Thursday, June 11, 2009

User Account Is Locked in SAP NetWeaver Mobile 7.1

Problem Description

Users report that they cannot log on to the SAP NetWeaver Application Server (AS) Java. The following text appears:

Authentication failed. Password locked

There is a message in the server’s log file (/log/system/security.log.*):

Invalid password for user TEST_USER .

Invalid password for user TEST_USER.

Invalid password for user TEST_USER .

Invalid password for user TEST_USER .

Invalid password for user TEST_USER .

Invalid password for user TEST_USER .

| USERACCOUNT.MODIFY | USERACCOUNT = UACC.PRIVATE_DATASOURCE.un:TEST_USER | | SET_ATTRIBUTE: lockreason=[1], SET_ATTRIBUTE: islocked=[true]

User 'TEST_USER' locked after 6 unsuccessful attempts to login.

Scenario Type:

Error analysis

NetWeaver Component:

Security Service (BC-JAS-SEC)

Validity:

SAP NetWeaver 2004 or higher

Decision Roadmap

Prerequisites

User with administrator rights

Main Tools

Identity management of the user management engine (UME)

Analysis

...

The user forgot his or her password

Someone is trying to guess the user’s password

The password was being changed by someone with administrator’s rights without the user’s knowledge

The user changed his or her password but an external tool has no knowledge of this

Example

Getting the JNDI context with a wrong password also locks the user’s account.

Solution hints:

Unlock the user account.

Note

If the user account locked is the only administrator account, activate the emergency user, then unlock the account.


End of Content Area

Blog Archive