cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAPSID User Locked

Go to solution
Former Member

on ‎03-27-2009 1:48 PM

0 Kudos

Hi ,

From oracle audit feature we came to know that sapsid user account was locked because someone entered the wrong password,from the audit file which is generated by Oracle we came to know the Server name,O/S user name who has entered the wrong password.

Now my question is Server name which is identify by thru oracle audit is an application server where no oracle binary is resided(only tnsping is there) means we can't run sqlplus thru application server then how can be sapsid user locked thru application server.

Regards

Tarun Mittal

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-27-2009 2:04 PM
0 Kudos

You need to know how an application server connects to the database in the first place. In short this is how:

- when you start sap, it tries to connect to the db with the OPS$ user. sidadm is able to logon without password.

- the OPS$ user has the password of the SAPSID account stored in the table SAPUSER

- now SAP can logon with SAPSID/pw

So in your case, i could be that you changed the password of SAPSID, but did not update the entry in the SAPUSER table. This way the application server gets the old password and the SAPSID user is locked.

Remember, you should always use BR*Tools to change the SAPSID password, because it will take care of the SAPUSER table as well.

Regards, Michael

Show replies
Show replies
Former Member
‎03-27-2009 2:13 PM
0 Kudos

We has the same ideas about the isssue

Can we konw is there any other way it can be locked thru application server?

Former Member
‎03-27-2009 2:21 PM
0 Kudos

You can verify if the connection works now, with the command R3trans -d. In the generated trans.log file, you can see every step nicely.

Another possibilty the user is locked from the application server could be a faulty environnement of the sidadm user. Something like wrong NLS_LANG, but i have never seen this happen in real life. Another possibilty is that somebody was trying to set up a direct database connection (transaction DBCO), but this is not very likely as well.

Best regards, Michael

Former Member
‎03-27-2009 3:12 PM
0 Kudos

Hi Michael,

We have checked the last date of reset password as given below.

NAME CTIME PTIME

-

-

-

SAPSID 26-MAY-04 26-MAY-04

it means nobody has changed the password even there is no change in nls_lang parameter as well as nobody has authorization to run the DBCO transaction code.

Then, How can be the account lock thru application server.

Kindly suggest.

Thanks,

Tarun Mittal

Answers (0)

Ask a Question