SAP Knowledge Base Article - Public

2178997 - Login sent to the database with no password, when refreshing a report in Crystal Reports

Symptom

  • Login with no password sent to the database.
  • Database monitoring tool shows login errors.
  • Crystal Reports attempts to login to the database with an empty password.
  • Database logs shows the error: "Login failed for user <User Name>. Reason: Password did not match for the login provided."
  • Why does Crystal Reports tries to logon to the data source with an empty password?

Environment

  • SAP Crystal Reports 2013
  • SAP Crystal Reports 2016
  • SAP Crystal Reports 2020

Reproducing the Issue

  1. In Crystal Reports, create a report off any data sources.
  2. On your database side, monitor the database logons.
  3. In Crystal Reports, refresh the report.
  4. On the database side, notice a logon error for an attempt to login with the user name you used to create the report, with an empty password. Why is this occuring?

Cause

  • Crystal Reports does not store the database password in a report, but does store the user name used to create the report. And by design, when refreshing a report in Crystal Reports, it always send a logon to the database with an empty password. If it fails, it then prompts for the user name and password to use to connect to the data source.
                 
  • The only exception is when connecting to a Universe, because the database user credentials is usually stored at the Universe connection.

Resolution

  • To change the behavior, and avoid sending an empty password when refreshing a report in Crystal Reports, add the registry key:  AvoidEmptyPasswordLogon, and set the value to YES
         
       
    WARNING     The following resolution involves editing the Microsoft Registry. Using the Microsoft Registry Editor incorrectly can cause serious problems. Use the Microsoft Registry Editor at your own risk. For more information, see the SAP Knowledge Base Article 1323322
          
           
    1. Open the Microsoft Registry Editor.
      ( In MS Windows, under the menu Start, select Run, and type: regedit )
          
    2. In the Microsoft Registry Editor, navigate to the path corresponding to the version of the product used:
                
      • For Crystal Reports 2013, 2016:
           
        • For 32bit version of MS Windows:
          HKEY_LOCAL_MACHINE\SOFTWARE\SAP Business Objects\Suite XI 4.0\Crystal Reports\Database
               
        • For 64bit version of MS Windows:
          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SAP BusinessObjects\Suite XI 4.0\Crystal Reports\Database
            
                
      • For Crystal Reports 2020:

        • HKEY_LOCAL_MACHINE\SOFTWARE\SAP Business Objects\Suite XI 4.0\Crystal Reports\Database
                
               
    3. Right click on the Database key, and select: "New - String Value"
          
    4. Set the String value to: AvoidEmptyPasswordLogon
         
    5. Set the value to: YES
         
    6. For the change to take effect, close and re-open Crystal Reports.

Keywords

CR, fake login, extra logon , KBA , BI-RA-CR , Crystal Reports designer or Business View Manager , Problem

Product

SAP Crystal Reports 2013 ; SAP Crystal Reports 2016 ; SAP Crystal Reports 2020