Skip to Content
avatar image
Former Member

In NWA, start and stop services asking for OS user password

Hello Friends,

Since migration from Windows to Linux, I'm facing issue. System is asking for OS Credentials when I am trying to go into start and stop in NWA.

It is not clear that this is default behavior of Linux.

Best regards,

Moreshwar

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

6 Answers

  • Best Answer
    Sep 24, 2017 at 08:36 AM

    SAP Security was implemented even stronger, and now the previously available SAPControl Web methods are no longer available without authorization.

    SAPControl is operating as Linux/UNIX deamon and as Windows service.

    In both cases, it is an OS level module which requires specific OS level credentials to be provided. For more details, check the relevant SAP Note 1439348 and SAP Note 927637.

    One possible workaround is to make SAPControl Web methods accessible ...

    1. Change the protection level to "DEFAULT" instead of "SDEFAULT".
    Execute: service/protectedwebmethods = DEFAULT

    2. Restart the service. Execute:
    /usr/sap/<SID>/<Instance>/exe>sapcontrol -nr <instance number> -function RestartService
    or
    <Drive>:\usr\sap\<SID>\<Instance>\exe>sapcontrol -nr <instance number> -function RestartService

    3. If you now call the "GetInstanceProperties" Web method, it should return much smaller list with protected methods than before. Execute:
    <Drive>:\usr\sap\<SID>\<Instance>\exe>sapcontrol -nr <instance number> -function GetInstanceProperties

    Yet, please keep in mind that the above workaround decrease the security level of SAP Instance Agent (SAPControl) web service interface!

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 25, 2017 at 07:57 AM

    Hi Milen,

    Thanks a lot for information you shared. I will try to implement this workaround and will get back to you.

    Best regards,

    Moreshwar

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 13, 2017 at 05:49 AM

    Hello All,

    We can disable it by changing parameter "service/protectedwebmethods" to NONE but it is not recommended.

    Best regards,

    Moreshwar

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 15, 2017 at 12:39 PM

    Hello Moreshwar,

    During the migration, was anything else changed?

    Like SAP upgrade, SAP kernel update / upgrade, ...

    I made a test at an internal test system here (running on Linux), and it asks for the OS credentials.

    Best regards,

    Isaías

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 22, 2017 at 04:59 PM

    Hey Isaías,

    Thanks for your reply!

    Nothing was changed during migration.

    Is it normal behavior of systems running on Linux?

    Best regards,

    Moreshwar

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 26, 2017 at 06:37 PM

    Hi Moreshwar,

    To answer your main question, This is default behavior of NWA. Whenever we try to start/stop system from NWA, It asks for sidadm credentials.

    Thanks,

    Shivam

    Add comment
    10|10000 characters needed characters exceeded