User lock failed.SU10

Similar Messages

• Attribute Change run failed due to the User Lock

  Hi Friends,
  attribute change run has failed due to the user lock.
  can any one tell me how to process and what is the main cause behind on this.
  thanks in advance

  if master data is loading at same time while the attr/hier change run is occuring,it cause the change run to fail.
  Usually u get error message like..user ALEREMOTE has locked the MD tables..
  Wait for some time and then try attr change run manually by going to rsa1->tools->apply hier/attr change..
  if it still shows locked..try to see in rsmo if a MD load has got stuck..
  else..see in sm12 to find lock is on which tables..
  last resort..delete lock forcefully from sm12..
  first option is wait for some time and give a try again..
  cheers,
  Vishvesh

• User authentication failed when user is locked by system admin

  Hello!
  We have EP 6.0 (SP 18) and ABAP Backed 6.40 (SP21).  UME is connected to the backend system for user managment.
  When we try to log on to EP with a user that is locked by the system admin in the backend, the message shown is "User authentication failed".
  Should it be possible to show a message as "User locked by system admin", for the user to know the reason?
  Thanks in advance and regards!

  Hi,
  We are using SAP EP7 and BW7 SP15. We are getting proper messages in portal when account is locked at BW System.
  Regards
  Baby

• SADMIN User-Id failed logins while running srvrmgr

  Hi All,
  Need help with one of my Customers running srvrmgr command against gateway.
  Customer had installed siebel environment 15 days back and it was working fine. Suddenly, from easter week end seeing sadmin id failing and locking out. Customer is running srvrmgr and see sadmin user-id failed logins with ONLY siebel gateway up, and siebel server down.
  1.He is able to run odbcsql with sadmin id/pwd fine
  2.With sadmin/pwd srvrmgr connects fine, all command line operations are fine. But see sadmin failing in nameserver log file.
  3.I see 2 separate sadmin connections in name server log file which is weird, one with 'sadmin' works fine no failed logins and second with 'SADMIN' which fails. Below are log snapshots. Has anyone seen this issue before
  1. Below error messages suggest login with SADMIN is failing:
  SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:35 Invoking SecurityLogin with username=SADMIN ...
  SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:35 ODBC security adapter configured: connectstring='SBA_81_DM1_DSN', tableowner='siebel', GlobalConnections=.
  DBCLog DBCLogDetail 4 000000034dbf2a6c:0 2011-05-03 15:18:35 Dynamically loading ODBC library functions
  DBCLog DBCLogDetail 4 000000034dbf2a6c:0 2011-05-03 15:18:35 Successfully loaded ODBC library functions
  SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocEnv) Env Handle: 150212040, Time: 0.140ms
  SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocConnect) Env Handle: 150212040, Conn Handle: 150215192, Time: 0.044ms
  SQLConnectOptions Allocate Connection 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocConnect) Conn Handle: 150215192, Time: 0.044ms
  SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:46 (SQLConnect) Conn Handle: 150215192, Time: 10.184s
  DBCLog DBCLogError 1 000000034dbf2a6c:0 2011-05-03 15:18:46 [DataDirect][ODBC 20101 driver][20101]ORA-01017: invalid username/password; logon denied
  SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:46 username=SADMIN : authentication failed due to :
  [DataDirect][ODBC 20101 driver][20101]ORA-01017: invalid username/password; logon denied
  2. Below messages confirm login with sadmin user-id is working fine.
  SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 Invoking SecurityLogin with username=sadmin ...
  SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 ODBC security adapter configured: connectstring='SBA_81_DM1_DSN', tableowner='siebel', GlobalConnections=.
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocEnv) Env Handle: 150006904, Time: 0.062ms
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocConnect) Env Handle: 150006904, Conn Handle: 151411016, Time: 0.011ms
  SQLConnectOptions Allocate Connection 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocConnect) Conn Handle: 151411016, Time: 0.011ms
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLConnect) Conn Handle: 151411016, Time: 0.046s
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLGetInfo) Conn Handle: 151411016, Time: 0.040ms
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Conn Handle: 151411016, Time: 0.034ms
  SQLConnectOptions Set Connection Option 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Handle: 151411016, Time: 0.034ms
  SQLConnectOptions Set Connection Option Detail 5 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Option: 1041, Param: 1090553352
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Conn Handle: 151411016, Time: 0.013ms
  SQLConnectOptions Set Connection Option 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Handle: 151411016, Time: 0.013ms
  SQLConnectOptions Set Connection Option Detail 5 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Option: 1042, Param: 1090553361
  SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 username=sadmin : authentication succeeded.
  SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 username=sadmin : retrieving responsibilities...
  Many Thanks,
  Chaitanya

  Hi Chaitanya,
  Exactly.
  Check for some scheduled batch processes or some repeating jobs which may use this SADMIN Id & Pwd.
  Even I have the experienced this SADMIN account locking and I found that one of my repeating job using the SADMIN Id and its locking the ID frequently, even I unlocked the account.
  Try cancelling the job and create new one.
  Regards,
  Guna M

• User Lock issue when processing IDOCS

  Hi Folks,
  We are pushing the data into SAP using IDOCS.During this process some IDOCS are getting failed due to User Lock on shipment header.Anyone here can share their experience in dealing with User Lock issues.
  Thanks,
  Kiran.

  Kiran,
  Only one can edit the document, it's standard fucntion. I think No note can resolve this. I can suggest you to run a back ground job very frequently ,which picks these status 51 IDOCs and reprocess. Report is :RBDMANi2
  We can use Message class & error message number on selection screen, so that we can make sure that only those idocs which were failed due to Lock problem are taken by the job.
  Reddy

• User lock persists for killed process

  Hi,
  We have an app that acquires a user lock (using dbms_lock, release_on_commit FALSE).
  We needed to kill a session but it remained in v$session (KILLED), even after killing the OS process. Fine, I know it will clear up eventually.
  But the user lock (UL) persists. Does anyone know how it can be force-released?
  Calling dbms_lock.release (using handle in v$lock) fails, even as user SYS, the error being that the user does not own the lock. But the owning session is killed so who can release it?
  Eventually the session (and lock) disappers from v$session/v$lock but can the lock be removed before then, to avoid a DB bounce in an urgent case?
  Thanks

  If the process was truely KILLED and not MARKED FOR KILL then I do not know what could of happened. I cannot remember Oracle ever failing to release a user lock when the acquiring session was terminated. We use a fair number of UL; however, few of our processes have concurrent sessions that attempt to use the same UL. Mostly we just ensure that batch processes do not get submitted twice and that some on demand processes run single threaded or do not run if another customer has submitted the task.
  HTH -- Mark D Powell --

• User Locking out in LDAP

  I guess it's common problem in LDAP. If the user locks out after 3 failed failed logins, The admin needs to be entered in NDS conslole and he need to be unlock after he gets a request from that user. But I couldn't find the property for single User. whatever you specify the parameter in User Lockout tab, it's valid for all the user.
  i.e. if you uncheck the checkbox User lockout check box it's valid for all the users. How to unlock the particular user in NDS???
  any help in this regard is really appreciable.
  regards,
  chandra

  What version of WLS are you using? In the 6.0 beta, user lockout was one of
  the new security features
  added. This way, WLS could detect the failure and allow administrators to
  detect password guessing
  attempts.
  If this is a previous release of WLS, you will need to check the NDS
  documentation for how to unlock
  a given user.
  Paul Patrick
  "chandra" <[email protected]> wrote in message
  news:3a1e3d7d$[email protected]..
  >
  I guess it's common problem in LDAP. If the user locks out after 3 failedfailed logins, The admin needs to be entered in NDS conslole and he need to
  be unlock after he gets a request from that user. But I couldn't find the
  property for single User. whatever you specify the parameter in User Lockout
  tab, it's valid for all the user.
  >
  i.e. if you uncheck the checkbox User lockout check box it's valid for allthe users. How to unlock the particular user in NDS???
  >
  any help in this regard is really appreciable.
  regards,
  chandra

• Reason 413: User Authentication Failed

  Hi, I have not used my VPN connection for quite some time but when I did recently try and log on again I get the box to enter in my user name and password, I proceed to enter it, then the box pops up again, I enter it again, and then it pops up a third time, and I enter it a third time.  Finally I get a Reason 413: User Authentication Failed message box and I never can connect.  Does this sound like a problem with my actual user name and/or password, or could it be something else? I am using Windows8. Thanks

  The actual reson of failure can be seen on the external authentication server. If you have a radius server, please go and check what error message are you getting there.
  Could be dial-in issue, max-number of session, wrong password, acount locked-out etc
  Also let us know what radius are you using?
  Jatin Katyal
  - Do rate helpful posts -

• Reason 413: User authentication failed. rv320

  I tried to use your Cisco VPN CLient ( )
  ANd I got always this error:
  Initializing the connection...
  Contacting the security gateway at 24.37.141.234...
  Authenticating user...
  Contacting the security gateway at 24.37.141.234...
  Secure VPN Connection terminated locally by the Client.
  Reason 413: User authentication failed.
  Connection terminated on: Mar 31, 2014 21:46:35        Duration: 0 day(s), 00:00.00
  Not connected.

  The actual reson of failure can be seen on the external authentication server. If you have a radius server, please go and check what error message are you getting there.
  Could be dial-in issue, max-number of session, wrong password, acount locked-out etc
  Also let us know what radius are you using?
  Jatin Katyal
  - Do rate helpful posts -

• User Authentication Fails,Unless Admin resets the pwd,user cannot logon.

  Hi
  I have a EP7 SP18 Portal .
  The portal UME is Readonly Microsoft LDAP + UME Database.
  I have a user named testuser which exists in Both the UME's.
  the testuser of LDAP is locked through Portal User admin.
  Now whenever the testuser tries to logon to portal,he gets User Authentication Failed message.
  The failed logon  attempt info is not reflcted  in User Account details.when viewd through portal user admin.
  if Administrator resets the Password of testuser in portal,then user is able to logon to the portal using this password.
  Next day,again same thing happens.
  what can be the reason behind this ?
  Regards
  Rajendra

  invalid now.

• "User authentication failed" when connecting with Visual Administrator

  Hello,
  I am having trouble making a connection to my local J2EE Engine using the Visual Administrator (VA).
  I open the VA interface and create a new connection. The default User Name is "Administrator". I put in "localhost" for host, "50004" for port and leave the Transport Layer selection to "Default".
  When I try to connect this way I get the following message:
  User authentication failed
  Next I went into Start|Settings|Control Panel|Users and Passwords  and saw that there were several ids created by the Developer Workplace (DW) installation. The ids that I see are: j2eadm,sapadmin,sapinstall and SAPServiceJ2E
  I checked all of them to see what groups they're members of and they're all at least members of "Administrators" group.
  There are also 3 new groups that must have been created by the DW installation: SAP_J2E_GlobalAdmin, SAP_J2E_LocalAdmin and SAP_LocalAdmin.
  The j2eadm id belonged to all 3 new sap groups so I changed its password to something I'd remember and then changed the connection to use that login.
  When I tried to connect thru VA using this id and the new password I still get the "User authentication failed" error message.
  Can anyone please tell me what I'm doing wrong?
  Thanks in advance for any help.
  David.

  Hi,
  During the installation the SAPINST asks for a Administrator  Password.. This password is very important.
  We had kept same passwords for all userids to start with.
  This helped reduce lot of confusion.
  Warning: if you enter the wrong password 5 times, the userid 'Administrator' gets locked.
  However there is an Emergency password recovery procedures.
  Try this link
  http://help.sap.com/saphelp_erp2004/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/frameset.htm
  Hope that helps
  Regards,
  Siddhesh

• PIRWBUSER user  locked daily

  Hi All,
  daily i found this user PIRWBUSER is locked
  i unlocked it manual but it is not a solution, i want to know why it is daily locked.
  i checked tcode sm37 no scheduale jobs under this user.
  i checked the exchangeProfile for the value of com.sap.aii.rwb.serviceuser.pwd and i put the actual value for the password of that user
  but the problem still i found this user locked
  so could you please help?
  Thanks
  Sherif

  Hi,
  Check the passwords everywhere n follow the steps.
  First of all, compile a list of the names of the relevant users.
  If you also want to change the user for the sending business systems (PIRWBUSER or a copy of this user) you have to be aware that you will have to change the password in all sending systems/adapters.
  The passwords must be changed at the following places:
  1. Transaction SU01 in the R/3 system
                Here, you must change the passwords on the R/3 ABAP side.
  2. Exchange Profile - Server Settings
                Call the PI exchange profile using:
                http://<xi-host>:<j2ee-port> /dir/start/index.jsp
                --> Administration --> Exchange Profile
                Press the 'Connection' button and adjust the password accordingly for the user used here.
                Important: If the system issues the error message 'Password logon no longer possible - too many failed attempts', check in transaction SU01 whether the user used under 'Connection' has already been locked, and unlock that user if necessary.
  3. Exchange Profile
                You must now change the passwords in all parameters of the exchange profile to make them available for the PI Java applications.
                To do this, start the exchange profile as described in section 2, and adjust the changed passwords in all parameters.
  4. SLDAPICUST
                If a PI* user is set in transaction SLDAPICUST adjust the password for this user.
  5. SM59 Destination INTEGRATION_DIRECTORY_HMI
                In transaction SM59, adjust the password of the user used in HTTP destination to an ABAP system INTEGRATION_DIRECTORY_HMI.
  6. SM59 Destination SAPXIPP*
                In transaction SM59, adjust the passwords of the users used in the ABAP connections SAPXIPP*.
  7. SLD Data Supplier in the J2EE
                Log on to the SAP NetWeaver Administrator (http://<server>:<port>/nwa). Under "Configuration Management --> Infrastructure --> Destinations", check the user in destinations SLD_Client and SLD_DataSupplier. Only if a PI* user is set here change the password for the relevant user.
  8. PMI store destination in the J2EE
                Log on to the SAP NetWeaver Administrator (http://<server>:<port>/nwa). Under "Configuration Management --> Infrastructure --> Destinations", change the relevant user password in HTTP destination pmistore.
  9. RFC destinations in J2EE
                Log on to the SAP NetWeaver Administrator (http://<server>:<port>/nwa). Under "Configuration Management --> Infrastructure --> JCo RFC Provider" change the password in the RFC destinations AII_RUNTIME, LCRSAPRFC and SAPSLDAPI* if a PI* user is set there. Choose 'Save' to transfer the changes.
                Important: If user SAPJSF is used here, do not change the password of this user, because it is also used in several J2EE applications. In this case, create a copy of user SAPJSF in transaction SU01 and use this copy in the JCo RFC Provider.
  10. SM59 connections for end-to-end monitoring
                In transaction SM59, adjust the user password in all connections that start with PMI*. You have to adjust the connections both under 'ABAP Connections' and 'HTTP Connections to External Server'.
                In addition, adjust the passwords in the systems where the destinations are pointing to, if this is not the PI itself.
  11. SM59 connections for GRMG monitoring
                In SM59, change the user password in all connections that start with XI_GRMG*. You have to adjust the connections under 'HTTP Connections to ABAP Systems' and under 'HTTP Connections to External Server'.
                In addition, adjust the passwords in the systems where the destinations are pointing to, if this is not the PI itself.
  12. Now restart the J2EE Engine.
  13. Connections from sending business systems
                In all sending systems, you must check whether you are using one of the service users to log on to the PI system, and change the passwords if necessary (PIAPPLUSER).
                For this purpose, check the relevant SM59 destinations and logon data in the sending adapters.
                If the sending system is a system with a release version < 7.00, note that you need to set the password in the XI system in accordance with the instructions in Note 807895 so that it is downward compatible. Alternatively, you can create a copy of the relevant service user for this special connection, assign the downward-compatible password to this user, and use this user for the connection.
  Then check in transaction SU01 whether any users were locked during the changes as a result of failed logon attempts, and unlock these users if necessary.
  Note:
  Check all these things for user PIRWBUSER. It may be possible that some of the steps will not fit for you. i recommend to follow the same password everywhere.
  regards
  Aashish Sinha
  PS : reward points if helpful

• User locking at login failure

  I have set for user locking 30 minutes after 6 fail attempts, in both password and question logins. Anyway, I realize that there are 2 different treatments as below:
  1. when user fails to login with password after n times, user is locked for 30 minutes. User is unlocked correctly after 30 minutes.
  2. when user fails to login with questions after n times, user is locked for good!
  I don't understand why IdM treats both cases differently. Does anyone know how to treat the 2nd case just like the 1st case above?

  Hi,
  // check whether the user belongs to particular role
  IWDClientUser wduser = WDClientUser.getCurrentUser();
    IUser user= wduser.getSAPUser();
       IUserAccount userAcc=usr.getUserAccounts()[0];
  if(userACC.isMemberOfRole("",true)){
  //check
  For ref:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/security-and-identity-management/p-r/protecting%20access%20to%20the%20web%20dynpro%20car%20rental%20application%20using%20ume%20permissions.pdf
  Regards,
  Naga

• LOCKS checking user locked and SQL that he is executing

  Hello all,
  I have this script that inserts into a table the user causing the lock and the users waiting for the lock to be released.
  What I would like to add into this the script is the SQL string that the user causing the lock and the users waiting for the the lock to be released are executing.
  Can you help me on this?
  Script that I have now:
  insert into dba.sessions_bloq
  select sysdate "Data", w.sid "SID E", s1.username "User E", s1.osuser "OS User E", s1.machine "Maquina E", s1.program "Programa E", s1.logon_time "Logon E",
  s.ksusenum "SID B", s2.username "User B", s2.osuser "OS User B", s2.machine "Maquina B", s2.program "Programa B", s2.logon_time "Logon B"
  ,decode(r.ksqrsidt,
  ''MR'', ''Media Recovery'',
  ''RT'', ''Redo Thread'',
  ''UN'', ''User Name'',
  ''TX'', ''Transaction'',
  ''TM'', ''DML'',
  ''UL'', ''PL/SQL User Lock'',
  ''DX'', ''Distributed Xaction'',
  ''CF'', ''Control File'',
  ''IS'', ''Instance State'',
  ''FS'', ''File Set'',
  ''IR'', ''Instance Recovery'',
  ''ST'', ''Disk Space Transaction'',
  ''TS'', ''Temp Segment'',
  ''IV'', ''Library Cache Invalidation'',
  ''LS'', ''Log Start or Switch'',
  ''RW'', ''Row Wait'',
  ''SQ'', ''Sequence Number'',
  ''TE'', ''Extend Table'',
  ''TT'', ''Temp Table'',
  r.ksqrsidt) "Tipo Lock"
  from gv$session_wait w, x$ksqrs r, gv$_lock l, x$ksuse s, gv$session s1, gv$session s2
  where w.wait_Time = 0
  and w.event = ''enqueue''
  and r.ksqrsid1 = w.p2
  and r.ksqrsid2 = w.p3
  and r.ksqrsidt = chr(bitand(p1,-16777216)/16777215)||
  chr(bitand(p1,16711680)/65535)
  and l.block = 1
  and l.saddr = s.addr
  and l.raddr = r.addr
  and s.inst_id = userenv(''Instance'')
  and w.sid = s1.sid
  and w.inst_id = s1.inst_id
  and s.ksusenum = s2.sid
  and s.inst_id = s2.inst_id;
  Thanks in advance

  You can link to:
  gv$sql
  gv$sqltext_with_newlines
  but, if doing this in a trigger, also look at these:
  http://www.psoug.org/reference/system_events.html

• In OWB the repository user installation failed.

  I have installed oracle 10g for oracle warehouse builder and installed owb.
  after installation Im trying to create a reposity using uid: auroora pw:auroora
  and i have entered all the connection fields at last it is showing an eroor as follows.
  the reposity user installation failed on users
  java.lang.exception
  java.lang.Nullpointer.exception.
  I will be thankful to u if u help me in this regard. waiting for u reply.
  thnx in advance
  regards
  srinivas

  I have same problem (java.lang.exception java.lang.Nullpointer.exception.) when I try to add reporsitory user by Repository Assistant. When I fill all pages from that wizard and press Finish, then I get java exception error alert with exception mentioned above. Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit Production With the Partitioning, OLAP and Data Mining options and OWB client10.2.0.3.0/repository10.2.0.3.33. This happened since we have migrated from 32b to 64b version. Any workarounds???