cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SLD configuration using HTTPS

former_member238625
Explorer

on ‎10-01-2015 10:08 AM

0 Kudos

Hello,

I have problem with connection from satelite ABAP system to central SLD on PI using SNC. When I test it in RZ70 using "Start SLD data Collection now" and RFC SLD_UC with activ SNC, than I have following error message:

: Execute program: _SLD_APPL_SERV

: Execute program: _SLD_BCSYS

: Execute program: _SLD_CLIENT

: Execute program: _SLD_COMPSYS

: Execute program: _SLD_DBCON

: Execute program: _SLD_DBSYS

: Execute program: _SLD_GWSRV

: Execute program: _SLD_HTTPSERV

: Execute program: _SLD_INSTPRD

: Execute program: _SLD_INSTSC

: Execute program: _SLD_INSTSP

: Execute program: _SLD_IPSERV

: Execute program: _SLD_LIVECACHE

: Execute program: _SLD_MSGSRV

: Execute program: _SLD_NWSYS

: Execute program: _SLD_RCC

: Execute program: _SLD_RFC

: Collection of SLD data finished

: Data collected successfully

: RFC data prepared

: Used RFC destination: SLD_UC

: RFC call failed: Error when opening an RFC connection (CPIC-CALL: 'ThSAPOCMINIT', communication r

: Existing periodic jobs removed.

: Program scheduled: 20151001 230150

: Event-controlled job already exists; scheduling not necessary

In SM59 in destination SLD_UC there is SNC active and SNC name is certificate of SLD server.

Trx SLDCHECK ends fine and without error with HTTPS protocol.

What I must set on SLD for accepting secure communication.

Thanks for your help.

Best regards

Capek Martin

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member238625
Explorer
‎10-02-2015 7:35 AM
0 Kudos

Maybe general question...I have to setup RZ70 and SLDAPICUST  (both) for connection to SLD or only SLDAPICUST can be OK?

Show replies
Show replies
former_member264034
Active Contributor
‎10-02-2015 8:31 AM
0 Kudos

Hi,

Is the SLD correctly configured to listen on this gateway?

You have to therefore ensure in order RZ70 executes that

1) There is an actual available SAP gateway instance on the

   host defined in RZ70.

2) This gateway is also defined in the SLD as follows

-> SLD UI -> Administration -> Profile ->

Section= datasupplier -> Parameters = GatewayHost/GatewayService.

Please also refer to below notes.

#584654  Registration setup in the SAP System Landscape Directory

#1018839 Registering information in the System Landscape Directory

Regards,
Aidan

former_member238625
Explorer
‎10-02-2015 9:03 AM
0 Kudos

SLD_UC is working correctly if I use connection without SNC (port 3363 port sapgw63). Telnet to SLD server to port 3363 is OK. But if I use SNC (port 4863 - sapgw63s) then is connection refused. No FW are there. On SLD server nothing is listen on 4863 port.

Any idea?

Thanks.

Martin

former_member238625
Explorer
‎10-02-2015 11:56 AM
0 Kudos

This problem is over...port 4863 is listening...problem was that SNC was disabled on gateway of SLD server.

But now I have problem with certificates....:-(

*** ERROR => SncPEstablishContext() failed for target='p:CN=xxxxx' [/bas/742_R 3386]

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [/bas/742_REL/sr 3352]

       GSS-API(maj): Miscellaneous failure

       GSS-API(min): A2210223:Server does not trust my certificate path

     Unable to establish the security context

     target="p:CN=xxx"

<<- SncProcessInput()==SNCERR_GSSAPI

*** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) for T47_U11196_M0 failed [thxxsnc.c    1156]

{root-id=E41F13FDC3DD1ED59A99D60171CFDB48}_{conn-id=00000000000000000000000000000000}_0

*** ERROR => ThSncIn: SncProcessInput for T47_U11196_M0 [thxxsnc.c    1160]

*** WARNING => ThCPICProcessInlineRequest: ThSncIn failed (766), delete 97232364 [thxxcpic.c   3732]

ON SLD gateway and on backend site are different certificates (different publisher of certificate).

former_member264034
Active Contributor
‎10-02-2015 1:25 PM
0 Kudos

Hi,

The error message "A2210223:Server does not trust my certificate path" means that exchange of certificates were not properly done and both parts (client and server) does not trust each other.

It does look like cached certificates may be causing the issue

You could try the following:

=> On the client side, delete the server certificate from the Client SNC PSE and save the client pse;

=> Restart the client server;

=> On the server side, delete the client certificate from the Server SNC PSE and save the client pse;

=> Restart the server side server;

After that, perform the certificate exchange again and see if the issue persists.

Regards,

Aidan

cris_hansen
Advisor
Advisor
‎10-01-2015 12:30 PM
0 Kudos

Hello Capek,

Please read SAP note 1346686.

Regards,

Cris

Show replies
Show replies
former_member238625
Explorer
‎10-01-2015 1:21 PM
0 Kudos

Hello Cris,

of course...this parameters are activate on SLD, but RFC destination SLD_UC still not working...:-(

cris_hansen
Advisor
Advisor
‎10-01-2015 1:27 PM
0 Kudos

Hello Capek,

Is there any other error message available?

Maybe in the developer traces (dev*)?

Regards,

Cris

Sriram2009
Active Contributor
‎10-01-2015 2:08 PM
0 Kudos

Hi Martin

Could you check this SAP KBA

1727745 - RFC connection error while executing transaction RZ70


Regards

SS

isaias_freitas
Advisor
Advisor
‎10-01-2015 5:48 PM
0 Kudos

Hello,

Does a "connection test" work, at the destination SLD_UC?

Please post a screenshot showing the error, if it doesn't work.

Regards,

Isaías

former_member238625
Explorer
‎10-02-2015 7:32 AM
0 Kudos

No, SLD_UC does not working...

Ask a Question