on 03-07-2016 7:40 AM
Hi All,
In production, all SFTP Channels are failed with the below error:
Actually in every SFTP channel we are using Proxy Server and Proxy port.
Could any one please confirm the issue with the Proxy Server or is there any issue for this?
Message could not be forwarded to the JCA adapter. Reason: com.jcraft.jsch.JSchException: ProxyHTTP: java.io.IOException: proxy error: Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. )
MP: exception caught with cause javax.resource.ResourceException: com.jcraft.jsch.JSchException: ProxyHTTP: java.io.IOException: proxy error: Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. )
Adapter Framework caught exception: com.jcraft.jsch.JSchException: ProxyHTTP: java.io.IOException: proxy error: Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. )
Delivering the message to the application using connection SFTP_http://sap.com/xi/XI/SFTP failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: com.jcraft.jsch.JSchException: ProxyHTTP: java.io.IOException: proxy error: Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. ).
Hi Vishnu
Did the SFTP channels work before and only just suddenly begin failing? It's weird that the error is referring to SSL requests which is not relevant to SFTP (which uses SSH) - as such I don't think it's related to the SFTP adapter and most likely an issue with the proxy server.
Anyway, can you share screenshot of your SFTP channel configuration?
Regards
Eng Swee
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vishnu
The ports used in your config (22 for SFTP and 8080 for proxy) are quite common and seems right.
If there's no change on PI side and it just happened suddenly, it really sounds like it's related to the network proxy side. You will need to check with the network team on this.
Regards
Eng Swee
Hi Vishnu,
I think the problem is in the SFTP server, regarding SFTP threads on internet seems to be a normal issue. The issue could be raised if you PI environment used a proxy and there the port change was done or the problem was on SFTP server enviroment and they did this change. If you check this links, to use a non standard SFTP port on the endpoint the should do some changes:
How to allow SSL on non-standard port
https://support.microsoft.com/en-us/kb/283284
Summing up, you should talk with your basis/network team and the endpoint basis team.
Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Vishnu,
Can you go to the OS level of your PI server and check if the ping and telnet to Proxy server is working or no?
If it is working, then please check if ping and telnet to the SFTP server is working or no? I feel the issue is with the connection from PI server to your proxy server.
Regards,
Nitin
As far as I understand accessing the sFTP server directly (whether through ping or telnet) will not work from PI as it needs to route traffic through said proxy.
You could go two ways:
HTH
Cheers
Hi Yeoh,
I have one issue here.
some times messages are successful but most of the cases failing.
with same error.
Message could not be forwarded to the JCA adapter. Reason: com.jcraft.jsch.JSchException: ProxyHTTP: java.io.IOException: proxy error: Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. )
What is the importance of proxy server in SFTP channel?
Is proxy server can fluctuate? why I am asking is, messages are failing and successful.
Is there any load balancing conditions for Proxy Server.
Hi Vishnu,
The importance of proxy server, no matter of the adapter is to route your message through the proxy server instead of your PI server.
This is done for the security purpose and not directly expose your PI server to the external world.
For the error above, Network port of your proxy server must be opened to receive the connection from your PI server. Also if there is response coming back through your proxy server, then you need to allow the port of proxy server in your PI server.
Regards,
Nitin
Hi Nithin,
when I do IPCONFIG to my host it is showing 4 IP addresses are preferred.
is it possible to find on which IP adress the message is going or coming?
I have 4 server nodes. every time only on one server node i am getting issue.
actuially we are using Alias proxy server in channel.
if we use direct server name in channel it is successful all the times.
if we use alias server it successful 2 3 times on different node and again failing on first server node.
is it true, the server node is mapped with any IP address?
Hi Vishnu,
You are doing a IPCONFIG on your proxy server or on your PI server. Sorry i am bit confused.
If your proxy server has 4 nodes, and the message getting through sometimes on some server nodes and sometimes not is completely issue with the server nodes processing them. If it was a SAP system for this problem there should be SAP Web dispatcher installed or a 3rd party Load balancer to resolve this issue.
I guess you can use 3rd party load balancer for your proxy server, as it is not a SAP system.
But all this is related to proxy server side and nothing to do with the SAP PI system, as the problem is in proxy server side.
I hope you have only one server for SAP PI system (Primary Application Server). If you have additional servers which are called Secondary application Server, for better processing in SAP PI. Then also you can go for SAP web dispatcher to have proper load balancing.
Regards,
Nitin
Hello Vishnu,
Any change happened in network side?
I guess something proxy setting must be changed.
We had the same problem while browsing,proxy setting was changed and it was not updated.
so check with the network for proxy changes and update the same.
And also check the certificate validity as well.
But as Engg suggested I also think its not exactly because of SSL seems to be proxy change or some proxy setting.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.