on 04-02-2007 6:48 AM
Hi experts,
We installed Netweaver 2004s sp09 very recently. we tried to implement SSO with logon tickets.But we are facing some issues during this activity.
As per the documents available from help.sap.com and sdn, we tried to create a Jco RFC destination from visual administrator tool. But while we add the new deatination, an error message comes which says <b>" error adding bundle. See log for more details"</b>.
Can any one help us on this? is there any other configuration required before doing this?
Kindly let us know.
Thanks alot
Shobin
Hi shobin
This is beacause the credentials you have entered is wrong. What is the client name you are adding to it.
Reward with points if helpful!!!
Mantosh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi rajat and Mantosh,
Thanks alot for your quick replies.
As rajat asked, i am pasting a part of default.trc file. I cant paste the whole file since its huge.
#1.5#0017A43AD77E0061000000350000115C00042D08FCF46673#1175416533515#com.sap.engine.services.rfcengine##com.sap.engine.services.rfcengine.Bundle.initialize()#J2EE_ADMIN#677##sapepdev.etaworld_DEP_507107050#Guest#e40ffc30e02b11db8c510017a43ad77e#SAPEngine_Application_Thread[impl:3]_25##0#0#Error##Plain###com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: Name or password is incorrect (repeat logon)#
#1.5#0017A43AD77E0061000000360000115C00042D08FCF466B3#1175416533515#com.sap.engine.services.rfcengine##com.sap.engine.services.rfcengine.Bundle.initialize()#J2EE_ADMIN#677##sapepdev.etaworld_DEP_507107050#Guest#e40ffc30e02b11db8c510017a43ad77e#SAPEngine_Application_Thread[impl:3]_25##0#0#Error##Plain###com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: Name or password is incorrect (repeat logon)
at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:455)
at com.sap.mw.jco.MiddlewareJRfc$Client.connect(MiddlewareJRfc.java:989)
at com.sap.mw.jco.JCO$Client.connect(JCO.java:3193)
at com.sap.mw.jco.JCO$Pool.initPool(JCO.java:4662)
at com.sap.mw.jco.JCO$PoolManager.getClient(JCO.java:6060)
at com.sap.mw.jco.JCO$PoolManager.getClient(JCO.java:6015)
at com.sap.mw.jco.JCO.getClient(JCO.java:8663)
at com.sap.engine.services.rfcengine.Bundle.startAll(Bundle.java:200)
As mentioned by Mr. Mantosh, from the above trace, i also guess the same thing. My logon credentials might be wrong.
I will explain what we did exactly.
We installed Netweaver 2004s sp09 on our development system. Now we want to implement SSO with logon tickets to our R/3 and BW systems.
This NW installation is in a stand alone system.
While creating RFC destination we gave the following details :
Program Id = sap_j2ee
gateway host = http://hostname.domain.com ( portal host)
gateway service = sapgw50
number of processes = 20
application server host = http://hostname.domain.com ( portal host )
system number = 50
client = 001
language = EN
User = SAPJSF
.......................................................
The client 001 is an abap client which is used as the user datastore.
Please let me know if any of the above mentioned details are wrong.
Waiting for your suggestions on this....
Thanks alot
Shobin
Hi shobin,
Are you able to login using SAPJSF user in 001 client from ABAP side. If so the user credentials are right.
You also need to check the hostname you are providing. It should be the hostname of your server without any domain name. So just put the hostname there instead of http://hostname.domain.com.
Again try and hopefully it should work.
Also don't forget to reward points !!!!
Hi Shobin,
When you install SAP which ever user you create will reflect only on 000.
So SAPJSF is ofcourse a user in client 000.
You need to mention client 000 if you are specify the SAPJSF user.
This should work for you.
Regards
Vivek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shobin
I think you need to do that i.e. import the same certificate in portal as well. You can follow the steps which you got for importing the certificate.
Regards
Sumit Jain
**Reward with points if useful
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shobin,
Please assign sld roles to the user SAPJSF.
Regards.
Ruchit.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi all,
first of all sorry for the delay caused in replying you. I was stuck up with something else and couldnt even get back to sdn.
Finally, with all your guy's help, we resolved our first hurdle.
Following were the major reasons for the error i guess.
1. SLD was not configured
2. SAPJSF didnt had enough authorizations to SLD
3. SLD data supplier bridge configuration was not proper.
After a long struggle , we could configure SLD, create the Jco RFC Provider also.
We exported the portal certificate to the sap system also.
we also added the entries in security providers node in visual administrator.
But....... even now sap system does not accept the logon tickets generated by the portal.
Can any one help me out on this.
Note : Sorry for being so stupid
Also, I have assigned points to all of you... You guys have been really good to me.
Thanks once again.
Shobin
Hi Ruchit,
Thanks alot for your reply.
Yes, we have set the values for those parameters.
We have imported the certificate from portal into our R/3 system. Other than this, do we need to import the same certificate in portal visual administrator also?? i am asking this because I guess I saw these steps in one of the SAP's best practices documents; also in some sdn forum posts.
Can you please clarify?
Thanks alot
Shobin
Hi ,
We uploaded portal certificate to portal visual administrator ticketstore also.
We restarted both portal and r/3 servers.
Stil the R/3 system doesnt accept the logon tickets.
We have set the profile parameters login/accept_sso2_ticket = 1 and
login/create sso2ticket=2
Are these values correct???
Please help
Thanks alot
Shobin
Hi
You have given the following entries:
gateway host = http://hostname.domain.com ( portal host)
application server host = http://hostname.domain.com ( portal host )
Instead of that try giving the following entries:
gateway host = hostname ( portal host)
application server host = hostname ( portal host )
Check if this works.
Hope that you have checked the user details which I talked about earlier.
Regards
Sumit Jain
**Reward with points if useful
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shobin
In the default.trc is shows that some authentication problem exists.Make sure you followed sap note 862989.
Also rewarding points is a way to appreciate someones response to your queries.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
RFC_ERROR_LOGON_FAILURE: Name or password is incorrect (repeat logon)#
The above line in your trace explains that there us login problem. Check the User and the password which is provided and also check the authorizations.
Regards
Sumit Jain
**Reward with points if you find it useful.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
Check if the user you have mentioned in JCo RFC Provider has correct password and is having SLD authorizations.
Regards
Sumit Jain
**Reward with points if you find it useful.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shobin
Check the note 52959.Also paste the default.trc file if you get this kind of errors.Its important for troubleshooting.
Reward suitable points.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.