Hello Experts - We are using CRM ABAP stack which is on NW 7.0 EHP2 running on Linux OS

Our requirement is to have SNC active for all RFC connections between ABAP systems.

We had activated SNC in our development (Development system SID - ABC) and Quality systems successfully (Quality system SID - XYZ) by adding following parameters in instance profile (Only 1 application server exists for each system)

snc/enable =1

snc/accept_insecure_rfc=1

snc/accept_insecure_gui=1

snc/accept_insecure_cpic=1

snc/permit_insecure_start=1

snc/data_protection/min=1

snc/extid_login_diag=1

snc/extid_login_rfc=1

snc/gssapi_lib=/usr/sap/<SID>/SYS/exe/run/libsapcrypto.so

snc/identity/as=p:CN=<SID>, OU=IS, O=<organization>, C=CN

sec/libsapsecu=/usr/sap/ABC/SYS/exe/run/libsapcrypto.so

ssf/ssfapi_lib=/usr/sap/ABC/SYS/exe/run/libsapcrypto.so

ssf/name=SAPSECULIB

We have also exported the SNC SAPCryptolib certificate from Dev to Quality and Quality to Dev from Tx. STRUST.

DN (Certificate Name) for system PSE and SNC SAPCryptolib PSE are different.

We also added the entries of other systems in SNC0 transaction.

However, when we are trying to activate the RFC from ABC to XYZ or XYZ to ABC - We are seeing following error when we do a connection test: (Below example when we did a connection test of RFC from ABC to XYZ)

Mon May 30 04:17:52 2016

N  *** ERROR => SncPEstablishContext() failed for target='p:CN=XYZ, OU=<OU>, O=Organization, C=CN' [sncxxall.c 3585]

N  *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [sncxxall.c 3551]

N        GSS-API(maj): Miscellaneous failure

N        GSS-API(min): A2210210:Verification of own certificate by server failed

N      Unable to establish the security context

N      target="p:CN=XYZ, OU=<OU>, O=Organization, C=CN"

N  <<- SncProcessInput()==SNCERR_GSSAPI

M  *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c    1035]

M  {root-id=0050568624F01ED689BA1E55F2C91704}_{conn-id=00000000000000000000000000000000}_0

M  *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c    1040]

M  {root-id=0050568624F01ED689BA1E55F2C91704}_{conn-id=00000000000000000000000000000000}_0

A  RFC 3730  CONVID 81518143

A   * CMRC=19 DATA=1 STATUS=1 SAPRC=221 ThSAPCMRCV

A  RFC> ABAP Programm: RSRFCPIN (Transaction: SM59)

A  RFC> User: <user> (Client: xxx)

A  RFC> Destination: <SID>CLNT800 (handle: 2, DtConId: 574BEC703E996EB2E10000000A640267, DtConCnt: 1, ConvId: 81518143,{574BEC70-3E9

9-6EB2-E100-00000A640267})

A  RFC> Called function module: RFC_PING

A  *** ERROR => RFC ======> CPIC-CALL: 'ThSAPCMRCV' : cmRc=19 thRc=221

Communication terminated

[abrfcio.c    9225]

A  {root-id=0050568624F01ED689BA1E55F2C91704}_{conn-id=00000000000000000000000000000000}_0

A  *** ERROR => RFC Error RFCIO_ERROR_SYSERROR in abrfcpic.c : 3732

CPIC-CALL: 'ThSAPCMRCV' : cmRc=19 thRc=221

Communication terminated

[abrfcio.c    9225]

A  {root-id=0050568624F01ED689BA1E55F2C91704}_{conn-id=00000000000000000000000000000000}_0

A  RFC 3557  CONVID 81518143

A   * CMRC=19 DATA=1 STATUS=1 SAPRC=221 comread

A  *** ERROR => RFC Error RFCIO_ERROR_MESSAGE in abrfcio.c : 1984

[abrfcio.c    9225]

SAP note "1867829 - List of SNC Error Codes " which speaks about the error "A2210210:Verification of own certificate by server failed" jusy says "The verification of the peer certificate failed on the server side. See the log files to find out more details about this non-typical error"

Coudl you please help us the cause for this error and the logs to check (I checked the work process logs and rfc logs but no luck)

Thanks,

Subbu