Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dialog user is being locked every few hours

former_member247560
Discoverer

‎07-26-2016 10:36 PM

A dialog user is being locked regularly and I cannot find how or from where. I have already checked logs, Gateway, rfc trace everything but I cannot find whom is locking the user.

sm20 shows something like this

Preview file
63 KB
8 REPLIES 8

Colleen
Advisor
Advisor

‎07-27-2016 12:25 AM

0 Kudos

did you check the logs in the connecting systems where the call is originating from?

Former Member

‎07-27-2016 12:51 AM

0 Kudos

If you don't get the source information in Security Audit Log, I would recommend you, as a second option, to enable the Gateway logging with Open RFC Connection option enabled, to monitor all the connections being performed against your system. Once you detect in SM20 the user was locked again, then go and check in Gateway logging for that specific time frame.

You should see something like this:

O Tue Jul 26 2016 20:47:47:636 open server connection (lu=<IP_ADDRESS>, addr=<IP_ADDRESS>, tp=sapdp00, type=R3_CLIENT)

If you correlate the time stamp of this type of event with the time stamp of the events in SM20 then you will find the source IP address, after that you can check who is the owner of that IP address.

DavidLY
Advisor
Advisor

‎07-27-2016 3:21 AM

0 Kudos

Hello,

Check the RFC-connections pointing to the affected system for incorrect credentials.

SAP Notes 495911, 171805 will help you further.

Regards,

David

Former Member

‎07-27-2016 5:00 AM

0 Kudos

Hi,

I think, it comes from some sort of RFC logons, may be from external systems. With the old version of Kernel, all the details of RFC failures will not be logged in SM20. I would suggest you try to analyse it with a profile parameter "rfc/signon_error_log" (dynamically changeable, no restart is required). With this parameter, you can generate the short dump for RFC logon failure to analyse it further. Hope this may help you a bit. Refer the below note for more information.

91980 - Missing output of RFC short dump after login error

Regards,

Ganesan

former_member247560
Discoverer

‎07-27-2016 7:11 PM

0 Kudos

Thanks everybody for your quick and helpfull answers. I don´t know whats's going on. I have checked dev_w0 and gateway trace file and SM20 transaction. I could match the user at the time it is being blocked looking at sm20 and dev_w0 .  Nevertheless I couldn´t follow a convid from dev_w0 file to dev_rd file in order to identify the origin of the blocking session. Any idea ?

Thanks for your help.

DEV_W0

M Wed Jul 27 05:38:20 2016

M  ***LOG US1=> Login, Wrong Password (TECBAPT ) [sign.c       4527]

M

M Wed Jul 27 05:40:03 2016

M

M  *****************************************************************************

M  *

M  *  LOCATION    SAP-Gateway on host sapap1 / sapgw01

M  *  ERROR       connection to partner 'loopback:0' broken

M  *

M  *  TIME        Wed Jul 27 05:40:03 2016

M  *  RELEASE     701

M  *  COMPONENT   NI (network interface)

M  *  VERSION     38

M  *  RC          -6

M  *  MODULE      nixxi.cpp

M  *  LINE        4205

M  *  DETAIL      NiIRead

M  *  SYSTEM CALL recv

M  *  COUNTER     96657

M  *

M  *****************************************************************************

M

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

SM20

sapap1|27.07.2016|03:38:19|TECBAPT|        |               |SAPMSSY1           |RFC/CPIC Logon Failed, Reason = 1, Type = R                                         |

|sapap1|27.07.2016|04:38:19|TECBAPT|        |               |SAPMSSY1           |Password check failed for user TECBAPT in client 100                                |

|sapap1|27.07.2016|04:38:19|TECBAPT|        |               |SAPMSSY1           |RFC/CPIC Logon Failed, Reason = 1, Type = R                                         |

|sapap1|27.07.2016|05:38:20|TECBAPT|        |               |SAPMSSY1           |Password check failed for user TECBAPT in client 100                                |

|sapap1|27.07.2016|05:38:20|TECBAPT|        |               |SAPMSSY1           |User TECBAPT Locked in Client 100 After Erroneous Password Checks                  

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

Former Member
In response to former_member247560

‎07-27-2016 11:44 PM

0 Kudos

Hi,

Do you have any short dump for this logon failure in ST22? Is it possible for you to create the dump as i mentioned in my previous post as you are using the old Kernel patch of 701 release? We can have more information in short dump about this error. The information in SM20 and dev*.log is not enough to trace the root cause.

Regards,

Ganesan

DavidLY
Advisor
Advisor
In response to former_member247560

‎07-29-2016 2:22 AM

0 Kudos

Hello,

The explanation of this 'RFC/CPIC Logon Failed, Reason = 1, Type = R'

can be seen in the attached note 320991:

Reason 1 means  -> Incorrect logon data (client, user name, password)

Hence, what is happening? The RFC call is being made using this user with incorrect logon data.

Unfortunately, there is no way to find which RFC is using it; you will have to perform a deep search on this system.

In such scenarios, if you cannot find the incorrect RFC being used, the recommendation is to create a copy of this user and use the copied user instead. Otherwise, the solution is to find the RFC with incorrect logon data and correct it.


Regards,

David

Bernhard_SAP
Employee
Employee
In response to former_member247560

‎08-01-2016 2:01 PM

0 Kudos

As David told you earlier already, you can use SAP note 171805 to find out, from where the RFC is coming from. There oyu have to check each connection then if it uses TECBAPT .

b.rgds Bernhard