Skip to Content

RFC Dest from ECC to PI 7.4 is failing with 403 forbidden error

Dear All,

Though this error has been posted several times in the community, I couldn't find a solution for mine and hence repeating the same discussion.

We are facing issue with the RFC Dest from ECC to PI 7.4 as it is failing with 403 forbidden error.

Our current PI 7.11 system was upgraded to PI 7.4 SP06. Post up-gradation activities were done and the system was up & running fine. Created a type G Rfc dest: PI_AAE in ECC system for connecting to the upgraded PI 7.4 system.

But the above PI_AAE rfc destination is failing with 403 forbidden error. The Target Host, Service No & Path Prefix were all mentioned correctly.

The user: PIAPPLUSER used in the above rfc dest has the required roles i.e., SAP_BC_WEBSERVICE_PI_CFG_SRV, SAP_SLD_CONFIGURATOR, SAP_XI_AF_SERV_USER_MAIN, SAP_XI_APPL_SERV_USER. Also provided SAP_ALL & SAP_NEW profiles to the user: PIAPPLUSER and tried but still facing the same 403 forbidden error.

Post up-gradation of the system, roles were adjusted as instructed in the upgrade guide using su25 i.e., 2a, 2b & 2c were executed successfully.


Can someone suggest how to get rid of 403 forbidden error..?



Br,

Saiganesh.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Oct 20, 2014 at 11:49 AM

    Dear All,

    Issue got solved. Issue is with the DNS. PI system HTTP url was added in the DNS and then got rid of 403 forbidden error. Now the RFC from ECC to PI 7.4 was working fine and hence closing the thread.

    Br,

    Saiganesh.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 20, 2014 at 03:22 AM

    Hi,

    pls go through the below SDN artical.

    http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/07/24/cpa-cache-refresh-403-forbidden--no-authorization-with-pidiruser-or-pidirsid

    Kindly check, If you have correct Target system details of Target Host,path and service number, and then you can check the user you have for that  RFC Destination.

    Check if that user is locked if any in SU01 tr.

    Regards

    Srinivas

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Srinu,

      Already went thru PI 7.3 Troubleshooting Guide & engine service under sicf is already active and a test service returns below message:

      <SAP:Category>XIProtocol</SAP:Category>

      <SAP:Code area="MESSAGE">EMPTY_HTTP_REQUEST_RECEIVED</SAP:Code>

      <SAP:P1/>

      <SAP:P2/>

      <SAP:P3/>

      <SAP:P4/>

      <SAP:AdditionalText/>

      <SAP:Stack>Empty HTTP query received; message processing not possible </SAP:Stack>

      Br,

      Saiganesh.