Skip to Content
avatar image
Former Member

Sap JCO Connection SNC mode Problem

Dear All,

I have a problem with JCO connection in SNC mode.
Java application by JCO(no Sap) connects to Sap ECC6.
I have enable SNC into sap, and configuration application java with this new parameters:

JCO_SNC_MODE, "1");
JCO_SNC_LIBRARY, System.getProperty("sap.library.path") + "/sapcrypto.dll");
JCO_SNC_MYNAME, "p:CN=XXX, OU=XXX, C=DE");
JCO_SNC_PARTNERNAME, "p:CN=XXX, OU=XXX, O=SAP Trust Community, C=DE");
JCO_SNC_QOP, "8");
JCO_X509CERT, "XXXXXX....");

Before enabling SNC connection worked perfectly( with user and pwd).
Where I'm wrong?
My goal is connect to Sap in Secure mode without SSO.
I'm supposed to use Certificate X.509

Into system sap I have update SAPCRYPTOLIBP 8.5.7

This is my error into java Eclipse.

com.sap.conn.jco.JCoException: (102) JCO_ERROR_COMMUNICATION: CPIC-CALL: CMRCV on convId: 27410198

LOCATIONCPIC (TCP/IP) with Unicode

ERRORGSS-API(maj): No credentials were supplied

Unable to establish the security context

target="p:CN=XXX, OU=XXX, O=SAP Trust Community, C=DE"

TIMEFri Feb 17 10:18:36 2017

RELEASE721

COMPONENTSNC (Secure Network Communication)

VERSION6

RC-4

MODULEsncxxall.c

LINE3604

DETAILSncPEstablishContext

SYSTEM CALL gss_init_sec_context

COUNTER4

Best Regards.
Fabrizio

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Jul 07, 2017 at 08:03 AM

    Hello Fabrizio,

    I got exactly the same issue. SNC was working (from Eclipse IDM to ABAP)

    I made an initial load test, working fine. then I removed and recreate the ABAP repository and now, It's not working anymore.

    How do you solve your issue ?

    Regards,

    Benoît

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 30, 2017 at 01:38 PM

    It is possible a duplicate of the private key with DN SAPSYS into the PSE files to cause this event.

    Please list all the PSE files from the instance folder:

    ls /usr/sap/<SID>/<central-instance>/sec/*.pse

    For each PSE file, execute the commands:

    sapgenpse maintain_pk -p <PSE_name> -l

    sapgenpse get_my_name -p <PSE_name>

    As the SAP Note 1965519 says, it might not be re-used the same private key/certificate for multiple purposes.

    Basically, removing the duplicate should resolve this particular issue.

    If you run into another issue with bad credentials, you might generate another private/public keypair and certificate for that scenario and re-import wherever is required.

    Add comment
    10|10000 characters needed characters exceeded