on 04-28-2015 1:58 PM
Hello all,
can you pls suggest me smth for this:
I am running solman_setup and at phase 5.1 (Configure Web dispatcher) and I have errors:
SOAP:1.023 SRT: Processing error in Internet Communication Framework: ("ICF Error when receiving the response: ICM_HTTP_SSL_ERROR")
L3 - Failed to reach test WS through System Settings (ICM/HTTPURLLOC)
L2 - Failed to reach test WS through ICM
I choosed: No SAP Web Dispatcher used
What I did:
1. re-created users SM_EXTERN_WS and SM_INTERN_WS
2. added table HTTPURLLOC with the full hostname and the port
3. created SSL server standard certificate in STRUST and its green
4. instance profile>>add login/accept_sso2_ticket=1 and login/create_sso2_ticket=2
Thx for any suggestion
Chris
Don't know why looking with ICM traces,as it's simply mentioned by SAP
No SAP Web Dispatcher used
This option applies only & when
- No SAP Web Dispatcher used, if there is no SAP Web Dispatcher or equivalent solution configured
Just configure SAP Web Dispatcher by following my previous replies & test the connection,this will resolve your issue.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chris,
I choosed: No SAP Web Dispatcher used
This option applies only & when
Hope you're using any other equivalent solution,if not then follow SAP webdispatcher installations & configurations.
Hope this will help you.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Chris,
Could you post dev_icm log from your work directory, it may have more details.
Regards,
Siddhesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I read note 1094342 - ICM trace contains verification of the server's certificate
and I installed in the IE browser the PSE saved from /strust
Thx for any idea
[Thr 140736729089792] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL[Thr 140736729089792] session uses PSE file "/usr/sap/SID/DVEBMGS00/sec/SAPSSLA.pse"[Thr 140736729089792] SecudeSSL_SessionStart: SSL_connect() failed[Thr 140736729089792] secude_error 536872221 (0x2000051d) = "SSLAPI error"[Thr 140736731203328] NiIBlockMode: set blockmode for hdl 92 FALSE[Thr 140736729089792] >> Begin of Secude-SSL Errorstack >>[Thr 140736729089792] 0x2000051dSAPCRYPTOLIB SSL_connect[Thr 140736729089792] SSL API error[Thr 140736729089792] Failed to verify peer certificate. Peer not trusted.
][Thr 140736729089792] << End of Secude-SSL Errorstack[Thr 140736731203328] NiIBlockMode: set blockmode for hdl 92 TRUE[Thr 140736729089792] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"[Thr 140736731203328] SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"[Thr 140736731203328] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL[Thr 140736731203328] session uses PSE file "/usr/sap/SID/DVEBMGS00/sec/SAPSSLS.pse"[Thr 140736731203328] SecudeSSL_SessionStart: SSL_accept() failed[Thr 140736731203328] secude_error 536875078 (0x20001046) = "SSL API error"[Thr 140736729089792] No certificate request received from Server[Thr 140736731203328] >> Begin of Secude-SSL Errorstack >>[Thr 140736731203328] 0x20001046SAPCRYPTOLIB SSL_accept[Thr 140736731203328] SSL API error[Thr 140736731203328] received a fatal SSLv3 certificate unknown alert message from the peer[Thr 140736731203328] 0xa0600263 SSL ssl23_accept[Thr 140736731203328] received a fatal SSLv3 certificate unknown alert message from the peer[Thr 140736731203328] 0xa0600263 SSL ssl3_read_bytes[Thr 140736731203328] received a fatal SSLv3 certificate unknown alert message from the peer[Thr 140736731203328] << End of Secude-SSL Errorstack[Thr 140736731203328] <<- ERROR: SapSSLSessionStart(sssl_hdl=1315bf0)==SSSLERR_SSL_ACCEPT[Thr 140736731203328] <<- SapSSLErrorName()==SSSLERR_SSL_ACCEPT[Thr 140736729089792] <<- ERROR: SapSSLSessionStart(sssl_hdl=7fffcc023860)==SSSLERR_PEER_CERT_UNTRUSTED[Thr 140736729089792] <<- SapSSLErrorName()==SSSLERR_PEER_CERT_UNTRUSTED[Thr 140736731203328] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1713][Thr 140736729089792] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-102): SSSLERR_PEER_CERT_UNTRUSTED {000f3a6b} [icxxconn_mt.c 1989][Thr 140736731203328] <<- SapSSLSessionDone()==SAP_O_K[Thr 140736731203328] in: sssl_hdl = 1315bf0[Thr 140736731203328] ... ni_hdl = 92[Thr 140736731203328] NiICloseHandle: shutdown and close hdl 92/sock 41[Thr 140736729089792] <<- SapSSLSessionDone()==SAP_O_K[Thr 140736729089792] in: sssl_hdl = 7fffcc023860[Thr 140736729089792] ... ni_hdl = 223[Thr 140736729089792] IcmConnConnect(id=15/14955): free MPI request blocks[Thr 140736729089792] MPI<5909c>85#7 GetInbuf -1 21d220 1757 (1) -> MPI_EOS: End Of Stream
hello,
can you suggest smth for this:
From /strust
Application requires PSE with RSA key pair
Message no. TRUST061
Diagnosis
The application requires the use of the Public Key Algorithm RSA. However, the PSE uses a different Public Key Algorithm.
From trace file
[Thr 140736732423936] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn_mt. 171
[Thr 140736728196864] Thu Apr 30 11:36:20 2015
[Thr 140736728196864] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn_mt. 171
[Thr 140736732423936] Thu Apr 30 11:36:19 2015
[Thr 140736732423936] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn_mt. 171
[Thr 140736728196864] Thu Apr 30 11:36:20 2015
[Thr 140736728196864] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn_mt. 171
[Thr 140736730838784] Thu Apr 30 11:38:03 2015
I still didnt find a solution
Thx
Hello Chris,
The error says that the PSE is encrypted with a different algorithm (which means it was potentially created by a different version of libraries) and when you are trying to do the setup today,the libraries are potentially updated which is why there is a mismatch.
Also, honestly I have got myself confused between what you have posted and responses by Gaurav below, cause I thought you skipped Webdispatcher configuration and went ahead.
Regards,
Siddhesh
This is what I said by "No SAP WEB Dispatcher used" at step 5.1 Configure Web Dispatcher
and I got these:
L3 - Failed to reach test WS through System Settings (ICM/HTTPURLLOC)
L2 - Failed to reach test WS through ICM
In /strust, I am getting
Application requires PSE with RSA key pair
Message no. TRUST061
Diagnosis
The application requires the use of the Public Key Algorithm RSA. However, the PSE uses a different Public Key Algorithm.
Thx
Chris
Hello Chris,
so as per note 1898685 - Connect the Diagnostics Agent to Solution Manager using SSL
Can you please let me know which 'Case' is applicable to you ?
Regards,
Siddhesh
Hello,
these are notes I looked in:
1318906 - Trace analysis of SSL problems
1791457 - Http/SOAP error while calling a Web Service
1822831 - Web Service Soap Errors in solman_setup
1898685 - Connect the Diagnostics Agent to Solution Manager using SSL
852688 - "SSL Client PSE DFAULT does not exist" in Transaction SM59
2076338 - HTTP connection fail
1094342 - ICM trace contains verification of the server's certificate
2012035 - System failure HTTP client code 407 reason ICM_HTTP_SSL_ERROR
2018632 - SOLMAN_SETUP: Step Configure Web Dispatcher shows warning 'Cannot check WS connection through ICM, as parameters are missing'
510007 - Setting up SSL on Application Server ABAP
but none gave me a solution.
I found that the system has SAPCryptoLib version 8.4.32 pl 40. So, I guess the libraries were updated before starting to configure solman_setup.
Do you have more ideas for me?
thx
Hello Chris,
From the screenshot and the issue you described so far. You are trying to connect the Diagnostics Agent to Solman (without a Web dispatcher),
however as per the note 1898685 - Connect the Diagnostics Agent to Solution Manager using SSL, you need some pre-requisites to be met as per 3 or 4 cases/scenarios described.
Can you please tell me as per note 1898685 - Connect the Diagnostics Agent to Solution Manager using SSL which Case is applicable to you.
The root cause (and potentially the solution) lies in that note, once you have determined which scenario is applicable to what you are trying to do, we can discuss it further.
Regards,
Siddhesh
Hello Siddhesh,
I dont understand why note 1898685 should have something for me?
I am at step 5.1 Configure Web Dispatcher, so at this point I dont need Diag Agent. I did installed it on SolMan.
At step 1. Maintain Users,user solman_admin needs updates which I did, but its not "green" ( according to )
Thx for any suggestion
Chris
User | Count |
---|---|
92 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.