on 11-20-2015 12:53 AM
Hi friends,
I have an outbound scenario Idoc -> PO -> HTTP.
I am using HTTP_AAE receiver adapter to send messages to the target system.
Receiver system has asked to switch off basic HTTP authentication and therefore I am using anonymous login option in the channel. As requested by the receiver system, I am providing username/password as header attributes.
When I trigger an Idoc from ECC, the message appears with a checkered flag in sxmb_moni but says 'acknowledgement contains system errors'. In the trace of the message, HTTP status 202 is received from the receiver system.
In comm. channel monitoring, I am getting this log -
What can be reason of this error and how can I resolve it ?
Can it be due to hitting HTTPS url in a HTTP adapter ? We haven't done a certificate exchange, as the receiver system is saying that no specific OT certificates are required here and generic certificate available in any browser should be alright.
Did anyone face similar issue or having experience in troubleshooting this ?
Thanks
Hi Elly,
Just my two cents:
In the SOAP receiver adapter, it is stated in OSS 856597 - FAQ SOAP Adapter that the response of the webservice should be HTTP 200 only. But for the SOAP sender adapter, it can be an HTTP 200 with an empty SOAP envelope or an HTTP202 with an empty HTTP body.
That said, I do not find the same technical specifications on OSS 1742088 - FAQ HTTP AAE Adapter. The Plain HTTP Adapter for example, only accepts an HTTP 200 with an HTTP Body as a response.
Can you do the following:
1. Paste the receiver URL in IE, download the certificates (CA only) and then import to NWA. Afterwards, change the authentication type to HTTPs without Client Authentication in the receiver adapter. Un-check User Authentication and then execute scenario.
2. Check what headers are being returned, please follow the steps outlined on this blog
Regards,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Elly,
You can extract the certificates by typing the url in a browser -> click the lock icon -> connection tab and click certificate information (shown below is for https://google.com using chrome)
Once view certificate is clicked, go to certification path. Since you are using SSL without Client Authentication, you are only interested in the first two certificates (Google Internet Authority G2 and GeoTrust Global CA in the screenshot below) click view certificate
Go to the Details Tab and select Copy to File
Repeat for GeoTrust Global CA. And then import Google CA first and then GeoTrust CA second in NWA.
Regards,
Mark
Hi Elly,
Mark will probably point this out also but it looks like your path setting is incorrect in that screenshot. The path is relative to the host and port so if the target endpoint was https://host:port/path/to/resource you would put the following value in the path of the communication channel:
/path/to/resource
This would explain the invalid path error. Hope this helps.
Regards,
Nick
Hi Elly,
This may be a symptom of the content type being rejected by the web server. It is described in this note which may mean you need to patch the HTTP_AAE adapter. Can you please check the solution in the note and see if you have an older SP level:
2078273 - Improper setting of content-type at HTTP_AAE receiver side using HTTP header
Regards,
Nick
Hi Mark and Nick,
We are already on higher SP level.
Third party system has now allowed anonymous connection from public internet.
They advised us to use hostname and not IP s that SSL chain works.
I am now getting 'Unknown host exception'.
Am I doing something wrong with the SSL configuration ?
What SSL config I need to do in channel ? The error stays same whether I tick 'Use SSL' or not.
This is becoming urgent now
Hi Elly,
It looks like you have a DNS lookup issue from PI based on the HTTP error log. Basically PI cannot resolve that hostname to an IP address.
To prove this you can add a temporary mapping in the host file of the PI server (assuming it's a Windows server). The Basis guy should understand this. Just request them to put a mapping from the target hostname to the IP address. Once this is in place retry your test from PI.
Note this is just a temporary workaround in order to continue with testing.
Regards,
Nick
Hi Nick,
Basis tried to have manual mapping as you suggested but unfortunately no luck.
Surprising thing is that when I ping receiver channel it shows success message and green light.
Traffic also seems to hit firewall while pinging.
However when I trigger an actual message from ECC to PI then it doesn't seem to hit firewall for exchange with target system.
I am not getting any certificate related error and still it says 'Unknown Host'.
Anything to do with SSL config ?
Thanks
Hi Elly,
That is really odd behavior. You do need the Use SSL option selected if you are hitting a HTTPS endpoint (even if you've selected Anonymous auth). Can you please turn that on.
Also one other thing, can you try adding the following parameter in the Advanced tab of the communication channel:
Param name: strictHostnameChecking
Param value: false
Regards,
Nick
Hi Nick,
Thanks a lot. Its now working alright though not able to understand which trick worked
In my final configuration, I have now checked SSL tickbox and not using the parameter you advised.
However, I checked SSL earlier too but it did not work.
It worked finally when I used IP address instead of hostname and used the parameter 'strictHostnameChecking'. But after that I removed the parameter and it is working fine without it as well.
Thanks
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.