on 03-03-2014 6:10 PM
Dear experts,
I am trying to define a Java system in our Solution Manager in order to be able to generate an .xml stack configuration file
for an upgrade. The diagnostics agent has been installed.
I am clicking on Configure System in solman_workcenter, a new web browser opens with a multi-step setup.
I am getting to step 6 to create users. My user store is an ABAP system. At this step, there are 2 users, that need to be
created automatically: SAPSUPPORT and SM_COLL_<SID>.
In the Action combobox, there are only 2 options - Do nothing and Provide Existing User, though no option to create those
users automatically...
The SAPSUPPORT user already exists, as it was created during defining the ABAP system. I have created the SM_COLL_<SID>
user manually in the useradmin panel of Java and I have assigned the suggested roles to it.
I have selected Provide Existing User, typed in the password and after clicking on Execute, the following error pops up:
User J2EE_ADMIN is not allowed to perform this request. Check SAP Note 1647157.
I have googled a little and found SAP Note 1647267 - Solution Manager adaptation to Java UME security, and downloaded
it on our Solution Manager, though it says "Cannot be implemented".
Though there is no way to say that this step is done and the point remains gray. Nevertheless, I decided to continue to the
next step 7, called Configure Automatically. When I click on Execute all, almost all the points are getting green, except for
WEB Services Logical Port Creation. It shows the following error: Java communication user is not operational. Activity aborted.
WHY ?? The user exists and is very well operational... !! Can I skip this point and go ahead ?
PLEASE help me !! Thanks 🙂
Hello Symon,
Error clearly says that , you can not perform this step with administrative user 'J2ee_admin" .
You can use other id like e.g: your own id .
Note 1647157 clearly says :
Due to security reasons, the implicit permissions of the administration user that is created during the installation of an AS Java were removed. No end users, especially no powerful end users, should be able to read or change user data through the SPML service.
You can also create a user as mentioned in note 1647157 and use to perform this step.
Hope this helps.
Regards,
Archana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Archana and many thanks for your reply.
Unfortunately your suggestion is not clear to me, therefore I would kindly ask you to be a little bit more specific 🙂
I am not getting where does this J2EE_ADMIN user is coming from... I am logged into the Solution Manager using a user, called solman_admin, for the Java managed system, I am specifying those SAPSUPPORT and SM_COLL_<SID> users, which I created manually...
So, if I create "a user as mentioned in note 1647157", where should I login with this user or where should I specify it ?? Please explain me exactly what do you mean...
Many many thanks !!
P.S.: Is it possible to skip the steps "Web Services Logical Port Creation" and "Generate System-level Metrics" ? Will I be able to generate a valid .xml stack file in MOPZ without those 2 steps ?
Dear Symon,
You can create or copy user from j2ee_admin and use that user.
You can copy J2EE_ADMIN user in JAVA http://hostname:500<instance number>/useradmin
You can copy J2EE_ADMIN user in ABAP (Transaction SU01).
maintain same password for both users.
Thanks & Regards,
V Srinivasan
Hello Symon,
Based on the error message , I assumed that you are running managed system setup using "j2ee_admin" since admin users are not allowed for running setup configuration.
Please check note 1612514 - Solution Manager 7.1 SP Stack 03: recommended corrections
Current NW security policy implies that the "Create users" setup in Solution Manager transaction SOLMAN_SETUP (scenario "Managed system configuration") is failing for Java or double stack managed systems (including the Solution Manager system itself) and (some) users won't be created. There are two cases:
Action:The managed system Java setup user provided in "Enter System Parameters"needs to have additional permissions even though it is already an user with administrator privileges (see SAP note 1647157).
Action:
Given that the SPML service (on the managed system) is not accessible (see also SAP note 1616058), you need to double check manually whether the user has been already created with the requested type (dialog or technical user) and the appropriate roles (UME & J2EE security). Else create the user using the managed system UME for independent Java stack systems, or using transaction SU01 (or the Central User Administration system) in case an ABAP back-end is used. Be aware that the step "CreateUsers" might list some roles that do not exist on the managed system, as the available roles vary with the managed system releases. In such case, simply ignore the assignments for the none existing roles. Finally provide the username and password in the step "Create users" using for each user the "Provide existing user" action.
As per the case 1 , you need to have additional privileges ,which note 1647157 suggests to create.
Since you have manually created user in the system , I feel you can ignore this step.
Regards,
Archana
Can you please check which user you have entered in step 4 - "Enter system parameter", you might have entered user "J2EE_ADMIN" here.
My suggestion is to create the role as mentioned in SAP note 1647157 and then assign this role to your J2EE_ADMIN user or the user which you have mentioned in step 4. After doing this repeat the
step for creation of user SM_COLL_<SID>
Experienced similiar issue. The user in step 4 was set to a default user instead of techinical. In the UME configuration for DEFAULT user password was set to 90 days. This was the only difference between the two profiles. After chaning the user to Technical I was then able to complete step 6 without any errors.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.