Skip to Content
Technical Articles
Author's profile photo Ning Tong

HANA SYSTEM user can be locked for too many failed logon attempts (starting with Rev.102)

Today, I face a problem regarding to invalid username and password for DB system user whereas the password was never changed or forgot (not sure if somebody has input a wrong password several times before).

Background Information: Our HANA version: SPS 10 Rev.102.02

As I check with SAP HANA Administration Guide of SPS 10, it mentions that the SYSTEM user will not be locked regardless of the number of failed logon attempts in Number of Allowed Failed Logon Attempts. However, the user information page shows a warning like that the system user with status: suspicious Too many invalid connect attempts.

At that time, I had no idea about how to fix this situation but to try ALTER USER SYSTEM RESET CONNECT ATTEMPTS. The warning information of system user disappears and I successfully logon the system with the known password of user SYSTEM šŸ˜• .

I take sometimes to search note regarding to the password of user SYSTEM, then get the following noteĀ  2251556 – SAP HANA SYSTEM user can now be locked for too many failed logon attempts and 2216869 – Security improvement of HANA authentication

Starting from SAP HANA Revision 102, the SYSTEM user can be locked if logon attempts fail for too many times, just like the other database users. 😄

Solution:

1. ALTER USER SYSTEM RESET CONNECT ATTEMPTS (create a backup user with the “USER ADMIN” system privilege before)

2. Set parameter password_lock_for_system_user to false (Not recommended)

Hopes this blog will help to fix this kind of password problem.

Regards,

Ning Tong

Assigned Tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo MUTHU KUMARAN
      MUTHU KUMARAN

      Hi Ā Ning Tong,

      Thanks for the nice blog.

      I have another user which doesn't have user admin privilege.

      My SYSTEM user is locked now, I didn't set the parameter to false.

      Can you give any suggestions on this scenario?

      Thanks & Regards,

      Muthu.

      Author's profile photo Ning Tong
      Ning Tong
      Blog Post Author

      Please temporarily change parameterĀ password_lock_for_system_userā€ value as ā€œfalseā€ using another user with proper authorization.

      Author's profile photo Devender Bhatt
      Devender Bhatt

      Run the hdbenv.sh file and then execute the command hdbnameserver -resetUserSystem

       

      Author's profile photo SAP Basis Support
      SAP Basis Support

      my senario is this is a tenant DB. i have access to master DB. is it possible to unlock system user of tenant db using the master db system user?

      Author's profile photo Ning Tong
      Ning Tong
      Blog Post Author

      Two possible methods:

      1.Ā login to the TENANT database with other user ID which having the USER ADMIN privilege. Go to Security > Users > change the password.

      2.Ā Reset the SYSTEM User Password of a Tenant DatabaseĀ as per NoteĀ 2274157 – How to Reset System User Password for Tenant Database – SAP HANA

      Author's profile photo Luis Benavides Andrade
      Luis Benavides Andrade

      Dear Tong,

       

      Many thanks for sharing your knowledge, was very helpful for me and save me time to solve it.

      I very grateful šŸ™‚

       

      Luis Benavides Andrade

      Author's profile photo Gabriela Lopez Leon
      Gabriela Lopez Leon

      Hello hope everyone is fine

       

      after using

      RESET CONNECT ATTEMPTS
      
      the count never goes down nor change...
      
      
      for example before running the reset the user has 1308 invalid attempts, after running the RESET CONNECT ATTEMPTS, it keeps with 1308 
      
      Kind Regards
      Gabriela