SAP Heartbeat and Password Changing
You can enable Secret Server to perform heartbeats and change passwords on SAP accounts by doing the following:
-
Create a new privileged SAP account administrator secret, typically for the SAP or DDIC account which is used to log into SAP for administrative tasks.
-
Select the SAP Account template and enter all required information to create the new SAP account administrator secret. By default, the Instance Number will be 00 and the Client Number will be 001.
The default System ID for SAP is NSP. -
Create the account you are planning to change. Follow the same method as before and enter the current account password in the Password field.
-
In your new SAP account administrator secret, set the privileged account in the Remote Password Changing tab.
Installing SAP .Net Connector
- Navigate to
service.sap.com/connectors
. - Type your credentials for the SAP Marketplace.
- Select SAP Connector for Microsoft .NET.
-
Download SAP .Net Connector 3.1 (located under NCo 3.1), choosing the appropriate bit mode for your application pool (64-bit mode for most customers):
- Install the downloaded file.
-
Copy the
sapnco.dll
andsapnco_utils.dll
files into thebin
folder of your web application.For a distributed engine, add these files to the installation folder. Please see How to create an ignore file for Distributed Engine upgrades for details. - Recycle the application pool. Once these steps are complete, heartbeats and password changing should work.
If performing a heartbeat on a SAP secret fails, throwing the Exception: PASSWORD_EXPIRED
error, it likely means an administrator has reset the SAP account's password, and the account must log in and change its own password in SAP.