on 08-16-2010 4:21 PM
Hi,
We have recently moved from XI 3.0 to PI 7.1. We have built an IDoc to file scenario that is resulting in error with information as below:
<SAP:Category>XIServer</SAP:Category>
<SAP:Code area="INTERNAL">CLIENT_RECEIVE_FAILED</SAP:Code>
<SAP:P1>407</SAP:P1>
<SAP:P2>ICM_HTTP_SSL_ERROR</SAP:P2>
<SAP:P3>(See attachment HTMLError for details)</SAP:P3>
<SAP:P4 />
<SAP:AdditionalText />
<SAP:Stack>Error while receiving by HTTP (error code: 407 , error text: ICM_HTTP_SSL_ERROR) (See attachment HTMLError for details)</SAP:Stack>
HTML error is attached to Payload in the message with error information as below:
500 Native SSL error
Error: -14
Version: 7011
Component: ICM
Date/Time: Fri Aug 13 14:33:05 2010
Module: icxxconn_mt.c
Line: 1911
Server: v005_PIS_00
Error Tag:
Detail: IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH
Observations:
Idoc submitted by SAP system is well received by PI system, Mapping is successfully executed to produce the target message. Message has stopped in Inbound Queue with info "XI Error CLIENT_RECEIVE_FAILED.INTERNAL: Queue stopped".
Inference:
Now it should be the turn for Integration engine to submit the message to adapter engine, but I suspect internal communication between these two components have failed.
I think a parameter change should solve this problem. May be it is parameter in rz10 or exchange profile?
Please provide your inputs to resolve the issue.
Thanks,
Suraj
Hi,
You might have enabled secure message flow with in the components of PI. But usually, if IS and AE are on same host then we should not need this kind of setting. If you are sure that there is no need to have secure connection with in the components of PI then you should need to change one of exchange profile setting which is under 'Connections' and look for 'com.sap.aii.connect.secure_connections'. By default it might have 'messaging' value for this parameter and hence restricting to have secure connection. Please remove this and dont maintain any value.
Once you are done with this change, restart java stack and you observe normal connection with in PI components. Let me know if you are able to resolve this issue with this setting or not.
Thanks,
Vijay Kumar T.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
From the generic description:
407 Proxy Authentication Required
This code is similar to 401 (Unauthorized), but indicates that the client must first authenticate itself with the proxy. The proxy MUST return a Proxy-Authenticate header field containing a challenge applicable to the proxy for the requested resource. The client MAY repeat the request with a suitable Proxy-Authorization header field.
Please check if the SSL certificate is valid and it's not expired.
Also check for the login credentials, if they're correct.
Regards,
Caio Cagnani
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
ICM_HTTP_SSL_ERROR? This is strange. Do you see this only for this scenario or all scenarios?
The error shows that somewhere you are trying to use SSL communication where the port is not enabled. Usual cause of this error is that RFC destinations are configured incorrectly with SSL option as Active.
Regards,
Prateek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Prateek,
Thanks for the reply, yes it is strange, This is the first scenario built in new PI 7.1 system.
This scenario is IDoc to File, do you think internally RFC destination will be used? May be yes, for the internal communication between the components of server. I will check for RFC destinations with SSL option active and try to resolve.
I will get back with observations, if any.
Best Regards,
Suraj
Thanks for the replies.
In the preliminary analysis, it is found that Integration Engine and Adapter Engine connectivity is not maintained correctly.
Instead of https://<sid>:/sap/xi/engine?type=entry, it should be maintained as http://<sid>:/sap/xi/engine?type=entry
We need to find the place where this setting can be done and hence restore the connection.
Inference is made based on SLDCHECK that shows the url as 'http://<sid>:/sap/xi/engine?type=entry' and in the audit log of the monitoring it shows as https://<sid>:/sap/xi/engine?type=entry
Best Regards,
Suraj
I observe the Integration engine configuration is maintained appropriately.
Outbound Scenario: IDoc to File --> I got error CLIENT_RECEIVE_FAILED as explained above.
Either Certificates need to installed or SSL option need to be deactivated.
I do not see any related RFC destination for which SSL option is activated till now. Still looking for the clues to resolve this.
Inbound Scenario: File to IDoc --> Connection Refused as the URL is picked as "https://<sid>:/sap/xi/engine?type=entry".
There should be setting some where that tells inbound adapter to select the protocol as http, right now it looks like it is selecting the communication type as https and reading the exchange profile to build url dynamically. And trying to connect the wrong url to get exception 'Connection Refused'.
Regards,
Suraj
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.