Skip to Content
avatar image
Former Member

user id getting locked automatically in regular intervals of time.

Hi,

One user id is getting locked every day at same time automatically with wrong password .

When we check SUIM for change documents we see that value for the lock as 128 ( incorrect password)

and the tcode for the lock is KRNL. and we dont have any other information regarding this.

we have cheked table USR02 as well but did not find any more information

We are manually unlocking everyday as of now but don know the exact reason why is it being locked.

We also checked for any jobs running on the same user id and also any RFC connetions using this user id but did not find any in RFSDES.

The user id is getting locked at alomost same time every day so We dont believe its a manual attempt.

Please check the same and let us know if there is any other way to find out REASONS why the user id is being locked and please also let us know if there are any logs to find the same.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

8 Answers

  • avatar image
    Former Member
    Dec 31, 2008 at 11:43 AM

    Hi Roopa,

    Since you know the time at which the user is getting locked, pls switch on the trace during that time through ST01 on the user id (that gets locked), you will find the trace for the user id, as in, the action/activities happening for that user ID when it is getting locked

    Regards

    Siddhartha

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 31, 2008 at 11:57 AM

    - When you unlock the user what is the message u get "locked by system administrator" or "locked due to incorrect logons"?

    - What is the validity date set for the user when it gets locked?

    Why I ask you this is because I have seen a scenario where a user gets locked by validity date set to current date by the system automatically when a program runs in the background which checks the user's validity against the HR database. So, to prevent the user getting locked in SAP you have to increase the validity in the HR database. This however was a custom program which used BAPI BAPI_USER_LOCK to lock the UMR.

    You can check if there is a something similar in your system as well.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      big chance someone else tries to login with the userid.

      or is there an interface running on this uid.

      Try ST03N in one of the reports there you can see from which terminal the failed logon happened.

      Maybe a hacker, is the naming convention of your UID's simple to find??

  • avatar image
    Former Member
    Dec 31, 2008 at 08:10 PM

    > and the tcode for the lock is KRNL. and we dont have any other information regarding this.

    You mention that this is the account of an employee, so I assume a Dialog type user ID.

    Sounds to me like a script somewhere with this user ID in it for the connection to the system. Could be anywhere... theoretically also on a PC.

    Contact the user and ask them whether they saved their pwd anywhere.

    Also activate the SM20 dynamic filters to find the terminal for all types of events (also not critical) before the next pwd lock of the user (128).

    If you find that the terminal is an application server of your own system, then you will need to check your jobs again in more detail and in extreme cases even transport imports.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Please take note that it is often necessary to make some calculated guesses when the person who asked the question does not provide all information (e.g. release level...).

      But in this case the person has not returned for almost 2 months now, so there is no purpose to follow this thread except for general information (not stated already in the thread!) or academic reasons which add a value for others who search.

      It is the responsibility of the person who asked the question to follow-up on it in a timely manner (best by providing more information as they make progress...)

      Cheers,

      Julius

  • Jan 01, 2009 at 12:50 PM

    The password lock is set due to failed password logon attempts (with an incorrect password).

    So, you need to find out where those logon requests came from - and which protocol was used.

    I'd recommend to analyse the problem using the tracing method described in note 495911 (and referenced notes).

    If your ABAP system is of release SAP_BASIS 7.0 then those failed password logon attempts might result from the fact that passwords are now case-sensitive. So, if someone is using an older client component (which is not capable of supporting case-sensitive passwords), then this could be the cause.

    Happy New Year 2009.

    Best regards, Wolfgang

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi,

      Goto Tcode SWU3 and expand Maintain Runtime Environment------->Configure RFC Destination(Execute)

      Check whether it is the same user getting locked, If so give the correct password.

      This may help you to sort out the issue

      Regards

      Waseem

  • avatar image
    Former Member
    Feb 18, 2009 at 09:43 AM

    Hi Roopa,

    I think this may be because of a script running somewhere. Could be something like a VB script which often have passwords embedded in them. So there is a chance that a background job running at that time calls that script which has an incorrect password. Check the bacground jobs being completed at the time when the password is being locked.

    I suppose it could be one of those jobs which cause the ID to be locked due to any reasons.

    Regards,

    Chinmaya

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 18, 2009 at 11:10 AM

    Hi,

    Please let me know which type of user id.

    Whether dialog or system or service or communication id.

    Regard

    Sreedhar Reddy

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 18, 2009 at 08:04 PM

    Hello Roopa,

    Please check if any Add on tool is using this user id.

    It seems like some job is running daily at that fixed time and password is stored in some JCO connection or API connection.

    Due to wrong password stored, it daily fails at that time.

    Regards,

    Surpreet Singh Bal

    Pls check if VIRSA is installed in your landscape and if it connecting to this system

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 27, 2010 at 02:11 PM

    Hi,

    Have you found any solution to this... coz., me too in the same situation, but on the DEV box....If yes, please post it.

    Thanks and Regards,

    Mahesh.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi,

      Thanks. Finally I figured what was that which was locking my user id.

      I know that some of our upstream or downstream system was trying to login, but i could not find out which one was it.

      I activated my security audit log in SM19 and bounced the system and unlocked my user id and analyzed using SM20 and got the IP from which it was trying to login and found out what system / application it was and changed the application accordingly to login correctly.

      Now it is fixed.

      Thanks and Regards,

      Mahesh.