locked
Knowledge Bit: Password Synchronizing with SAP R/3 occasionally fails. RRS feed

  • General discussion

  • Occasionally SAP refuses a password change via a RFC call using the BAPI "SUSR_USER_CHANGE_PASSWORD_RFC".
     
    BAPI returns "PASSWORD NOT ALLOWED" error with some additional info. Look at the extract from the tracing file on the ILM server generated by the calling software (SAP Connector).

    See http://social.technet.microsoft.com/wiki/contents/articles/setting-trace-for-erpma.aspx how to enable tracing.

    Look at the added error code 310039003300 or 193: "Please choose a password that is different from your last 5"

    Solution: Make sure that the authoritative source has an adequate password history requirement. 

    Tracing file extracts:

    *****************
    > RfcCall
      FUNCTION SUSR_USER_CHANGE_PASSWORD_RFC
            handle = 19
            parameter[0].name = BNAME
            parameter[0].nlen = 5
            parameter[0].addr = 055AA068
            parameter[0].leng = 24
            parameter[0].type = RFCTYPE_CHAR

            parameter[1].name = NEW_BCODE
            parameter[1].nlen = 9
            parameter[1].addr = 055F0820
            parameter[1].leng = 8
            parameter[1].type = RFCTYPE_BYTE

            parameter[2].name = NEW_CODVN
            parameter[2].nlen = 9
            parameter[2].addr = 000EACE0
            parameter[2].leng = 2
            parameter[2].type = RFCTYPE_CHAR

            parameter[3].name = NEW_PASSWORD
            parameter[3].nlen = 12
            parameter[3].addr = 05515DD0
            parameter[3].leng = 80
            parameter[3].type = RFCTYPE_CHAR

            parameter[4].name = PASSWORD
            parameter[4].nlen = 8
            parameter[4].addr = 0012FC98
            parameter[4].leng = 80
            parameter[4].type = RFCTYPE_CHAR

            parameter[5].name = USE_BAPI_RETURN
            parameter[5].nlen = 15
            parameter[5].addr = 0CAEB818
            parameter[5].leng = 1
            parameter[5].type = RFCTYPE_INT1

            parameter[6].name = USE_NEW_EXCEPTION
            parameter[6].nlen = 17
            parameter[6].addr = 00161798
            parameter[6].leng = 1
            parameter[6].type = RFCTYPE_INT1

    ***************
    000000 | 05000000 05000415 00043000 30000415 |..........0.0...|
    000010 | 04160002 45000416 04170006 31003900 |....E.......1.9.|
    000020 | 33000417 04110002 35000411 04010028 |3.......5......(|
    000030 | 50004100 53005300 57004F00 52004400 |P.A.S.S.W.O.R.D.|
    000040 | 5F004E00 4F005400 5F004100 4C004C00 |_.N.O.T._.A.L.L.|
    000050 | 4F005700 45004400 0401FFFF 0000FFFF    |O.W.E.D.........|
    ***************


    Philippe

    Thursday, September 16, 2010 9:07 AM