on 11-19-2013 7:25 AM
Dear All,
We are facing an issue related to ADS after the upgrade of our Portal(NW7.0 to NW7.3) & ECC(ECC6.0 to ECC EHP6). Before the upgrade the ADS & ADS_HTTPS connection was working fine and we were able to download digital signature pdf successfully. After the upgrade we setup ADS with SSL using SOAP certificates but when we were trying to do a connection test using program - FP_CHECK_DESTINATION_SERVICE we are getting below error also when we try to download the digital signature pdf from tcode PC00_M40_F16 it says "0 Bytes Transferred".
When we are trying to test this report it is using the "Guest" user id don't know why. The same error we got in QAS system but there the Guest user id was locked so we just unlocked the user id and the connection and downloading of PDF files done well. But in DEV system the "Guest" user is already unlocked.
Error from report - FP_CHECK_DESTINATION_SERVICE -
Exception of class CX_FP_RUNTIME_INTERNAL
Error from default trace file -
#2.#2013 11 19 12:42:45:583#+0530#Error#com.sap.engine.services.webservices.espbase.server.runtime.RuntimeProcessingEnvironment#
#BC-ESI-WS-JAV-RT#webservices_lib#C000AC117C94015A00000001000047AC#7326650000000005#com.adobe/AdobeDocumentServices#com.sap.engine.services.webservices.espbase.server.runtime.RuntimeProcessingEnvironment#Guest#0##EEDFD98F50E911E3A4DB0000006FCBBA#eedfd98f50e911e3a4db0000006fcbba#eedfd98f50e911e3a4db0000006fcbba#0#Thread[HTTP Worker [@1926359154],5,Dedicated_Application_Thread]#Plain##
process()
[EXCEPTION]
com.sap.engine.interfaces.webservices.runtime.ProtocolExceptionExt: Authentication failed. For details see log entry logID=C000AC117C94015A00000000000047AC in security log.
Caused by: com.sap.engine.services.wssec.policy.exception.VerifyException: [com.sap.ASJ.wssec.020441] Authentication failed. For details see log entry logID=C000AC117C94015A00000000000047AC in security log.
at com.sap.engine.services.wssec.srt.protocols.ProviderSecurityProtocol.authenticate(ProviderSecurityProtocol.java:292)
at com.sap.engine.services.wssec.srt.protocols.ProviderSecurityProtocol.authenticateAndGetPolicy(ProviderSecurityProtocol.java:802)
at com.sap.engine.services.wssec.srt.protocols.ProviderSecurityProtocol.handleRequest(ProviderSecurityProtocol.java:482)
... 48 more
Error from security log file-
#2.#2013 11 19 12:42:45:583#+0530#Warning#/System/Security/WS#
com.sap.ASJ.wssec.020142#BC-ESI-WS-JAV-RT#tc~sec~wssec~service#C000AC117C94015A00000000000047AC#7326650000000005#com.adobe/AdobeDocumentServices#com.sap.engine.services.wssec.authentication#Guest#0##EEDFD98F50E911E3A4DB0000006FCBBA#eedfd98f50e911e3a4db0000006fcbba#eedfd98f50e911e3a4db0000006fcbba#0#Thread[HTTP Worker [@1926359154],5,Dedicated_Application_Thread]#Plain##
Received unsupported callback: com.sap.engine.interfaces.security.auth.X509CertificateChainCallback
Authentication for web service AdobeDocumentServicesSec, configuration Config using security policy _*_*X509*_*ws failed: Login failed.. (See SAP Note 880896 for further info).
Also checked the SAPNote 880896 which is no use because the info is already set there.
Thanks,
Rbk
Thanks everyone. Our problem got resolved after changing HTTPS to HTTP as below -
1) Go to NWA->SOA->Application & Scenario Communication->Single Service Administration->Service Definition -> Search *adobe* -> Here select all 3 Adobe entries like below -
AdobeDocumentServicesSecVi
AdobeDocumentServicesTestVi
AdobeDocumentServicesVi
Select each of above entry and go to -> Configuration tab -> Select ConfigPort -> Security Tab -> under transport protocol make sure "HTTP" is selected if not then you will get errors during downloading of FORM16 & FP_CHECK_DESTINATION_SERVICE -> ADS_HTTPS
Thanks,
Rbk
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OSS 1177315 - ADS RFC destination test return 403 404 code
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Check the below note.
Note 886572 - Adobe document services: Central Patch Note for NW 7.0
Try giving the wrong passwords for the ADS_AGENT user and test whether you are getting the authentication error.
As well try to provide more acess for the ADS-AGENT user for sometime.
ADS will work even 404 error found. So please try to execute the ADS reports and check once again.
BR,
prabhakar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I wanted to see check one thing that if you have https activated what is details maintained in the RFC.
as it says here
Thanks
Rishi Abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Could you please refer to SAP note 1443819?
Thanks,
Sunny
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sunny,
Thanks for your reply we already did the step and we can see the Adobe version but when we try to do the test from report - FP_CHECK_DESTINATION_SERVICE or try to download form from PC00_M40_F16 we get this SOAP error do you know from where it's picking up the "Guest" user or can we change this ?
Thanks,
Rbk
Hi,
As you would have done this config before for SSL.
5.) Now all users needing to do calls to ADS should have access to key storage. We recommend to define a role for them that has to be added to the keystore view created before.
Visual Administrator -> Security Provider Service -> under runtime -> policy configuration tab, you will see that keystore-view.<view-name>. Click on Security Roles tab, click on "view-creator". Then add the user respectively the group.
Replace <view-name> with the View name where you have stored your certificate inside the KeyStorage Service.
After that step, especially when you have chosen to add user guest, the cluster needs to be restarted.
This is the step where we assign the guest user.
838111 - How to configure SSL for Adobe Document Services
You can have a check about the setting in the below blog in NWA.
http://scn.sap.com/docs/DOC-47342
Thanks
Rishi abrol
Thanks Rishi,
Now we have added DefaultSecurityRole as per the blog and restart ICM on both system but still no luck.
Also checked the Guest user properties in portal everything looks fine except this tick mark which we don't have in our QAS system - "
I have also unchecked the check mark of "Enfore Password Security Policy at Logon" from ume configuration for guest user but still I can see "Password Change Required" as clicked for guest user.
Thanks,
Rbk
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.