SAPJSF user gets frequently locked
In this blog we are going to discuss how to resolve the SAPJSF user getting locked issue due to incorrect logon attempts.
Before diving into this, i want to give a little bit of background to issue. I was facing this issue since May 2021. After checking and applying various SNOTE, the issue was not resolved. I am using Dual Stack ( ABAP + JAVA ) running on NetWeaver 7.4. I raised SAP OSS but the support was unable to resolve this issue and finally suggested the upgrade to NetWeaver 7.5. I was able to resolve this without the upgrade.
This issue occurs when SAPJSF password has been updated ( by a user or by system upgrade/implementation/change etc. ) .
In a dual stack system, this leads to failed attempts by SAPJSF user as the same SAPJSF password has not been updated at following places :
- ABAP SAP GUI
- OS application server ( Configtool )
- SAP NetWeaver portal ( JCO and RFC destinations )
To resolve this issue we have to update the same SAPJSF password at all the three locations mentioned above.
- Go to SU01 – Change and Update the SAPJSF password and save the changes.
- Login to the OS level of the java application server and follow the steps below:
- Login to your J2EE engine operating system. Open the Config Tool. Choose Global server configuration > services > com.sap.security.core.ume.service. Change the password on ume.r3.connection.master.passwd.
- The config tool located under /usr/sap/<SAP SID>/<Instance Dir.>/j2ee/configtool/configtool.bat or .sh *
3. Login to NetWeaver portal : Configuration > connectivity > destination. find : RFC destination UME Backend connection > logo data > edit > update SAPJSF password. (check first if user is SAPJSF).Then Go to SU01 > Unlock the SAPJSF user manually. Restart the Java instance from SAP MMC at OS level.
- Login to NetWeaver portal :Configuration > connectivity > JCO connector. You will find the list of running TCP/IP connection. Check logon data of each connection and if the USER is SAPJSF and then update the password. Then Go to SU01 > Unlock the SAPJSF user manually. Restart the Java instance from SAP MMC at OS level.
After following the above steps, I have resolved this issue.
In a dual stack system , Communication user SPAJSF is used for establishing the connection between ABAP and JAVA. In a single stack JAVA only system, this user is used for internal communication.
The same password should be maintained at the destination and user sheet, otherwise this will lead to SAPJSF user getting locked frequently.
I hope this blog is helpful to you. Please feel free to drop any questions and clarification if any.