Skip to Content

You find the same information in note 1749142 – How to remove unused clients including client 001 and 066

Introduction

You have to secure any client even if it is not used. This includes the security settings of standard users like SAP* or DDIC or EARLYWATCH which might still have well-known standard passwords as well as the security of any other (powerful) users.

Because of this you can reduce maintenance effort and increase the security of a system if you remove unused clients.

Client 001 is a copy of client 000 which was created during installation of the system which might have happened years ago. This client could have been used to become the productive client. However, if you have decided to use other clients as productive clients but not client 001, then you can safely remove the client 001.

Keep in mind, that a SAP Solution Manager System or a SAP Business Warehouse system usually uses client 001 as a productive client.

Client 066 is a client which was created during installation of the system (applicable for all SAP systems based on SAP NetWeaver 7.40 and below), which might have happened years ago. This client had been used to deliver services by SAP Active Global Support. This client is not used anymore, therefore you can safely remove the client 066. (Note 7312 shows some more information about this client and how to (re)-create it in case you want to get it back after deleting it.) SAP NetWeaver 7.40 is the last release delivering the client 066 with the installation or upgrade.

Caution: You must to NOT re-create this client as customer client in order to ensure smooth change control and maintenance processes in your SAP system.

This blog explains how to delete unused clients including client 001 (if not used) or 066 (which is not used anymore).

Prerequisites

It might be necessary to set profile parameter login/no_automatic_user_sapstar = 0 to be able to logon using built-in user SAP*.

You might need to implement note 2284180 to change the role of client 066 to TEST.

Caution:

Prior to deleting a client – especially in case of client 001 – SAP recommends checking if there are in fact no active users in the client. You can use report RSUSR200 of the User Information System (transaction SUIM) or the Workload Statistics (transaction ST03N) to check if there have happened some activities of users. Within ST03N you can use the Analysis View “Settlement Statistics” to inspect which clients had been used and which users have been used these clients.

You can lock all users (except one user of course) for some time before delete the client.

In addition you should check if no background job is scheduled within this client. You can easily check this using transaction SE16 for table TBTCO or view V_OP with a selection for the client using selection field AUTHCKMAN.

By the way: Getting the user name which executes a job step is more difficult: This information is stored in another table TBTCP in field AUTHCKNAM. To get client and user together you need to join both tables TBTCO (containing the client) and TBTCP (containing the user).

Finally you have to ensure that the client is not classified as “productive”. Use transaction SCC4 to check and maintain the client role.

If you are going to delete a client which had been used productively formerly then you should check note 934593 which describes how to delete all objects of a client from TemSe (this part is not covered by transaction SCC5).

Do it

You can remove a complete client using transaction SCC5. You have to logon to the client which you plan to delete. On the selection screen of SCC5 activate the option to remove the entry in table T000! Use the background mode to delete a large client like client 001. (This is not required for the small client 066.) The transaction offers a test-run mode, too.

To monitor the progress of the client deletion, use transaction SCC3.

Finally you should check using transaction SCC4 that there is no entry for the client in table T000 anymore and you should submit report RSUSR003 to check if no access to this client using standard user SAP* is possible anymore.

References

The notes 70643, and 365304 (which is quite useful if you delete a large client) and 446485 (which is about copying clients but gives recommendations for deletion as well) describe some more details about the client deletion process. Note 31496 describes options to recover a deleted client.

Online Help – Deleting Clients

http://help.sap.com/saphelp_nw70ehp3/helpdata/en/4d/7cdfbc19a00f88e10000000a42189b/frameset.htm

Known issues:

Specific versions of the upgrade tools check for the existence of client 066 and stop the upgrade if this client does not exist. In this case simply create the entry for client 066 in table T000 using transaction SCC4 again, restart the upgrade and remove the entry after the upgrade again.

See KBA Note 1874687 Error in SUM phase EWIMPORT_UPG

Software Update Manager 1.0 SP13 will not request for a client 066 any more.

Post Processing

Set profile parameter login/no_automatic_user_sapstar = 1 for all application servers to block built-in user SAP*.

Consider to reorganize the database if you have deleted a large client. Search for notes about ‘reorganization’ within the application component of your database (e.g. BC-DB-DB*, BC-DB-HDB, BC-DB-INF, BC-DB-MSS, BC-DB-ORA, BC-DB-SDB).

Here are some references for Oracle:

To report this post you need to login first.

27 Comments

You must be Logged on to comment or reply to a post.

  1. Julius von dem Bussche

    Thank you Frank! I know many customers who want to do this as it makes sense, but are not sure about side affects such as hardcoding or secret ways to open changeability etc.

    Is it known which upgrade versions might still check for the existence of 066? What was the logic behind that?

    Cheers,

    Julius

    (0) 
  2. Thomas Kallakowsky

    Interesting. What is missing is a reference of a note that describes when a delete of client 66 is allowed and when not. The referenced notes 7312,70643, 365304 and 31496 focus on different topics. From the validity of the noted (7.1 and below) one could assume the version to be 7.20 and above, but I think that would be to easy because of the dependency with the Solman.

    (0) 
    1. Frank Buchholz Post author

      I don’t know about any usage of client 066 anymore – and this is independant from any release. Nowadays this client not used for the EarlyWatch Alert or any other service executed by SAP Active Global Support and it’s not used by any problem analyzing support activities. 

      (0) 
      1. Otto Gold

        Hi Frank,

        does that mean the new installations will not install 066 either? Or is it like that already? I don’t remember seeing many systems without 066 so far.

        Cheers Otto

        (0) 
        1. Frank Buchholz Post author

          Hi Otto,

          currently new installations still come with client 066. I hope, that we can omit it in the future.

          Kind regards

          Frank

          (0) 
  3. Bjoern Brencher

    Hi Frank! Thanks for providing these information by a SCN Blog! It’s a good reference that can be provided to SAP Customers how to deal with unused clients!

    (0) 
  4. Tomasz Rob

    Hi Frank!

    Thanks for very interesting post published in your SCN Blog.

    I have noticed recently that the status of the note 1749142: “How to remove unused clients including client 001 and 066” has been changed. I have got information from SAP that the note is still being verified. Do you have any idea when the note 1749142 will be officially released? 

    Regards,

    Tomasz

    (0) 
  5. Mary Jane Steele

    Great blog, but I am having an issue in that I cannot create a user in client 066, only Earlywatch & SAP* exists and neither has enough authorization power to create a user with SAP_ALL or to delete a client.  Any suggestions of a work around?

    (0) 
    1. Yves KERVADEC

      Hello

      Just use the kernel embedded SAP* account:

      Set instance parameter login/no_automatic_user_sapstar to 1

      Delete the SAP* account in client 066 at DB level

      delete from sapsr3.USR02 where BNAME=’SAP*’ and MANDT=’066′;

      commit;

      Restart SAP instance

      It is then possible to log in client 066 using SAP* with password PASS.

      Regards

      68048 Deactivating the automatic SAP* user

      (0) 
      1. Franz Lengel

        Dear Frank Buchholz,

        to set login/no_automatic_user_sapstar a downtime is necessary, or not ?

        Is there a possibility on database level to prepare a user to logon, without a downtime ?

        Thanks with regards, Franz

        (0) 
  6. Veeramalla V

    Hi Frank,

    Thanks for nice blog ,

    can we consider that sap documentation was not updated with recent changes ? because i can still see in the documentation  “Do not change or delete this client.”

    System and Client Settings – System Administration Assistant (BC-RRR) – SAP Library

    • 066: EarlyWatch client

    This client is purely a service client that enables SAP to access remotely the customer system with regard to analyzing errors and performance.

    Do not change or delete this client.

    //Veeramalla

    (0) 
  7. Savitha S

    Thanks Frank for the information. One of the managers in my previous project asked the Basis team why 066 was requried when we get all the Early watch reports from Solman. Your blog answers teh question!

    Regards,Savitha

    (0) 
  8. Herbert Heid

    Hello Frank,

    if we try to delete client 066 we get the error “Zielmandant ist produktiv und geschützt gegen Mandantenkopie”. In SCC4 the client is classified as “SAP Referenz”. If we try to change this we get the error “Mandant 66 darf nicht als Kundenmandant verwendet werden. (SV836)”. What are we doing wrong?

    Regards

    Herbert

    (0) 
    1. Mary Jane Steele

      Its been a while but here is the process I followed

      login/no_automatic_user_sapstar = 0
      Delete sap* from mandt 001 & 066 via SQL Plus
      Restart system
      Login to 001 & 066 with SAP* and run SCC5
      SM01 — Unlock SCC4 & SCC5
      SCC4 — Make client modifiable
      Run SCC5 from 001 & 006
      SM01 – Lock SCC4
      login/no_automatic_user_sapstar = 1
      Restart system
      (0) 
      1. Herbert Heid

        Thanks for the reply!

        Our problem is “SCC4 — Make client modifiable”. As it is not possible do delete a productive client we tried to change der client role vom “SAP reference” to any non productive role, but we get the error “Client 66 cannot be a customer client (Message No. SV836)”.

        Regards

        Herbert

        (0) 
        1. Mary Jane Steele

          Have you done this as SAP*?   I want to say that is what enabled me to change the settings.  In addition I also had to change the currency.   I want to say I got a warning but I was able to proceed.

          (0) 
          1. Herbert Heid

            We tried this as SAP* and as EARLYWATCH with the same result. We also changed the currency. We dont get warnings, we get errors.

            I will open an Incident on SAP Support Portal.

            Regards

            Herbert

            (0) 
            1. Bernhard Hochreiter

              Hello Herbert,
              strange, as it worked for a lot of customers with the Standard Client Settings…

              If you can Access table t000 you could Change field cccategory from S to T there for Client 066.
              Of course this is not supported by SAP, but as you want to delete the Client anyway…

              b.rgds, Bernhard

              (0) 
              1. Herbert Heid

                Hello Bernhard,

                our issue was solved by Note “2284180 – To change the 066 Client role to TEST”. After implementing the note it was possible to change der Client role and to delete the client 066.

                Best Regards

                Herbert

                (1) 

Leave a Reply