User login fails : password expired

Dear portal-gurus,
We're having an issue with our portal 6.0 SP15 installation. When the administrator creates a new user and that user tries to login, the error message is : password expired (no chance for the user to change / reset / his password, although this setting is enabled in the security tab).
When a user registers himself on the portal login page he can successfully login / change his password / etc.
Any help would be very appreciated !
Thanks in advance,
Stefaan Ovaere

Thanks a lot for this information... BUT...
When I try http://<server>:<port>/index.html UME asks my user to change his password. So that works. However, on the standard login page, the only message is password expired or authorization failed (for new users created by the administrator).
In the security.log file I can find :
#1.5#0014224913690069000000180000126C00040BE085A1BE39#1138958849548#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####4bea74c0949711daa2a8001422491369#SAPEngine_Application_Thread[impl:3]_20##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest     | LOGIN.ERROR     | NONE = null     |      | Login Method=[default], UserID=[stova], IP Address=[192.168.22.141], Reason=[Access Denied.]#
But I have no clue to what this is related ! Changing the security login policy ( allow change password ) on TRUE or FALSE seems to have no effect.
We do not use LDAP... so we're talking about pure portal users.
Thanks a lot for your help,
Stefaan Ovaere

Similar Messages

  • User logins fail; admin login is okay

    I'm running 10.3.9 all the latest updates on a 1 Ghz DP G4 with 1Gig RAM.
    Admin login works fine; three user logins go nowhere... beachball just spins and I have to power off the comp to get out.
    If I log in as Admin user and switch to another login, password is accepted but the desktop remains blank.
    Running the comp in target mode, I can see the files of the various users.
    Disk Utility looses connection (as mentioned in another post), not certain if this is also an iTunes update issue.
    Any ideas?
    Thanks!
    1Ghz DP G4   Mac OS X (10.3.9)  

    After following the information to move iTunes to the desktop, I was able to run Disk Utilities and repaired persmssions.
    However, there was no change in the ability for users to login. These users are managed, not standard.
    I reinstalled OS 10.3 in archive mode, checked logins (which were fine) and installed the 10.3.9 update. Logins are broken again.
    I can change the users to standard and they can login with no problem, but the moment I restrict anything (such as cannot change the dock) the logins fail.
    Changing the users to standard allows logins; make them managed and they fail.
    Certainly seems like a permissions issue, but repairing permissions does no good.
    Any suggestions other than doing a clean install?
    1Ghz DP G4 1 gig memory   Mac OS X (10.3.9)  

  • Retrieve nt user login and password with NTLM

    Hi,
    I have already post a topic to find a solution regarding the posting problem after retrieve nt user login.
    Now it's work, but to made an LDAP authentification i would like to retrieve the nt user password.
    Is that possible and how ?
    Thanks for reply.
    Ibouddha

    Yes, but how implements a SSO if we can not retrieve
    the nt user password.People are working on SSO, so they must have a plan which doesn't involve obviously incorrect ideas like getting a password. I don't expect they're going to do it in Java, though. However you may be able to get NTLM user authentication tokens (or something like that) using jCIFS.
    I would like to have only one login and then all
    applications will be able to know who is connectedYou don't need to find a user's password for that. You do this:String user = System.getProperty("user.name");which gives you the current user. Or perhaps by "connected" you meant "connected to your web site". In this case look at jCIFS for their servlet example.

  • Why user portal30 has password expiration date active if it's "never expires"?

    after 3 months of installing and confuguring portal we had to change password... because of expiration date. Is it normal?
    Krzysiek

    Yes it's normal. If you don't want to see the change password screen then edit login serevr configuration and set password expire to large value. thanks.

  • How to share user login and passwords between blog, forum and Dreamweaver?

    I have a site created with Dreamweaver. I want to allow
    visitors to create a username and password which will allow them to
    post blog feedback to many pages on my site, post in a forum, and
    provide their own comments into a database I can show the results
    for on certain pages. The trick is I want this to all work with one
    username and password so they don't have to use 3 different logins.
    I'm not sure if this is too technical, but I thought I'd ask before
    getting into it and realizing it won't work or I don't have a clue
    what I'm doing.
    I want to allow blog data to be added to a page with CSS
    content by both admin and visitors (to create an active discussion
    based on the data on that page). I've seen it on some sites, but
    don't know how to do it myself:
    http://www.joystiq.com/2008/05/19/ea-extends-take-two-purchase-offer-deadline-a-third-time /
    I can see they are using Weblogs Inc. software, but it
    appears the company only collaborates with people they see a fit
    with.
    I also want a forum and I know phpp is recommended. I like
    the interface, but am unsure if the login data can be shared with a
    blog.
    Lastly, I wanted to allow users to write their own reviews
    and then show the results and average them for display on the site.
    I have read and know how to create the database for the site. I
    just don't know how to share the usernames and password information
    with the blog and forum.
    Also, how do I force Dreamweaver to validate that the
    usernames and passwords are exactly correct before letting people
    post under that identity?
    I'm loving Dreamweaver and making sites so far. Just trying
    to take it to the next level.
    Thanks very much!

    juxtafras wrote:
    > I have a site created with Dreamweaver. I want to allow
    visitors to create a
    > username and password which will allow them to post blog
    feedback to many pages
    > on my site, post in a forum, and provide their own
    comments into a database I
    > can show the results for on certain pages. The trick is
    I want this to all
    > work with one username and password so they don't have
    to use 3 different
    > logins. I'm not sure if this is too technical, but I
    thought I'd ask before
    > getting into it and realizing it won't work or I don't
    have a clue what I'm
    > doing.
    >
    > I want to allow blog data to be added to a page with CSS
    content by both admin
    > and visitors (to create an active discussion based on
    the data on that page).
    > I've seen it on some sites, but don't know how to do it
    myself:
    >
    >
    http://www.joystiq.com/2008/05/19/ea-extends-take-two-purchase-offer-deadline-a-
    > third-time/
    >
    > I can see they are using Weblogs Inc. software, but it
    appears the company
    > only collaborates with people they see a fit with.
    >
    > I also want a forum and I know phpp is recommended. I
    like the interface, but
    > am unsure if the login data can be shared with a blog.
    >
    > Lastly, I wanted to allow users to write their own
    reviews and then show the
    > results and average them for display on the site. I have
    read and know how to
    > create the database for the site. I just don't know how
    to share the usernames
    > and password information with the blog and forum.
    >
    > Also, how do I force Dreamweaver to validate that the
    usernames and passwords
    > are exactly correct before letting people post under
    that identity?
    >
    > I'm loving Dreamweaver and making sites so far. Just
    trying to take it to the
    > next level.
    >
    > Thanks very much!
    >
    What you want is a CMS, but your not going to get one for
    Dreamweaver,
    well, not the kind you want. Something like Joomla can do
    this, you can
    add phpBB3 to it, and then using the JFusion extension allow
    them to
    share the user database, but I warn you now, its a steep
    learning curve.
    I ended up buying a book just to get to grips with the key
    concepts.
    Steve

  • Email notification to user prior to password expire

    Hi All
            I have a requirement wherein I need to send  a mail to all users to change their password 2 days before it expires. I found that in table URS02 , field PWDCHGDATE  gives the last date when password was changed..Can anybody help me to build further logic so that the users will get mail 7 days prior to expiry date of their password, say 30 days is my password validity.
    If anybody has worked on this kind of requirement , pls give your inputs on same..
    Regards
    Babita

    Hi there,
    I am faced with the same request.
    Could you please share your solution?
    Regards,
    Thomas.

  • Anonymous user login - failed to start EP server

    Hi all,
    I changed UME properties to allow anonymous access on EP.
    1. Created a user "anonymous" on ABAP system ( i m using ABAP system for users no ldap)
    2. On ep.. System admin ->system configuration -> UM configuration -> Direct editing
    3. Changed ume.login.guest_user.uniqueids to "anonymous"
    4. ume.login.anonymous_user.mode = 1. This property was already 1.. so kept it as it is
    5. Save all changes and restarted the Server using MMC control. Ep dint start
    Developer trace:
    [Thr 3832] Thu Dec 15 11:04:23 2005
    [Thr 3832] JHVM_RegisterNatives: registering methods in com.sap.bc.proj.jstartup.JStartupFramework
    [Thr 3832] JLaunchISetClusterId: set cluster id 3930150
    [Thr 3832] JLaunchISetState: change state from [Initial (0)] to [Waiting for start (1)]
    [Thr 3832] JLaunchISetState: change state from [Waiting for start (1)] to [Starting (2)]
    [Thr 5760] Thu Dec 15 11:05:06 2005
    [Thr 5760] JLaunchIExitJava: exit hook is called (rc=-11113)
    [Thr 5760] JLaunchCloseProgram: good bye (exitcode=-11113)
    I have reseted all the changes i have done, but still its not starting. I used configtool to reset the changes.
    please help me on this as its critical  now.. we are in testing phase..
    regards
    ashutosh

    Core service security failed. J2EE Engine cannot be started.
    com.sap.engine.services.security.exceptions.SecurityServiceException: Unexpected exception:
         at com.sap.engine.services.security.SecurityServerFrame.start(SecurityServerFrame.java:173)
         at com.sap.engine.core.service630.container.ServiceRunner.startApplicationServiceFrame(ServiceRunner.java:211)
         at com.sap.engine.core.service630.container.ServiceRunner.run(ServiceRunner.java:142)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:74)
         at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:141)
    Caused by: com.sap.engine.services.security.exceptions.BaseSecurityException: <b>Anonymous principal not configured</b>     at com.sap.engine.services.security.login.SecurityContext.setAnonymousPrincipal(SecurityContext.java:513)
         at com.sap.engine.services.security.SecurityServerFrame.start(SecurityServerFrame.java:138)
         ... 5 more
    Caused by: com.sap.security.core.server.userstore.UserstoreException: <b>Could not get user J2EE_GUEST</b>     at com.sap.security.core.server.userstore.UserContextUME.engineGetUserInfo(UserContextUME.java:193)
         at com.sap.engine.services.security.userstore.context.UserContext.getUserInfo(UserContext.java:102)
         at com.sap.engine.services.security.login.SecurityContext.setAnonymousPrincipal(SecurityContext.java:507)
         ... 6 more
    Caused by: com.sap.security.api.NoSuchUserAccountException: USER_AUTH_FAILED: User account for logonid "J2EE_GUEST" not found!
         at com.sap.security.core.imp.AbstractUserAccount.<init>(AbstractUserAccount.java:340)
         at com.sap.security.core.imp.DBTextFileUserAccount.<init>(DBTextFileUserAccount.java:56)
         at com.sap.security.core.imp.UserAccountFactory.getUserAccountByLogonId(UserAccountFactory.java:426)
         at com.sap.security.core.imp.UserAccountFactory.getUserAccountByLogonId(UserAccountFactory.java:277)
         at com.sap.security.core.imp.UserAccountFactory.getUserAccountByLogonId(UserAccountFactory.java:458)
         at com.sap.security.core.imp.UserAccountFactory.getUserAccountByLogonId(UserAccountFactory.java:453)
         at com.sap.security.core.server.userstore.UserContextUME.engineGetUserInfo(UserContextUME.java:189)
         ... 8 more
    i have j2ee_guest user on my abap system... and i have not set the anonymous access
    regards
    ashutosh

  • SQL 2012 DB Engine [Login failed: Account locked out] alerts not received from SCOM 2007 R2

    Dear Experts,
    In our SCOM 2007 R2 environment SQL 2012 DB Engine [Login failed: Account locked out] alerts not received but we are receiving the following alerts fr the DB instance.
    1. Database Backup Failed To Complete
    2. Login failed: Password expired
    3. Log Backup Failed to Complete
    4. Login failed: Password cannot be used at this time
    5. Login failed: Password must be changed
    6. IS Package Failed.
    Why we are not receiving the "Login failed: Account locked out" ? Customers are asking the notification email alert for this Rule even I have checked the override settings everything is enabled by default same as above rules.
    What can be the issue here ?
    Thanks,
    Saravana
    Saravana Raja

    Hi,
    Could you please check the Windows security log for (MSSQLSERVER) event ID 18486? The rule should rely on this event.
    Regards,
    Yan Li
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

  • Production site is not functioning due to an User Login Password expire.

    Hi All,
    SQL Server 2005
    We have an issue with user login password expire. Generally we create logins without password expire but the user is unable to login to the server and getting password expire error.
    a) What would be the reasons behind this scenario.
    b) How to resolve this issue.
    c) How can we avoid this issue in future.
    I'm really grateful to your valuable suggestions on this. Thank You.
    Regards,
    Kalyan.
    ----Learners Curiosity Never Ends----

    Hi,
    In addition, you can use
    ALTER LOGIN (Transact-SQL) to configure the enforcement of password policy options of a SQL Server login.
    When CHECK_POLICY is changed to OFF, CHECK_EXPIRATION will also be set to OFF. The following combinations of policy options are not supported:
    If MUST_CHANGE is specified, CHECK_EXPIRATION and CHECK_POLICY must be set to ON. Otherwise, the statement will fail.
    If CHECK_POLICY is set to OFF, CHECK_EXPIRATION cannot be set to ON. An ALTER LOGIN statement that has this combination of options will fail.
    More information, please see policy enforcement section in the following TechNet article:
    http://technet.microsoft.com/en-us/library/ms161959.aspx
    Thanks.
    Tracy Cai
    TechNet Community Support

  • Portal Users Passwords expiring

    In 9.02 it seems my portal users passwords seem to expire for no reason. When it happens, I have to go in and manually re-set their passwords. Is this a bug or is there some place to control this.

    Set the number of seconds before password expiration that the directory server
    sends the user a warning. By default the "Password Expiration Warning"
    parameter is set to 0, which disables the expiration warning.
    Also if the users need to be able to login after the password expiration set
    the "Number of Grace Logins after Password Expiration" parameter to a
    number greater than 0.
    Change these parameters in the following manner:
    1. Start the Oracle Directory Manager from the home of the iAS Infrastructure
    2. Login as the OID administrator, i.e. orcladmin
    3. Click on the + on the left of Password Policy Management
    4. Click on your password policy to change the settings on the right pane
    5. Set the Password Expiration Warning in seconds i.e. 259200 for 3 days.
    6. Set the Number of Grace Logins after Password Expiration to a greater than 0
    value i.e. 1. This will add a last opportunity for the user after his/her
    password expired.

  • Exempt UME user for password expiration

    Is there a way to exempt a user from the password expiration setting? For example, passwords for all users are set to expire every 90 days, but a user id, say "monitor_user", is used in monitoring application to perform an automated logon check. Every 90 days when the password expires, the monitor fails. Is there a way to set this user's password not to expire?
    Thanks

    Glen and Giorgio,
    Let me see if I can clear things up a little bit.
    First, there is the security policy which is controlled by the UME properties. This defines password length, logon ID length, etc. These properties apply to the entire AS Java and cannot be trimmed down for individual users. How they apply to users in different data sources also varies. For example, these properties are ignored to some extent if you have an ABAP system as your user store. See the following link:
    http://help.sap.com/saphelp_nw04s/helpdata/en/7f/c52442ad9f5133e10000000a155106/frameset.htm
    Second, as of NW 04s SPS 7 a new user attribute was added, named "security policy". For individual users you can choose one of the following security policies:
    default users (user can logon, password rules apply)
    technical users (user can logon, password does not expire)
    internal service users (user cannot logon, usually do not have passwords)
    There is a fourth policy: unknown users, applies to certain users mapped from an AS ABAP.
    In SPS 7 I believe and latest in SPS 8, you have limited abilities to change the security policy of the user with identity management. You can change the policy from unknown or default to technical but not back.
    In SPS 9 and later you can change the policy from unknown or default to technical and from unknown or technical to default.
    I wonder if support misunderstood your question and thought you were referring to the first type of security policy and not the second.
    Message was edited by: Michael Shea

  • Windows domain password expired

    Macbook Pro, bound to Windows domain, running 10.7.5
    This one user's domain password expired.  Now, she can't log into the Mac with her new password.  That's all.
    I'm a Windows admin, but I'm fairly competent in supporting OSX.  I'm hoping there's a very easy fix to sync their current password with the domain controller.  For my first trick, I've tried plugging her into the wired network until the red dot goes away and network accounts are "available".  Didn't work.  Unbind, re-bind to domain didn't help either.  Other AD accounts can log into this Macbook with their current passwords (for example: I haven't logged in in over 90 days, our default password expiration period, and I could get in just fine AND I was prompted to update my keychain password)
    Side note:  I was hoping to find the equivalent of a "gpupdate /force" for OSX, but that seems to be hard to find.
    What other information is needed?
    Thanks!

    Hi, did you manage to solve this?
    I have a similar issue:
    - Suddenly, more than one week ago, I could not unlock my Mac, hence I believed that my domain password had exipred
    - By using Outlook Web Access I logged in with the old password, which made me realise that the password wasn't expired after all
    - I thought it was useful to change the password anyway, and I did that using OWA
    - I got back to the Mac and realised that I could not login with neither the old and new passwords!
    - I forced reboot the Mac, and now I can login only with the *old* password, the one that stopped working!
    Since then, I need to use the old password on the Mac and the new on all other network resources associated to the domain. All of this happened while in my office, so no networking complications. I have spent time with the Mac still on the same network but the new password never got 'propagated' to it since. 
    G.

  • Auth result on Domino Webgate if Domino password expire

    Hi
    Appreciate if anyone can provide some input, tips regarding question below:
    How does the Domino webgate handle the situation where the user is authenticated and authorized
    successfully in OAM however their Domino accout password has expired? Does the webgate still
    simulate the Domino login?
    Domino account is the account associated with the OAM LDAP entry that is associated with the user logging
    i.e. the user account. In the case if pass the Domino DN of that user in the REMOTE_USER header variable.
    What happens when OAM user LDAP entry is able to authenticate, but the Domino account user
    password has expired? THANKS

    1. Create an application item :password_expired
    2. in the authentication scheme - post authentication process - set this item with some value if the password is expired.
    3. create an application process like this and make it conditional so it doesn't fire on the page you are using to inform the user about the password expiration (102 in this example)
    BEGIN
       IF :password_expired = 'Y'
       THEN
          HTP.init;
          OWA_UTIL.redirect_url (   'f?p=&APP_ID.:'
                                 || 102
                                 || ':&SESSION.:INFORM_EXPIRED::RP,::'
          HTMLDB_APPLICATION.g_unrecoverable_error := TRUE;
       END IF;
    END;4. On the information page create an onload process like this:
    BEGIN
       apex_application.g_notification := 'Your password has expired.';
    END;and make it conditional using PL/SQL Expression
    :REQUEST IN ('INFORM_EXPIRED')
    Denes Kubicek
    http://deneskubicek.blogspot.com/
    http://www.opal-consulting.de/training
    http://apex.oracle.com/pls/otn/f?p=31517:1
    -------------------------------------------------------------------

  • Password expiration notification workflow

    I need to create a workflow which will send emails to users who's password is about to expire. For reasons I don't want to get into here, I don't want to use a defered task.
    I know there's got to be a way of grabbing a list of users along the lines of
    select all users with waveset.passwordExpiry >= date1 and <= date2
    Can anyone point me in the right direction?

    I need to create a workflow which will send emails to
    users who's password is about to expire. For reasons
    I don't want to get into here, I don't want to use a
    defered task.
    I know there's got to be a way of grabbing a list of
    users along the lines of
    select all users with waveset.passwordExpiry >= date1
    and <= date2
    Can anyone point me in the right direction?Did you happen to get a solution to this? I am trying both query options and to list users with a password expiration date - but to no avail
    <Rule name='GetUsersWithPasswordExpirationDate'>
        <RuleArgument name="aDate"/>
            <block>
                        <block>
                            <defvar name='queryOptions'>
                                <new class='com.waveset.object.QueryOptions'/>
                            </defvar>
                            <invoke name='addCondition'>
                                <ref>queryOptions</ref>
                                <s>passwordExpiry</s>
                                <ref>aDate</ref>
                            </invoke>
                            <invoke name='toList'>
                                <invoke name='getObjects'>
                                    <invoke name='getLighthouseContext'>
                                    <ref>WF_CONTEXT</ref>
                                </invoke>
                                <invoke class='com.waveset.object.Type' name='findType'>
                                    <s>User</s>
                                </invoke>
                                <invoke name='toMap'>
                                    <ref>queryOptions</ref>
                                </invoke>
                            </invoke>
                        </invoke>
                    </block>
        </block>
    </Rule>
    <Rule name="GetUsersWithPasswordExpirationDate">
        <RuleArgument name="aDate"/>
        <expression>
            <block trace='true'>
                <cond>
                    <ref>aDate</ref>
                    <invoke name='toList'>
                        <invoke name='listObjects'>
                            <invoke name='getLighthouseContext'>
                                <ref>WF_CONTEXT</ref>
                            </invoke>
                            <s>User</s>
                            <map>
                                <s>attributes</s>
                                <map>
                                    <s>passwordExpiry</s>
                                    <ref>aDate</ref>
                                </map>
                                <s>nameOnly</s>
                                <Boolean>true</Boolean>
                            </map>
                        </invoke>
                        <s>name</s>
                    </invoke>
                </cond>
            </block>
        </expression>
    </Rule>

  • Facebook User Login Error

    I keep getting a user login failed error everytime I try to get Facebook integrated with iWeb. I called AppleCare, spent a day on the phone with them, and when I connect it directly to my DSL modem via Ethernet, it works. It only happens on my Time Capsule router. I'm using Open DNS and WPA settings. Is there something I can set on the Time Capsule to make this go through? Maybe a firewall port setting? I know what the problem is and where it's coming from, just not the magic switch to flip to get it functional.
    Thanks!
    Nathan

    I also had this problem, and for some reason changing the MTU setting on my router from the default 1500 to 1400 fixed this problem for me. I have no idea why. Facebook worked perfectly well on my Windows laptop before the change.

Maybe you are looking for

  • How to generate a report from stored procedure

    I would like to generate a report from stored procedure. I used to work on sql server. this can be done as easy as put a select statement at the end of stored procedure. The resule can be displayed on the development IDE, like sql developer or consum

  • HT1386 i have updated itunes on my pc but now itunes no longer recognises any device i.e. iphone, ipod, ipad

    I can no longer sync my iphone 4, ipad 2 or ipod touch with itunes on my PC since updating itunes. Itunes does not recognise any of the products but the PC does , Have tried reinstalling itunes but no different any suggestions ?.

  • Seeking help for a  report design

    How to create dynamic footnotes, if it's even possible, with Oracle Reports? A dynamic footnote would be one that appears on a page only if it is used on that page. For example: Regions: South East West North Widget A S: $1500. E: $100. Footnotes: S

  • Itunes ver8.0.1 disc burner not found?

    I downloaded the upgrade and tried to burn a cd from a play list. Message in the apple window above the play list said no disc burner foundno software found. Did not have a proble before. Any ideas??

  • How do I get iPhoto to sync on all my devices

    I have photos on my iPhone, my iPad and my two computers. Some photos are on multiple devices but others are only on one device, my iPhone for example. How do I sync all my photos so that all the devices have all the photos? Is that even possible. I