Skip to Content
avatar image
Former Member

SMSY: trusted RFC call of ftn group SCCA failed.

I'm following the steps on my SolMgr system in the IMG and have generated the RFC to/from connections to the satellite systems. When I check the connections, I get the following error:

RFC destination SM_BIFCLNT001_READ check beginning

RFC destination SM_BIFCLNT001_READ function checked

RFC destination SM_BIFCLNT001_READ check ended

RFC destination SM_BIFCLNT001_TRUSTED check beginning

RFC destination SM_BIFCLNT001_TRUSTED function error

RFC connection SM_BIFCLNT001_TRUSTED cannot be made (No authorization to logon as trusted system (Trusted RC=2).)

Function group SCCA cannot be called in RFC system SM_BIFCLNT001_TRUSTED

RFC destination SM_BIFCLNT001_TRUSTED check ended

Using SM59, SM_BIFCLNT001_TRUSTED tested OK. RC=2 says:

RC=2: The user has no authorization in the target system (for the object S_RFCACL).

ON the destination system, tcode su01, the target user has role: SAP_S_RFCACL(status green), which should contain S_RFCACL authorization.

Detailed text on the SCCA failure says:

An RFC call of function group SCCA to RFC destination SM_BIFCLNT001_TRUSTED failed.

Procedure

Check

the RFC destination definition ( -> RFC Destinations (Display and Maintenance) ) <- OK

Network address and target machine name <- OK

System number and ID <- OK

The connection to the target system (see the log for error messages)

if there is a user in the RFC destination, whether it exists in the target system with the correct password <- same passwd.

if there is a user in the RFC destination, whether it is authorized to call function modules in function group SCCA (authorization S_RFC) in the target system. <- User on target has roles SAP_S_RFCACL and SAP_SDCCN_ALL and profiles has SAP_ALL.

if the function group SCCA is in the system. <- How do I check this?

Also, is my REFRESH_ADMIN_DATA_FROM_SUPPORT job running correctly?

Job log overview for job: REFRESH_ADMIN_DATA_FROM_SUPPORT / 08393800

-


Date

Time

Message text

Message class

Message no.

Message type

-


05/14/2009

08:39:38

Job started

00

516

S

05/14/2009

08:39:38

Step 001 started (program AI_SC_REFRESH_READ_ONLY_DATA, variant , user ID DDIC)

00

550

S

05/14/2009

08:40:01

No Businss Partners will be generated from SAP Customer numbers

AI_SC_EN

109

I

05/14/2009

08:40:01

No Businss Partners will be generated from SAP Customer numbers

AI_SC_EN

109

I

05/14/2009

08:40:01

The following error messages have been returned by SAP Support Portal:

AI_SC_EN

207

I

05/14/2009

08:40:01

User S000xxxxxxx - System Data Maintenance authorization not found for customer 000xxxxxxx

00

001

I

05/14/2009

08:40:01

System headers will be generated in SMSY from SAP Support Portal

AI_SC_EN

099

I

05/14/2009

08:40:01

No new systems found in SAP Support Portal to generate in SMSY

AI_SC_EN

103

I

05/14/2009

08:40:01

Job finished

00

517

S

-


Job is marked as finished OK.

xxxxxxx is my S-user number. I assume the data was pulled over using my customer number with S-user authorization. How do I verify this? Is thes job OK?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    May 14, 2009 at 11:29 PM

    Hi Don,

    Check if the following SAP Note can help you: 128447.

    Regards,

    Felipe Pitta

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      I followed the steps in 128447 and Trusted/trusting relationships. http://help.sap.com/saphelp_nw04/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/content.htm

      The later had me create a modified authorization object of Z_S_RFCACL and profile Z_S_RFCACL. I'm using the same user on client and server, so RFC_USER=' '. The new profile was added to the user's profile list. Now I have about 15 Z_S_RFCACL profiles listed. Which one is actually used?

      Some of the other steps have you generating roles, of which I had previously created Z_S_RFCACL role and activated, and linked to user. Now there are Z_S_RFCACL roles and profiles. Do I need to delete this role in order for the profile Z_S_RFCACL to be effective? The SMSY trusted RFC connection tests still fails with RC=2. The SM_<SYSID>CLNT001_TRUSTED RFC connection test OK, but authorization test fails with

      Error Details You are not authorized to logon to the target system (error code 0).

      The SM_<SYSID>CLNT001_TRUSTED RFC was created by SMSY. It appears to be identical to the auto-gen'd RFC TRUSTING_SYSTEM@<SYSID> on client, but has the Logon client and language set under Logon tab. I'm not able to set these values in the TRUSTING_SYSTEM@<SYSID> and it fails the connection test.

  • avatar image
    Former Member
    May 16, 2009 at 09:34 PM

    Don

    your S-user maintained in AISUSER in association with the user with which you are logged in into Solman and or the S-user associated with user DDIC (as i could see that this job is running with step user DDIC) with which this job is scheduled, is not 'Authorized enough' on marketplace. so check this, have super admin for this OSS id.

    and for trusted RFC error, you have to assign S_RFC and S_RFCACL authorization objects to the user used in the 'login credentials' of the RFC and to the user who is right now making this connection test, both in Solman and the sattelite system.

    check these Notes

    Note 1082010 - Administration of several customer numbers

    Note 1056595 - Authorization not found for installation number

    Note 172481 - System data maintenance (collective note)

    Bhudev

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      A source of confusion for me was in note 840516-Role and profile definition.

      There are 2 main steps:

      - To define the roles, proceed as follows:

      - To define the profiles, proceed as follows:

      These main steps are one or the other, but not both. This is probably obvious to the people experienced with roles/profiles/authorizations, but was not obvious to me. The note should be updated to state that these steps are an either OR situation. You either update the role or the profile.Suppose you could do both, but then must have one or other in the user's setup. I believe at one time, I had both and that did not work (might need to be verified).

  • avatar image
    Former Member
    May 15, 2009 at 08:09 AM

    Have you created the role: Z_S_RFCACL yet?

    On both SolMan and Satellite?

    After you have, assign the role to an identical user on both systems.

    Add comment
    10|10000 characters needed characters exceeded

  • May 27, 2009 at 09:36 PM

    Hi Don,

    This may not sound like it makes sense, but in my experience when you have trust issues, delete all related destinations in SMT1 in the SolMan and Satellite systems. This should delete all of the RFC destinations. Recreate them using tcode SMSY. Make sure that the auths are correct in your S_RFCACL role. You should be good to go.

    Send me your logs if this doesn't help and I'll see what I can find.

    Regards,

    Bill

    Edited by: William Bowman on May 27, 2009 11:42 PM

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi. I have the same problem. Trusted RFC are OK but I still have errors in SMT2 (Error when opening an RFC connection)

      Any idea?

      Regards,

      Julien

  • avatar image
    Former Member
    May 29, 2009 at 03:30 PM

    Hi I had the same problem with trusted systems give the user the SAP_TRANSLATOR role, Make sure you do the user compare

    Mike

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      I gave the user the SAP_TRANSLATOR role, did user comparison, authorization and user light is green and saved user. While login as that user, Same problem I attempted to maintain the tRFC, uncheck the not modifiable flag. When I switch tabs, the disk icon did not highlight to show its armed. I'm not able to modify anything. except the flag. Same under tc SMT2 or SM59->Trusting Systems. I redisplayed the roles under user with SU01, Roles, authorzatons, user are all still green.