Skip to Content
30

SUM authentication issue with saphostctrl – Authentication Required

Jul 12, 2017 at 09:21 AM

3.1k

avatar image
Former Member

We are trying to start the Software Update Manager (SUM) 1.0 SP20 PL4 on an Netweaver 7.02 Sandbox with Red Hat Enterprise Linux 7 and DB2 (DB6).

We extracted the SUM package to /usr/sap/<SID>/SUM and started the tool via command (with root):

./STARTUP confighostagent QHR &

or

./STARTUP <SID> &

When calling the URL http://localhost:1128/lmsl/sumabap/QHR/doc/sluigui the authentication box appears where we type in the sidadm credentials. When we confirm the credentials the box appears again after 1 second. No matter if the credentials are correct (sidadm with correct password) or not (any login with any password), the authentication box appears again (see attached screenshot).

This is, what we already checked:

  1. Restart of the SUM
  2. Restart of SAP Host Agent
  3. Installation of latest SAP Host Agent version
  4. Restart of complete virtual machine
  5. Tried Internet Explorer, Firefox, Chrome in normal mode and in private browsing mode
  6. Re-download / re-extract of SUM to /usr/sap/<SID>/SUM
  7. Check of file authorizations of SUM

Notes we checked:

  • 927637 - Web service authentication in sapstartsrv as of Release 7.00
  • 1563660 - sapcontrol, user authorization issues (SUM)
  • 2284028 - SUM SL Common UI : Troubleshooting problems with the new SUM UI
  • 2426160 - DB6: Add. Info - Software Update Manager 1.0 SP20

We changed the saphostctrl tracelevel to 3 and found an error in the /usr/sap/hostctrl/work/sapstartsrv.log after trying to authenticate again:

[Thr 140134583793408] Authenticate check on cache failed

Tue Jul 11 17:21:34 2017

pam_authenticate_user -> service( sapstartsrv ) user (
qhradm )

*** ERROR => pam_authenticate ( qhradm ) failed :
Authentication failure  [usercheckux. 243]

[Thr 140134583793408] helper exit with return code 251

Tue Jul 11 17:21:34 2017

pam_authenticate_user -> service( login ) user ( qhradm )

Tue Jul 11 17:21:36 2017

*** ERROR => pam_authenticate ( qhradm ) failed :
Authentication failure  [usercheckux. 243]

[Thr 140134583793408] Tue Jul 11 17:21:36 2017

[Thr 140134583793408] helper exit with return code 251

[Thr 140134583793408] *** ERROR => soap_check_permission
authentication: ( qhradm, ExecutOperation ) FAILED [DefaultOpera 163]

[Thr 140134583793408] Authenticate clear cache

[Thr 140134583793408] Unauthorized (user authentication
required)

[Thr 140134583793408] *** ERROR => Authentication is
required  [HTTPProxyHan 258]

[Thr 140134583793408] HTTPResponse::SendError HTTP 401:
'Unauthorized: User authentication required' send as 'Unauthorized'

SAP note 927637 says the following:

[…]

If the user/password check fails, the system generates an "Invalid Credentials" SOAP exception.

[…]

Unfortunately there are no hints what to do with the above error message.

Do you have any idea, what we can do to find/solve the problem?

scn-shot1.png (294.1 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Best Answer
avatar image
Former Member Jul 12, 2017 at 01:57 PM
2

After getting a hint of a colleague we checked the fstab and the options for the mounted file systems. All directories were mounted with the option "nosuid", which prevented the SUM from starting with the user "sidadm". After re-mounting the directories without the nosuid option we were able to authenticate with the user "sidadm" in the SUM.

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Jul 12, 2017 at 01:01 PM
3

Hi,

we now tried to login with the user "sapadm" and the login worked. The SUM process has been started with the user "<sid>adm". The logs created in /usr/sap/<SID>/SUM/abap/logs are owned by the user "<sid>adm".

We can not completely explain why this is working but since the SUM is started with "<sid>adm" we will try to update our sandbox system.

I will report back with further information.

Kind regards
Andre

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Jul 16, 2017 at 07:36 PM
0

Hi Andre,

Please see the SAP KBA ##2428412 - RequestLogonFile -- "FAIL: Cannot create logon file" error

In here you can see there are different options given which will help in checking with the s-bit.

Regards,
Manjunath Hanmantgad

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Jul 19, 2017 at 06:40 PM
0

Hi Andre,Currently we are upgrading Solman to 7.2 and now we are in downtime phase and Java is at 50% and ABAP is waiting for Java to proceed however we currently stuck in Java upgrade and we are getting similar errors as yours(i understand you now able to start SUM).

Our current Java upgrade phase is "Rename Start Profiles" and we are getting below error on the server.

<!--LOGHEADER[START]/-->
<!--HELP[Manual modification of the header may cause parsing problem!]/-->
<!--LOGGINGVERSION[2.0.7.1006]/-->
<!--NAME[/usr/sap/MD1/SUM/sdt/log/SUM/REGISTER-SERVICES_01.LOG]/-->
<!--PATTERN[REGISTER-SERVICES_01.LOG]/-->
<!--FORMATTER[com.sap.tc.logging.TraceFormatter(%d [%6s]: %m)]/-->
<!--ENCODING[UTF8]/-->
<!--LOGHEADER[END]/-->
Jul 19, 2017 8:30:22 AM [Info ]: The application server instances do not require registration with instance profile on dual stack system.
Jul 19, 2017 8:30:22 AM [Info ]: Registering service of instance SCS61 with new profile /usr/sap/MD1/SYS/profile/MD1_SCS61_md1ci.
Jul 19, 2017 8:30:22 AM [Info ]: Registering sapcontrol service using saphostagent for host md1ci, instance number 61 with start profile /usr/sap/MD1/SYS/profile/MD1_S
CS61_md1ci
Jul 19, 2017 8:30:24 AM [Error ]: The following problem has occurred during step execution: com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP

Fault from server: Invalid Credentials Please see the server log to find more detail regarding exact cause of the failure..

We upgraded the hostagent in message server and App server(our's is a distributed environment) to fix it but even after installing new host agent we couldn't proceed ahead and we kept on getting this issue

We followed the SAP notes but no luck.

is anything you can suggest to fix the issue and proceed ahead.

  • 1563660 - sapcontrol, user authorization issues (SUM)
Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Supragya,

Did you check the note #2428412

Regards,
Manjunath

0
avatar image
Former Member Sep 27, 2017 at 04:03 PM
0

Check permission and owner this files "/usr/sap/hostctrl/exe/sapuxuserchk" and "/usr/sap/hostctrl/exe/sapstartsrv"

-rwsr-x--- 1 root sapsys sapuxuserchk

-rwxr-x--- 1 sapadm sapsys sapstartsrv

GuilhermeVieira

Share
10 |10000 characters needed characters left characters exceeded