Hi Alexander,

I gave the same access still the same issue.

Regards

Pradeep

Dear Pradeep,

Do you have user with same id and authorizations in target system?

With best regards,

Alexander

PS. I found in Note 128447 - Trusted/trusting systems

  "No authorization to log on as a trusted system (L-RC=A T-RC=0)."

           This error text means that the following occurred during the two-step test:

• The check of the trusted logon was successful (Trusted RC=0).

• Logging the user on to the target system in a different client failed because the authorization S_RFCACL was missing for the user in the target system or because the user does not exist in the target client.

• Solution: Navigate to transaction SMT2 and choose an ABAP system by double-clicking. You can now maintain the generated RFC destination by choosing "Maintain destination". When you are within the generated RFC destination, choose the "Administration" tab page and deselect the "Destination not modifiable" checkbox. By entering the SAP client in the generated RFC destination, you can correct the problem with the error text and the display of the ABAP runtime error in the trusting system.

                    Alternatively, you can use transaction SMT2 to perform a one-off test between trusted and trusting ABAP systems in a joint SAP client (the Single Sign-On test in transaction SMT2 for all clients is not required).

• In addition, refer to Note 204039.
• The settings of the generated destination TRUSTING_SYSTEM@S00 in the trusted system may be incorrect if the SAP host name contains the character '_' (such as "my_host"). This problem is solved with Support Package SAPKB46D09 (see below). For earlier releases, you can manually implement the required changes for correcting the problem as specified below.

Hi Anton,

I am trying to confirm a Business Agreement in CRM 7 system which actually checks the data in ISU system in this moment it is giving this error.

Regards

Pradeep

Did  you check RFC in SM59 in both system? Connection and authorization test.

No authorization to log on as a Trusted System (L-RC=2 T-RC=0).

T-RC equals TECHNICAL Remote Connection - this is created by SMT1 from the Target System.

L-RC equals LOGIN Remote Connection - this is maintained in the Calling System with SMT2.

An ABAP Dump will be generated in the Target System with various values for L-RC= ###. If T-RC is not equal to zero then the base RFC from the Target System must be fixed with SM59 first. However, if you have completed the Standard Security settings for the USER-ID Testing SMT2 and you still have issues (and you have applied all the solutions provided in the ABAP Dump) then;

You may need to maintain the Message Server FQHN Name in SMT2. The reason is, sometimes the servers are in different domains (for example, a Production SAP System that wants to make calls to a Development SAP System).

Going cross domains like this requires the Administrator to manually Maintain and SAVE a working Message Server FQHN Name (replacing the generated SMT1 parameters created from the Target System). Depending on your version of SAP, you may need to apply a SAP Note so you can actually change/maintain and SAVE the correct FQHN without getting the error pop-up when you try to exit SMT2.

Just a few heads up - if you have any issues with a Trusted Connection: it is broken and can usually be fixed in a few minutes with this method from the Target System. First, delete the Trusted Connection with SMT1. Second, Fix the base RFC with SM59 (if required). Then re-create the Trusted Connection with SMT1. Finally, maintain the Trusted Connection with SMT2. You basically always have to maintain the RFC connection in the Calling System with SMT2 because; SMT1 does not use the same parameters you set in the base RFC Connection from the Target SAP System.

The entries in SMT2 can be changed for a specific Server Client (leave language blank) and set Uni-code without changing the Message Server FQHN. It may be possible (in your SAP environment) to ask the Basis Team to possibly maintain an extra entry in the service/etc configuration file if you cannot install the SAP Note.

T-RC=0, in your case Pradeep,  means the TECHNICAL Connection or Trust is OK. You have a LOGIN issue described in the ABAP Dump - look with ST22 for L-RC=2 instructions. Also, you should see identical Authorization Errors in SMT1 & SMT2 ideally. Best to Maintain the correct settings in SMT2, Successfully test authorizations and SAVE. Exit and re-check the green Status from the main page of SMT2.

Trusted connections are a critical SAP concept - maybe simple - but, it has a lot of gotchas. Basically, these were all correct answers in this post.

Super! Thanks for the insights!

I have tried to build roles for this, but what works quickly because of the call backs it to request SAP_ALL + S_RFCACL to run the setup and then remove the access again..

Mostly it is SOLMAN, so for the "back" call you must ensure that the "back" user also temporarily has this access if it is hardwired (which is correct).

If you get it wrong on both sides, then you have fixed users on both sides with SAP_ALL and S_RFCACL.

Conclusion: basis admins on the SOLMAN side need to temporarily give the "call backs" more access (auths) when attaching more systems so that those connections are not forced to be trusted back to the SOLMAN.

Outbound trust from SOLMAN is not avoidable. The other way around is a lesser idea.

Cheers,

Julius