cancel
Showing results for 
Search instead for 
Did you mean: 

Technical Monitoring PO

georg_salmen
Explorer
0 Kudos

Hi,

when setting up the technical monitoring of our PO system we get the following error message.

TR: SOLMAN_SETUP --> Technical Monitoring --> Integration Monitoring --> Prozessintegration


General Note we tested 1796893, 2274878, 1791457.

Unfortunately I could not find a solution, every tip I would be very grateful.

Best regards

Georg

Accepted Solutions (1)

Accepted Solutions (1)

georg_salmen
Explorer
0 Kudos

Hi,

we have opened a message by SAP.

The error was an incorrect entry.

SOLMAN_SETUP --> Managed Systems Configuration --> Enter System Parameters --> Common Parameters

Regards

Georg

Answers (1)

Answers (1)

Former Member
0 Kudos

Hallo,

please ICM trace file dev_icm.

Regards

Thomas.

georg_salmen
Explorer
0 Kudos

Hello Thomas,

enclose the dev_icm trace.

Regards

Georg

Former Member
0 Kudos

Hallo Georg,

the error in ICM is:

peer certificate (chain) is not trusted

Follow by a reference to the certificate:

[Thr 140138213611264] Certificate:

[Thr 140138213611264]   Certificate:

[Thr 140138213611264]       Subject     :CN=XXXXX

[Thr 140138213611264]       Issuer      :CN=XXXXX

The error appears to occur for all three PSEs (refer to STRUSTSSO)

/usr/sap/***/DVEBMGS**/sec/SAPSSLA.pse: SSL client SSL Client (Anonymous)

/usr/sap/***/DVEBMGS**/sec/SAPSSLS.pse: SSL Server Standard

/usr/sap/***/DVEBMGS**/sec/SAPSSLC.pse: SSL client SSL Client (Standard)

I believe you need to add certificate with "Subject     :CN=******.xxxxx-airport.de, OU=InstantSSL, OU=Issued etc. etc." to STRUSTSSO of "SSL client SSL Client (Anonymous)", "SSL Server Standard" and "SSL client SSL Client (Standard)" on instance ***, DVEBMGS**.

Above certificate is signed (issued) by "CN=COMODO RSA Organization Validation Secure Server CA etc.". My understanding is that COMODO isn't usually trusted, so you will also need to add this certificate as well (you can extract/export it from your Airport-certificate).

To get the Airport-certificate point your browser at the Airport-host and double-click the lock-symbol in the URL.

Regards

Thomas.

georg_salmen
Explorer
0 Kudos

Hello Thomas,

I implemented your suggestions , unfortunately I still get the same error message in the Solution Manager.

Enclose the current dev_icm trace.

Regards

Georg

Former Member
0 Kudos

Hallo Georg,

you are getting a different error in ICM now:

[Thr 140163579234048] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH {00030026} [icxxconn_mt.c 1989]

Please refer to note http://service.sap.com/sap/support/notes/1318906 regarding this new error after importing your certificates.

The important sentence in the note is: "You must be able to access the server at the address for which the certificate was issued."

E.g. your certificate might be issued for a server name whereas the access from Solution Manager is via IP.

Maybe you want to increase the ICM trace level to 2 (via transaction SMICM) to get more details on which certificate is causing the issue.

Regards

Thomas.