system user ID

rixone

rixone

Active Member
We are using an AS/400 as our enterprise server. For some reason, our "system ID" is getting disabled on occasion which keeps anyone from using JDE. Have to re-enable this from the AS/400 side. We believe this is somehow being caused by users coming thru Citrix, but this is simply a guess on our part.

Has anyone experienced this? Is there a way to see how/why/who this is being disabled?

Thanks!
 
Haven't experienced this. Could someone be trying to logon to the account and reached the max signon attempts? Do a wrkusrprf and check the "Sign-on attempts not valid". Ours is 0.

Grant
 
I ran into this a couple times, after I went in and typed the password in for ALL my JDE users using the AS/400 user, it went away. So I can only think I mis-keyed it on one or more of the profiles.. I haven't seen it since.

Nick
 
I have a 'bad' system user password out there myself. We happen to use the same system user for all of our accounting groups, like 50 users. Where did you type in the new password? Did you delete and re-add the user security record? I didn't want to have to ask everyone to change their password again and am looking for a way not to. I tried using SQL and the password did not get updated, I guess since it's encrypted.
 
I don't think they mean the user's password. They are talking about the system password (P98OWSEC version ZJDE0001. Find the user, then double-click). This is the user/password that "connects" you to the AS400.
 
Correct! That is the system ID/pwd I am referring to. Somehow, this goes *DISABLED on the AS/400....causing total non-access to JDE. Seems to be happen with Citrix-access, but not positive. Just wish there was a way to see via a log at the moment it happens...
 
I understand that. But when I go to user security, highlight a user and
press Revise security, I do not have the option of updating the system user
password. So I would have to delete the user security and re-add it in
order to change the system user's password for that user. When I delete the
user security for that user, they will have to change their password.



Jean Driscoll
AS/400 Co-existent Xe 17.1, Update 4/A73Cum12
WWW.JDETips.com
 
Not sure if this work, but it might be a way to find out who is causing the problem. There is a bit of chasing that has to be done, but if it works for you great!!

1) On your AS400, use the DSPJRN command. Prompt it and only look for "PW" records. This will show you anybody who has attempted to log on with an invalid password.

2) Once you have that, go to One World. Using UTB look at the F9312 table. Search for SHTYP of "01". These are the sign on attempts for One World.

3) Match up the results of the two files (by time-of-day) and you might be able to determine who is causing the problem.
 
Yes I meant re-typing the system user on each of the profiles using that ID. This wasn't a big deal for us because we only had a few users at the time. But the above mentioned sounds like a great way to look up whats happeneing. That is a very good way to track down when it is being disabled.

Nick
 
You can see your journal under the journal section in the JDE.ini. Also you may be able to use qhst, and search for the message ID of a user being disabled, you can get that from QSYSOPR after one is disabled. (I dont' know it off the top of my head) If you need me to get you the MSGID to search for I can, just ask.

Nick
 
We use AUDJRN. I don't know if this is something that has to be set up ahead of time or not.
 
Nick---thanx for the help! I found the correct journal name and did a DSPJRN for it with PW types. Nothing.....but that may be possible since it appears only 2 days of info resides in the journal. I guessI will ahve to wait until this happens again to check on it....
 
I believe the message ID is: MSGID(CPF2234)

We are already monitoring that in QHST..
 
A couple of thoughts:

There is a form exit off P98OWSEC - Security History. If you QBE on Event
Status 02 it should give you the login failures. If everyone cannot log
in, at least you will see who was the first to fail.

Also, have you checked to be sure that the system user profile in both JDE
and on the AS/400 is not set to expire? Perhaps it was changed by someone if
you're not the only admin.





Xe, SP 19.1_E1, Update 6, ES=AS/400 V5R1, CO=AS/400, Thick & Citrix Clients
 
Keep us posted :) Don't thank me entirely, it was tgore's idea to look there :) Was a very good idea!! The audit journal can also be looked at if it is setup in the system value QAUDLVL

Display Audit Journal Entries (DSPAUDJRNE). That command will create a spool file for you to look at.

Nick
 
Okay....will do....and will look into that system-value as well.

This is embarassing to admit, but I wrote a program that will check to see if the system-ID is *disabled...if it is, it will re-enable it. Sleeps for about 3 minutes...and then runs. Hey...ya do wat ya gotta do!
 
heheh I think everyone has one or 100 of those types of things...

Nick
 
We use AUDJRN.

Tom Gore
Sara Lee Coffee & Tea
990 Supreme Drive
Bensenville, IL 60106
(630) 860-6140
[email protected]



AS400 820 V5R1, World, OW B7334 Xe SP21F1, CITRIX, HP9000 11.0, Mainframe MVT/VSE
 

Similar threads

E9.2 AS400 database and Linux Enterprise Server
Replies
3
Views
304
Kim Schmidt
WinPrice
E9.0 Turning off SQLPKGs
Replies
4
Views
1K
WinPrice
WinPrice
KoalaBaby
E9.2 How to Capture XDO BI Logs
Replies
0
Views
375
KoalaBaby
KoalaBaby
Will-i-am
E9.2 Unable to Upgrade Enterprise Server TR from 9.2.0.0 to 9.2.7.3
Replies
5
Views
855
TFZ
TFZ
E9.2 best way for user system management
Replies
1
Views
1K
markdcci
markdcci
Back
Top