IBM Support

BMXAA7901E - You cannot log in at this time

Troubleshooting


Problem

No users can log into Maximo, even though it has started up correctly and crontasks are running. The user trying to log in is an active LDAP user but does not have a MAXUSER record.

Symptom

Message displayed to user is BMXAA7901E: You cannot log in at this time. Please contact your system administrator or You cannot log in at this time. Please contact the system administrator


The SystemOut.log will show

00000068 SystemErr R Caused by: com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for /UNAUTHENTICATED while invoking (Bean)MAXIMO#mboejb.jar#accesstokenprovider getAccessToken::3 Subject: Principal: /UNAUTHENTICATED
Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@18f818f8 is not granted any of the required roles: maximouser

Maximo 7.5


Maximo 7.6

Environment

WebSphere Application Server Network Deployment 6.1, 7.0, 8.0 or 8.5
The Maximo administrator has set the following System Properties

  • mxe.AllowLDAPUsers=1, which means that LDAP users that do not have user records in Maximo are allowed to log in
  • mxe.LDAPUserMgmt=0, which means that Maximo User and Group management tasks are done in Maximo, not in the LDAP directory server.
In addition:
  • User and Group synchronization is not enabled (via the LDAPSYNC or VMMSYNC cron task).
  • The user is either explicitly mapped to or is a member of a security group mapped to the maximouser role in the Maximo Enterprise Application.

Resolving The Problem

With the above properties set, Maximo will try to silently create the user in the Maximo database if it does not already exist there. It will create this user with a status of NEWREG, the initial self registered user status.

An Administrative user must manually change the status of that user in the Maximo Users application from NEWREG to ACTIVE to be able to log in. In addition, users with a status of NEWREG belong to the DELFTREG Security Group, which normally only allows a user to change his or her password if it expires. Since this option is disabled when using Application Server Security and DELFTREG contains no other rights, the Administrative user must also add this new user to one or more Security Groups that have greater access in Maximo.

For other possible causes of the BMXAA7901E error, see:

Time zone setting on the person record of the user


Incorrect username or password
Integration Default User does not exist in the MAXUSER table
Maximo Administrative password is incorrect
The WebSphere Node has not been synchronized
Oracle sequence logintrackinguseq is incorrect

[{"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Component":"System Related","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1;7.1.1;7.5;7.6;7.6.0.5;7.6.0.6","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Component":"Not Applicable","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.1;7.5;7.6;7.6.0.5;7.6.0.6","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSLKTY","label":"Maximo Asset Management for IT"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1;7.2;7.2.1;7.2.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSKTXT","label":"Tivoli Change and Configuration Management Database"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1;7.2;7.2.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SS6HJK","label":"Tivoli Service Request Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1;7.2;7.2.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSWT9A","label":"IBM Control Desk"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.5;7.5.1;7.5.1.1;7.5.1.2;7.5.3;7.6.0;7.6.0.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
17 June 2018

UID

swg21641379

Page Feedback