on 05-06-2018 5:15 PM
Hi Experts,
I am unable to create subaccount in SAP Cloud Connector for our SCP instance located in US Ashburn (us1.hana.ondemand.com). Getting error below:
Please note that I am able to create subaccount for the trial account (hanatrial.ondemand.com) and connect to it without any issue.
Cloud connector component versions:
Any idea?
I am able to connect when I tried to connect from the browser within the server (logged in to SCC using https://localhost:8443). Sounds weird, but it worked.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arijit,
do you have the right role in your subaccount? Admin or SCC admin?
Best,
Matthi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arijit
How you checked whether the required SCP hosts are reachable from the proxy? For US1, the hosts are:
The list can be found in the Network section of the Prerequisites page.
Also, the user needs the Cloud Connector Admin role in the subaccount, but that should result in a different error message.
Regards,
Morten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Morten.
Even I also think this is an issue with our corporate firewall. When I installed cloud connector in my personal laptop, I am able to connect without any issue.
Could you please guide on how to check connectivity to the required IP addresses ? I tried ping command, which shows request timed out message (but this is the same with my personal laptop as well where the cloud connector works fine).
Regards,
Arijit
Did the CA certificate you uploaded into the Cloud Connector contained the KeyCertSign attribute? If not, it needs to. This is a key attribute that needs to be included in your CA certificate so maybe check this again.
Thanks
Phil Cooley
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arijit,
The cloud connector log file contains the entry where "500" error code is logged. Could you find that in the ljs_trace.log file? The reason shold be logged as well.
If the access from browser works to the certificate signing service, ensure that same proxy settings are applied in the cloud connector.
Best regards,
Antal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In the log I found:
When successfully connect to trial account, the sequence of events logged are as below:
#Creating an sslContextProvider for account p925088trial@hanatrial.ondemand.com without SSLContext. Keystore did not contain a certificate.|
#New RSA keypair was generated. Key size used 4096, time 72192 ms|
#Will retrieve Connectivity CA certificate from SAP Cloud Platform|
#Executing Http Get request to https://connectivitycertsigning.hanatrial.ondemand.com:443/certificate/management/v1/trusted/ca/acco...
#Returned Http Response with code 200|
#Connectivity CA certificate retrieved successfully from SAP Cloud Platform|
#Send Certificate Signing Request for cloud connector certificate to SAP Cloud Platform|
#Executing Http Post request to https://connectivitycertsigning.hanatrial.ondemand.com:443/certificate/management/v1/sign/account/p9...
#Returned Http Response with code 200|
#Cloud Connector certificate signed successfully by SAP Cloud Platform|
#User Administrator starting Tunnel account:///p925088trial for account SCP Trial in region hanatrial.ondemand.com|
#Sending handshake request for tunnel: account:///p925088trial and host connectivitynotification.hanatrial.ondemand.com:443|
#Registered tunnel channel [id: 0xf60107b5, L:/<server_ip>:52402 - R:/<proxy_ip>:<port>] for tunnel id "account:///p925088trial" and client id "16A8DAF051B711E88471C9A80A1F6545"|
#Successfully established tunnel channel to notification service: [id: 0xf60107b5, L:/<server_ip>:52402 - R:/<proxy_ip>:<port>]|
When trying to connect to the productive instance, the logged events are as below:
#Creating an sslContextProvider for account <subaccount_id>@us1.hana.ondemand.com without SSLContext. Keystore did not contain a certificate.|
#New RSA keypair was generated. Key size used 4096, time 250558 ms|
#Will retrieve Connectivity CA certificate from SAP Cloud Platform|
#Executing Http Get request to https://connectivitycertsigning.us1.hana.ondemand.com:443/certificate/management/v1/trusted/ca/accou...
#Tunnel account:///<subaccount_id> is inoperative. SccEndpoint com.sap.scc.config.TunnelSccEndpoint@25cb0c0b ok, and context == null|
#Preparation of tunnel certificate for <subaccount_id>@us1.hana.ondemand.com account failed.
I have tried to open the url https://connectivitycertsigning.us1.hana.ondemand.com:443/certificate/management/v1/trusted/ca/accou... in browser within the server and it first prompts for credentials and then returns the certificate. Hence, I assume the host is reachable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.