Skip to Content
0

In NWA, start and stop services asking for OS user password

Sep 14, 2017 at 03:23 PM

277

avatar image
Former Member

Hello Friends,

Since migration from Windows to Linux, I'm facing issue. System is asking for OS Credentials when I am trying to go into start and stop in NWA.

It is not clear that this is default behavior of Linux.

Best regards,

Moreshwar

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

6 Answers

Best Answer
Milen Dontcheff
Sep 24, 2017 at 08:36 AM
0

SAP Security was implemented even stronger, and now the previously available SAPControl Web methods are no longer available without authorization.

SAPControl is operating as Linux/UNIX deamon and as Windows service.

In both cases, it is an OS level module which requires specific OS level credentials to be provided. For more details, check the relevant SAP Note 1439348 and SAP Note 927637.

One possible workaround is to make SAPControl Web methods accessible ...

1. Change the protection level to "DEFAULT" instead of "SDEFAULT".
Execute: service/protectedwebmethods = DEFAULT

2. Restart the service. Execute:
/usr/sap/<SID>/<Instance>/exe>sapcontrol -nr <instance number> -function RestartService
or
<Drive>:\usr\sap\<SID>\<Instance>\exe>sapcontrol -nr <instance number> -function RestartService

3. If you now call the "GetInstanceProperties" Web method, it should return much smaller list with protected methods than before. Execute:
<Drive>:\usr\sap\<SID>\<Instance>\exe>sapcontrol -nr <instance number> -function GetInstanceProperties

Yet, please keep in mind that the above workaround decrease the security level of SAP Instance Agent (SAPControl) web service interface!

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Sep 25, 2017 at 07:57 AM
1

Hi Milen,

Thanks a lot for information you shared. I will try to implement this workaround and will get back to you.

Best regards,

Moreshwar

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Oct 13, 2017 at 05:49 AM
1

Hello All,

We can disable it by changing parameter "service/protectedwebmethods" to NONE but it is not recommended.

Best regards,

Moreshwar

Share
10 |10000 characters needed characters left characters exceeded
Isaias Freitas
Sep 15, 2017 at 12:39 PM
0

Hello Moreshwar,

During the migration, was anything else changed?

Like SAP upgrade, SAP kernel update / upgrade, ...

I made a test at an internal test system here (running on Linux), and it asks for the OS credentials.

Best regards,

Isaías

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Sep 22, 2017 at 04:59 PM
0

Hey Isaías,

Thanks for your reply!

Nothing was changed during migration.

Is it normal behavior of systems running on Linux?

Best regards,

Moreshwar

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Sep 26, 2017 at 06:37 PM
0

Hi Moreshwar,

To answer your main question, This is default behavior of NWA. Whenever we try to start/stop system from NWA, It asks for sidadm credentials.

Thanks,

Shivam

Share
10 |10000 characters needed characters left characters exceeded