cancel
Showing results for 
Search instead for 
Did you mean: 

No authorization to logon as trusted system (Trusted RC=2)

Former Member
0 Kudos

Hi experts,

I am following the blog [First steps to work with Change Request Management scenario|http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/10429] [original link is broken] [original link is broken] [original link is broken];

(thank you, Dolores Correa),

but I encountered a problem at Step 3- Review of the main configuration points in SPRO

I am supposed to create a RFC connections from 3 clients (110, 120, 130 in my case), and I get the "No authorization to logon as trusted system (Trusted RC=2)." error all the time.

Now, I have created more then one trusted RFC connection before, but always to another system.

Here, I am supposed to create a trusted RFC connection to the same SM1 system (from which I am creating the conn, just another client).

The first trusted RFC (as well as the _READ & _TMW) conn from SM1clnt100 was created before as "none", and is working propertly.

So - S_RFCACL and S_RFC are assigned (as I said - I created few trusted RFC conns before), and yet, I am getting the mentioned error.

I am working in SM 7 EHP1

Thanks in advance,

Nenad

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
0 Kudos

@Miguel:

Note 128447 - I have read year ago, and succesfuly created few needed trusted RFC conns to satelyte systems. Authorisations are there, and I am using the same user as before, with ... + SAP_ALL + Z_SAP_S_RFCACL + Z_S_RFC maineined and compared role

@Khalil:

I have succesfuly created few needed trusted RFC conns to satelyte systems. Thanks for an effort, anyway.

As for

"IMPORTANT: When creating RFC Trusted from transaction SMSY of Solman make sure that the RFC User that Solman will attempt to create in the target System does not exist yet "

- while creating a _TRUSTED RFC no user is created. The users that will use this TRFC conn will have the ZSAP_S_RFCACL role assigned to connect with no logon req.

Did you mean the _BACK conn? The user is created for this conn.

@Nibu:

Thanks, I am aware of this facts. Thanks anyway

@Mateus:

Note 986707 - No authorization to log on as a trusted system (RC=1). This is not my case.

Note 131387 - This note also applies only for RC=1. Thanks anyway.

Former Member
0 Kudos

Hi all,

thanks for replying, but it looks like you didn't understand the problem. As I wrote in my first post, I know how (and have done succesfully) to create a trusted RFC from SM to satelite systems.

I have a problem creating trusted RFC from SolMan's clients to SolMan itself.

Let me try to describe it a little more:

- following the given link [First steps to work with Change Request Management scenario|http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/10429] [original link is broken] [original link is broken] [original link is broken]; , I am trying to create a test landscape to practice with the Charm scenario in Solution Manager 7.0 without creating interferences with real TMS landscapes.

- The test landscape that I am using is this one: my Solution Manager is installed in system SM1, and I am configuring client 001 for being used as Charm client, then SM1:001 is my Charm client.

-As in blog, I created three additional CLIENTS in SM1, like local client copy from client 000 with SAP_ALL profile, that is: (110, 120, 130 in my case). The idea is that SM1:110 is going to be the Development system, SM1:120 the Quality system and SM1:130 is the Production system.

- I had no problem performing step 2 - Configuration of TMS for this scenario according to Charm prerequisites

- the problem arised at Step 3 - Review of the main configuration points in SPRO. Al the basic settings were performed before, this SolMan is in use for approx 2 years. Now - I was able to create a _READ and _TMS RFC conections to all clients (in my case 110, 120, 130), but I can't create a _TRUSTED RFC from mentioned clients to SolMan itself, as it can be seen on the first picture of this STEP 3. (I had my doubts about this from the beguinning, as there are trusted systems not clients in SMT1 - but, the picture Dollores atached to jer blog clearly shows that she has seperate _TRUSTED RFC for every client of SM).

I hope I have described my problem more ample in this post.

Thank you all in advance for eventual help,

Nenad

mateus_pedroso
Employee
Employee
0 Kudos

Please, check the instructions below

986707 - No authorization to log on as a trusted system

Anyway, RC=2 means that the user has no authorization (for the object S_RFCACL), so in case the above does not work, please refer to the following note:

128447 - Trusted/Trusting Systems.

Note that S_RFCACL is NOT included in SAP_ALL and SAP_NEW profiles, so you have to manually assign S_RFCACL to the user. Then, kindly add this authorization object to the your current user in both source and target systems and make sure you do a user compare after that (tx SUIM).

Additionally, you can read note 131387 which also describes a similar problem and apply the recommendations in case you think this fits to your case.

Nibu
Contributor
0 Kudos

In Solution Manager , you can automatically create RFCs to satellite systems.

Check note 128447 for prerequisites .The RFC user has authorization object S_RFC and S_RFCACL in both systems both the sender and receiver systems. If you have created RFCs that are not working , need to delete these before re-creation to avoid RFC naming conflicts .

Regards,

Nibu Antony

khalil_serrhini
Contributor
0 Kudos

Hello Nenad,

i did nt really get exactelly from where and to which system you re trying to create your trusted RFC but in all cases you have to fullfill some requirements

Lets say SSYS-Client X is your source System (from where you want to create Trusted RFC)

and TSYS-Client Y is your target System (destination of RFC)

1 - READ RFC from SSYS-Client X to TSYS-Client Y works (test with and without authorizations) - Just a previous check to see if both systems actually see each other (no network pb)

2 - You need to have a SAP User (SU01) in both system/clients with the exact same User name

3 - In SSYS-ClientX and in TSYS-Client Y You need to have authorization objects S_RFCACL and S_RFC. Make sure that in both system/clients you have them and that role (that contain objects) was distributed correctly in PFCG (Green Light)

IMPORTANT: When creating RFC Trusted from transaction SMSY of Solman make sure that the RFC User that Solman will attempt to create in the target System does not exist yet !!

Regards,

Khalil

Edited by: Khalil SERRHINI on Jun 15, 2010 5:22 PM

Miguel_Ariño
Advisor
Advisor
0 Kudos

Hello,

The complete explanation of trusted RFCs is in note 128447.

Apparently the return code you get is due to the authorizations for trusted RFCs not being there, or a 'forbidden' user was used.

Best regards,

Miguel Ariñ

Former Member
0 Kudos

Redundant post

Edited by: Nenad nikolic on Jun 16, 2010 10:12 AM

Former Member
0 Kudos

Redundant post

Edited by: Nenad nikolic on Jun 16, 2010 10:10 AM