cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CTS+ For PI 7.31 Error: SoapFaultCode:5 Authentication failed

Former Member

on ‎04-25-2013 8:23 AM

0 Kudos

Hi Experts ,

While trying to import transport request into the Qulaity system am getting the below error::

ror when executing Web service CTSDEPLOY, exception is cx_ai_system_fault

SoapFaultCode:5  Authentication failed. For details see log entry logID=C0000A8F016805100000000100002A48 in security log

I have seen the SAP Note 1139406 - CTS+: cx_ai_system_fault when importing requests,but nothing worked in that.

I reset the password of J2EE_ADMIN in all the systems and updated in transport tool tab


Further   checked SAP Note 880896 - Web Service authentication failure and this note says to send the log files to SAP Support

Below are the error logs in security .log file   and let me know why this Soap error is coming when trying to import tranports


#2.#2013 04 25 07:48:01:705#+0100#Info#/System/Security/Authentication#
#BC-JAS-

SEC#security#C0000A8F01680A3D0000000000002A48#7626150000000004#sap.com/com.sap.lcr#com.sap.engine.services.security.authentication.logincontext.table#J2EE_A

DMIN1#1799##38539EA9AC1A11E2CE93000000387C5A#38539ea9ac1a11e2ce93000000387c5a#6CE21E5CAD7511E2CA2A000000387C5A#1#Thread[HTTP Worker

[@2006994489],5,Dedicated_Application_Thread]#Plain##
LOGIN.OK
User: J2EE_ADMIN1
IP Address: 10.1xxxxx

Authentication Stack: sap.com/com.sap.lcr*sld
Authentication Stack Properties:
        template = ticket
        policy_domain = /sld
        password_change_error_page = /ChangePasswordSLD
        auth_method = basic
        password_change_login_page = /ChangePasswordSLD
        realm_name = SLD

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false      false
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          true       true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          true       true
Central Checks                                                                                                true
Logon policies are disabled#

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

#2.#2013 04 25 07:39:33:015#+0100#Info#/System/Security/Authentication#
#BC-JAS-

SEC#security#C0000A8F01680A380000000000002A48#7626150000000005#sap.com/tc~cts~appl#com.sap.engine.services.security.authentication.logincontext.table#J2EE_G

UEST#0##00237D2404381ED0B7F5CB85B430457D#5178B0ABB84E37EBE10000000A8F0168#0A8F016837EB5178CFA4000300000000#1#Thread[HTTP Worker

[@871831647],5,Dedicated_Application_Thread]#Plain##
LOGIN.FAILED
User: N/A
Authentication Stack: BASIC*SSO2*_*_*ws
Authentication Stack Properties:
        auth_method = BASIC

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule    SUFFICIENT  ok          exception             true       Received no SAP Authentication Assertion Ticket.
2. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false                 true
3. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT  ok          exception             true       Authentication did not succeed.
No logon policy was applied#


&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

#2.#2013 04 25 07:39:33:016#+0100#Warning#/System/Security/WS#
com.sap.ASJ.wssec.020142#BC-ESI-WS-JAV-

RT#tc~sec~wssec~service#C0000A8F01680A380000000100002A48#7626150000000005#sap.com/tc~cts~appl#com.sap.engine.services.wssec.authentication#J2EE_GUEST#0

##00237D2404381ED0B7F5CB85B430457D#5178B0ABB84E37EBE10000000A8F0168#0A8F016837EB5178CFA4000300000000#1#Thread[HTTP Worker

[@871831647],5,Dedicated_Application_Thread]#Plain##
Read data of type username and value  J2EE_ADMIN from HTTP header and set on module javax.security.auth.callback.NameCallback
Read data of type password and value  xxx from HTTP header and set on module javax.security.auth.callback.PasswordCallback
Authentication for web service DeployProxy, configuration default using security policy BASIC*SSO2*_*_*ws failed: Cannot authenticate the user.. (See SAP Note 880896 for

further info).
#

#2.#2013 04 25 07:39:33:126#+0100#Info#/System/Security/Authentication#
#BC-JAS-

SEC#security#C0000A8F01680A390000000000002A48#7626150000000005#sap.com/tc~cts~appl#com.sap.engine.services.security.authentication.logincontext.table#J2EE_G

UEST#0##00237D2404381ED0B7F5CB85B430457D#5178B0ABB84E37EBE10000000A8F0168#0A8F016837EB5178CFA4000300000000#2#Thread[HTTP Worker

[@2006994489],5,Dedicated_Application_Thread]#Plain##
LOGIN.FAILED
User: N/A
Authentication Stack: BASIC*SSO2*_*_*ws
Authentication Stack Properties:
        auth_method = BASIC

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule    SUFFICIENT  ok          exception             true       Received no SAP Authentication Assertion Ticket.
2. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false                 true
3. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT  ok          exception             true       Authentication did not succeed.
No logon policy was applied#
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Regards

Ram

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Ranjith418
Contributor
‎04-25-2013 9:35 AM
0 Kudos

Hello Ram,

Please check the error below.Seems to be an issue with the communication used.

Authentication for web service DeployProxy, configuration default using security policy BASIC*SSO2*_*_*ws failed: Cannot authenticate the user.. (See SAP Note 880896 for further info).

Thanks,

Ranjith

Show replies
Show replies
Former Member
‎04-25-2013 10:07 AM
0 Kudos

Hi Ranjith,

Checked that SAP note 880896  too

It is giving direction to check the severity of logs in  /System/Security/WS/Authentication to info.

But there is no folder or directory of WS and Authentication under default trace locations

Let me know if i have missed out something in CTS + configuration

I have followed the below link for CTS + configuration step by step

http://scn.sap.com/docs/DOC-30177

I have taken the PI quality system as Transport domain controller too

Let me know your inputs on this!!!

Regards

Ram

Ranjith418
Contributor
‎04-25-2013 10:27 AM
0 Kudos

Hello Ram,

Check below link. seems same issue is resolved

http://scn.sap.com/thread/2084754

Thanks,
Ranjith

Former Member
‎04-25-2013 11:36 AM
0 Kudos

Hey Ranjith,

Thankd for your valuable input !!!

I have seen that link given by you.It looks like am also in the same issue.

While checking in the ABAP stack  with  transaction SRT_UTIL->error_log  , am not getting any error logs   an while using  the SOAMANAGER transaction to review the traces , i could see that particular service is not activated

http://bblXXXXXXXXXXXXXX:50000/sap/bc/webdynpro/sap/appl_soap_management?sap-language=EN

Let me know how to activate this service in ICF ,i could see the sub-elements under /sap/bc/webdynpro ????.

Further am using basic authentication method for logging into the JAVA stack with admin user and passwords.I coould see the trs in release  and modifiable states

Moreover , shall i try  importing  the transport at OS level  ?? to avoid this SOAP error and Web service CTSDEPLOY, exception is cx_ai_system_fault  !!!!!

Regards

Ram

Ranjith418
Contributor
‎04-25-2013 11:58 AM
0 Kudos

Hello Ram,

Activate services under /sap/bc/webdynpro//sap/appl_soap_management

check if the transport works after activating the services and also maintain the host files with the details of java and abap systems respectively. finally try out os transport

Thanks,
Ranjith

Former Member
‎04-25-2013 12:50 PM
0 Kudos

Hi Ranjith,

I t is not allowing me to create the appl_soap_management in the service element under /sap in SICF

I tried importing tr at os level and issue is still the same.!!!

Regards

Ram

Ranjith418
Contributor
‎04-25-2013 1:00 PM
0 Kudos

Hello Ram,

Did you try the below option as given in link in my earlier message.

For reasons the user used for the HTTP Destination was only created on client 000 and not client 001.

The transports delivery route points to client 001 so creating the user in client 001 with the correct permissions did solve the error.

Thanks,
Ranjith

Former Member
‎04-25-2013 1:20 PM
0 Kudos

Dude!!!!

I have successfully moved the tr now.

I used the user  NWDI_CTSADM user and then removed the lock of J2EE_ADMIN user in all the PI systems

I did little R& D  by trying to import the tr using my id , ddic, sap* and it worked only with NWDI_CTSADM

The reason why it works is that only the user NWDI_CTSADM is used for deployment purpose as per the below link with point number 8

http://scn.sap.com/docs/DOC-30177

From the log what i understood is if you try with any user it fails due to authorization issue during deployment phase  or roles or permissions ...so gave this user NWDI_CTSADM and tr was successfully imported !!!

Good learning to you and me!!!

Regards

Bharatram Ramakrishnan

Ranjith418
Contributor
‎04-25-2013 1:48 PM
0 Kudos

Hello Ram,

Excellent. thank you for letting know the solution to all.

Happy Learning!!!

Thanks,
Ranjith

Ask a Question