on 11-20-2023 3:57 PM
Hello,
I am passing these SCN parameters (provided by Basis provider). It looks like it figured out by itself the port 4800, but it showed TEXT WSAECONNREFUSED: Connection refused
Does anybody have the same problem and know how to fix it?
jco.client.ashost=<host>
jco.client.sysnr=00
#jco.client.gwserv = 3300
#jco.client.gwserv = 4800
jco.client.client=<client>
jco.client.user=<user>
jco.client.passwd=<passwd>
jco.client.lang=en
jco.client.snc_mode=1
jco.client.snc_qop=1
#jco.client.snc_myname=XQ3
jco.client.snc_lib=C:/SAP/crypto/sapcrypto.dll
jco.client.snc_partnername=p:CN=XQ3, OU=I0090125263, O=SAP Web AS
It is working fine without SNC (where jco.client.snc_mode=0)
However, with SNC (where jco.client.snc_mode=1) , somehow I got this error:
com.sap.conn.jco.JCoException: (102) JCO_ERROR_COMMUNICATION: Initialization of destination ABAP_AS1 failed: Connect to SAP gateway failed
connection parameters: TYPE=A DESTINATION=ABAP_AS1 ASHOST=<host> SYSNR=00 SNC_MODE=1 SNC_QOP=1 SNC_PARTNERNAME="p:CN=XQ3, OU=I0090125263, O=SAP Web AS" PCS=1 SERIALIZATION_FORMAT=columnBased NETWORK=LAN
LOCATION CPIC (TCP/IP) on local host with Unicode
ERROR partner '<host>:4800' not reached
TIME Mon Nov 20 10:40:35 2023
RELEASE 753
COMPONENT NI (network interface)
VERSION 40
RC -10
MODULE D:/depot/bas/753_REL/src/base/ni/nixxi.cpp
LINE 3458
DETAIL NiPConnect2: <host>:4800
SYSTEM CALL connect
ERRNO 10061
ERRNO TEXT WSAECONNREFUSED: Connection refused
COUNTER 2
at com.sap.conn.jco.rt.RfcDestination.initialize(RfcDestination.java:1456)
at com.sap.conn.jco.rt.RfcDestination.ping(RfcDestination.java:2163)
at Processor.processRow(Unknown Source)
at org.apache.hop.pipeline.transforms.userdefinedjavaclass.UserDefinedJavaClass.processRow(UserDefinedJavaClass.java:908)
at org.apache.hop.pipeline.transform.RunThread.run(RunThread.java:55)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: com.sap.conn.jco.JCoException: (102) JCO_ERROR_COMMUNICATION: Connect to SAP gateway failed
connection parameters: TYPE=A DESTINATION=ABAP_AS1 ASHOST=<host> SYSNR=00 SNC_MODE=1 SNC_QOP=1 SNC_PARTNERNAME="p:CN=XQ3, OU=I0090125263, O=SAP Web AS" PCS=1 SERIALIZATION_FORMAT=columnBased NETWORK=LAN
Thanks,
hn
"Partner not reached - connection refused" usually means that the ABAP application server instance is not running on host <host> at that time.
See also https://wiki.scn.sap.com/wiki/display/SI/What+is+the+meaning+of+the+different+network+error+messages
If that permanently happens although you are sure that the application server is running, I can only imagine that SNC is not setup correctly at ABAP side. Check, if you can logon with a SAP GUI with activated SNC.
And one more thing:
If specifying jco.client.user and jco.client.passwd for doing a password logon, you also have to specify jco.client.snc_sso=0. Otherwise the password from your configuration won't be used because the default is to use the certificate from the SNC PSE for the RFC logon as well (SSO).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"I can only imagine that SNC is not setup correctly at ABAP side."
In this regard, it is also interesting to know, that some old SAP Systems used port 3300 for both, plain-text and SNC communication. Newer SAP Systems use 3300 for plain and 4800 for SNC communication. Perhaps your SAP system is still using 3300 for both? You can try out by removing jco.client.sysnr=00 and adding jco.client.gwserv = 3300 for the SNC case.
@ulrich.schmidt
As suggested, I tried using jco.client.gwserv = 3300 and jco.client.snc_sso=0 as seen below:The configuration of the SNC PSE. See https://me.sap.com/notes/1525059
"My use case is simply passing SNC parameters to SAP Application Server from a java client on Windows using sapjco.jar connector."
This is wrong. Neither sapjco.jar nor the SAP Application Server have anything to do with the SNC parameters! What you are really doing is to pass SNC parameters to a third-party cryptographic library (which in this case happens to be sapcrypto.dll), and this third-party library then does some operating system dependent stuff, using security tokens or certificates to establish a trusted & encrypted connection with the same third-party library on SAP AS side.
In this case, the crypto library happens to be from SAP, so we can say a bit more about what it does, and what the error message means: on Windows, sapcrypto.dll accesses a special Certificate Store on the machine and tries to find a certificate associated with the current Windows user. (Not to be confused with the ABAP user specified in jco.client.user!)
The error message "No credentials were supplied" means, that the Windows user, under which the java.exe process is running, does not have permission to access the Certificate Store. How does it get that permission? Well, here the first question to ask is: are you using Secure Login Client or did you just download the CommonCrypto Lib and copy it to C:\SAPWorkdir?
I would recommend to install and use Secure Login Client (SLC), because it comes for free and makes the management of your user certificate very easy. If you are not using SLC, you are responsible for setting up everything yourself, e.g. defining the correct SECUDIR environment variable, so the PSE file can be found, and using sapgenpse to grant the current Windows user, under which java.exe is running, the necessary permissions to access and use the certificates in the PSE file (or in the Microsoft Certificate Store).
User | Count |
---|---|
75 | |
10 | |
10 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.