cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Principal Propagation Issue - J2EE_GUEST being used in some messages

Former Member

on ‎07-28-2011 8:21 PM

0 Kudos

Hi guys !

I have the following situation, my customer have a SAP PI 7.1 Ehp 1 and, some interfaces are configured to run under Principal Propagation.

What is occurring is, for an interface that uses principal propagation and works correctly, the message enters in PI using an authenticated user for principal propagation(for example, USER0001) and this authentication is propagated until the receiver system(eg, SAP ECC), but in some cases, this same interface shows the following behavior: the authenticated user USER0001 send a message, the message starts to be processed in the PI pipeline propagating this user but, when the message will be delivered to RFC Adapter, we receive the following error:

Adapter Framework caught exception: failed to generate ClientPoolcom.sap.aii.adapter.rfc.RfcAdapterException: error initializing RfcClientPool:com.sap.aii.adapter.rfc.afcommunication.RfcAFWException: could not create JCO Pool com.sap.aii.adapter.rfc.afcommunication.RfcAFWException: could not get JCOProperties com.sap.security.core.server.destinations.api.DestinationException: [_DestinationServiceAuthorization1004] User-based destination service access denied to principal J2EE_GUEST. Assign the UME action Destination_Service_Write_Permission if the user should have the permission to save, update or remove destinations. The action is available already to the Administrator role.

And after one message stop with the error above, any message of any interface using principal propagation starts to show the following error, that is only solved running a full cache refresh:

Delivering the message to the application using connection RFC_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.adapter.rfc.afcommunication.RfcAFWException: error while processing message to remote system:com.sap.aii.adapter.rfc.core.client.RfcClientException: could not get functiontemplate from repository: com.sap.mw.jco.JCO$Exception: (106) JCO_ERROR_RESOURCE: Repository pool 'RfcRepository[RfcClient[RFCReceiverAutoCommit_ECC]]f0264787314535c0a27cf29d108f5860' does not exist or was removed..

The question is, why do PI pipeline is trying to use J2EE_GUEST in some task for an interface configured to use Principal Propagation ? Why this occurs in some cases and not in anothers(for the same interface) ? Why the cache is being lost ?? And of course, how can I solve this annoyng situation ?

All configurations needed to run Principal Propagation was done according the help.sap.com documentation(http://help.sap.com/saphelp_nwpi711/helpdata/en/48/a9bbb97e28674be10000000a421937/content.htm), and as I said, it works in most cases. All messages are sent using SOAP Adapter for the Sender System, and RFC Adapter for the receiver, and there are synchronous and asynchronous interfaces. Basically the interfaces that only read data from SAP, does not use principal propagation and, the ones that create/update/delete data in SAP, uses principal propagation.

Somebody already saw something like this ?

Thank you in advance, and best regards,

Wilson

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member313551
Discoverer
‎09-12-2011 7:37 PM
0 Kudos

Did you get this issue resolved? I am having the same issue. SAP Note 1552431 may solve this issue.

Show replies
Show replies
naveen_chichili
Active Contributor
‎07-29-2011 6:15 AM
0 Kudos

Hi Wilson,

The propagated users have to exist on the Integration Server with the same name as in the sender and receiver system, however passwords could differ. Call TX SU01 to maintain users to be propagated. Assign role SAP_XI_APPL_SERV_USER to the same.

Check the links:http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/808d3048-638c-2a10-35a6-faa48e50ad59?quicklink=index&overridelayout=true

/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi

Also check this note number:974873

Regards,

Naveen

Show replies
Show replies
Former Member
‎07-29-2011 2:28 PM
0 Kudos

Hi Naveen !

Thank you for your response, but there is not wrong with the users to be propagated, they exists in ECC and were created on PI correctly and they works, the problem is, in some cases, for a reason unknown to me, a message using Principal Propagation stops trying to use J2EE_GUEST when the message is delivered to RFC Adapter, and so an error occurs because J2EE_GUEST doesn´t have permission to do some operation in this case. I thought to add the permission to J2EE_GUEST but, before that I would like to hear for somebody if it´s the correct solution. Sincerely I think that the answer is no, this sounds to me as a bug, so I have oppened a support request also.

Thank you again and best regards !

Wilson

Former Member
‎07-29-2011 7:54 PM
0 Kudos

Hi guys !

I have continued with some tests in environment trying to understand what

is happening and, I did the following, as the first error mentioned is

"User-based destination service

access denied to principal J2EE_GUEST. Assign the UME action

Destination_Service_Write_Permission if the user should have the

permission to save, update or remove destinations", I entered on UME Admin,

created a new Role named J2EE_GUEST_ROLE, assigned the UME Action

Destination_Service_Write_Permission to it, and assigned this new role to

the user J2EE_GUEST, and ran new tests.

After some executions, one message stopped with this error:

Adapter Framework caught exception: error while processing message to

remote system:com.sap.aii.adapter.rfc.core.client.RfcClientException:

could not get a client from JCO.Pool: com.sap.mw.jco.JCO$Exception: (101)

RFC_ERROR_PROGRAM: 'user' missing

I have observed that, in all messages that stops in error, we have the

following line in Audit Log:

Processing child message of multi-message with message Id

000c2936-6a89-1ed0-aebe-c262ae7d412e.

And this interface doesn´t have multi-message to be processed, is a

single message only.

I checked on configuration and see that the interface determinations for all interfaces has the flag "Maintain order at runtime", what is usefull basically when a Interface Determination has more than one interface,

what is not my case, so I will unmark this flag in all interfaces and run

new tests trying to identify if this solves the problem.

Any idea for this annoyng issue ?

Thank you and regards !

naveen_chichili
Active Contributor
‎07-29-2011 8:42 PM
0 Kudos

Hi Wilson,

Could you please check if RFC connectivity is working fine....Also check which user has been used in RFC probably this might be the issue...

Regards,

Naveen

Former Member
‎07-29-2011 8:54 PM
0 Kudos

Hi Naveen !

Yes, it´s all fine with the RFC Connectivy, as I said, some interfaces process without error, so one message stop with the error detailed and, after that, all interfaces that uses principal propagation stops with error. Restarting the RFC communication channel sets the interfaces to run correctly again, until a new error does not occur.

Thanks and regards !

Wilson

Former Member
‎08-01-2011 3:00 PM
0 Kudos

Hi guys !

As I said, I have changed the Interface Determination for all interfaces, unmarking the flag "Maintain order at runtime", trying to solve the problem found( one message using principal propagation start to give error when show the message "Processing child message of multi-message with message Id " in the Audit Log, when it´s not an interface with multi-message ), and this didn´t solved it, the problem still occurs. Did anyone already seen this happen ?

Thank you in advance, and best regards !

Wilson

naveen_chichili
Active Contributor
‎08-01-2011 7:40 PM
0 Kudos

Hi,

There might be some issue in mapping or module if module exists in receiver channel..Pls check....

Regards,

Naveen

Former Member
‎08-02-2011 1:56 PM
0 Kudos

Hi Naveen !

No, unfortunatelly, there is not wrong with mappings and I´m not using specific modules. This scenario works perfectly in PI 7.0, in PI 7.1, if I disable the Principal Propagation, it works without problems too, and even with Principal Propagation enabled, the error is intermitent.

Thank you for your attention, and best regards,

Wilson

Ask a Question