Symptom
The administrator user cannot log on to the J2EE Engine using the Visual Administrator.
Other terms
SAP J2EE Engine, users, administrator, SDM, password
Reason and Prerequisites
The administrator user cannot log on to the J2EE Engine because it has been locked, for example, due to numerous unsuccessful logon attempts. If you have not yet created any additional administrator user(s), then you cannot log on to the J2EE Engine/AS Java to perform administrative tasks.
Solution
To correct this situation, you have to use an emergency user. The corresponding emergency user depends on the installtion:
- If you use the User Management Engine (UME) with an AS ABAP as the data source, then log on to the corresponding AS ABAP system and unlock the administrator user (default user ID: J2EE_ADMIN) using the user maintenance transaction SU01.
- As of SAP NetWeaver '04 (J2EE Engine Release 6.30 SP 4), the emergency user is pre- defined as SAP*.
- Prior to SP4, you have to set up your own emergency user.
The procedures according to each release / SP level are described below.
SAP NetWeaver Composition Environment 7.1
and Other SAP NetWeaver 7.1 Products
For information about how to activate the emergency user SAP*, see the SAP NetWeaver CE Library at:
http://help.sap.com/saphelp_nwce10/helpdata/en/3a/4a0640d7b28f5ce
10000000a155106/frameset.htm
Log on to the SAP NetWeaver Administrator using the emergency user and unlock the Administrator user. Afterwards, deactivate the emergency user.
The information available at this location also applies to other SAP NetWeaver 7.1 products that run on AS Java.
SAP NetWeaver 7.0 (2004s)
For information about how to activate the emergency user SAP*, see the SAP NetWeaver SAP Library documentation at:
http://help.sap.com/saphelp_nw70/helpdata/en/3a/4a0640d7b28f5ce
10000000a155106/frameset.htm
Log on to the Visual Administrator using the emergency user and unlock the Administrator user. Afterwards, deactivate the emergency user.
SAP NetWeaver '04 / SAP J2EE Engine Release 6.30 SP >= SP4
For information about how to activate the emergency user SAP*, see the SAP NetWeaver SAP Library documentation at http://help.sap.com/nw04.
Choose the desired language.
In the SAP Library, use the following path: "SAP Library -> SAP NetWeaver -> Security -> Identity Management -> User Management Engine -> UME User Administration -> Activating the Emergency User".
Log on to the Visual Administrator using the emergency user and unlock the Administrator user. Afterwards, deactivate the emergency user.
SAP J2EE Engine Release 6.30 SP <= SP3
Prior to SP4, you have to set up your own emergency administrator user. Also, because you cannot log on to the J2EE Engine as an administrator using the Visual Administrator, you have to use the Shell Console Administrator tool. Therefore, stop the SAP J2EE Engine and restart it in console mode. See the procedures below.
Stopping the SAP J2EE Engine
First you have to stop the SAP J2EE Engine. Under Windows, you can use the Microsoft Management Console for SAP Systems (SAPMMC). As an alternative or for UNIX systems, use the tool jcmon, which is located in the engine's /usr/sap/<SID>/sys/exe/run directory.
Note: You only need to stop a single server. You do not need to stop the dispatcher.
To stop the server using jcmon:
- 1. Start a shell or command prompt.
- 2. Switch to the directory /usr/sap/<SID>/<j2ee-instance>/j2ee/os_libs.
- 3. Execute the command
jcmon pf=../../../SYS/profile/<sid>_<j2ee-instance>_<host>
- 4. Enter 20 to start the local administration menu.
- 5. Enter 4 and then the process index number (not the PID) to stop the server.
Starting the SAP J2EE Engine in Console Mode
To start the server in console mode:
- 1. View the server's property file:/usr/sap/<SID>/<j2ee-instance>/j2ee/cluster/instance.properties
This file contains the server properties in the form <key>=<value>, whereby each key is prefixed with an indicator. For example, for the key ID169739450.MaxHeapSize=128, the prefix is ID169739450.
- 2. Search for the entry <prefix>.Type=server and note the prefix.
We refer to this indicator as <prefix-server> below.
- 3. Start a new shell or command prompt.
- 4. Switch to the directory /usr/sap/<SID>/<j2ee-instance>/j2ee/os_libs.
- 5. Set the library path to this directory.
For HP-UX, also set the environment variable LD_PRELOAD to the base name of the Java VM shared library. In this case, the name to use depends on your CPU type; use either "LD_PRELOAD=libjvm.sl" for PA-RISC or "LD_PRELOAD=libjvm.so" for HPIA64.
- 6. To start the server, execute the command:
jlaunch -file=../cluster/instance.properties -nodeName=<prefix-server> pf=../../../SYS/profile/<sid>_<j2ee-instance>_<host>-traceFile= <trace_file> -startMode=console
Enter the command in a single line. Note that the parameter pf does not have minus sign as a prefix. This is correct.
- 7. Wait until the server has started. (The prompt '>' appears.)
Create an Emergency User, Unlock Administrator, Delete Emergency User
- 1. Once the server is running, enter the following commands to create the emergency user and assign it to the administrators group:
add user
create_user emergency
password emergency <password>
group_user emergency administrators
- 2. Log on to the Visual Administrator as this emergency user.
- 3. Under <Cluster> > Server > Services > Security Provider, choose the "User Management" tab page. Unlock the user Administrator and provide a new password.
- 4. Log off from the Visual Administrator.
- 5. Log on as the user Administrator.
- 6. Delete the emergency user.
- 7. Log off from the Visual Administrator.
- 8. In the command prompt where the server is running, enter the command shutdown to shut down the server that you started in console mode.
- 9. In SAPMMC (or using jcmon), restart the server.
Result
The user Administrator can now log on to the J2EE Engine.
Affected Releases
|
nice post.
ReplyDeleteSAP Grc online training