Client 066 still exists in the latest SAP versions like SAP Netweaver 7.3 and according to the online documentation it is used for EarlyWatch functions.
Isn’t EarlyWatch functionality in Solution Manager? Yes you can create EarlyWatch alert reports in Solution Manager. Since SAP Solution Manager has become obligated and every customer should have it running you can ask the question, do you still need standard client 066? I sought out an answer to this question through a customer message.
As with all auditing lots of questions are raised, among those questions, what do you do in client 066 in SAP? The answer: “Nothing”. “It’s a standard client so you shouldn’t delete it” can also be part of the answer. “It’s used by SAP is special circumstances” is another valid answer.
The EARLYWATCH user comes with a standard password SUPPORT. This is flagged in multiple services as a security risk because the password is available in the online documentation and it means anyone could use the user/pass combination to logon to client 066.
Changing the password is normally very easy as you logon with the EARLYWATCH user and change the password through transaction SU01. But sometimes you bump into a SAP system where the number ranges where not maintained properly and you cannot change the password, you take SAP* but you don’t have enough authorization to maintain the number range either and then you have to go the creative way and do some magic to get the standard password changed.
Intension of raising questions
I’ve written about customer interaction before in my blog on expensive SQL statements which wasn’t the greatest experience I had so far. However, it’s not my intention to have criticism on everything.
I notice things and I’m looking for possible improvements and yes I do ask questions and yes some might not be flattering but it comes out of love for SAP, not hate.
It is always easier to raise questions than to actually do something about it so wherever possible I also try to propose an alternative or provide a solution myself with the purpose of doing something with it and not only raising the questions.
Writing to a friend
In my customer message I asked if there is a more efficient, easier way to change the EARLYWATCH user’s password since I bumped into the number range issue and all. It wasn’t urgent so I created a low priority customer message. After the first answer however, I raised the question “Do we still need client 066?”
The answer I received was not really convincing. I told support that I haven’t seen any activity what so ever in the past four years (give or take my whole career up till now) so I requested support to escalate further and seek confirmation within SAP. I mean I wanted to have a clear answer. You shouldn’t delete it isn’t a clear answer for me. I want to know why I shouldn’t delete it. The documentation sais you shouldn’t delete it, I know.
The answer I received was from Paul Babier. If the name doesn’t ring a bell you can take a look on the forum. His first three lines of his response set the tone for the further conversation. I have sent this blog to Paul and requested his consent that I could post his first three lines:
It’s nice to see a message from you, as I have seen your contributions
in SDN forums, I feel as if I almost know you.”
Let me share a part my response also:
The same counts for me.
I have seen many of your contributions on SDN, well written and containing valuable information like
your answer to this customer message.”
This feels like writing to a friend. I have seen his answers and I believe he does a great job on SDN and doing his job. The answer in the customer message was exactly the kind of information I wanted to receive.
Get involved in the community
Do I need to create more propaganda for community members to be active on SCN? Yes! The connection we have by being active contributors on SCN changed the conversation. Instead of writing a few lines I suddenly wrote back half a blog.
Either you are still reading which is great or you skipped the entire great story but here comes the answer to the question.
The client 066 is used by SAP in case an EarlyWatch service has to be delivered and SAP Solution Manager is not available. Removing the client means you cannot get a performance/monitoring based report of your managed system in case an issue would arrive and SAP Solution Manager isn’t available.
The question then becomes, is that an issue? It’s not in my opinion. A SAP System (Netweaver, Basis whatever you fancy) Administration should be able to get that data out of the SAP system. Another argument is that Solution Manager wasn’t obligated in the past but it is today. You need it for your system administrators so they can perform their job. The only time it will not be up and running is when it’s in a downtime phase during a downtime minimized support package stack update.
While the client might have been useful some years ago when Solution Manager wasn’t obligated and available everywhere, for me client 066 is no longer needed and could be cleaned up. I will give the recommendation here to leave out client 066 in future SAP system installations and that it is not an issue to delete it in existing SAP installations.
SAP should think about removing the client in future SAP products unless it really still does serve some purpose but I doubt it strongly.
I believe client 066 did serve a purpose some years ago but now it’s one of those things that is lying around. On my attic there are lots of things I should throw away but for some reason they are still there.
The client 066 isn’t large at all, it’s very small and doesn’t take much space in the database. Deleting the client will create a little bit free space in the database but don’t expect anything huge. It will get rid of the auditing questions on client 066 of course and you wouldn’t have to maintain security settings for the client either.
For more information on the technical aspects of client deletion and reorganization I can recommend you read Client deletion & reorganization (other posts will also exist which can help you out on a technical level)
There is also a SAP note with information on client 066 and steps to reconstruct it in case it would no longer exist and would be needed.
After deleting client 066 I ran a new Earlywatch Alert report to check if any errors would be flagged but no errors were found in the report.