on 09-26-2012 2:43 PM
Hi Gurus,
We have an IDOC--> PI----soap-----> Application scenario in which SAP PI sends an XML after digitally signing the XML.
It tries to establish an HTTPS connection using the server ssl certificates and also we are encrypting the request with the private key maintained in the key store.
The scenario was working fine for two months in production. Then the 3rd party application upgraded their IIS from IIS 6.0 windows 2003 to IIS 7.0 2008 and after that all the requests are failing with the error as "invalid http response: null".
I used the XPI inspector to investigate it further and looks like the handshake is happening correctly and after that when SAP PI tries to send the request, the application is rejecting the request with no response.
Please see the logs of XPI_inspector below.
socket created; additional info |
Sending a proxy connect request ... |
proxy responds: HTTP/1.1 200 Connection established |
proxy responds: Via: 1.1 ESD-NIE-TMG-D, 1.1 ESD-NIE-TMG-I |
proxy responds: Connection: Keep-Alive |
proxy responds: Proxy-Connection: Keep-Alive |
proxy responds: |
handshaking ... |
handshake done |
Sending a request ... |
connected via ssl using TLS_RSA_WITH_AES_128_CBC_SHA |
rebuilding the root document ... |
rebuilt |
serializing in singlepart ... |
serialized |
request message sent |
server responds with null |
Entering method with (auditLogEnabled, true) |
Entering method with (auditLogEnabled) |
Exiting method with true |
Exiting method with true |
Entering method |
Exiting method with com.sap.engine.messaging.impl.util.auditlog.AuditLogManager@43cff45e |
Entering method with (505cfdee-6a50-0a10-e100-8000ac135039(INBOUND), E, SOAP: call failed: java.io.IOException: invalid http response: null, <null>, false) |
Entering method with (505cfdee-6a50-0a10-e100-8000ac135039(INBOUND), E, SOAP: call failed: java.io.IOException: invalid http response: null, <null>) |
I feel that there is some configuration issue in the Application end or SAP PI AIX OS is not compatible with the windows 2008 application server.
Please suggest if there is any patch which needs to be installed in SAP PI to fix this issue.
Thanks ,
Ashish
Looks like after window server upgrades, signing and encryption logic is not in place. So though the connectivity is established the signing validation does not take place properly. Please check in that area.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bhaskar,
Earlier, this scenario was working absolutely fine before go live and also after go live till IIS upgrade.
We normally do the below configuration for this interface,
1. install the server certificates in the TrustedCAs keystore,
2. install the private key in a separate keystore and configure the receiver SOAP channel to point to this entry.
This configuration was working till IIS upgrade, do you see any other changes that need to be done in PI side??
Thanks,
Ashish
There is a document available for interoperability between .net framework and SAP Netweaver. Please glance this document and see whether this is helpful http://scn.sap.com/docs/DOC-3449. You might also remove the private key and reload it again and test.
User | Count |
---|---|
84 | |
10 | |
9 | |
8 | |
6 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.