cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Upgrade SAP PI : INTEGRATION_DIRECTORY_HMI error

Former Member

on ‎12-17-2015 10:54 AM

0 Kudos

Hello,

We made an upgrad PI from 7.10 to 7.40. the Destination INTEGRATION_DIRECTORY_HMI doosn't work and it's return a 403 error.

The path prefix used  is /dir/CacheRefresh and the logon user is PIISUSER.

The PIISUSER is not locked and it has these active roles : SAP_SLD_CONFIGURATOR, SAP_XI_IS_SERV_USER and SAP_XI_IS_SERV_USER_MAIN

Any idea please ?

Cordialy

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member182412
Active Contributor
‎12-17-2015 11:25 AM
0 Kudos

Hi Mou,

The is valid response for that destination, if you want to validate more you can do the test in SXI_CACHE like below.

Regards,

Praveen.

Show replies
Show replies
Former Member
‎12-17-2015 11:33 AM
0 Kudos

Hello,

Yes I have the same result.It's Ok. But the destination shows 403 error

former_member182412
Active Contributor
‎12-17-2015 11:47 AM
0 Kudos

Hi Mou,

Check below SAP Note:

1894606 - HTTP errors in sxi_cache




2) Error 'HTTP status code 403 Forbidden' while executing HTTP request ( calling method 'get_status')


This error occurs due to XSRF protection implemented in Integration Directory. The protection requires changes in ABAP clients, the fix comes with 7.31 SP8 and higher. There is no fix available for 7.30 and lower releases.


Note: Such error in sm59's connection test of INTEGRATION_DIRECTORY_HMI is normal. This error in sm59 cannot be 'fixed' because it reflects the presence of the security fix. The sm59 connection test logic does not support xsrf protocol, therefore the connection test fails. When your ABAP system has the required patch, sxi_cache works fine when sm59 returns this error. Please double check whether you have an issue in sxi_cache or in sm59.


Solution: Either upgrade ABAP backend to 7.31 or deactivate XSRF protection until all your backends are upgraded.


There are two possibilities to deactivate XSRF protection: you can do it globally for the entire J2EE engine or locally just for /dir/CacheRefresh servlet.


1. In order to deactivate XSRF protection globally go to NWA -> Configuration -> Infrastructure -> Java System Properties.
- Switch to tab "Services", search for Web Container service
- Click on Show Advanced Properties
- Set xsrf.protection.enabled to false


2. To switch the xsrf protection locally go to Exchange Profile properties and set com.sap.aii.ibdir.server.cache.xsrfProtection = false


3. One more workaround currently exists for this problem: Go to sm59 and open INTEGRATION_DIRECTORY_HMI destination. Use following path there: "/dir/hmi_cache_refresh_service/ext". Do not forget to re-enter password on "Logon & Security" tab, otherwise you might get 'HTTP response does not contain a valid XML root tag' error described above. Save the destinaion and retry the cache refresh. The alternative URL is not yet XSRF-protected, which will be fixed in further SPs.


Change the Path Prefix to /dir/hmi_cache_refresh_service/ext as per SAP Note.


Regards,

Praveen.



Ask a Question