cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AS2 Message Composition Failed

Go to solution
Former Member

on ‎11-10-2012 11:25 PM

0 Kudos

Hi Experts,

I am working on a scenario for sending EDI transactions to our external customer using AS2 Adapter from Seeburger.

Here is my scenario which is having issue: I have configured a scenario from my system "ABC" IdocSender to "DGA" AS2 receiver {which is infact a sceanrio IDOC_AAE to AS2 Receiver adapter}.

Point to Note here is My scenario runs when I don't use any encryption and signing. But when I configure my scenario to use the certificates for encryption and signing, I find the following error in AS2 Receiver channel:

Transmitting the message to endpoint <local> using connection IDoc_AAE_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@639f5903, SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@639f5903

Also I can see in NWA logs following entry just after the module processor:

Error while getting inbound bindings Caused by: com.seeburger.xi.config.ConfigException: No binding found for: AS2, http://seeburger.com/xi, DGA, ABC

at com.seeburger.xi.as2.conf.CPACacheQueries.getInboundBinding(CPACacheQueries.java:238)
at com.seeburger.xi.as2.conf.QueryManager.queryInboundRef(QueryManager.java:287)

Where DGA and ABC are AS2 IDs for Partner System DGA and My System ABC respectively. However when I do not use any encryption the binding error of AS2 IDs doesnot pops up.

However another entry in NWA logs says:

AS2 message composition failed: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@5c6853df [LOC: AS2 message composition failed: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@5c6853df.build] Caused by: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@5c6853df

And after that one more entry which says :

LOCATION [null, null, 1f9a18d0-2b8a-11e2-8413-02630a8c012f] >> ERROR TYPE [, COMMUNICATION_ERROR, retryable, not fatal]] >> DESCRIPTION [AS2 Adapter failure >> java.lang.Exception: AS2 message composition failed: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@5c6853df] Caused by: com.seeburger.as2.exception.AS2PluginRetryException: java.lang.Exception: AS2 message composition failed: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@5c6853df

I have configured my receiver Agreement { Outbound Processing} paramters as with keystore

Siging key as : TRUSTED/ABCAS2_Test_key/ABCcertas2

Encryption Key as : TRUSTED/PartnersCerts/DGACert

Could you let me know what is it that I am missing here. Are my certificates not correct? How can I check my ceritifcate if they are good? Is there any authrorization I am missing out here ?

Reagrds

ArunSR

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-04-2012 9:57 AM
0 Kudos

Hi Arun,

We are getting same error with AS2 encryption in our EDI scenario. So wanted to check if you could resolve your issue and if yes, how was it resolved?

Thanks,

Deepak

Show replies
Show replies
S0003485845
Contributor
‎12-04-2012 10:47 AM
0 Kudos

Hi Deepak,

since Arun hasn´t posted for the last days in the SCN, I would just suggest that you make this quick test in the Seeburger Workbench:

"Can you verify with the Seeburger-Workbench => System Status => Important Server Properties that all 3 "important system properties" could be verified as "true" ?"

This is just to make sure that all preconditions are met to use encryption at all...

Also, do you use "code-based-access" or "user-based-access" ?

(I would suggest to use "user-based access" and make sure that the user has the required rights no access the corresponding key-store which is used for your encryption)

Greetings

Former Member
‎12-04-2012 11:54 AM
0 Kudos

Hi Stefan,

Thanks for quick response. I could see that all 3 Important Server Properties are verified as True (Set to Ok) in Seeburger workbench.

Not sure how to check user-based access or code-based access to key-store for encryption. Can you let me know how can I verify that?

Also is there anything else that we need to check or may be missing?

Thanks,
Deepak

S0003485845
Contributor
‎12-04-2012 12:21 PM
0 Kudos

Hi,

- to enable user-based access, A PI-User needs to exist and be inserted to the "Resource-Details" of the AS2-Adapter

Then this user needs to have the role "view-creator.xxxx" assigned to it (where "xxxxx" is the name of the keystore that includes the used certificates/keys for the AS2 connection)

You can also find this information in the "SAP_SeeMasterConfigurationGuide_en.pdf" on page 18 ("User Based Access to SAP PI Keystore").

Hope this helps

Former Member
‎12-04-2012 12:55 PM
0 Kudos

Hi Stefan,

Thanks for these details. I will change the keystore access to user-based and re-test.

Thanks,

Deepak

Former Member
‎12-05-2012 5:52 PM
0 Kudos

Hi Deepak,

Our Problem is still continued, will let you know once we get solution.

Regards,

Arun

nipun_shedhani4
Explorer
‎09-01-2013 6:58 AM
0 Kudos

Hi Arun,

This issue has been resolved by SAP as by applying note: 1780149 - Register and unregister BouncyCastle provider.

Please let us know if the issue has been resolved at your end by using the above solution.

Regards,

NS

Former Member
‎09-01-2013 7:07 AM
0 Kudos

Hi All,

Yes this problem was resolved using the above SAP Note 1780149

The problem was due to our landscape having installation of SAP B2B Adapters and Seeburger Adapters. They adapters were finding Boucy Castle thread bound to one adapter and hence Seeburger AS2 adapter was not able to use the same.

But when we applied the SAP Note, the problem was resolve.

Sorry for the delay posting my response.

Regards,

ArunS.

S0003485845
Contributor
‎09-02-2013 10:34 AM
0 Kudos

Hi,

thank you for this clarification...I am glad it works

Kind Regards

Stefan

Former Member
‎09-03-2013 6:11 PM
0 Kudos

Thanks Stefan for your help.

Answers (2)

Answers (2)

Former Member
‎11-13-2012 11:15 AM
0 Kudos

Hi Arun,

try with backward \ instead of / in the receiver agreement

TRUSTED\ABCAS2_Test_key\ABCcertas2

Cheers

hidayat

Show replies
Show replies
prateek
Active Contributor
‎11-12-2012 4:43 AM
0 Kudos

Make sure that Signing key is pointing to your own Private key.

Have you tried with only encryption or only signing? Is that test feasible with your partner?

Regards,

Prateek Raj Srivastava

Show replies
Show replies
Former Member
‎11-12-2012 5:11 PM
0 Kudos

Hi Prateek,

Thanks for the reply,

I have tried this using encryption only and siging only method also but they all seem to generate the same error. I do not have seeburger user in the NWA and am going with Code based access. Is there any extra settings I am missing.

Thanks.

Regards,

ArunSR

prateek
Active Contributor
‎11-12-2012 5:43 PM
0 Kudos

Can you elaborate on "I do not have seeburger user in the NWA and am going with Code based access."?

Do you have JCE installed on your Java engine?

Regards,

Prateek Raj Srivastava

Former Member
‎11-13-2012 1:59 AM
0 Kudos

Hi Prateek,

We Have unlimited JCE installed on the Java engine,

I am using Code based access to Certificates instead of User Based Access, i have aassigned all the views and roles to the certificate keystore, can you help me if I am missing any properties?

Regards,

Nipun

S0003485845
Contributor
‎11-13-2012 11:02 AM
0 Kudos

Hi,

is there any reason why you don´t use the "User-based" access ? 

In my opinion, this us much easier to use.

Also, did you verify with the Seeburger-Workbench => System Status => Important Server Properties that all 3 "important system properties" could be verified as "true" ?

Greetings

Former Member
‎11-13-2012 6:05 PM
0 Kudos

Hi Stefan,

Thanks for the reply, I just figure out that place page you mentioned for three properties, out of the three important system properties I have only one set to OK,

The Unlimited Stregth and mail.mime.multipart.bmparse are not oka. Could you let me know how can I correct these settings.

However on the unlimited strength Jar file, we have recently deployed the unlimited JCE jar files in our PI box. not sure why this is not updated.

Regards,

ArunSR

S0003485845
Contributor
‎11-13-2012 8:36 PM
0 Kudos

Hello,

Regarding the Parse-flag, there is a SAP Note existing "1287778" that describes the quick steps how to fix it.

Regarding the "unlimited strength files", i have seen several reasons at various customers in the past, when the workbench indicated that it is not ok , like 

- the files have been replaced in a wrong java directory

- the files have been overwritten again during a patch/upgrade

- the wrong files have been used

- ...

Former Member
‎11-14-2012 5:07 PM
0 Kudos

Hi Stefan,

Thanks for the information, It was helpful. However we applied Note 1287778 as described, but the Parse-flag settings in Seeburger still does not reflect it to be oka.

Is it Because we are having SAP 7.30 and the note is for 7.1? Can you let me know where we are doing incorrect?

For JCE, I beleive we missed the file on one of the server path. which is now corrected.

Former Member
‎11-16-2012 10:58 PM
0 Kudos

Hi Stefan,

We applied the properties, and now all the three parameters looks to be oka. Still we find following issue, not Sure why this is popping up again. :

Message could not be forwarded to the JCA adapter. Reason: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@efa4ac4, SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: unknown object in writeTo com.seeburger.dt.security.smime.SMIMEEnvelopedGenerator$ContentEncryptor@efa4ac4

Anything We are still missing here?

S0003485845
Contributor
‎11-21-2012 8:43 AM
0 Kudos

Hi,

did you make a try without signing/encryption ? 

I would disable both options for some testing just to verify if the error is related to the keys in some way or if there is some other issue that is totally unrelated.

Cheers

Former Member
‎12-05-2012 5:52 PM
0 Kudos

Hi Stefan,

Sorry for the delayed updates, As in my original question, The without Encryption mesaging works fine. The problem only occurs when I am using the encryption/decryption alongwith.

We have open a SAP note we are following up with them for a solution now. Wil update here once I here back from SAP.

Regards,

AS

S0003485845
Contributor
‎12-07-2012 4:01 PM
0 Kudos

Hello Arun,

are there also any of the SAP Adapters from the B2B AddOn installed on the system (e.g. PGP or AS2)  ?

Cause we have experienced in some cases that problems were occuring when both adapters were installed in parallel on the same system

Regards

Stefan

S0003485845
Contributor
‎12-07-2012 4:05 PM
0 Kudos

Hello,

usually, if the Parse-Flag settings still say that it would be not ok, there could be the following issues

- a typing error

- the settings have not been applied to all nodes

- a restart has not been done (stopsap / startsap) like mentioned in the SAP note

Regards

Stefan

Ask a Question