Netweaver AS Java 管理密码重置方法
我的环境是Netweaver2004s sp6, 使用纯java source。 由于被多次输错密码(6次),管理用户Administrator被lock住了。经过实验,用下面步骤解决了:
1. 用configtool启用SAP*用户:
默认情况下,这个用户是被disable了的,我们需要用configtool去enable它。启动configtool:
cluster-data---->instance_ID######---->server_ID######---->services---->com.sap.security.core.ume.service
在 右边的Global properties里找到ume.superadmin.activated,把它set成TRUE,再修改 ume.superadmin.password的属性值改密码,改完之后保存然后重启AS Java Engin(只需要在sap console里重启server0)(注意:SAP*用户被启用后,其他所有用户都会被lock住)
2. 用VA重新enable Administrator并修改密码:
启动Visual Administrator,用刚刚enable的sap*用户和刚设置的密码登陆VA。
Cluster---->ID---->Server 0 #### ---->Services----> Security Provider
选右边Runtime tab里的User Management, 在Users里面Search出所有用户,选中Administrator用户,切换到编辑模式(点一下tab页面上面的铅笔按钮),unlock这个用户,在下面修改密码之后退出VA.
3. 用configtool停用sap*用户:
sap*用户启用时,其他用户都无法登陆系统。按照步骤一把ume.superadmin.activated属性改成false后重启AS Java,至此Administrator用户又可以正常的登陆进系统了。
------------------------------------------------------------------------------------------------
以下是sap的官方帮助,其他版本的密码重置可以参考:
The administrator user cannot log on to the J2EE Engine using the Visual Administrator.
Other terms
SAP J2EE Engine, users, administrator, SDM, password
Reason and Prerequisites
The administrator user cannot log on to the J2EE Engine because it has been locked, for example, due to numerous unsuccessful logon attempts. If you have not yet created any additional administrator user(s), then you cannot log on to the J2EE Engine to perform administrative tasks.
Solution
To correct this situation, you have to use an emergency user. The corresponding emergency user depends on the installtion:
If you use the User Management Engine (UME) with an AS ABAP as the data source, then log on to the corresponding AS ABAP system and unlock the administrator user (default user ID: J2EE_ADMIN) using the user maintenance transaction SU01.
As of SAP NetWeaver '04 (J2EE Engine Release 6.30 SP 4), the emergency user is pre- defined as SAP*.
Prior to SP4, you have to set up your own emergency user.
The procedures according to each release / SP level are described below.
SAP NetWeaver 2004s
For information about how to activate the emergency user SAP*, see the SAP NetWeaver SAP Library documentation at http://help.sap.com/nw2004s. Choose the desired language. In the SAP Library, use the following path: "SAP Library -> SAP NetWeaver Library -> SAP NetWeaver by Key Capability -> Security -> Identity Management -> User Management Engine -> Troubleshooting -> Activating the Emergency User". Log on to the Visual Administrator using the emergency user and unlock the Administrator user. Afterwards, deactivate the emergency user.
SAP NetWeaver '04 / SAP J2EE Engine Release 6.30 SP >= SP4
For information about how to activate the emergency user SAP*, see the SAP NetWeaver SAP Library documentation at http://help.sap.com/nw04. Choose the desired language. In the SAP Library, use the following path: "SAP Library -> SAP NetWeaver -> Security -> Identity Management -> User Management Engine -> UME User Administration -> Activating the Emergency User". Log on to the Visual Administrator using the emergency user and unlock the Administrator user. Afterwards, deactivate the emergency user.
SAP J2EE Engine Release 6.30 SP <= SP3
Prior to SP4, you have to set up your own emergency administrator user. Also, because you cannot log on to the J2EE Engine as an administrator using the Visual Administrator, you have to use the Shell Console Administrator tool. Therefore, stop the SAP J2EE Engine and restart it in console mode. See the procedures below.
Stopping the SAP J2EE Engine
First you have to stop the SAP J2EE Engine. Under Windows, you can use the Microsoft Management Console for SAP Systems (SAPMMC). As an alternative or for UNIX systems, use the tool jcmon, which is located in the engine's /usr/sap/<SID>/sys/exe/run directory. Note: You only need to stop a single server. You do not need to stop the dispatcher. To stop the server using jcmon:
1. Start a shell or command prompt.
2. Switch to the directory /usr/sap/<SID>/<j2ee-instance>/j2ee/os_libs.
3. Execute the command jcmon pf=../../../SYS/profile/<sid>_<j2ee-instance>_<host >
4. Enter 20 to start the local administration menu.
5. Enter 4 and then the process index number (not the PID) to stop the server.
Starting the SAP J2EE Engine in Console Mode
To start the server in console mode:
1. View the server's property file: /usr/sap/<SID>/<j2ee-instance>/j2ee/cluster/instan ce.properties This file contains the server properties in the form <key>=<value>, whereby each key is prefixed with an indicator. For example, for the key ID169739450.MaxHeapSize 8, the prefix isID169739450.
2. Search for the entry <prefix>.Type=server and note the prefix. We refer to this indicator as <prefix-server> below.
3. Start a new shell or command prompt.
4. Switch to the directory /usr/sap/<SID>/<j2ee-instance>/j2ee/os_libs.
5. Set the library path to this directory.
The name of the environment variable to use depends on your operating system (LD_LIBRARY_PATH for most UNIX systems,SHLIB_PATH for HP-UX, LIBPATH for AIX, PATH for Windows). You can find the name and value to use in the developer trace file /usr/sap/<SID>/<j2ee-instance>/work/dev_jcontrol; search for "lib path" for the node for <prefix-server>.
For HP-UX, also set the environment variable LD_PRELOAD to the base name of the Java VM shared library. In this case, the name to use depends on your CPU type; use either "LD_PRELOAD=libjvm.sl" for PA-RISC or "LD_PRELOAD=libjvm.so" for HPIA64.
6. To start the server, execute the command: jlaunch -file=../cluster/instance.properties -nodeName=<prefix-server> pf=../../../SYS/profile/<sid>_<j2ee-instance>_<host >-traceFile= <trace_file> -startMode=console Enter the command in a single line. Note that the parameter pf does not have minus sign as a prefix. This is correct.
7. Wait until the server has started. (The prompt '>' appears.)
Create an Emergency User, Unlock Administrator, Delete Emergency User
1. Once the server is running, enter the following commands to create the emergency user and assign it to the administrators group: add user create_user emergency password emergency <password> group_user emergency administrators
2. Log on to the Visual Administrator as this emergency user.
3. Under <Cluster> > Server > Services > Security Provider , choose the "User Management" tab page. Unlock the user Administrator and provide a new password.
4. Log off from the Visual Administrator.
5. Log on as the user Administrator.
6. Delete the emergency user.
7. Log off from the Visual Administrator.
8. In the command prompt where the server is running, enter the command shutdown to shut down the server that you started in console mode.
9. In SAPMMC (or using jcmon), restart the server.
Result
The user Administrator can now log on to the J2EE Engine.
Header Data
Release Status:
Released for Customer
Released on:
29.11.2006 13:26:52
Priority:
Recommendations/additional info
Category:
Consulting
Primary Component:
BC-JAS-SEC Security, User Management
Secondary Components:
BC-CTS-SDM Software Delivery Manager for Java
Releases
Software Component
Release
From Release
To Release
And subsequent
SAP-JEE
60
6.40
6.40
Related Notes
997810 - Troubleshooting Common SDM 6.40/04s Issues 728075 - EP 6.0: Unable to access logon page 715371 - SAP J2EE - Composite SAP note on security Basis 6.30/6.40 713210 - Restrictive ACL settings can block access to portal 2383 - Documentation: description of "super user" SAP*
1. 用configtool启用SAP*用户:
默认情况下,这个用户是被disable了的,我们需要用configtool去enable它。启动configtool:
cluster-data---->instance_ID######---->server_ID######---->services---->com.sap.security.core.ume.service
在 右边的Global properties里找到ume.superadmin.activated,把它set成TRUE,再修改 ume.superadmin.password的属性值改密码,改完之后保存然后重启AS Java Engin(只需要在sap console里重启server0)(注意:SAP*用户被启用后,其他所有用户都会被lock住)
2. 用VA重新enable Administrator并修改密码:
启动Visual Administrator,用刚刚enable的sap*用户和刚设置的密码登陆VA。
Cluster---->ID---->Server 0 #### ---->Services----> Security Provider
选右边Runtime tab里的User Management, 在Users里面Search出所有用户,选中Administrator用户,切换到编辑模式(点一下tab页面上面的铅笔按钮),unlock这个用户,在下面修改密码之后退出VA.
3. 用configtool停用sap*用户:
sap*用户启用时,其他用户都无法登陆系统。按照步骤一把ume.superadmin.activated属性改成false后重启AS Java,至此Administrator用户又可以正常的登陆进系统了。
------------------------------------------------------------------------------------------------
以下是sap的官方帮助,其他版本的密码重置可以参考:
The administrator user cannot log on to the J2EE Engine using the Visual Administrator.
Other terms
SAP J2EE Engine, users, administrator, SDM, password
Reason and Prerequisites
The administrator user cannot log on to the J2EE Engine because it has been locked, for example, due to numerous unsuccessful logon attempts. If you have not yet created any additional administrator user(s), then you cannot log on to the J2EE Engine to perform administrative tasks.
Solution
To correct this situation, you have to use an emergency user. The corresponding emergency user depends on the installtion:
If you use the User Management Engine (UME) with an AS ABAP as the data source, then log on to the corresponding AS ABAP system and unlock the administrator user (default user ID: J2EE_ADMIN) using the user maintenance transaction SU01.
As of SAP NetWeaver '04 (J2EE Engine Release 6.30 SP 4), the emergency user is pre- defined as SAP*.
Prior to SP4, you have to set up your own emergency user.
The procedures according to each release / SP level are described below.
SAP NetWeaver 2004s
For information about how to activate the emergency user SAP*, see the SAP NetWeaver SAP Library documentation at http://help.sap.com/nw2004s. Choose the desired language. In the SAP Library, use the following path: "SAP Library -> SAP NetWeaver Library -> SAP NetWeaver by Key Capability -> Security -> Identity Management -> User Management Engine -> Troubleshooting -> Activating the Emergency User". Log on to the Visual Administrator using the emergency user and unlock the Administrator user. Afterwards, deactivate the emergency user.
SAP NetWeaver '04 / SAP J2EE Engine Release 6.30 SP >= SP4
For information about how to activate the emergency user SAP*, see the SAP NetWeaver SAP Library documentation at http://help.sap.com/nw04. Choose the desired language. In the SAP Library, use the following path: "SAP Library -> SAP NetWeaver -> Security -> Identity Management -> User Management Engine -> UME User Administration -> Activating the Emergency User". Log on to the Visual Administrator using the emergency user and unlock the Administrator user. Afterwards, deactivate the emergency user.
SAP J2EE Engine Release 6.30 SP <= SP3
Prior to SP4, you have to set up your own emergency administrator user. Also, because you cannot log on to the J2EE Engine as an administrator using the Visual Administrator, you have to use the Shell Console Administrator tool. Therefore, stop the SAP J2EE Engine and restart it in console mode. See the procedures below.
Stopping the SAP J2EE Engine
First you have to stop the SAP J2EE Engine. Under Windows, you can use the Microsoft Management Console for SAP Systems (SAPMMC). As an alternative or for UNIX systems, use the tool jcmon, which is located in the engine's /usr/sap/<SID>/sys/exe/run directory. Note: You only need to stop a single server. You do not need to stop the dispatcher. To stop the server using jcmon:
1. Start a shell or command prompt.
2. Switch to the directory /usr/sap/<SID>/<j2ee-instance>/j2ee/os_libs.
3. Execute the command jcmon pf=../../../SYS/profile/<sid>_<j2ee-instance>_<host >
4. Enter 20 to start the local administration menu.
5. Enter 4 and then the process index number (not the PID) to stop the server.
Starting the SAP J2EE Engine in Console Mode
To start the server in console mode:
1. View the server's property file: /usr/sap/<SID>/<j2ee-instance>/j2ee/cluster/instan ce.properties This file contains the server properties in the form <key>=<value>, whereby each key is prefixed with an indicator. For example, for the key ID169739450.MaxHeapSize 8, the prefix isID169739450.
2. Search for the entry <prefix>.Type=server and note the prefix. We refer to this indicator as <prefix-server> below.
3. Start a new shell or command prompt.
4. Switch to the directory /usr/sap/<SID>/<j2ee-instance>/j2ee/os_libs.
5. Set the library path to this directory.
The name of the environment variable to use depends on your operating system (LD_LIBRARY_PATH for most UNIX systems,SHLIB_PATH for HP-UX, LIBPATH for AIX, PATH for Windows). You can find the name and value to use in the developer trace file /usr/sap/<SID>/<j2ee-instance>/work/dev_jcontrol; search for "lib path" for the node for <prefix-server>.
For HP-UX, also set the environment variable LD_PRELOAD to the base name of the Java VM shared library. In this case, the name to use depends on your CPU type; use either "LD_PRELOAD=libjvm.sl" for PA-RISC or "LD_PRELOAD=libjvm.so" for HPIA64.
6. To start the server, execute the command: jlaunch -file=../cluster/instance.properties -nodeName=<prefix-server> pf=../../../SYS/profile/<sid>_<j2ee-instance>_<host >-traceFile= <trace_file> -startMode=console Enter the command in a single line. Note that the parameter pf does not have minus sign as a prefix. This is correct.
7. Wait until the server has started. (The prompt '>' appears.)
Create an Emergency User, Unlock Administrator, Delete Emergency User
1. Once the server is running, enter the following commands to create the emergency user and assign it to the administrators group: add user create_user emergency password emergency <password> group_user emergency administrators
2. Log on to the Visual Administrator as this emergency user.
3. Under <Cluster> > Server > Services > Security Provider , choose the "User Management" tab page. Unlock the user Administrator and provide a new password.
4. Log off from the Visual Administrator.
5. Log on as the user Administrator.
6. Delete the emergency user.
7. Log off from the Visual Administrator.
8. In the command prompt where the server is running, enter the command shutdown to shut down the server that you started in console mode.
9. In SAPMMC (or using jcmon), restart the server.
Result
The user Administrator can now log on to the J2EE Engine.
Header Data
Release Status:
Released for Customer
Released on:
29.11.2006 13:26:52
Priority:
Recommendations/additional info
Category:
Consulting
Primary Component:
BC-JAS-SEC Security, User Management
Secondary Components:
BC-CTS-SDM Software Delivery Manager for Java
Releases
Software Component
Release
From Release
To Release
And subsequent
SAP-JEE
60
6.40
6.40
Related Notes
997810 - Troubleshooting Common SDM 6.40/04s Issues 728075 - EP 6.0: Unable to access logon page 715371 - SAP J2EE - Composite SAP note on security Basis 6.30/6.40 713210 - Restrictive ACL settings can block access to portal 2383 - Documentation: description of "super user" SAP*