on 08-26-2009 3:48 AM
Hi,
I am experiencing yet another issue.
To give the background again, we try to send a message FROM a Portal box to XI via Java Proxies. The Portal box contain a non central XI Adapter Engine, which as a XI Adapter Framework built within it.
We are now getting this error in the Portal box: GENERAL_ERROR
The message log is as follow:
Message ID b9a58940-91e7-11de-b087-001560deb814
RefToMsg ID
Conversation ID
Serialization Context
Sequence Number 0
Message Type Asynchronously Sent Message (SEND)
From Party
From Service Name: GGX
To Party
To Service
Action Namespace http://sap.com/xi/GDS/1Sync/64 Name: MI_TradeItemExport_Out
Connection Name JPR
Status Not Delivered
Error Category XI_J2EE_ADAPTER_XI_HANDLER
Error Code GENERAL_ERROR
Profile XI
Transport HTTP
Delivery Semantics Exactly Once
Times Failed 4
Number of Retries 3
Sent / Received 08/25/2009 22:25:30
Transmitted / Delivered 08/25/2009 22:40:31
Next Delivery 08/25/2009 22:40:31
Persist Until 09/24/2009 22:25:30
Valid Until 08/25/2009 23:48:50
Retry Interval 5 Minutes
Address http://gdd.na.pg.com:8001/sap/xi/engine?type=entry
Credential SAPPasswordCredential(XIISUSER):password=********:sapclient=100:saplang=de
Transport Headers Content-Length=6350 Content-Type=multipart/related; boundary=SAP_b9a86f71-91e7-11de-bbf3-001560deb814_END; type="text/xml"; start="" HTTP=POST
Principal Propagation
Message Version Number 0
Node ID 37391650
Looking further in the audit log, I saw this error:
Transmitting the message to endpoint http://gdd.na.pg.com:8001/sap/xi/engine?type=entry using connection JPR failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Received HTTP response code 401 : Unauthorized
There's an unauthorized issue here, but is this more than just a security error? I tried other user credentials as well, but it seems to not work. As I have no access in the admin side of the Portal box to configure its exchange profile or anything in Visual Admin, I am not very familiar with how they are configured.
Would appreciate some of your inputs on what teh cause and possible solution is.
Thanks!
Hi,
Check the XIAFUSER and also verify the J2EE Port used. Probably rest the password and restart of J2EE engine may resolve it.
Thanks
Swarup
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Angelo!
This user here:
Credential SAPPasswordCredential(XIISUSER):password=********:sapclient=100:saplang=de
should be checked for correct password in Portals Exchange Profile and if it has sufficinet rights in the PI system and if it is maybe locked in the meantime due to too much failed login attempts. Locking as well as authorizations can be checked in the ABAP stack of PI using transaction SU01.
The correct password in Exchange Profile of Portal can only be checked in Portal Adamin.
Regards,
Volker
Hi,
Well the details you had provided, for sure indicate towards the authorization issue with the XI user IDs.
There could be chances to have insufficient authorizations.
Please can you confirm with your Basis team that all the authorizations/roles assigned to the IDs and also the passwords were not changed recently.
Thanks
Swarup
HI Swarup,
It would appear so, but I tried accessing the url directly via the web browser directly and tried both XIISUSER and XIAFUSER's credential, and I was able to get in the url mentioned in the message. That's where I find it odd if it is truly a security issue or role missing with the credential used.
Hi Volker,
Thanks for replying too. I asked the admin team to check the Exchange Profile, and the user and password that was shown there is different from the one used in the message (XISUPER was used). I asked them why this was used instead of XIISUSER (or XIAFUSER), they said that that was the user that worked for the exchange profile.
Will this produce an impact if the User name in the Exchange Profile is different from what was configured in Visual Admin's properties? Apologies, but am not very familiar with admin configurations in portal.
Thanks again!
Hi!
Please check if all XI* users are unlocked and have the sufficient roles in the abap stack. if xisuper is used for communication it is okay, as long as user exists, password and authorities are correct and user is not locked.
In our PI 7.1 test system the user (and there it is called) PISUPER has the following roles:
SAP_ALM_ADMINISTRATOR
SAP_ALM_CUSTOMIZER
SAP_BC_AI_LANDSCAPE_DB_RFC
SAP_BC_ALM_ADMIN
SAP_BC_ALM_ALERT_USER
SAP_BC_ALM_CUST
SAP_BC_BASIS_ADMIN
SAP_BC_BASIS_MONITORING
SAP_BC_CSMREG
SAP_BC_DB_ADMIN_DB2
SAP_BC_DB_ADMIN_DB4
SAP_BC_DB_ADMIN_DB6
SAP_BC_DB_ADMIN_MSS
SAP_BC_DB_ADMIN_ORA
SAP_BC_DB_ADMIN_SDB
SAP_BC_LVC_ADMINISTRATOR
SAP_BC_TREX_ADMIN
SAP_BC_WEBSERVICE_ADMIN
SAP_BC_WEBSERVICE_PI_CFG_SRV
SAP_ESF_ADMIN
SAP_J2EE_ADMIN
SAP_NWA_FULL
SAP_PAF_ADMIN
SAP_RS_NWA_ADMIN
SAP_SLD_ADMINISTRATOR
SAP_SLD_CONFIGURATOR
SAP_SLD_DEVELOPER
SAP_SLD_GUEST
SAP_SLD_ORGANIZER
SAP_XI_ADMINISTRATOR
SAP_XI_ADMINISTRATOR_ABAP
SAP_XI_ADMINISTRATOR_J2EE
SAP_XI_APPL_SERV_USER
SAP_XI_BPE_ADMINISTRATOR_ABAP
SAP_XI_BPE_CONFIGURATOR_ABAP
SAP_XI_BPE_MONITOR_ABAP
SAP_XI_CONFIGURATOR
SAP_XI_CONFIGURATOR_ABAP
SAP_XI_CONFIGURATOR_J2EE
SAP_XI_CONTENT_ORGANIZER
SAP_XI_CONTENT_ORGANIZER_ABAP
SAP_XI_CONTENT_ORGANIZER_J2EE
SAP_XI_DEMOAPP
SAP_XI_DEVELOPER
SAP_XI_DEVELOPER_ABAP
SAP_XI_DEVELOPER_J2EE
SAP_XI_DISPLAY_USER_ABAP
SAP_XI_MESSAGE_MODIFY
SAP_XI_MONITOR
SAP_XI_MONITOR_ABAP
SAP_XI_MONITOR_J2EE
SAP_XI_RWB_SERV_USER
Hope this helps!
Regards,
Volker
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.