Skip to Content

How do I configure RFCs for SNC communication?

Hello Everyone,

I'm an Oracle DBA / Basis Admin and am new to configuring SNC. So far I've been able to configure SAPgui sessions to communicate with systems using SNC but am having difficulty locating documentation to tell me how to get systems to use SNC with their RFC communication. Everything seems to assume you already have the prerequisite configuration complete and just says to go to SM59, go to the Logon & Security tab and click the SNC button. I, however, believe I'm missing the steps where I'm guessing I need to install a certificate for the other server/system.

I've exported different certificates out of STRUST on one system (SBX) and imported them into SNC SAPCryptolib on the other (SD2) and vice versa, and restarted the ICM each time but the connection test failes with this error:

Logon Cancel Error Details GSS-API(maj): Miscellaneous failure GSS-API(min): A221021F:Server refuses certif Error Details ERROR: GSS-API(maj): Miscellaneous failure GSS-API(min): A221021F:Server refu Error Details LOCATION: SAP-Server SSBX4_SBX_00 on host SSBX4 (wp 4) Error Details DETAIL: SncPEstablishContext Error Details CALL: gss_init_sec_context Error Details COMPONENT: SNC (Secure Network Communication) Error Details COUNTER: 43 Error Details MODULE: sncxxall.c Error Details LINE: 3551 Error Details RETURN CODE: -4 Error Details SUBRC: 0 Error Details RELEASE: 721 Error Details TIME: Tue Apr 05 09:12:25 2016 Error Details VERSION: 6

I don't even know if the partner name specified on the Logon & Security tab for the RFC definition under the SNC button is correct. I at least no longer get the "Unable to Determine Canonical SNC Name RC= 4-" error that I used to get but have no indication if what I do have is correct: The format for the Partner name that I'm using is:

p:CN=<FQDN>, OU=<SAP Customer ID>, OU=<Long Company Name>, O=<Short Company Name>, L=<City>, SP=<State>, C=<Country>

This partner name matches the X.509 name used in the other system's SSL server Standard PSE in STRUST.

Can someone help me with this, please, either by pointing me to documentation and/or by giving me a step by step for what to do to get this working?

Please let me know if there's any other information you need to help with this.

Thanks in advance!


Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Best Answer
    Apr 07, 2016 at 12:35 PM

    Hello Jeff,

    In the SAP Help documentation below you can find all information necessary in order to configure SNC for RFC connections:

    Configuring SNC: Using RFC from AS ABAP - Secure Network Communications (SNC) - SAP Library

    Best regards,

    Filipe Santos

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Jeff, thanks for your feedback and your points. I have no experience with non SAP yet. But it is always quite similar in principle. You will need to give each communication partner a name (identity), create an SNC PSE with a key pair and export/import public keys. But you will have no STRUST and will need to do this using sapgenpse command line. Including the pse environment into the non sap solution will be very specific to each vendors' concepts.

      But there are other people who are experienced. You should also check discussions here SAP NetWeaver Application Server and there SAP Single Sign-On.

      I would very much recommend to open a new thread when it comes to discussing details.