cancel
Showing results for 
Search instead for 
Did you mean: 

SMSY: trusted RFC call of ftn group SCCA failed.

Former Member
0 Kudos

I'm following the steps on my SolMgr system in the IMG and have generated the RFC to/from connections to the satellite systems. When I check the connections, I get the following error:

RFC destination SM_BIFCLNT001_READ check beginning

RFC destination SM_BIFCLNT001_READ function checked

RFC destination SM_BIFCLNT001_READ check ended

RFC destination SM_BIFCLNT001_TRUSTED check beginning

RFC destination SM_BIFCLNT001_TRUSTED function error

RFC connection SM_BIFCLNT001_TRUSTED cannot be made (No authorization to logon as trusted system (Trusted RC=2).)

Function group SCCA cannot be called in RFC system SM_BIFCLNT001_TRUSTED

RFC destination SM_BIFCLNT001_TRUSTED check ended

Using SM59, SM_BIFCLNT001_TRUSTED tested OK. RC=2 says:

RC=2: The user has no authorization in the target system (for the object S_RFCACL).

ON the destination system, tcode su01, the target user has role: SAP_S_RFCACL(status green), which should contain S_RFCACL authorization.

Detailed text on the SCCA failure says:

An RFC call of function group SCCA to RFC destination SM_BIFCLNT001_TRUSTED failed.

Procedure

Check

the RFC destination definition ( -> RFC Destinations (Display and Maintenance) ) <- OK

Network address and target machine name <- OK

System number and ID <- OK

The connection to the target system (see the log for error messages)

if there is a user in the RFC destination, whether it exists in the target system with the correct password <- same passwd.

if there is a user in the RFC destination, whether it is authorized to call function modules in function group SCCA (authorization S_RFC) in the target system. <- User on target has roles SAP_S_RFCACL and SAP_SDCCN_ALL and profiles has SAP_ALL.

if the function group SCCA is in the system. <- How do I check this?

Also, is my REFRESH_ADMIN_DATA_FROM_SUPPORT job running correctly?

Job log overview for job: REFRESH_ADMIN_DATA_FROM_SUPPORT / 08393800

-


Date

Time

Message text

Message class

Message no.

Message type

-


05/14/2009

08:39:38

Job started

00

516

S

05/14/2009

08:39:38

Step 001 started (program AI_SC_REFRESH_READ_ONLY_DATA, variant , user ID DDIC)

00

550

S

05/14/2009

08:40:01

No Businss Partners will be generated from SAP Customer numbers

AI_SC_EN

109

I

05/14/2009

08:40:01

No Businss Partners will be generated from SAP Customer numbers

AI_SC_EN

109

I

05/14/2009

08:40:01

The following error messages have been returned by SAP Support Portal:

AI_SC_EN

207

I

05/14/2009

08:40:01

User S000xxxxxxx - System Data Maintenance authorization not found for customer 000xxxxxxx

00

001

I

05/14/2009

08:40:01

System headers will be generated in SMSY from SAP Support Portal

AI_SC_EN

099

I

05/14/2009

08:40:01

No new systems found in SAP Support Portal to generate in SMSY

AI_SC_EN

103

I

05/14/2009

08:40:01

Job finished

00

517

S

-


Job is marked as finished OK.

xxxxxxx is my S-user number. I assume the data was pulled over using my customer number with S-user authorization. How do I verify this? Is thes job OK?

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Don,

Check if the following SAP Note can help you: 128447.

Regards,

Felipe Pitta

Former Member
0 Kudos

I followed the steps in 128447 and Trusted/trusting relationships. http://help.sap.com/saphelp_nw04/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/content.htm

The later had me create a modified authorization object of Z_S_RFCACL and profile Z_S_RFCACL. I'm using the same user on client and server, so RFC_USER=' '. The new profile was added to the user's profile list. Now I have about 15 Z_S_RFCACL profiles listed. Which one is actually used?

Some of the other steps have you generating roles, of which I had previously created Z_S_RFCACL role and activated, and linked to user. Now there are Z_S_RFCACL roles and profiles. Do I need to delete this role in order for the profile Z_S_RFCACL to be effective? The SMSY trusted RFC connection tests still fails with RC=2. The SM_<SYSID>CLNT001_TRUSTED RFC connection test OK, but authorization test fails with

Error Details You are not authorized to logon to the target system (error code 0).

The SM_<SYSID>CLNT001_TRUSTED RFC was created by SMSY. It appears to be identical to the auto-gen'd RFC TRUSTING_SYSTEM@<SYSID> on client, but has the Logon client and language set under Logon tab. I'm not able to set these values in the TRUSTING_SYSTEM@<SYSID> and it fails the connection test.

Answers (4)

Answers (4)

Former Member
0 Kudos

Hi I had the same problem with trusted systems give the user the SAP_TRANSLATOR role, Make sure you do the user compare

Mike

Former Member
0 Kudos

I gave the user the SAP_TRANSLATOR role, did user comparison, authorization and user light is green and saved user. While login as that user, Same problem I attempted to maintain the tRFC, uncheck the not modifiable flag. When I switch tabs, the disk icon did not highlight to show its armed. I'm not able to modify anything. except the flag. Same under tc SMT2 or SM59->Trusting Systems. I redisplayed the roles under user with SU01, Roles, authorzatons, user are all still green.

william_bowman
Participant
0 Kudos

Hi Don,

This may not sound like it makes sense, but in my experience when you have trust issues, delete all related destinations in SMT1 in the SolMan and Satellite systems. This should delete all of the RFC destinations. Recreate them using tcode SMSY. Make sure that the auths are correct in your S_RFCACL role. You should be good to go.

Send me your logs if this doesn't help and I'll see what I can find.

Regards,

Bill

Edited by: William Bowman on May 27, 2009 11:42 PM

Former Member
0 Kudos

Is there a similar solutiion using SMT2 for trusting systems. I was able to get the TRUSTING_SYSTEM@<server> to work from SolMgr to satellite system by turning off load-balancing.

But I can not modify the tRFC for TRUSTING_SYSTEM@<server> from satellite to SolMgr system. I tried it from SMT2 to maintenance and uncheck the "Destination unmodifiable" flag, but there was no diskette icon to save. Same from SM59->TRUSTING_SYSTEM@<host>.

I had deleted the RFC from the SM59 list, but it was still known to SMT2, which did inturn, recreate the RFC. But, I still could not modify anything.

Any ideas? This issue isn't that big of a deal, since it is used for testing only(per doc). But if you know of a solution right off hand, great. Otherwise, my main issue has been resolved, the tRFCs work from SolMgr to Satellite systems.

Thanks,

Don

william_bowman
Participant
0 Kudos

I just tried that, if you go to a different tab, the save button was enabled for me. If I stayed on the initial tab, nothing changed except for the check box. Try switching tabs and see if that helps.

Former Member
0 Kudos

Thanks for all your help.

-Don.

Former Member
0 Kudos

Hi. I have the same problem. Trusted RFC are OK but I still have errors in SMT2 (Error when opening an RFC connection)

Any idea?

Regards,

Julien

Former Member
0 Kudos

Don

your S-user maintained in AISUSER in association with the user with which you are logged in into Solman and or the S-user associated with user DDIC (as i could see that this job is running with step user DDIC) with which this job is scheduled, is not 'Authorized enough' on marketplace. so check this, have super admin for this OSS id.

and for trusted RFC error, you have to assign S_RFC and S_RFCACL authorization objects to the user used in the 'login credentials' of the RFC and to the user who is right now making this connection test, both in Solman and the sattelite system.

check these Notes

Note 1082010 - Administration of several customer numbers

Note 1056595 - Authorization not found for installation number

Note 172481 - System data maintenance (collective note)

Bhudev

Former Member
0 Kudos

Bhudev,

All of the OSS RFCs are working fine. Its the trusted RFC to satellite system that fails. All of the notes seem to apply to the OSS RFCs.

I have created Z_S_RFCACL profile per note 128447 added to the user on the server. Still get errros. See above entry.

Former Member
0 Kudos

Don

you have assigned the new Z_S_RFCACL profile to the user, so what's the confusion ? Obviously this profile will work instead of others, right ?

and remove the same role/object/profile which you did assign earlier to this user. If still RFC not working, then you can test the RFC by choosing the option 'current user' in 'Logon & Security' tab of RFC and then login with the user with which you want to test the connection (same user which is there in satellite system too) and check the trusted connection and check 'Remote login' then. and I hope, you already check marked the option 'trusted' in sm59 solman for this rfc

Also, you must be having a TRUSTED rfc for Solman itself, test that RFC by check marking the option 'current user'

Former Member
0 Kudos

The return code you're receiving clearly indicates your authorization is not ok.

You're best of setting up the role as follows:

Z_S_RFCACL Z_S_RFCACL

Manually Cross-application Authorization Objects

Manually Authorization Check for RFC Access

Manually Authorization Check for RFC Access

Activity All activities

Name of RFC to be protected *

Type of RFC object to be prote All values

Manually Authorization Check f RFC User (for Example, Trusted System)

Manually Authorization Check f RFC User (for Example, Trusted System)

Activity All activities

RFC client or domain *

RFC same user ID All values

RFC information *

System ID (for SAP and Externa *

RFC transaction code *

RFC User (SAP or External) *

Hopefully this is clear, if not, I can send you a screenshot, if you leave your email.

Former Member
0 Kudos

Hurray, the trusted RFC between SolMgr and satellite system is now working. This is the SM_<SYSID>CLNT_<client>_TRUSTED tRFCs. The auto-created tRFC TRUSTING_SYSTEM@<SYSID> is still not working. I need to delete and re-create.

I'm a novice at the role/profiles/authorizations, but learned at lot in the past 2 weeks. One of the keys that help me troubleshoot the issue is how to locate the S_RFCACL object in the role or profile. First was to bring up the authorization via 1)su01, select user role or profile, doubleclick on role or profile. under authorization tab, display authorizations data.

Key: Now turn on technical name display (utilities-> technical names on).

Search for S_RFCACL.

Verify correct settings are set as per example in note 128447.

In my case, I had to do this on both SolMgr and satellite systems, since I don't use CUA.

I did not have a couple of values set. So set missing values and activated objects.

I also deleted any old roles from previous attempts.

No from the sm59 tRFC, I'm able to connect OK. authenticate OK, and remote-login OK on both SolMgr and satellite systems.

I need to try and get the TRUSTING_SYSTEM tRFC working.

Thanks for everyone's help.

Former Member
0 Kudos

Nice to hear it !

and thanks for sharing the solution !

Former Member
0 Kudos

A source of confusion for me was in note 840516-Role and profile definition.

There are 2 main steps:

- To define the roles, proceed as follows:

- To define the profiles, proceed as follows:

These main steps are one or the other, but not both. This is probably obvious to the people experienced with roles/profiles/authorizations, but was not obvious to me. The note should be updated to state that these steps are an either OR situation. You either update the role or the profile.Suppose you could do both, but then must have one or other in the user's setup. I believe at one time, I had both and that did not work (might need to be verified).

Former Member
0 Kudos

Have you created the role: Z_S_RFCACL yet?

On both SolMan and Satellite?

After you have, assign the role to an identical user on both systems.

Former Member
0 Kudos

Yes, I have done this. I've sense followed the steps in note 128447, which had me create Z_S_RFCACL profile. Now which one is the system going to use in the tRFC connection?

Former Member
0 Kudos

obviously the profile which you assigned to the user and which is same in both, the solman and the satellite system