User XISUPER locked due to incorrect logon

Hi all,
We are facing one major problem as
Time Ty. Nr Cl. User Tcod MNo Text
00:17:56 DIA 002 700 SAPJSF US1 User XISUPER locked due to incorrect logon
in system log.
We checked all the RFC connections all are fine.
What would be the issue?
Regards,
Shivraj C.
Edited by: Shiv Chalke on Jul 27, 2009 8:24 AM

Hi,
>>>We checked all the RFC connections all are fine.
in most cases such issues are very easy to track
just check out documentation on where the XISUPER is used
for example for SLD access from PI - SLDAPICUST, etc.
so just check it out and you will know in a flash
Regards,
Michal Krawczyk

Similar Messages

Unlock specified users which locked due to incorrect logon automatically

Hi experts, All users will be locked if he logon incorrectly 3 times in our system now and unlocked in the midnight.
Can I unlock some specified users automatically in specified time I set or is there any method to exclude these specified users to be locked even logon incorrectly 3 times ?
Best wishes,
Evan

>
Rao Evan wrote:
> Hi Alex, thank you for your reply, it seems there is no normal method to do it. Maybe I need ABAPer to help solve it.
>
> Best wishes,
>
> Evan
Hi Evan,
Alex is right: it's worth to clarify (with the auditors) which system behavior is desired before taking any action (in terms of coding). Let me guess: those "special" users are belonging to the "upper management" user group ... - they just don't like the feeling of being "locked out" (even if it was their own fault not to memorize the password). Unfortenately, exactly those users are critical and potentially subject of password attacks (since they are equipped with powerful authorizations).
Maybe it would sense to convince the management to invest in smardcards (at least for that special user group). Using a non-password based user authentication mechanism eliminates the risk of undesired password locks - without imposing other (even greater) risks.
If you still want to implement such automatic unlocking (despite the advice given above) you should write your own tiny ABAP report which then submits function calls to BAPI_USER_UNLOCK and schedule a periodic background job for that report.
Cheers, Wolfgang

PIRWBUSR - Locked due to incorrect logons

Hello,
after installation of XI 7.0 the user PIRWBUSR is locked due to incorrect logons. After unlock the user an set the password new in the XI (su01), SLD and in the Exchange Profile (com.sap.aii.rwb.serviceuser.pwd) the user is locked in the next minutes. Have somebody an idea, where i must change the password too?
Kind regards,
Markus

Hi Markus,
you can try the following actions:
- connect to http://<server>:<port>/useradmin, enter PIRWBUSER as logon name with the current password, and see if a password change is needed.
- if you are using ONE sld for two system, make sure that the 2 user (PIRWBUSER) have the same password.
Hope this help
Francesco

Locked due to incorrect logons ! (Lock 130)

users are being locked due to incorrect logon attempts, but the usual lock type of 128 for this type of error is not happening.
these users are being locked with 130.
when trying to replicate the problem using a test user on the same system, the account is locked with 128.
any thoughts?

Wolfgang Janzen wrote:>
> ... (and in some future release might no longer possible, due to the ABAP package concept which has become stricter with NetWeaver 7.10).
Thanks Wolfgang!
I have been curious for many months now and have also done some "advertising" with developers. All developers I know agree, but some would like to see it happen first...
We (over lunch etc) were speculating about the call stacks, repid etc and cprog were the main candidates.
Perhaps we were lost in the trees (and tables) and did not see the whole forest...
All people I respect consider this to be a step in the right direction, even if it creates some irritations...
I am sure that SDN can also help to sustainably overcome those irritations.
All the best for 2008 (and release ?) and thanks for all your insights and help to understand the system during 2007!
Kind regards,
Julius

User is getting locked due to incorrect password every few minutes SAPJSF

I have gone through solution manager configuration both as myself and as user solman_admin. Recently the Solution manager system was changed to enforce a more complex password scheme. After changing my password, my account is now getting locked every few minutes due to incorrect logon attempts. The System log states that user SAPJSF from Terminal <solution Manager host name> is attempting to login with my userID and is locking it. so far I have made every change I know to make to all the accounts on the JAVA side and to any and all background jobs that are running to remove my userID from these entries. My account still gets locked and I have no idea where to find what task or process is locking the account.
Any ideas would be greatly appreciated.

I have checked the audit log and it is not very helpful. Here are the results
Date Date/Time User Terminal name Transaction Code Program Message Text
11/12/2010 9:29:39 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:29:39 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:29:39 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:29:39 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:29:44 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:29:44 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:29:44 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:29:44 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:31:30 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Password check failed for user BSEWELL in client 001
11/12/2010 9:31:30 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 User BSEWELL Locked in Client 001 After Erroneous Password Checks
11/12/2010 9:31:30 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 1, Type = U)
11/12/2010 9:31:30 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 53, Type = U)
11/12/2010 9:32:36 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 53, Type = U)
11/12/2010 9:32:36 AM SAPJSF wsapvsmsdb.png.loc SAPMSSY1 Logon Failed (Reason = 53, Type = U)

Outbound queue locked due to incorrect password

Hi Gurus,
I'm having a problem to activate an Integration Model as I'm getting an error stating that the outbound queue is blocked due to incorrect password.
I have set up the RFC destination of the SCM ECC logical systems wit a valid user (I tested it). I've changed between using a Dialog user and a Communications Data user. Between every change I made I've cleaned the queue using transaction CFQ1.
Do you have an I idea of what I might be missing?
Many thanks,
Diego

Diego,
It is unclear to me which system you are experiencing the problem on. Either way, the reasons are usually the same. I will address establishing the ECC>SCM link. Works the same way in the other direction.
Every time I have had the problem you are experiencing, I usually find that the fault lies with me, not the system - I have made assumptions that were not correct.
BD54 ensure that your logical system name is what you think it is. Unless you are rigorous in your naming conventions, it is easy to become confused between logical names/hostnames/system names for SCM and ECC, ,
NDV2 ensure that the SCM system is properly identified
SM59 Make sure your IP address, or hostname is right. Make sure the system you are logging onto interactively is the one being accessed in SM59. Make sure you have the right userid. Password is casesensitive on some versions of R/3 and APO, but not casesensitive on others. I always use UPPERCASE text only for PWs, at least until everything is totally debugged.
From a technical standpoint, your RFC userid can be interactive or system, I always start with interactive until the intefaces are totally debugged. You auditors may have an opinion the final settings in the production system in this area..
Rgds,
DB49
I hear and I forget. I see and I remember. I do and I understand.
Confucius

WAS Portal User locked - Due to bad logon

Hi,
Is it possible to adjust user's bad logon attemp in WAS portal 6.4?
If a user enter wrong password more than three time, the system locked that user. It happened three times to admin user. We activated SAP* and unlocked the user.
If any one knows like how to increase the number of wrong password attempt...it would be great.
Thanks,

Hi,
For increasing the logon attempts, you have to follow below steps:
Step 1: Go to <Driver>:\usr\sap\<System ID>\JCxx\j2ee\configtool --> Configtool.bat
ex: C:\usr\sap\Y76\JC03\j2ee\configtool --> Configtool.bat
Step 2: cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
select property : "ume.logon.security_policy.lock_after_invalid_attempts = < Enter Number>"
ex: ume.logon.security_policy.lock_after_invalid_attempts = 6
Step 3: save
Step 4: Restart the Engine.

TS2446 Locked due to incorrect security question asked of me that's not in my profile

You asked me the wrong security question about my password to make purchases so you locked my apple I'd pswd......
Tommika Shinault Wilson

You aren't talking to Apple here. This is a user to user forum. If your ID is locked, contact iTunes store support for assistance: https://ssl.apple.com/emea/support/itunes/contact.html.

IPad is locked due to incorrect security answers

Trying to download a movie for flight home. Was asked security questions answers didn't match. Locked out.

You need to ask Apple to reset your security questions; this can be done by phoning AppleCare and asking for the Account Security team, or clicking here and picking a method, or if your country isn't listed in either article, filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(106653)

Regular blue screen occurance and now bios lock due to incorrect password

Product ID: B6V17PA

You should have gotten a code along with System disabled message. Post that code here
******Clicking the Thumbs-Up button is a way to say -Thanks!.******
**Click Accept as Solution on a Reply that solves your issue to help others**

J2EE_ADMIN user getting locked frequently

Hi SAP Guru's,
The user J2EE_ADMIN in our nw2004s system is getting locked frequently. We have changed the password of this user in ABAP via SU01 & in JAVA in the secure store via configtool. The server was re-booted after doing these changes. Still the user J2EE_ADMIN is getting locked frequently. Also in SM21, we have a log "J2EE_ADMIN locked due to incorrect logon" for this locking which mentions the user as SAPJSF (Communication user between ABAP & JAVA).
Is there a possibility that SAPJSF is locking the user J2EE_ADMIN ?? how & why ??
Any help on this will be highly appreciated.
Thanks,
Sanjeev.

have you solve this issue? we have the same!
every half hour (xx:51:00 and xx:29:00), the J2EE_ADMIN user is locked by user SAPJSF transaction KRNL from the local host (terminal).
We have changed the pass in secure store in configtool to the pass we used in abap.
In "Visual Administrator" "Cluster>Server>Services-->Security Provider" the user have a checked box at "No password change required"
We searched for other places with a wrong pass (Jco Connections = no J2EE_ADMIN used, SLD = no J2EE_ADMIN used), but found nothing.
need help pls.
regards
chris

User unlock due to Incorrect attempts

Hello Experts,
We are trying to implement a solution where password reset should also unlock users locked due to incorrect attempts in SAP. Is there a way in IDM to identify the lock type of a user
Best Regards,
Mohammed

Hi Mohammed,
Here is my solution, it works, but you will have to add additional task and script to check the status(as well, it will take longer).
Solution:
In your order task group 8. Set ABAP User password(SAP connectors) add additional task(as first task), that will read from SAP(read the islocked - flag(for user lock) and iswronglogon - flag(for password lock) from SAP) and store the data in some temporary table(sap_locked_temp_table....), as well when you are reading the data from SAP you can add a script to check the result and in case of SAP lock - islocked=L, to skip the next task(skip the password change for this system). Keep in mind that you will have to do this check for each system, so in your temporary table you have to keep not only the userid, but and the system in which the user is locked.
But if you want to unlock the password, without unlocking the user, it's not possible, as the flag iswronglogon doesn't work with ToSAP pass, you can only read it.
My solution works in case you want to unlock the password only if the user is unlocked.
BR,
Simona

IdM User automatically locking ABAP account after setting new password

Hi Experts
We are currently facing a problem, where it seems that the idmuser used when provisioning to ABAP is setting a value 128 (locked due to wrong logon) almost simultaneously as setting the new password on the user. I have found the information under SU01 and changes on the user account.
I cannot find anywhere in IdM that the value 128 is set to the "islocked" attribute. When provisioning new passwords, we do'nt even try to set the "islocked" attribute. We do unlocking/locking in separate tasks - and NEVER us the value 128.
Does anyone have a good explanation as to why/how this can happen?
Kind regards
Heidi Kronvold

Did you resolve this? I have a similar (though not identical) problem in that the user gets no password assigned when provisioning. Even users that already exist in that system get their password removed which effectively disables the password not allowing the user to login. I am using 100% out of the box SAP provisioning framework.

The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError) Log on failed. Ensure the user name and password are correct. (rsLogonFailed) The user name or password is incorrect

I am able to run the report fine in BIDS in the preview window, and it deployes fine. When it goes to view the report in the browser, I get the following error. There is no domain, I am using a standalone computer with SQL Server and SSRS on
this one machine.
Can anyone point to where I might configure the permission it is looking for? thanks! Steven
The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError)
Log on failed. Ensure the user name and password are correct. (rsLogonFailed)
The user name or password is incorrect
Steven DeSalvo

Hi StevenDE2012,
Based on the error message "The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError)", it seems that the Unattended Execution Account settings in Reporting Services
Configuration is not correct.
Reporting Services provides a special account that is used for unattended report processing and for sending connection requests across the network. Unattended report processing refers to any report execution process that is triggered by an event rather than
a user request. The report server uses the unattended report processing account to log on to the computer that hosts the external data source. This account is necessary because the credentials of the Report Server service account are never used to connect
to other computers. To configure the account, please refer to the following steps:
Start the Reporting Services Configuration tool and connect to the report server instance you want to configure.
On the Execution Account page, select Specify an execution account.
Type the account and password, retype the password, and then click Apply.
In addition, please verify you have access to the Report Server database by following steps:
Go to SQL Server Reporting Services Configuration Manager, make sure the configuration is correct.
Go to Database, Verify that you can connect to the database.
Make sure you are granted public and RSExecRole roles.
Reference:
Configure the Unattended Execution Account
Configure a Report Server Database Connection
If the problem is unresolved, i would appreciate it if you could give us detailed error log, it will help us move more quickly toward a solution.
Thanks,
Wendy Fu

SLD User gets locked; four unsuccessful logons every 15 minutes

I have a landscape with a PI with the SLD on it. I defined a user with the name SLDUSER and the appropriate authorizations. The PI is a Unicode system, like all systems in the landscape.
There were already some application servers (CRM, Banking Services, Composition Environment) connecting to this SLD and everything went fine.
Now I added another application server, an ERP, for FI-CAx (NW 7.02). As the business partners are distributed via XI through the PI system, the ERP needs to connect to the SLD, too.
I set it up as usual:
- sldapicust: host, port, SLDUSER, password. (What is weird is that there is no test button as in all the other systems ... maybe that depends on the installed EhPs.)
- This generated the destinations (type T = TCP/IP) SLD_UC and SLD_NUC automatically.
- I created destinations SAPSLDAPI and LCRSAPRFC manually in sm59, type T = TCP/IP, set them to Unicode, entered the same (two different) Registered Server Programs that are used in these destinations on all the other servers (CRM, PI, BaS).
- I ran rz70, entered the host and gateway, activated, executed the data collection.
SLDCHECK runs successfully on the ERP system!
The technical system for the BS1 showed up in the SLD as expected.
- I configured the clients / business systems on the SLD.
Now begins the problem. The SLDUSER is now getting locked all the time! It's definitely the ERP system causing it - when I prevent it from accessing the PI (by changing the hosts file on the operating system), the problem stops.
I activated everything critical related to logons and RFCs in sm19 and looked at the logs in sm20. This is what it looks like:
17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     User SLDUSER Locked in Client 001 After Erroneous Password Checks
17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
17.08.2011     19:55:05     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
17.08.2011     19:55:05     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
And it goes on like this. So what happens is this: Every 15 minutes, at :10, :25, :40, :55, there are four unsuccessful logons with SLDUSER. With the fifth logon it gets locked.
Again:
- This stops when I make the PI inaccessible to the ERP.
- SLDCHECK still works completely fine in ERP - until the SLDUSER is locked, of course; then it stops working in all connected systems. It does not result in unsuccessful logons on the PI.
- When I run rz70 on the ERP and run the data collection this also reports success and does not create unsuccessful logons on the PI.
- I have not used the SLDUSER in any other locations besides sldapicust.
So what the hell is wrong with this system?!

I have created a separate user SLDUSER_ER1 just for use in the sldapicust in the new ERP system that causes the problem. Still SLDUSER is getting locked (not SLDUSER_ER1)!
I powered down this ERP system ER1, just to make absolutely sure it is causing the problem - indeed the unsuccessful logon attempts every 15 minutes stopped right away.
As a workaround and for narrowing down the problem I have created separate users SLDUSER_CR1 etc. for each of the other systems in the landscape (CRM and so on) - indeed those do not get any unsuccessful logon attempts.
I have deleted all four SLD-related destinations in ER1 and recreated them from scratch (SLD_NUC and SLD_UC being generated when running rz70). I also used the "delete all batch jobs" button in rz70.
Still, SLDUSER is getting locked.
I checked on the PI system in C:\usr\sap\PI1\DVEBMGS00\j2ee\cluster\server0\log\system\httpaccess\responses_00.0.trc and see it is indeed the IP of the ERP system that gets the error 401 exactly at the times when the unsuccessful logon attempts occur:
[Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [140]
[Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [79]
[Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [62]
[Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [47]
As the ERP has no Java instance and the sldapicust does not contain the SLDUSER (but the new SLDUSER_ER1) it is a mystery to me what it is that is still running every 15 minutes in the ERP and tries to use SLDUSER.
I went through the entries in SECSTORE and could not find any use of SLDUSER (only of SLDUSER_ER1, as it should be).
Edited by: Monika Eggers on Oct 2, 2011 3:08 PM

User XISUPER locked due to incorrect logon

Similar Messages

Maybe you are looking for