Skip to Content
avatar image
30
Former Member

SUM authentication issue with saphostctrl – Authentication Required

We are trying to start the Software Update Manager (SUM) 1.0 SP20 PL4 on an Netweaver 7.02 Sandbox with Red Hat Enterprise Linux 7 and DB2 (DB6).

We extracted the SUM package to /usr/sap/<SID>/SUM and started the tool via command (with root):

./STARTUP confighostagent QHR &

or

./STARTUP <SID> &

When calling the URL http://localhost:1128/lmsl/sumabap/QHR/doc/sluigui the authentication box appears where we type in the sidadm credentials. When we confirm the credentials the box appears again after 1 second. No matter if the credentials are correct (sidadm with correct password) or not (any login with any password), the authentication box appears again (see attached screenshot).

This is, what we already checked:

  1. Restart of the SUM
  2. Restart of SAP Host Agent
  3. Installation of latest SAP Host Agent version
  4. Restart of complete virtual machine
  5. Tried Internet Explorer, Firefox, Chrome in normal mode and in private browsing mode
  6. Re-download / re-extract of SUM to /usr/sap/<SID>/SUM
  7. Check of file authorizations of SUM

Notes we checked:

  • 927637 - Web service authentication in sapstartsrv as of Release 7.00
  • 1563660 - sapcontrol, user authorization issues (SUM)
  • 2284028 - SUM SL Common UI : Troubleshooting problems with the new SUM UI
  • 2426160 - DB6: Add. Info - Software Update Manager 1.0 SP20

We changed the saphostctrl tracelevel to 3 and found an error in the /usr/sap/hostctrl/work/sapstartsrv.log after trying to authenticate again:

[Thr 140134583793408] Authenticate check on cache failed

Tue Jul 11 17:21:34 2017

pam_authenticate_user -> service( sapstartsrv ) user (
qhradm )

*** ERROR => pam_authenticate ( qhradm ) failed :
Authentication failure  [usercheckux. 243]

[Thr 140134583793408] helper exit with return code 251

Tue Jul 11 17:21:34 2017

pam_authenticate_user -> service( login ) user ( qhradm )

Tue Jul 11 17:21:36 2017

*** ERROR => pam_authenticate ( qhradm ) failed :
Authentication failure  [usercheckux. 243]

[Thr 140134583793408] Tue Jul 11 17:21:36 2017

[Thr 140134583793408] helper exit with return code 251

[Thr 140134583793408] *** ERROR => soap_check_permission
authentication: ( qhradm, ExecutOperation ) FAILED [DefaultOpera 163]

[Thr 140134583793408] Authenticate clear cache

[Thr 140134583793408] Unauthorized (user authentication
required)

[Thr 140134583793408] *** ERROR => Authentication is
required  [HTTPProxyHan 258]

[Thr 140134583793408] HTTPResponse::SendError HTTP 401:
'Unauthorized: User authentication required' send as 'Unauthorized'

SAP note 927637 says the following:

[…]

If the user/password check fails, the system generates an "Invalid Credentials" SOAP exception.

[…]

Unfortunately there are no hints what to do with the above error message.

Do you have any idea, what we can do to find/solve the problem?

scn-shot1.png (294.1 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Jul 12, 2017 at 01:57 PM

    After getting a hint of a colleague we checked the fstab and the options for the mounted file systems. All directories were mounted with the option "nosuid", which prevented the SUM from starting with the user "sidadm". After re-mounting the directories without the nosuid option we were able to authenticate with the user "sidadm" in the SUM.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 12, 2017 at 01:01 PM

    Hi,

    we now tried to login with the user "sapadm" and the login worked. The SUM process has been started with the user "<sid>adm". The logs created in /usr/sap/<SID>/SUM/abap/logs are owned by the user "<sid>adm".

    We can not completely explain why this is working but since the SUM is started with "<sid>adm" we will try to update our sandbox system.

    I will report back with further information.

    Kind regards
    Andre

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 16, 2017 at 07:36 PM

    Hi Andre,

    Please see the SAP KBA ##2428412 - RequestLogonFile -- "FAIL: Cannot create logon file" error

    In here you can see there are different options given which will help in checking with the s-bit.

    Regards,
    Manjunath Hanmantgad

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 19, 2017 at 06:40 PM

    Hi Andre,Currently we are upgrading Solman to 7.2 and now we are in downtime phase and Java is at 50% and ABAP is waiting for Java to proceed however we currently stuck in Java upgrade and we are getting similar errors as yours(i understand you now able to start SUM).

    Our current Java upgrade phase is "Rename Start Profiles" and we are getting below error on the server.

    <!--LOGHEADER[START]/-->
    <!--HELP[Manual modification of the header may cause parsing problem!]/-->
    <!--LOGGINGVERSION[2.0.7.1006]/-->
    <!--NAME[/usr/sap/MD1/SUM/sdt/log/SUM/REGISTER-SERVICES_01.LOG]/-->
    <!--PATTERN[REGISTER-SERVICES_01.LOG]/-->
    <!--FORMATTER[com.sap.tc.logging.TraceFormatter(%d [%6s]: %m)]/-->
    <!--ENCODING[UTF8]/-->
    <!--LOGHEADER[END]/-->
    Jul 19, 2017 8:30:22 AM [Info ]: The application server instances do not require registration with instance profile on dual stack system.
    Jul 19, 2017 8:30:22 AM [Info ]: Registering service of instance SCS61 with new profile /usr/sap/MD1/SYS/profile/MD1_SCS61_md1ci.
    Jul 19, 2017 8:30:22 AM [Info ]: Registering sapcontrol service using saphostagent for host md1ci, instance number 61 with start profile /usr/sap/MD1/SYS/profile/MD1_S
    CS61_md1ci
    Jul 19, 2017 8:30:24 AM [Error ]: The following problem has occurred during step execution: com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP

    Fault from server: Invalid Credentials Please see the server log to find more detail regarding exact cause of the failure..

    We upgraded the hostagent in message server and App server(our's is a distributed environment) to fix it but even after installing new host agent we couldn't proceed ahead and we kept on getting this issue

    We followed the SAP notes but no luck.

    is anything you can suggest to fix the issue and proceed ahead.

    • 1563660 - sapcontrol, user authorization issues (SUM)
    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 27, 2017 at 04:03 PM

    Check permission and owner this files "/usr/sap/hostctrl/exe/sapuxuserchk" and "/usr/sap/hostctrl/exe/sapstartsrv"

    -rwsr-x--- 1 root sapsys sapuxuserchk

    -rwxr-x--- 1 sapadm sapsys sapstartsrv

    GuilhermeVieira

    Add comment
    10|10000 characters needed characters exceeded