Skip to Content
0

How to identify the list of RFCs trying to log in via a specific system user?

Oct 03, 2017 at 04:11 AM

80

avatar image
Former Member

There is an issue with a system account becoming locked after a period of time due to too many incorrect logins. The original password had to be changed last week to set up an RFC with a new system. (it was not recorded when initially cfg'd). On Friday a job had failed (for RFC - 'EP1CLNT100') used for processing iDocs. The password was updated but the account locked again this morning.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

avatar image
Former Member Oct 03, 2017 at 06:07 AM
2

Hi Banerjee.

1. Enable the user level audit on the specified user id. or enable the user level trace

2. You can check the RFC connection test use report RSRFCCHK and find the RFC report which RFC getting failed. refer the wiki link

https://wiki.scn.sap.com/wiki/display/Security/Best+Practice+-+How+to+analyze+and+secure+RFC+connections

BR

SS

Share
10 |10000 characters needed characters left characters exceeded
Prithviraj Rajpurohit Oct 03, 2017 at 12:21 PM
0

Hi Kaustav,

You can also try below, hope that helps

If happening at particular time, set the following parameter active in RZ11 maybe 10 minutes before this usual lock period. This will generate more information in trace files and short dump to tell you where RFC is being access from that locks the user

rfc/signon_error_log

If you set the value of the profile parameter to 0

no ABAP short dump is written, but an entry is created in the syslog.

If you set the value of the profile parameter to 1

The system outputs the short dump

"CALL_FUNCTION_SIGNON_REJECTED" every time a logon error occurs. You can analyze the content of the dump using the ABAP short dump analysis transaction (Transaction ST22).

Regards,

Prithviraj

Share
10 |10000 characters needed characters left characters exceeded