cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Internal Server Error in PI 7.1

Go to solution
Former Member

on ‎08-16-2010 4:21 PM

0 Kudos

Hi,

We have recently moved from XI 3.0 to PI 7.1. We have built an IDoc to file scenario that is resulting in error with information as below:

<SAP:Category>XIServer</SAP:Category>

<SAP:Code area="INTERNAL">CLIENT_RECEIVE_FAILED</SAP:Code>

<SAP:P1>407</SAP:P1>

<SAP:P2>ICM_HTTP_SSL_ERROR</SAP:P2>

<SAP:P3>(See attachment HTMLError for details)</SAP:P3>

<SAP:P4 />

<SAP:AdditionalText />

<SAP:Stack>Error while receiving by HTTP (error code: 407 , error text: ICM_HTTP_SSL_ERROR) (See attachment HTMLError for details)</SAP:Stack>

HTML error is attached to Payload in the message with error information as below:

500 Native SSL error

Error: -14

Version: 7011

Component: ICM

Date/Time: Fri Aug 13 14:33:05 2010

Module: icxxconn_mt.c

Line: 1911

Server: v005_PIS_00

Error Tag:

Detail: IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH

Observations:

Idoc submitted by SAP system is well received by PI system, Mapping is successfully executed to produce the target message. Message has stopped in Inbound Queue with info "XI Error CLIENT_RECEIVE_FAILED.INTERNAL: Queue stopped".

Inference:

Now it should be the turn for Integration engine to submit the message to adapter engine, but I suspect internal communication between these two components have failed.

I think a parameter change should solve this problem. May be it is parameter in rz10 or exchange profile?

Please provide your inputs to resolve the issue.

Thanks,

Suraj

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-17-2010 3:27 PM
0 Kudos

Hi,

You might have enabled secure message flow with in the components of PI. But usually, if IS and AE are on same host then we should not need this kind of setting. If you are sure that there is no need to have secure connection with in the components of PI then you should need to change one of exchange profile setting which is under 'Connections' and look for 'com.sap.aii.connect.secure_connections'. By default it might have 'messaging' value for this parameter and hence restricting to have secure connection. Please remove this and dont maintain any value.

Once you are done with this change, restart java stack and you observe normal connection with in PI components. Let me know if you are able to resolve this issue with this setting or not.

Thanks,

Vijay Kumar T.

Show replies
Show replies
Former Member
‎08-17-2010 4:23 PM
0 Kudos

Thanks Vijay, I have changed the Exchange profile parameter as per your suggestion, restarted Java, it worked.

Answers (2)

Answers (2)

former_member4985
Employee
Employee
‎08-16-2010 9:31 PM
0 Kudos

Hi,

From the generic description:

407 Proxy Authentication Required

This code is similar to 401 (Unauthorized), but indicates that the client must first authenticate itself with the proxy. The proxy MUST return a Proxy-Authenticate header field containing a challenge applicable to the proxy for the requested resource. The client MAY repeat the request with a suitable Proxy-Authorization header field.

Please check if the SSL certificate is valid and it's not expired.

Also check for the login credentials, if they're correct.

Regards,

Caio Cagnani

Show replies
Show replies
prateek
Active Contributor
‎08-16-2010 6:04 PM
0 Kudos

ICM_HTTP_SSL_ERROR? This is strange. Do you see this only for this scenario or all scenarios?

The error shows that somewhere you are trying to use SSL communication where the port is not enabled. Usual cause of this error is that RFC destinations are configured incorrectly with SSL option as Active.

Regards,

Prateek

Show replies
Show replies
Former Member
‎08-16-2010 6:19 PM
0 Kudos

Prateek,

Thanks for the reply, yes it is strange, This is the first scenario built in new PI 7.1 system.

This scenario is IDoc to File, do you think internally RFC destination will be used? May be yes, for the internal communication between the components of server. I will check for RFC destinations with SSL option active and try to resolve.

I will get back with observations, if any.

Best Regards,

Suraj

Former Member
‎08-16-2010 7:09 PM
0 Kudos

Hi Suraj,

Can you run the transaction SLDCHECK and see do you have any errors? Also see whether you are using FTPS in your file receiver comm. channel? If yes then proper certificates needs to be installed.

Regards,

---Satish

former_member193386
Active Contributor
‎08-16-2010 7:20 PM
0 Kudos

Hi

try to look the SMICM->GoTo->Services and look at HHTP service is enable.

try to look at SICF transaction and see if all services for PI are activated.

Edited by: Carlos Rodrigo Pereira on Aug 16, 2010 8:22 PM

Former Member
‎08-16-2010 7:43 PM
0 Kudos

Thanks for the replies.

In the preliminary analysis, it is found that Integration Engine and Adapter Engine connectivity is not maintained correctly.

Instead of https://<sid>:/sap/xi/engine?type=entry, it should be maintained as http://<sid>:/sap/xi/engine?type=entry

We need to find the place where this setting can be done and hence restore the connection.

Inference is made based on SLDCHECK that shows the url as 'http://<sid>:/sap/xi/engine?type=entry' and in the audit log of the monitoring it shows as https://<sid>:/sap/xi/engine?type=entry

Best Regards,

Suraj

Former Member
‎08-16-2010 7:47 PM
0 Kudos

Hi Suraj,

You do this setting in sxmb_adm --> Integration engine configuration and then edit and then save.

Regards,

---Satish

Former Member
‎08-16-2010 9:14 PM
0 Kudos

I observe the Integration engine configuration is maintained appropriately.

Outbound Scenario: IDoc to File --> I got error CLIENT_RECEIVE_FAILED as explained above.

Either Certificates need to installed or SSL option need to be deactivated.

I do not see any related RFC destination for which SSL option is activated till now. Still looking for the clues to resolve this.

Inbound Scenario: File to IDoc --> Connection Refused as the URL is picked as "https://<sid>:/sap/xi/engine?type=entry".

There should be setting some where that tells inbound adapter to select the protocol as http, right now it looks like it is selecting the communication type as https and reading the exchange profile to build url dynamically. And trying to connect the wrong url to get exception 'Connection Refused'.

Regards,

Suraj

prateek
Active Contributor
‎08-17-2010 10:17 AM
0 Kudos

Have you also checked the sxmb_adm -> Integration Engine Configuration -> Configuration -> Value of RUNTIME parameter IS_URL?

Regards,

Prateek

Ask a Question