on 05-31-2012 6:35 AM
Hi,
Our ABAP+JAVA system is working fine, I can see all the green lights in MMC. I can login to ABAP clients successfully. But I can't login to nwa or UME (useradmin). The user credential screen opens which means j2ee is working. But when I try to login using j2ee_admin user the system gives an error "Authentication failed. Logon with password not allowed" and If I try to login using any other user with same authorization as j2ee_admin the system doesn't give any message or error message. It just refreshed the screen.
Please let me know what is the issue? Yesterday we were able to login but today we can't
Regards,
Sudip
Hello Sudip,
Can you please check and confirm that user j2ee_admin has a valid password also in ABAP system. Please also check that it has proper roles and profiles and those are activated.
I once saw a similar case and the problem was that the problematic user was set as the communicator user
between ABAP and JAVA, can you please also verify that this is not your case? Please, check in configtool that j2ee_admin user is not set in ume.r3.connection.master.user. If this is the case, please use a different user, preferably SAPJSF user for setting communication between ABAP and Java system.
I hope this helps you.
Regards,
Blanca
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are you able to login previously? Any changes beforehand?
things that worth to check:
Ensure sapjsf has role sap_bc_jsf_communication and sap_bc_jsf_communication_ro assigned, with PROFILE generated.
Ensure J2EE_ADMIN has role SAP_J2EE_ADMIN assigned and profile generated.
Check is sapjsf, j2ee_admin and j2ee_guest is existed and no locked, try to change to system user. And ensure you can login with the 3 users in abap stack.
Give it a try!
hi,
i think this is the problem with TicketKeyStore.
please follow the below note..
Note 791649 - User unable to logon by ticket
if the note does not solve the issue, check out the below thread, it may solve the issue.
Can you please check if the SAPJSF user is locked on the production client in the ABAP stack.
I believe the UME data store is ABAP.
Can you paste the last few line of the latest default trace found under
/usr/sap/SID/DVEBMGS*/j2ee/cluster/server0/log/default*
Regards
Ratnajit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Yes, UME data stored in ABAP.
And here is the last few lines from DefaultTrace
#1.5 #005056AE0028006700077A3A00001B9C0004C14F9013FA13#1338447370470#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###No host name defined in Exchange Profile for directory.bi7.i3lbwvbw1#
#1.5 #005056AE0028006700077A3C00001B9C0004C14F9013FAF2#1338447370470#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###No HTTP port defined in Exchange Profile for directory.bi7.i3lbwvbw1#
#1.5 #005056AE0028006700077A3E00001B9C0004C14F90140182#1338447370472#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###Error reading from AII properties for directory.bi7.i3lbwvbw1
Thrown:
MESSAGE ID: com.sap.aii.utilxi.misc.api.rb_exception.MESS_INVALLD_PARAMETER_VALUE
com.sap.aii.utilxi.misc.api.InvalidArgumentException: MESS_INVALLD_PARAMETER_VALUE
at com.sap.aii.utilxi.sld.SldUtil.constructHttpsPort(SldUtil.java:503)
at com.sap.aii.utilxi.sld.XISubSystem.setAccessInfoFromAiiProperties(XISubSystem.java:387)
at com.sap.aii.utilxi.sld.XISubSystem.setFromAiiProperties(XISubSystem.java:295)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXIDomainFromAiiProps(SubSystemFactory.java:264)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXISubSystemWithoutServices(SubSystemFactory.java:193)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXISubSystemFromAiiProps(SubSystemFactory.java:123)
at com.sap.aii.af.service.sld.SLDAccess.getSLDInstanceName(SLDAccess.java:445)
at com.sap.aii.adapter.xi.ms.SLDReader.fire(SLDReader.java:111)
at com.sap.aii.adapter.xi.ms.SLDReader.run(SLDReader.java:167)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
#
#1.5 #005056AE0028006700077A4000001B9C0004C14F901402A5#1338447370472#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###No host name defined in Exchange Profile for repository.bi7.i3lbwvbw1#
#1.5 #005056AE0028006700077A4200001B9C0004C14F9014035F#1338447370472#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###No HTTP port defined in Exchange Profile for repository.bi7.i3lbwvbw1#
#1.5 #005056AE0028006700077A4400001B9C0004C14F901409DA#1338447370474#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###Error reading from AII properties for repository.bi7.i3lbwvbw1
Thrown:
MESSAGE ID: com.sap.aii.utilxi.misc.api.rb_exception.MESS_INVALLD_PARAMETER_VALUE
com.sap.aii.utilxi.misc.api.InvalidArgumentException: MESS_INVALLD_PARAMETER_VALUE
at com.sap.aii.utilxi.sld.SldUtil.constructHttpsPort(SldUtil.java:503)
at com.sap.aii.utilxi.sld.XISubSystem.setAccessInfoFromAiiProperties(XISubSystem.java:387)
at com.sap.aii.utilxi.sld.XISubSystem.setFromAiiProperties(XISubSystem.java:295)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXIDomainFromAiiProps(SubSystemFactory.java:268)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXISubSystemWithoutServices(SubSystemFactory.java:193)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXISubSystemFromAiiProps(SubSystemFactory.java:123)
at com.sap.aii.af.service.sld.SLDAccess.getSLDInstanceName(SLDAccess.java:445)
at com.sap.aii.adapter.xi.ms.SLDReader.fire(SLDReader.java:111)
at com.sap.aii.adapter.xi.ms.SLDReader.run(SLDReader.java:167)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
#
#1.5 #005056AE0028006700077A4600001B9C0004C14F90140B7C#1338447370474#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###No host name defined in Exchange Profile for rwb.bi7.i3lbwvbw1#
#1.5 #005056AE0028006700077A4800001B9C0004C14F90140C3A#1338447370474#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###No HTTP port defined in Exchange Profile for rwb.bi7.i3lbwvbw1#
#1.5 #005056AE0028006700077A4A00001B9C0004C14F9014135B#1338447370476#com.sap.aii.utilxi.sld.XISubSystem##com.sap.aii.utilxi.sld.XISubSystem#J2EE_GUEST#0##n/a##66a4e76da97d11e19e0900000038c502#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/Applications/ExchangeInfrastructure#Plain###Error reading from AII properties for rwb.bi7.i3lbwvbw1
Thrown:
MESSAGE ID: com.sap.aii.utilxi.misc.api.rb_exception.MESS_INVALLD_PARAMETER_VALUE
com.sap.aii.utilxi.misc.api.InvalidArgumentException: MESS_INVALLD_PARAMETER_VALUE
at com.sap.aii.utilxi.sld.SldUtil.constructHttpsPort(SldUtil.java:503)
at com.sap.aii.utilxi.sld.XISubSystem.setAccessInfoFromAiiProperties(XISubSystem.java:387)
at com.sap.aii.utilxi.sld.XISubSystem.setFromAiiProperties(XISubSystem.java:295)
at com.sap.aii.utilxi.sld.XIRuntimeManagementServer.setFromAiiProperties(XIRuntimeManagementServer.java:135)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXIDomainFromAiiProps(SubSystemFactory.java:272)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXISubSystemWithoutServices(SubSystemFactory.java:193)
at com.sap.aii.utilxi.sld.SubSystemFactory.createXISubSystemFromAiiProps(SubSystemFactory.java:123)
at com.sap.aii.af.service.sld.SLDAccess.getSLDInstanceName(SLDAccess.java:445)
at com.sap.aii.adapter.xi.ms.SLDReader.fire(SLDReader.java:111)
at com.sap.aii.adapter.xi.ms.SLDReader.run(SLDReader.java:167)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Regards,
Sudip
Hi,
This is the default Trace file's last lines-
#1.5 #005056AE002800810000000F00001B9C0004C151A4E0522B#1338456309346#com.sap.engine.services.security.authentication.logonapplication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logonapplication.doLogon#J2EE_GUEST#0##n/a##841ef687ab0211e1c46c00000038c502#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###doLogon failed
[EXCEPTION]
{0}#1#com.sap.security.core.logon.imp.UMELoginException: NO_PASSWORD
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:1028)
at com.sap.security.core.logonadmin.ServletAccessToLogic.logon(ServletAccessToLogic.java:207)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.doLogon(SAPMLogonLogic.java:929)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.uidPasswordLogon(SAPMLogonLogic.java:634)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:175)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:106)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Regards,
Sudip
Hi Sudip,
Is this NW 7.0 system. I mean is Vusual Administrator avaialable. If yes then please login into Visual Admin and then go to Server--->Services--->KeyStorage--->Ticket Key Store.Click of SAPLogonTicketKeypair. Look for the value of Algorithm. Please make sure it is DSA and not RSA? If RSA delete both TicketKeyPair and its certificate and recreate it with DSA.
Regards.
Ruchit,.
User | Count |
---|---|
84 | |
25 | |
12 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.