cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unauthorized Issue in Messaging System

Former Member

on ‎08-26-2009 3:48 AM

0 Kudos

Hi,

I am experiencing yet another issue.

To give the background again, we try to send a message FROM a Portal box to XI via Java Proxies. The Portal box contain a non central XI Adapter Engine, which as a XI Adapter Framework built within it.

We are now getting this error in the Portal box: GENERAL_ERROR

The message log is as follow:

Message ID b9a58940-91e7-11de-b087-001560deb814

RefToMsg ID

Conversation ID

Serialization Context

Sequence Number 0

Message Type Asynchronously Sent Message (SEND)

From Party

From Service Name: GGX

To Party

To Service

Action Namespace http://sap.com/xi/GDS/1Sync/64 Name: MI_TradeItemExport_Out

Connection Name JPR

Status Not Delivered

Error Category XI_J2EE_ADAPTER_XI_HANDLER

Error Code GENERAL_ERROR

Profile XI

Transport HTTP

Delivery Semantics Exactly Once

Times Failed 4

Number of Retries 3

Sent / Received 08/25/2009 22:25:30

Transmitted / Delivered 08/25/2009 22:40:31

Next Delivery 08/25/2009 22:40:31

Persist Until 09/24/2009 22:25:30

Valid Until 08/25/2009 23:48:50

Retry Interval 5 Minutes

Address http://gdd.na.pg.com:8001/sap/xi/engine?type=entry

Credential SAPPasswordCredential(XIISUSER):password=********:sapclient=100:saplang=de

Transport Headers Content-Length=6350 Content-Type=multipart/related; boundary=SAP_b9a86f71-91e7-11de-bbf3-001560deb814_END; type="text/xml"; start="" HTTP=POST

Principal Propagation

Message Version Number 0

Node ID 37391650

Looking further in the audit log, I saw this error:

Transmitting the message to endpoint http://gdd.na.pg.com:8001/sap/xi/engine?type=entry using connection JPR failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Received HTTP response code 401 : Unauthorized

There's an unauthorized issue here, but is this more than just a security error? I tried other user credentials as well, but it seems to not work. As I have no access in the admin side of the Portal box to configure its exchange profile or anything in Visual Admin, I am not very familiar with how they are configured.

Would appreciate some of your inputs on what teh cause and possible solution is.

Thanks!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎08-26-2009 3:58 AM
0 Kudos

Hi,

Check the XIAFUSER and also verify the J2EE Port used. Probably rest the password and restart of J2EE engine may resolve it.

Thanks

Swarup

Show replies
Show replies
Former Member
‎08-26-2009 4:12 AM
0 Kudos

Hi Swarup,

I tested XIAFUSER as well, but to no avail.

As for the port, I have confirmed this with the proper work group (as a different team handles that). Seems that it is the correct J2ee port.

Thanks for replying!

Former Member
‎08-26-2009 7:47 AM
0 Kudos

Hi Angelo!

This user here:

Credential SAPPasswordCredential(XIISUSER):password=********:sapclient=100:saplang=de

should be checked for correct password in Portals Exchange Profile and if it has sufficinet rights in the PI system and if it is maybe locked in the meantime due to too much failed login attempts. Locking as well as authorizations can be checked in the ABAP stack of PI using transaction SU01.

The correct password in Exchange Profile of Portal can only be checked in Portal Adamin.

Regards,

Volker

Former Member
‎08-26-2009 7:56 AM
0 Kudos

Hi,

Well the details you had provided, for sure indicate towards the authorization issue with the XI user IDs.

There could be chances to have insufficient authorizations.

Please can you confirm with your Basis team that all the authorizations/roles assigned to the IDs and also the passwords were not changed recently.

Thanks

Swarup

Former Member
‎08-26-2009 12:44 PM
0 Kudos

HI Swarup,

It would appear so, but I tried accessing the url directly via the web browser directly and tried both XIISUSER and XIAFUSER's credential, and I was able to get in the url mentioned in the message. That's where I find it odd if it is truly a security issue or role missing with the credential used.

Former Member
‎08-26-2009 12:47 PM
0 Kudos

Hi Volker,

Thanks for replying too. I asked the admin team to check the Exchange Profile, and the user and password that was shown there is different from the one used in the message (XISUPER was used). I asked them why this was used instead of XIISUSER (or XIAFUSER), they said that that was the user that worked for the exchange profile.

Will this produce an impact if the User name in the Exchange Profile is different from what was configured in Visual Admin's properties? Apologies, but am not very familiar with admin configurations in portal.

Thanks again!

Former Member
‎08-26-2009 4:06 PM
0 Kudos

Hi!

Please check if all XI* users are unlocked and have the sufficient roles in the abap stack. if xisuper is used for communication it is okay, as long as user exists, password and authorities are correct and user is not locked.

In our PI 7.1 test system the user (and there it is called) PISUPER has the following roles:

SAP_ALM_ADMINISTRATOR

SAP_ALM_CUSTOMIZER

SAP_BC_AI_LANDSCAPE_DB_RFC

SAP_BC_ALM_ADMIN

SAP_BC_ALM_ALERT_USER

SAP_BC_ALM_CUST

SAP_BC_BASIS_ADMIN

SAP_BC_BASIS_MONITORING

SAP_BC_CSMREG

SAP_BC_DB_ADMIN_DB2

SAP_BC_DB_ADMIN_DB4

SAP_BC_DB_ADMIN_DB6

SAP_BC_DB_ADMIN_MSS

SAP_BC_DB_ADMIN_ORA

SAP_BC_DB_ADMIN_SDB

SAP_BC_LVC_ADMINISTRATOR

SAP_BC_TREX_ADMIN

SAP_BC_WEBSERVICE_ADMIN

SAP_BC_WEBSERVICE_PI_CFG_SRV

SAP_ESF_ADMIN

SAP_J2EE_ADMIN

SAP_NWA_FULL

SAP_PAF_ADMIN

SAP_RS_NWA_ADMIN

SAP_SLD_ADMINISTRATOR

SAP_SLD_CONFIGURATOR

SAP_SLD_DEVELOPER

SAP_SLD_GUEST

SAP_SLD_ORGANIZER

SAP_XI_ADMINISTRATOR

SAP_XI_ADMINISTRATOR_ABAP

SAP_XI_ADMINISTRATOR_J2EE

SAP_XI_APPL_SERV_USER

SAP_XI_BPE_ADMINISTRATOR_ABAP

SAP_XI_BPE_CONFIGURATOR_ABAP

SAP_XI_BPE_MONITOR_ABAP

SAP_XI_CONFIGURATOR

SAP_XI_CONFIGURATOR_ABAP

SAP_XI_CONFIGURATOR_J2EE

SAP_XI_CONTENT_ORGANIZER

SAP_XI_CONTENT_ORGANIZER_ABAP

SAP_XI_CONTENT_ORGANIZER_J2EE

SAP_XI_DEMOAPP

SAP_XI_DEVELOPER

SAP_XI_DEVELOPER_ABAP

SAP_XI_DEVELOPER_J2EE

SAP_XI_DISPLAY_USER_ABAP

SAP_XI_MESSAGE_MODIFY

SAP_XI_MONITOR

SAP_XI_MONITOR_ABAP

SAP_XI_MONITOR_J2EE

SAP_XI_RWB_SERV_USER

Hope this helps!

Regards,

Volker

Ask a Question