Reporting a Problem to SAP
When I tried to report a problem to SAP using http://service.sap.com/message url it provided 4 steps to follow:
Apply Support Packs To My SAP SYSTEM
Users Profiles and Password
Different methods to Lock or
unlock SAP users
When I tried to report a problem to SAP using http://service.sap.com/message url it provided 4 steps to follow:
1) Choose system
2) Prepare Solution Search
3) Find Solution
4) Enter Message
I could do the step 1
but dont know what to do at steps 2, 3 and 4.
SAP changed the customer
message screens so you now have to navigate through a search of the SAP Notes
before being able to create a message.
We usually search the
Notes extensively before we create a message, so we just enter a blank search
and then go on to create the message.
Follow the steps, It may
solve your problem:
1. Copy following url
into web browser : http://service.sap.com/message
It
will ask you for your OSS ID and password .
A Screen which contain a push Button Select System displayed
.
2. Push the Button
Select System .
It will open a sub screen in which there will be a
hierarchical structue which looks like
- <Your
SAP Customer Number >
-<SAP Installation number
for a specific product1 >
<radio Button><System SID1 for which you have registered a license>
<radio Button><System SID2 for which you have registered a license>
+<SAP Installation number for a specific product2 >
+<SAP Installation number
for a specific product3 >
Here + indicate
that you have a sub tree .
Specific product like
SAP R/3 T for Services , SCM , CRM , ERP etc
3. Select the system for
which you need to log a message
It will take you to message screen screen.
4. Select you domain for
problem for example Basis problem with Database where dataBASE IS oracle
then Message type will be BC-DB-ORA
* .
5 Select priority of Message
6 . Write Message and
send it to SAP
Apply Support Packs To My SAP SYSTEM
How can I apply
support packs to my 4.7 IDES SYSTEM?
SAP"- SAP R3 4.7EE,
DATABASE : ORACLE 8.1.7
OS : WINDOWS 2003 SERVER
What is the step by step procedure and how to apply in r/3?
You have various issues
with your setup:
- Oracle 8.1.7 is not
supported under Windows 2003
- Oracle 8.1.7 is out of maintenance since three years
During SP application
you will maybe run into problems that can't be
fixed since your installation is just too old and
unsupported.
As mentioned, it's true
that it won't get supported on Oracle 8. The best combination would be with 9i
Any How I have mentioned the steps below to apply for patches.
To Apply Support packs first up all you need to download the
patches. When you have the downloaded the file i.e.. (*.car ) patch file then
you can extract and apply it in two ways.
1. Go to command prompt through cmd (if you are using windows) and go to the folder where you have download these files ( could be in <drive>\downloaded folder\ ) type this command on command prompt without quotes "sapcar -xvf < filename>.sar". Now it will create a folder called EPS and a folder called IN inside EPS. Go to this folder and it will show two extracted files with extension " .att " and " .pat ". Copy this two files into yours trans\eps\in folder which could be something like <drive>\usr\sap\trans\eps\in folder.Then type spam on your session and navigate to Support Package\Load Package\From Application Server and it will ask for Path confirm it Say " YES"Select the patch imported and double click on it and then click on small truck Icon and it start Import.
2. Type Spam on session then navigate to Support Package\Load Package\From FrontEnd \ and Navigate to path where you have downloaded the *.SAR file of Support Pack.Now it will open a popup window and then click on decompress button ( It is front-End process for extracting or decompressing .sar file in .pat and .att extension ) After that click on Display-Define button on right hand side.) Select the BASIS or ABAP patch ( whichever you are applying *) what ever you are after and import it in queue. After that click on Small truck Icon in menu i.e.. (import Queue) and it Starts importing.
* Note :- Basis patch starts with KBxxxx.sar and Abap Patch start with KAxxxx.sar likewise.
* Note :- If you are applying all support pack it may ask you to increase your spam level (SUPPORT PACK MANAGER).
1. Go to command prompt through cmd (if you are using windows) and go to the folder where you have download these files ( could be in <drive>\downloaded folder\ ) type this command on command prompt without quotes "sapcar -xvf < filename>.sar". Now it will create a folder called EPS and a folder called IN inside EPS. Go to this folder and it will show two extracted files with extension " .att " and " .pat ". Copy this two files into yours trans\eps\in folder which could be something like <drive>\usr\sap\trans\eps\in folder.Then type spam on your session and navigate to Support Package\Load Package\From Application Server and it will ask for Path confirm it Say " YES"Select the patch imported and double click on it and then click on small truck Icon and it start Import.
2. Type Spam on session then navigate to Support Package\Load Package\From FrontEnd \ and Navigate to path where you have downloaded the *.SAR file of Support Pack.Now it will open a popup window and then click on decompress button ( It is front-End process for extracting or decompressing .sar file in .pat and .att extension ) After that click on Display-Define button on right hand side.) Select the BASIS or ABAP patch ( whichever you are applying *) what ever you are after and import it in queue. After that click on Small truck Icon in menu i.e.. (import Queue) and it Starts importing.
* Note :- Basis patch starts with KBxxxx.sar and Abap Patch start with KAxxxx.sar likewise.
* Note :- If you are applying all support pack it may ask you to increase your spam level (SUPPORT PACK MANAGER).
Users Profiles and Password
Different methods to Lock or
unlock SAP users
I want to lock all
the users in SAP during MTP. I know using SU10 we can do it. Any other
alternative ways to lock the users.
Is there a way in SAP
to unlock a locked user for a limited time, then automatically after x time set
the user back to lock status?
You can fill in
"valid from" and "valid until", but you cannot say from
Monday to Friday from 8 - 12:00 for part time workers.
Can we schedule to
lock all users?
If users get locked,
from SU01 you can unlock them.
Use SU10 to mass
lock/unlock the users.
Use address data or
authorisation data to get a list of users - select the ones you want and
click transfer.
Once this is done click
on lock or unlock.
You can also use
transaction code EWZ5 to mass lock/unlock the users
or
Execute program EWULKUSR
in SE38
or
Set a profile parameter
(login/failed_user_auto_unlock) to unlock at midnight the locked users.
or
Here's an ABAP code,
short and simple, isn't it?
REPORT zreusrlock.
DATA: time_limit TYPE
sy-datum.
DATA: days TYPE i VALUE 40.
time_limit = sy-datum -
days.
UPDATE usr02 SET uflag = 64 WHERE trdat < time_limit.
If you don't want to
specify the time in the program, you can use SE38 to schedule it as a daily
background job with the date and time.
or
Probably the easiest way
would be to write a sqlplus SQL script that sets all the UFLAG fields in table
USR02 to 64 EXCEPT for the BNAMEs you don't want locked. When you are done, you
can do the same again but change the UFLAG field to 0.
The SQL statement would
look like:
update SAPR3.USR02 set
UFLAG = 64 where MANDT = <client number> and BNAME != < don't lock
user 1>
AND BNAME != <don't lock user 2>;
You can replace != with
<> if you want. To run this from an OS command line, you would
type:
Unix/Oracle 8--->
sqlplus internal @<SQLpath+SQLname>
NT/Oracle 8.0---> plus80 internal @<SQLpath+SQLname>
NT/Oracle 8.1---> sqlplus internal @s<SQLpath+SQLname>
Unix/Oracle 9:--> sqlplus /nolog @<SQLpath+SQLname>
NT/Oracle 9-----> sqlplus /nolog @<SQLpath+SQLname>
In UNIX you can cron the
script to schedule it. In NT you can schedule it as a task.
or
This is another method
to UNLOCK ALL users.
Start Oracle Server
manager (I assume you are on Oracle)
connect internal
update sapr3.usr02 set uflag='0' where mandt='399';
When users are locked,
the uflag is set to 64.
Finish, just query to
check.
select bname, uflag from
sapr3.usr02 where mandt='399';
Please note that
unlocking users from low level (like Oracle sqlplus) should be used as last
resort. Frequent use of low level access may tempt you to use on other things.
Highly dangerous and your IS auditors will not be too happy.
Is there a way to set
a list of users that cannot be locked, even if we try to lock them manually,
and even if they fail connection ( wrong password )?
Increase this parameter
in SAP Instance profile:
login/fails_to_user_lock
= 6 (max is 99 wrong attempts, i.e, value 99). Currently you have a value of
3.
login/failed_user_auto_unlock
(for your midnight unlocking).
Ask users to remember
passwords!! If someone is deliberately login-in with different
username/password (thereby blocking legitimate access of that user), check
hostname from SM21.
This is considered as
DoS (Denial of Service).
Changing the default password for sap*
user
You are trying to change
the password for sap* user, however when you go into su01 and enter sap* as the
user name, the following message is displayed, user sap* does not exist.
You can delete the SAP*
user using ABAP code :-
Delete from usr02 where bname = 'SAP*' and mandt = '***';
Where '***' means your
client no.
Then login to your
client using password SAP* and password PASS
However, if you delete
it, then it will automatically created once again with password PASS
The userid, SAP*, is
delivered with SAP and is available in clients 000 and 001 after the initial
installation. In these 2 clients, the default password is 07061992 (which is,
by the way, the initial date when R/3 came into being...). It is given the
SAP_ALL user profile and is assigned to the Super user group. When I say it is
"delivered" with SAP, I mean that the userid resides in the SAP
database; there are actually rows in the user tables used to define userids.
If you delete the
userid, SAP*, from the database, SAP has this userid defined in its kernel (the
SAP executable code that sits at the operating system level, i.e.,
disp+work). When this situation exists, the password defined in the SAP
code for SAP* is PASS. This is necessary when you are performing client
copies for example, as the user information is copied at the end of the
process. You can sign into the client you are creating while a client copy is
processing using SAP* with password PASS (but you should have a good reason to
do this - don't change anything while it's running).
Anyway, if the SAP*
userid is missing, you can sign in to the client you want and simply define it
using transaction SU01 and, as I stated above, assign it to the SUPER user
group and give it the SAP_ALL profile. You define its initial password at
this point. If you've forgotten its password and don't have a userid with
sufficient authorization to create/change/delete userid,
then you can use the SQL statements to delete it from the database and then you
can use SAP* with PASS to sign back into the client you want to define it in
and recreate it.
There is also a profile
parameter which can override the use of SAP* with PASS to close this security
hole in SAP (login/no_automatic_user_sapstar). When this parameter is
defined either in your DEFAULT.PFL profile or the instance-specific profile and
is set to a value of '1', then the automatic use of SAP* is deactivated. The
only way to reactivate the kernel-defined SAP* userid at this point would be to
stop SAP, change this parameter to a value of 0 (zero), and then
restart SAP.
The default password for
SAP* is 06071992. (DDIC has 19920706)
0 comments:
Post a Comment