Skip to Content
avatar image
Former Member

UME User Mapping Failure - post installation


I use the Solution Manager 4.0, the J2E engine of the SLD is the SolMan's J2E engine.

I'm following the steps of the post installation guide to configure the SLD. (2.4.x)

after "Configuring SLD security Roles" the usermanagement UME displays the following error:

<i>A check if users can be created failed. The UME configuration might be inconsistent. Check your Security Policy settings (Especial "Maximum Length of Logon ID") and your Persistence Configuration.</i>

I cannot create users, or adding user(s) to roles/groups etc. via the useradmin UI. Does the users have to be created in the Abap System?

This unfortunately happened before creating a user with the role "LcrAdministrator" asigned.

I have changed the Client from initial "001" to the actual client "100".

Could this cause this behaviour?

How can I create users in the UME useradmin UI?

Is the client relevant (for usermapping)?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    May 18, 2007 at 09:44 AM

    Forgot to add that SAPJSF needs to be system type not dialog like the installation sets it.


    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      hi daniel,

      I too faced the same problem after applying sp10 in nwo4s. i created the user in abap stack as a dialog user in SU01with a initial password assigned the role SAP_BC_JSF_COMMUNICATION (which has read and write authorization)

      2 But donot assign SAP_BC_JSF_COMMUNICATION_RO (which has only read authorization)

      3. with the user created in ABAP i tried to login in java stack(Enterprise portal) and it logged me in and it said no roles assigned so then i went to identity management with j2ee_admin and assigned the role super administrator to the user which i created in abap

      4.Now i can use the user with the same password In Enterprise portal (java) and R/3(ABAP)

      Thanks and regards,

      Madhan Raja Selvam.Ela

  • avatar image
    Former Member
    May 18, 2007 at 09:33 AM

    Thomas :

    I have the same scenario as you. My J2EE_Admin got locked and found you could unlock it from ABAP stack entering the client your J2EE engine points too. So whats its happening is that java is saving all the data to the abap stack.

    For to be able to create user / roles using the UI you need that the communication user (default SAPJSF) between ABAP and Java has a role for it. The default rol the installation gives is only read only. So check in your abap stack the role of this user SAPJSF of whatever you used for ABAP-JAVA communication. If you see that he has the role SAP_BC_JSF_COMMUNICATION_RO ( RO = READ ONLY) or some ZSAP_BC_JSF_COMMUNICATION_RO , just assign him the role

    SAP_BC_JSF_COMMUNICATION by copying it to ZSAP_BC_JSF_COMMUNICATION. This role lets the communication user write to the abap stack.

    For changes to be reflect you need either to restart the whole server or just wait about 30 minutes ( the changes from abap to java takes that time to reflect, the only way to make it sooner is restarting, seems a hardcode setup).

    This only will let you create users / roles but the mesage will still be there that you have your UME incosistent.

    This is because the JAVA and ABAP password and login name policy do not match. You have to make them match by having the minimum requirements of passwords and login names the same.

    For ABAP password profiles parameters check this link ->

    pass" target="_blank">">pass profile parameters

    On your Java stack you can see them in your Identity managment.

    Now my problem is that I cannot change things from the JAVA stack, I can create but not change existing users or Roles, the error says its beeing block by another process , but doesn't say the name and I have only admin rights, so I coudnt find out why this error, Im resarching it, new to Java administration aswell. But if you manager to change them, please let me know and we could check our differences.

    This will surely help you

    All this info you can check what I wrote from by this link

    UME" target="_blank">">UME Managment ABAP Data Source


    Add comment
    10|10000 characters needed characters exceeded

  • May 16, 2007 at 12:52 PM

    Hi Thomas,

    If you configured your J2EE to use your ABAP stack users there is no problem. Just create a new admin user with LcrAdministrator and you should be able to login again to the JAVA stack.

    Within your j2ee admin tool you can have a look to which master client your J2EE is pointing.

    Have a great day,

    Sjoerd Lubbers

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hey Sjoerd,

      the problem for me is not to being able to create new users via the UME tool useradmin.

      The existing users are locked, an there is no way to create new users.

      I deleted the role LcrAdministrator and managed the users/roles/groups as described in the guide.

      The warning message is still appearing.

      thanks for helping!

      Message was edited by:

      Thomas Uhl

  • avatar image
    Former Member
    May 17, 2007 at 07:22 AM


    If all the user's are locked and if you are not able to do anything in UME then you can activate the emergency user. For this, you need to do configurations in the config tool and requires re-start of the engine.

    Please refer the link below for more information as well.



    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hey Murali,

      seems to be a good idea.

      But the prerequesites of the linked solution is:

      "The J2EE Engine is running as a Java-only installation."

      As I´m using the Solution Manager as host for my SLD (Testscenario) I'm having a double stack installation.

      I'm still able to log on to the UME.

      On my ABAP Stack I found the unlocked J2EE_Admin with the role SAP_J2EE_Admin.

      So what could be wrong?