cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

com.sap.aii.af.ra.ms.api.ConfigException: Unauthorized: J2EE AE rejected us

former_member186158
Active Participant

on ‎12-28-2010 5:22 PM

0 Kudos

proxy to jdbc

error message:

Date : 12/28/2010

Time : 18:37:57:865

Message : Message 4d1584b2-4397-81f0-e100-80000a8080de(INBOUND): was not delivered due to

com.sap.aii.af.ra.ms.api.ConfigException: Unauthorized: J2EE AE rejected user. Reason: Principal propagation is not active,

but technical IS service user was not used (J2EE_GUEST).

Severity : Error

Category :

Location : com.sap.aii.adapter.xi.ms.XIEventHandler.onRequest(Services, TransportMessage)

Application : sap.com/com.sap.aii.af.ms.app

Thread : SAPEngine_Application_Thread[impl:3]_64

Datasource : 24720650:/pi_appl/sap/PI1/DVEBMGS02/j2ee/cluster/server0/log/defaultTrace.trc

Message ID : 00145E793B1A005A0000005F015100FE000498760BC50124

Source Name : com.sap.aii.adapter.xi.ms.XIEventHandler

Argument Objs : 4d1584b2-4397-81f0-e100-80000a8080de(INBOUND),com.sap.aii.af.ra.ms.api.ConfigException: Unauthorized: J2EE

AE rejected user. Reason: Principal propagation is not active, but technical IS service user was not used (J2EE_GUEST).,

Arguments : 4d1584b2-4397-81f0-e100-80000a8080de(INBOUND),com.sap.aii.af.ra.ms.api.ConfigException: Unauthorized: J2EE AE

rejected user. Reason: Principal propagation is not active, but technical IS service user was not used (J2EE_GUEST).,

Dsr Component : mzpisvc_PI1_24720650

Dsr Transaction : 80ac1e90126711e082ea00145e793b1a

Dsr User : PIISUSER

Indent : 0

Level : 0

Message Code :

Message Type : 1

Relatives :

Resource Bundlename :

Session : 0

Source : com.sap.aii.adapter.xi.ms.XIEventHandler

ThreadObject : SAPEngine_Application_Thread[impl:3]_64

Transaction :

User : J2EE_GUEST

I think nothing to do with 'Principal propagation'.

Only problem may be the message size, it is large, about 171 MB.

anyone can help?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎12-28-2010 8:04 PM
0 Kudos

Please check the Principal Propagation configuration using the help page below.

Configuration of Principal Propagation:

http://help.sap.com/saphelp_nw04s/helpdata/EN/45/0f16bef65c7249e10000000a155369/frameset.htm

Please also check the note below

#974873 - Principal Propagation

Show replies
Show replies
Former Member
‎12-28-2010 8:03 PM
0 Kudos

Hello Shen, I hope youu2019re doing fine!

As per the error, I donu2019t think the problem is because of the size of the message. When the problem is size, different error messages are generated. In addition, Iu2019ve seen this error before and it wasnu2019t caused by large messages.

As I could see you donu2019t have Principal Propagation active. So, please go through Configuration of Principal Propagation

(http://help.sap.com/saphelp_nw04/helpdata/en/45/345d11a7993446e10000000a155369/frameset.htm) to make sure nothing is enable, also checked SAP note 974873.

The error message you posted here indicates that a user different from the technical IS service user (normally PIISUSER) is being used to test the messaging to AE.

When Principal Propagation is not used, the system expects the request to be accompanied with the user technical IS service user (PIISUSER). This user is fetched from the Exchange Profile parameter:

com.sap.aii.integrationserver.serviceuser.name

Please check if this is set to PIISUSER.

You can test the URL:

http://host:port/MessagingSystem/receive/AFW/XI

with PIISUSER directly to see if it can access successfully.

In addition, with regard to the error that is occurring, please check that the PI service usersu2019 passwords are consistent according to the note for you system release:

721548 XI 3.0: Changing the passwords of the XI service users

936093 - XI 7.0: Changing the passwords of XI service users

999962 - PI 7.10: Change passwords of PI service users

Ensure that it is maintained correctly in SU01, the Exchange Profile and in the SM59 destination INTEGRATION_DIRECTORY_HMI.

This note is very important. Reset all the passwords for the service users in XI and make sure they receive the same password that must be exactly eight characters. In the note you'll find the places to update the passwords.

Also please check in Visual Admin, Server -> Service -> Security Provider -> Policy Configuration -> sap.com/com.sap.aii.af.app*AdapterFramework -> security roles -> xi_af_rtc -> Which groups are present?

(NOTE: the required role SAP_XI_RWB_SERV_USER must be present)

VERY IMPORTANT, after doing this, restart the system.

Note: If you have PP, check this note:

992860 Principal Propagation u2013 corrections

Cheers,

Jorge Eidelwein

Show replies
Show replies
former_member186158
Active Participant
‎12-29-2010 5:41 AM
0 Kudos

Thanks for your input.

I don't think I need active Principal Propagation, but I have already actived it.

By the way, there are lots of similar scenarios work fine, proxy to db. And this scenario worked too, except for this message.

Edited by: Shen Peng on Dec 29, 2010 6:42 AM

Former Member
‎12-29-2010 12:19 PM
0 Kudos

Hello Shen,

Well, if you don`t want to use Principal propagation, you should just deactivate it.

You can do that following the link and note I`ve sent you before.

If you think the problem is the size of the message, can`t you split this message in small parts?

Just be carefull with such large messages. They may block the processing of following messages. System performance will be badly affected and there could be expected memory problem, like 'OutOfMemory' in Java during runtime.

Or you can try increasing some timeout parameters.

Set the Instance Profile parameter, icm/server_port_x as below:

PROT=HTTP,PORT=<icmhttpport>,TIMEOUT=30,PROCTIMEOUT=3000

If the problem persists, you can increase the PROCTIMEOUT parameter.

Test if increasing this value fix the issue. On the first try I suggest to set it to -1, it means no timeout. If it works then try to

find a value that is enough.

Ensure you set this parameter on the XI system AND any other R/3 system that is involved in these scenarios. Also set it on the Web Dispatcher, if you use one.

NOTE: check whether you have configure parameter RUNTIME/HTTP_TIMEOUT. It overwrites icm proctimeout above.

in TA SXMB_ADM -> Integration Engine Configuration -> parameter: RUNTIME/HTTP_TIMEOUT

You will find more information about the PROCTIMEOUT parameter in the note #824554 - ICM and SAP Web Dispatcher Timeout Parameter.

In addition, you could increase the trace level of the messages to level 3 to get more details of the error:

SXMB_ADM -> Integration Engine Configuration

Click in Specific Configuration button

Category: RUNTIME

Parameters: TRACE_LEVEL

Current Value: 3

Then, check all the steps of this message in sxmb_moni to check on which step this message is stopping/failing.

Reset back the trace level afterwards.

Let us know the outcome!

Cheers,

Jorge EIdelwein

Ask a Question