cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RTE:[89133] Proxy server connect: Network unreachable

Go to solution
Tristan
Participant

on ‎08-31-2022 3:33 PM

Hi Experts,

I am trying to connect my SAP HANA Cloud (trial) Instance to a on premise HANA trough the Cloud Connector. When creating (checking) the remote source I get the Error below:

Could not execute 'CALL CHECK_REMOTE_SOURCE('CONCCECT_RS_CLI')'

Error: (dberror) [5921]: Unable to connect remote source: [SAP AG][LIBODBCHDB SO][HDBODBC] <br>Communication link failure;-10709 Connection failed (RTE:[89133] Proxy server connect: Network unreachable (100.96.30.43:39640 -> <vitual_host>:30215))<br>

In the Cloud Connector logs I can see that the request for a Tunnel gets initiated but fails due to an already closed socket and the connection reset by peer. (Full logs below)

My question is whether anybody knows what is happening here? I looked into this https://help.sap.com/docs/HANA_CLOUD_DATABASE/477aa413a36c4a95878460696fcc8896/98a5b0d7aca541c68309d... Documentation, but the certificate is still valid.

I suspect that this could be a network problem, but the firewall allows outbound tcp connections on port 443. According to this picture, the tunnel seems to be created over HTTPS, so that connection should work right? Is there any UDP traffic taking place outside of that HTTPS tunnel?

Is there any possibility to get more information on what’s going wrong in my setup?

Thank you for your help,

Best regards,

Tristan


--------------------------------------------------------------------------------------------

sql commands used to create Remote Source

CREATE REMOTE SOURCE CONCCECT_RS_CLI ADAPTER "hanaodbc" 
CONFIGURATION 'ServerNode=<virtual_host>:<virtual_port>;Driver=libodbcHDB.so;dml_mode=readwrite;use_haas_socks_proxy=true;scc_location_id=""' 
WITH CREDENTIAL TYPE 'PASSWORD' USING 'user=<user>;password=<password>';

CALL CHECK_REMOTE_SOURCE('CONCCECT_RS_CLI');

(Edit: removing scc_location_id like suggested here did not change the result)

excerpt of ljs_trace.log file

2022-08-30 11:35:34,473 +0200#INFO#com.sap.core.connectivity.tunnel.client.notification.DefaultNotificationClientEventHandler#notification-client-25-1# #Opening a tunnel to the Connectivity Proxy on Remote Cloud System on 3f16d32c-76d5-4b88-9132-386838b573aa.connectivity.hana.trial-eu10.hanacloud.ondemand.com:4432022-08-30 11:35:34,474 +0200#INFO#com.sap.core.connectivity.tunnel.client.notification.DefaultNotificationClientEventHandler#notification-client-25-1# #Received "open tunnel event" message (packet type: 1 (open tunnel)) for tunnel id account:///bfb6506b-524d-45a1-b247-eb7a5ca9c00b and host id: null2022-08-30 11:35:34,572 +0200#INFO#com.sap.core.connectivity.tunnel.client.handshake.ClientProtocolHandshaker#tunnel-client-117-2# #Sending handshake request for tunnel: account:///bfb6506b-524d-45a1-b247-eb7a5ca9c00b and host 3f16d32c-76d5-4b88-9132-386838b573aa.connectivity.hana.trial-eu10.hanacloud.ondemand.com:4432022-08-30 11:35:34,587 +0200#ERROR#com.sap.core.connectivity.tunnel.core.handlers.TunnelErrorHandler#tunnel-client-117-2# #Unexpected problem during tunnel processing in channel [id: 0xe0693b76, L:/193.155.89.55:45066 - R:3f16d32c-76d5-4b88-9132-386838b573aa.connectivity.hana.trial-eu10.hanacloud.ondemand.com/3.64.92.235:443]; Reason: SSLEngine closed already2022-08-30 11:35:34,670 +0200#ERROR#com.sap.core.connectivity.tunnel.core.handlers.TunnelErrorHandler#tunnel-client-117-2# #Unexpected problem during tunnel processing in channel [id: 0xe0693b76, L:/193.155.89.55:45066 ! R:3f16d32c-76d5-4b88-9132-386838b573aa.connectivity.hana.trial-eu10.hanacloud.ondemand.com/3.64.92.235:443]; Reason: Connection reset by peer2022-08-30 11:35:34,674 +0200#ERROR#com.sap.core.connectivity.tunnel.client.notification.ApplicationClientConnectTask#Thread-36# #Unexpected exception while establishing application tunnel connection for tunnel: account:///bfb6506b-524d-45a1-b247-eb7a5ca9c00bjava.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcherImpl.read0socket(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:40) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) at sun.nio.ch.IOUtil.read(IOUtil.java:192) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:385) at io.netty.buffer.PooledByteBuf.setBytes(PooledByteBuf.java:253) at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1134) at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:350) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:151) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:836)2022-08-30 11:35:34,680 +0200#WARN#io.netty.util.concurrent.DefaultPromise#tunnel-client-117-2# #An exception was thrown by com.sap.core.connectivity.tunnel.client.ssl.TunnelClientSSLHandshakeValidator.operationComplete()java.util.concurrent.ExecutionException: java.nio.channels.ClosedChannelException at io.netty.util.concurrent.DefaultPromise.get(DefaultPromise.java:350) at com.sap.core.connectivity.tunnel.client.ssl.TunnelClientSSLHandshakeValidator.operationComplete(TunnelClientSSLHandshakeValidator.java:37) at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:578) at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:571) at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:550) at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:491) at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:616) at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:609) at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:117) at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1863) at io.netty.handler.ssl.SslHandler.channelInactive(SslHandler.java:1115) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248) at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:241) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive(DefaultChannelPipeline.java:1405) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248) at io.netty.channel.DefaultChannelPipeline.fireChannelInactive(DefaultChannelPipeline.java:901) at io.netty.channel.AbstractChannel$AbstractUnsafe$8.run(AbstractChannel.java:819) at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:497) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:836)Caused by: java.nio.channels.ClosedChannelException: null at io.netty.handler.ssl.SslHandler.channelInactive(SslHandler.java:1112) ... 15 common frames omitted
Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Cocquerel
Active Contributor
‎08-31-2022 4:36 PM
0 Kudos

I have faced a similar issue. The root cause was because my company internet proxy was doing some SSL decryption for the communication between SAP Cloud Connector and hana cloud.
I requested my network team to set an exemption not to perform SSL inspection for domain *.hanacloud.ondemand.com and then, it was working fine.

Show replies
Show replies
Tristan
Participant
‎09-01-2022 7:50 AM
0 Kudos

Hello Michel, thank you very much for your answer 🙂
I will send the request to the network team and let you know if it worked!

Tristan
Participant
‎09-01-2022 1:27 PM
0 Kudos

I spoke with IT, and they do not do any SSL interception.

Having them trace the dropped packets in the firewall revealed, that *.hana.ondemand was allowed and *.hanacloud.ondemand.com was therefore not covered 🙂

Allowing that domain resulted in a tunnel being established.

Cocquerel
Active Contributor
‎09-01-2022 4:12 PM
0 Kudos

Good news.
Happy having help you indirectly

SameerAliKhan
Advisor
Advisor
‎10-20-2023 7:08 AM
0 Kudos

I had a similar issue through the HANA Cloud replication service, and the issue got resolved through port opening between the source and the destination system. In my case, cloud connector is the source and the onPremise system is the destination.

Answers (0)

Ask a Question