "successful".
  Based on all of the above, it seems like whatever the process that is trying to do those authentications is, it has a password that is not "password1" (since if it was using "password1", then the DefaultAuthenticator" would successfully authenticate, and it shouldn't try the OIMAuthenticator), and then OIMAuthenticator is trying to authenticate. Since the USR_PASSWORD is empty, OIMAuthenticator would always fail authentication, and thus the "failed authentication" errors followed by the "soft locked" msgs.
  7) I've tried to track down "what" process is doing the authentications, and I believe that it is EMAGENT. The reason that I say this is that if I stop EMAGENT using opmnctl, the "soft locked" messages stop.
  8) I've tried to set the "monitoring credentials" for the "weblogic" user in EM, to match the "password1", but even after I do that, I still see the "soft locked" msgs, and if I unlock the 'WEBLOGIC' use in OIM, then I get several "failed authentication" followed by the "soft locked" msgs again.
  9) I did an experiment (I'm running this under VMware, so I was able to do a snapshot and then revert after the experiment), where I set the password for the 'WEBLOGIC' user in OIM Admin to the "Password1", and after I did that, the "soft locked" errors stopped, so I believe that whatever process is attempting to authenticate is using the "Password1" password, rather than the "password1" password.
  I also have another earlier installation, that I installed using the "normal" way, i.e., letting the config.sh create a new WL domain, and that works and I don't get these "soft locked" msgs at all. That configuration also has USR_PASSWORD empty in the OIM database USR table.
  So, the question that I have is how do I get the EMAGENT to use the "password1" password instead of the "Password1" password?
  As I mentioned above, I tried changing that in the EM monitoring credentials, but that didn't seem to fix the problem (still got "soft locked" msgs).
  Maybe I've been staring at this problem too long, and am missing something, so I hope that someone can post some suggestions.
  Thanks,
  Jim

  Hi,
  I'm afraid that I'm not doing a very good job explaining what worries me.
  Specifically, I don't understand WHY the authentication of the 'weblogic' user against the DefaultAuthenticator is failing. I know that the reason that OIM is locking the 'WEBLOGIC' user is that the DefaultAuthenticator authentication is failing, causing the attempt to authenticate against the OIMAuthenticator (which also fails because USR_PASSWORD is empty), but why is that authentication against DefaultAuthenticator failing?
  More particularly, I'd really like to find out how to change the password that whatever is trying to do that authentication is using.
  As I said, I tried changing the monitoring credentials in EM already. I think that that actually changed SOMETHING, but not everything. Before that I was seeing 3 soft locked msgs every minute. After I changed the monitoring credentials to a completely different user that I created in the WL Console (emagent_monitor, member of the Monitors group in WL Console), instead of getting 3 msgs per minute, I'm now getting 1 msg per minute.
  So, it appears that it's something else, other than the monitoring credentials, i.e., something else (I don't know what) is trying to authenticate with the 'weblogic' user, but with bad password.
  Jim