user id getting locked automatically in regular in...

Former Member · ‎12-31-2008

Hi,

One user id is getting locked every day at same time automatically with wrong password .

When we check SUIM for change documents we see that value for the lock as 128 ( incorrect password)

and the tcode for the lock is KRNL. and we dont have any other information regarding this.

we have cheked table USR02 as well but did not find any more information

We are manually unlocking everyday as of now but don know the exact reason why is it being locked.

We also checked for any jobs running on the same user id and also any RFC connetions using this user id but did not find any in RFSDES.

The user id is getting locked at alomost same time every day so We dont believe its a manual attempt.

Please check the same and let us know if there is any other way to find out REASONS why the user id is being locked and please also let us know if there are any logs to find the same.

Former Member · ‎12-31-2008

Hi Roopa,

Since you know the time at which the user is getting locked, pls switch on the trace during that time through ST01 on the user id (that gets locked), you will find the trace for the user id, as in, the action/activities happening for that user ID when it is getting locked

Regards

Siddhartha

Former Member · ‎12-31-2008

- When you unlock the user what is the message u get "locked by system administrator" or "locked due to incorrect logons"?

- What is the validity date set for the user when it gets locked?

Why I ask you this is because I have seen a scenario where a user gets locked by validity date set to current date by the system automatically when a program runs in the background which checks the user's validity against the HR database. So, to prevent the user getting locked in SAP you have to increase the validity in the HR database. This however was a custom program which used BAPI BAPI_USER_LOCK to lock the UMR.

You can check if there is a something similar in your system as well.

Former Member · ‎12-31-2008

Hi Subramaniam,

1.The message is "locked due to incorrect logons"

2.User has unlimited vaidity i.e 31.12.9999 which we usually give to employess so this might not be problem

Former Member · ‎12-31-2008

big chance someone else tries to login with the userid.

or is there an interface running on this uid.

Try ST03N in one of the reports there you can see from which terminal the failed logon happened.

Maybe a hacker, is the naming convention of your UID's simple to find??

Former Member · ‎12-31-2008

> and the tcode for the lock is KRNL. and we dont have any other information regarding this.

You mention that this is the account of an employee, so I assume a Dialog type user ID.

Sounds to me like a script somewhere with this user ID in it for the connection to the system. Could be anywhere... theoretically also on a PC.

Contact the user and ask them whether they saved their pwd anywhere.

Also activate the SM20 dynamic filters to find the terminal for all types of events (also not critical) before the next pwd lock of the user (128).

If you find that the terminal is an application server of your own system, then you will need to check your jobs again in more detail and in extreme cases even transport imports.

Cheers,

Julius

Former Member · ‎02-18-2009

Please take note that it is often necessary to make some calculated guesses when the person who asked the question does not provide all information (e.g. release level...).

But in this case the person has not returned for almost 2 months now, so there is no purpose to follow this thread except for general information (not stated already in the thread!) or academic reasons which add a value for others who search.

It is the responsibility of the person who asked the question to follow-up on it in a timely manner (best by providing more information as they make progress...)

Cheers,

Julius

WolfgangJanzen · ‎01-01-2009

The password lock is set due to failed password logon attempts (with an incorrect password).

So, you need to find out where those logon requests came from - and which protocol was used.

I'd recommend to analyse the problem using the tracing method described in note 495911 (and referenced notes).

If your ABAP system is of release SAP_BASIS 7.0 then those failed password logon attempts might result from the fact that passwords are now case-sensitive. So, if someone is using an older client component (which is not capable of supporting case-sensitive passwords), then this could be the cause.

Happy New Year 2009.

Best regards, Wolfgang

Former Member · ‎02-18-2009

Hi,

Goto Tcode SWU3 and expand Maintain Runtime Environment------->Configure RFC Destination(Execute)

Check whether it is the same user getting locked, If so give the correct password.

This may help you to sort out the issue

Regards

Waseem

Former Member · ‎02-18-2009

Hi Roopa,

I think this may be because of a script running somewhere. Could be something like a VB script which often have passwords embedded in them. So there is a chance that a background job running at that time calls that script which has an incorrect password. Check the bacground jobs being completed at the time when the password is being locked.

I suppose it could be one of those jobs which cause the ID to be locked due to any reasons.

Regards,

Chinmaya

former_member752489 · ‎08-29-2023

Hi Chinmaya,

yes , but what is the solution.

Former Member · ‎02-18-2009

Hi,

Please let me know which type of user id.

Whether dialog or system or service or communication id.

Regard

Sreedhar Reddy

WolfgangJanzen · ‎02-18-2009

The usertype does not matter - regarding password locks (after subsequently failed password logon attempts).

Former Member · ‎02-18-2009

Hello Roopa,

Please check if any Add on tool is using this user id.

It seems like some job is running daily at that fixed time and password is stored in some JCO connection or API connection.

Due to wrong password stored, it daily fails at that time.

Regards,

Surpreet Singh Bal

Pls check if VIRSA is installed in your landscape and if it connecting to this system

Former Member · ‎05-27-2010

Hi,

Have you found any solution to this... coz., me too in the same situation, but on the DEV box....If yes, please post it.

Thanks and Regards,

Mahesh.

Former Member · ‎05-27-2010

Did you read the replies and try to locate the "caller"?

Is there any relation in the time to transports? This thread is old... so it would be more appropriate to start your own thread providing more information (eg. was SWU3 your search term?)

Cheers,

Julius

Former Member · ‎05-28-2010

Hi,

Thanks. Finally I figured what was that which was locking my user id.

I know that some of our upstream or downstream system was trying to login, but i could not find out which one was it.

I activated my security audit log in SM19 and bounced the system and unlocked my user id and analyzed using SM20 and got the IP from which it was trying to login and found out what system / application it was and changed the application accordingly to login correctly.

Now it is fixed.

Thanks and Regards,

Mahesh.

user id getting locked automatically in regular intervals of time.