How to identify the list of RFCs trying to log in ...

Former Member · ‎10-03-2017

There is an issue with a system account becoming locked after a period of time due to too many incorrect logins. The original password had to be changed last week to set up an RFC with a new system. (it was not recorded when initially cfg'd). On Friday a job had failed (for RFC - 'EP1CLNT100') used for processing iDocs. The password was updated but the account locked again this morning.

Sriram2009 · ‎10-03-2017

Hi Banerjee.

1. Enable the user level audit on the specified user id. or enable the user level trace

2. You can check the RFC connection test use report RSRFCCHK and find the RFC report which RFC getting failed. refer the wiki link

https://wiki.scn.sap.com/wiki/display/Security/Best+Practice+-+How+to+analyze+and+secure+RFC+connect...

BR

SS

prithvirajr · ‎10-03-2017

Hi Kaustav,

You can also try below, hope that helps

If happening at particular time, set the following parameter active in RZ11 maybe 10 minutes before this usual lock period. This will generate more information in trace files and short dump to tell you where RFC is being access from that locks the user

rfc/signon_error_log

If you set the value of the profile parameter to 0

no ABAP short dump is written, but an entry is created in the syslog.

If you set the value of the profile parameter to 1

The system outputs the short dump

"CALL_FUNCTION_SIGNON_REJECTED" every time a logon error occurs. You can analyze the content of the dump using the ABAP short dump analysis transaction (Transaction ST22).

Regards,

Prithviraj

How to identify the list of RFCs trying to log in via a specific system user?

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: LLM, RAG and Cloud Foundry: No space left on d...

Re: Upload file capability in landscape manager

Re: Replication jobs running under my user ID. Sec...

Replication jobs running under my user ID. Securit...

Re: Couldn't create an instance of Cloud Identity ...