cancel
Showing results for 
Search instead for 
Did you mean: 

No authorization to logon as trusted system

Former Member
0 Kudos

Hi All,

I have migrated our Solman System from 32bit system to 64bit System (Window, Oracle), every thing

went well and every thing is working fine. But only trusted rfc's in smsy is not working, due to which all

our cham activity is not happening it is giving error "No authorization to logon as trusted system

(Trusted RC=1).)" But in old system every thing is working fine, i followed the "Note 128447 - Trusted/trusting systems" and recreated the trusted rfc's as per the System copy guide. But still same problem

Any suggestions/ideas what's going wrong?

Best Regards,

Rakesh

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

> recreated the trusted rfc's

Did that mean you were creating a new relationship?

In case of problems with my trusted RFC after systemcopy or whatever, i create them new. In SMT1, delete the trusting system and renew it in both systems. Afterwards it should work again.

Regards,

ulf

Former Member
0 Kudos

Dear Ulf,

After system copy. I tried with the that option but it wont worked.

Former Member
0 Kudos

Ho Bryan,

which option do you mean?

Try to delete the trusted/trusting relationship in both systems, then recreate them in both systems.

Has the new SolMan the same ip/hostname. Check the message-server in SM59. If it's still pointing to an old hostname or ip, start the entry with /H/.

Former Member
0 Kudos

Hi Ulf,

I have already tried all these options and i also tried by adding a system and generating the fresh rfc to that system same problem.

markus_doehr2
Active Contributor
0 Kudos

Just as a side note:

SAP_ALL and SAP_NEW do not include those permissions.

Markus

Former Member
0 Kudos

After a system copy, I found that all three RFCs need to be maintained in the satellite system (in these RFC names: CEN = central SM; SAT = satellite systems):

1) SM_CENCLNT###_BACK:

- The User and Password in RFC SM_SMDCLNT800_BACK needs to be changed from source SID to target's

- Verify the change with an authorization test

2) SM_CENCLNT###_TRUSTED:

In SM59, select Extras > Systems (Shift+F6). The existing ABAP trusts (both Trusted and Trusting, on both CEN and the satellite) need to be deleted, because they reference the source SID. Then delete the RFCs and recreate with wizard:

To delete in CEN:

- TRUSTING_SYSTEM@SAT

- SM_SATCLNT###_TRUSTED

To delete in satellite:

- SM_CENCLNT###_TRUSTED

To re-create the trusted system entry, need to use a work-around (SAPNote:1167901):

1. maintain the destination to use a password

2. make the trusted system entry based on the destination name

3. then switch the destination to trusted, for the current user

Finally, verify the changes with an authorization test

3) SDCC_OSS:

- The password for user SDCC_NEW is removed on a copy back and needs to be re-entered (password = DOWNLOAD).

- Verify the change with an authorization test

Former Member
0 Kudos

Hi All,

Thanks for your replay, i did remigration and recreated the rcs by deleting in smt1 in both system now it worked fine

Regards,

Rakesh

Answers (2)

Answers (2)

Former Member
0 Kudos

Have you checked if the user that creates the RFC has a role assigned that contains authorization object S_RFCACL? This object is included in a few roles, such as SAP_S_RFCACL.

Former Member
0 Kudos

just some brainstorming...

- are your rfc which you use for creating the trustet relationship ok?

- if you have a new installation number, you can try to migrate the secstore (http://help.sap.com/saphelp_nw70ehp1/helpdata/en/cd/6b384162316532e10000000a1550b0/content.htm)

- What is said in the dumps?

But as said before, verify, that everything else is ok ( -> you have S_RFCACL), cause normally, it should work. What is said in the dumps?

Former Member
0 Kudos

Does your user have all of the RFC authorizations? The user that creates the RFCs needs to have them. Off the top of my head I think they are something like S_RFC and S_RFCACL

Former Member
0 Kudos

Yes i have all the roles related to trusted rfc in both the system.