SAP Job Fails with JCO_ERROR_LOGON_FAILURE: Password logon no longer possible
search cancel

SAP Job Fails with JCO_ERROR_LOGON_FAILURE: Password logon no longer possible

book

Article ID: 224744

calendar_today

Updated On:

Products

Workload Automation Agent ESP dSeries Workload Automation - Business Agents (dSeries) ESP dSeries Workload Automation - Scheduler (dSeries) ESP dSeries Workload Automation - System Agent (dSeries) ESP Workload Automation ESP dSeries Workload Automation Autosys Workload Automation

Issue/Introduction

When attempting to run an SAP job using a new SAP plug-in, the job fails and causes the SAP user ID to become locked in the target SAP system. The following error is observed in the agent logs:

Cmpc(1202) Status(Error) LStatus(Not Connected - Exception com.sap.conn.jco.JCoException: 103 JCO_ERROR_LOGON_FAILURE: Password logon no longer possible - too many failed attempts on xxx mshost xxxxxxxx) SetEnd

 

 

Environment

  • Workload Automation Agent for SAP (all versions)
  • SAP JCo (Java Connector)
  • SAP ERP / S4HANA

Cause

This issue is caused by the Agent attempting to authenticate with an incorrect or expired password, leading to SAP's security policy locking the account after multiple failed attempts. Common scenarios include:

  1. Stale Credentials: The password for the SAP user was changed in SAP but not updated in the agent's connection properties file.
  2. Encryption Mismatch: The password in the properties file was entered in plain text or encrypted with a key that does not match the current agent instance.
  3. User Override: A job is configured to run as a user different from the default user defined in the SAP properties file, and the credentials for that specific user are invalid or not properly defined in the scheduling manager (e.g., autosys_secure, on Autosys scheduler).

Resolution

  1. Unlock the User: Coordinate with your SAP Basis team to unlock the SAP user ID and reset the password if necessary.
  2. Encrypt the New Password: On the Agent host machine, use the password utility (e.g., 'password' or 'password.exe' located in the agent installation directory) to encrypt the new SAP password.
  3. Update Connection Properties: Locate the '.properties' file for the specific SAP system.
    • Update the 'jco.client.passwd' field with the newly encrypted string.
  4. Restart the Agent: Restart the Workload Automation Agent service to ensure the new properties are loaded into memory.
  5. Verify Job-Level Credentials (if applicable):
    • For AutoSys (AE): Ensure the user is defined in 'autosys_secure' with the correct password and that the machine/user mapping is accurate.
    • For dSeries: Ensure the SAP User object contains the updated credentials.

If the issue persists after updating the properties file, check if there are multiple '.properties' files pointing to the same SAP SID.

Additional Information

Encrypt a Password Using the Password Utility

 

Powered by Wolken Software