cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Trusted RFC do not work

Go to solution
Former Member

on ‎04-15-2008 12:20 PM

0 Kudos

Hi all,

we tried to repair the RFC connections between SolMan and any satellit system.

They already exist, but don't work correct.

While checking the rfc destination we got the following problem:

RFC-Verbindung SM_E59CLNT100_TRUSTED kann nicht aufgebaut werden (Keine Berechtigung zur Anmeldung als Trusted System (Trusted RC=2).)
Meldungsnr. SCDT_DIST113

While searching for SCDT_DIST113 I got 0 results

The satellit system is mark in SolMan as a trusted system via smt1.

The authority_check_rfc (se80) is positiv on solman, but the authority_chek_trusted_system is negativ.

RFC User on satellit system has the SAP_ALL profile and role SAP_S_RFCACL.

Ta sm59, taking the "trusted"-connection under abap-connection and trying the connection test is positiv.

At one connection between SolMan and a satellit system we mark the rfc connection not as trusted system and log in with a normal user with a lot of authorities. Everything is fine in that situation.

But that is not really trusted.

Note 128447 don't solve the problem.

No differences in changing typ of rfc-user to services, communication etc.

I already searched at forum and blogs, but i don't get anything that solved the problem.

How can i make the rfc-connection be trusted?

Regards,

René

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-28-2008 6:28 PM
0 Kudos

Go to SM59 in Solman check whether the Trusted RFC under Logon & Security Tab has selected the option "Yes" for Trusted System and if "Current User" is checked.

Show replies
Show replies
Former Member
‎04-29-2008 8:19 AM
0 Kudos

Hello Ruben,

I tried it, but as long as trusted is checked, it doesn't work (at the moment only with the workaround).

Now I see in SolMan in SM59 an ABAP-Connection TRUSTING_SYSTEM@<satellit_system>

I cannot change anything in their properties. Due to testing the connection i get failures.

The date of creation of this Connection (TRUSTING_SYSTEM@<satellit_system>) are older than my last recreation of the RFC-Connection (_READ, _TRUSTED).

I think due to that I get this failures:

Failure of testing the connection TRUSTING_SYSTEM@<satellit_system>:

Logon - Connection Error
Failure details - Failure during open RFC-Connection
Failure details - ERROR: service 'sapms<satellit_system>' unknown
Failure details - LOCATION: SAP-Server <solman_server>_SSM_00 on host <solman_server> (wp 1)
Failure details - DETAIL: NiPGetServByName: service 'sapms<satellit_system>' not found
Failure details - CALL: getservbyname
Failure details - COMPONENT: NI (network interface)
Failure details - COUNTER: 213
Failure details - MODULE: niuxi.c
Failure details - LINE: 1669
Failure details - RETURN CODE: -3
Failure details - SUBRC: 0
Failure details - RELEASE: 700
Failure details - <Time_of_trying_connection>
Failure details - VERSION: 38

Former Member
‎05-05-2008 11:37 PM
0 Kudos

Ensurethe User has the correct authoriaztions make sure the S_RFCACL is assigned.

1. In Solution Manager create an RFC destination to the Remote System

2. In remote system Create User for RFC with Authoriation S_RFCACL

3. In the remote System Create an RFC to Solution Manager

4. In Solution Manager create ( or use existing ) User for the Remote system to login and ensure user has S_RFCACL

4. In remote System run transaction SMT1 - Create - Select RFC to Solution Manager - Save ( assuming login info and auth's in Solution Manager are correct it will save ) You will see a SID entry ( Eaxmple SMD ) for Solution Manager in the Remote system.

5. Login to Solution Manager SMT1 - Create - Select RFC to Remote System- Save ( assuming login info and auth's in Remote System are correct it will save ) You will see a SID entry ( Eaxmple DEV ) for the remote system in Solution Maanger.

6. Test RFC's - sm59 - double click RFC - Remote login.

Here is the SAP Help

http://help.sap.com/saphelp_nw70/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/content.htm

Former Member
‎05-06-2008 7:01 AM
0 Kudos

go to /etc/services of your solution manager and make an entry for the message server of your satellite system:

sapms<satellite_system_SID> 36<satellite_system_instance_number>/tcp

e.g.

sapmsP01 3600/tcp

/cheers

Former Member
‎05-26-2008 1:38 PM
0 Kudos

Hi,

i tried it very often, but i don't get it.

Like in the [Help|http://help.sap.com/saphelp_nw70/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/content.htm] i tried to configure it, but it doesn't run.

1. Login SolMan; SM59; Create Destination to Remote System (dev) name c00_system

(No Check at trusted system and no logon specification)

2. SolMan; SMT1; Create Destination c00_system ; logon with the future rfc-user, who has got sap_s_rfcacl and SAP_ALL

3. and here i think i get the first failure:

In the scenario where the same user and client are used, you can use the menu option Entry to perform authorization checks: These checks first attempt to reach the client using the logon data specified in the definition destination (in the example, C00_SYSTEM), and then try to log back on to the server system with the same logon data, using a trusted RFC. Choosing the menu option Current Server forces the return path to occur on the current application server, and choosing menu option Trusting System induces load balancing, meaning that the logon takes place on any application server in the server system.

In trusting system everything is red. This is also the same, if i take the way Clive Brown has posted.

Logon runs successfull with logon-data, but trusted doesn't work

There also aren't create a trusted system on dev after logon on it.

Are there any solutions for that problem?

Is there a special need on the remote systems? (i.e. SAP_BASIS 700)

Edited by: Rene Hinsch on May 26, 2008 2:45 PM

Former Member
‎09-28-2016 4:02 PM
0 Kudos

Thanks,

Your suggestion helped me solve the problem.

Answers (6)

Answers (6)

Former Member
‎05-26-2008 2:49 PM
0 Kudos

Hi René.

I had the same trouble with the trusted RFCs.

Your Failurmessage:

 RFC-Verbindung SM_E59CLNT100_TRUSTED kann nicht aufgebaut werden (Keine Berechtigung zur Anmeldung als Trusted System (Trusted RC=2).)
Meldungsnr. SCDT_DIST113

the given RC=2 means, that you do not have the permission S_RFCACL at the target system OR that you using a secured user like DDIC or SAP* for the RFC connections!

As far as i understood you, you already gave the S_RFCACL Object to your user on the satellite system. But did you configured it right?

in the S_RFCACL object you must have the attributes

  • EQUSER=n

  • SYSID=sm1 (or the equivalent system ID for your Solution Manager)

the other attributes can stay on their standard settings. Check out the Help for this object for further information.

Maybe this can help you

Show replies
Show replies
Former Member
‎05-26-2008 3:21 PM
0 Kudos

Hi Udo,

i tried your advice, unfortunately it didn't solve the problem.

This is my errormessage

Keine Berechtigung zur Anmeldung als Trusted Syste
Meldungsnr. SR000

in ST22 it's the following error:

Errorcode of Trusted Systems was 2
Meaning:
...
2: User "RFC_USER" do not have the authority (authorization object (S_RFCACL) for User "myLogin" with Mandant number
...
The Errorcode of SAP-Logonprocedure was 0
Meaning:
0 Logon was correct
....

Now I am confused.

Logon is ok, but there are still missings authority-objects? S_RFCACL is in SolMan and in Satellit System User added.

I tried it with

EQUSER=n

and with

EQUSER=y

and with

SYSID= SID

And while testing i got the errormessages from above.

+ RFC-User in Satellit-System and SolMan are equal +

Edited by: Rene Hinsch on May 26, 2008 4:49 PM

Former Member
‎05-26-2008 5:32 PM
0 Kudos

Seem to me your user has not the authorizations needed to establish a trusted rfc connection.

Maybe your modifications of S_RFCACL are not correct:

GoTo PFCG

modify your created role (Z_RFC_ACL, or else)

Change the Authorizations (Berechtigungen)

Display Authorization if your Authorization object is origin S_RFCACL

if you don't have this auth. object add it manual to your role

SETTING for S_RFCACL in the role Z_RFC_ACL(working)

RFC -> TRUSTED Trusted-Beziehung

Manuell Anwendungsübergreifende Berechtigungsobjekte

Manuell Berechtigungsprüfung für RFC Benutzer (z.B. Trusted System)

Manuell Berechtigungsprüfung für RFC Benutzer (z.B. Trusted System)

Aktivität Ausführen

RFC Client oder Domäne *

RFC gleiche Benutzerkennung Alle Werte

RFC Information *

System-Id (für SAP- und extern *

RFC Transaktionscode *

RFC User (SAP oder extern) * (CAVE: better use a for rfc-connections restricted user

because of security reasons, but for testing it`ll be

OK)

Generate the role.

Save.

Add your needed user(s) to the role (tab users)

Complete comparison

Save.

You have to create identically users (name & password, I think)in the satelite systems with the same authorizations.

Good luck

kind regards

Tom

Former Member
‎05-27-2008 7:18 AM
0 Kudos

Hi René,

as far i understood you, you almost got it. But there is one little thing still incorrect:

and with 
SYSID= SID

You added and configured the S_RFCACL in your remote system (e.g c00). But the attribute SYSID has to be "sm00". So it has to be the !

maybe this helps you a bit more.

Best Regards

Former Member
‎05-27-2008 12:30 PM
0 Kudos

Hi all,

Problem is solved.

There was the missing Service as Christian was mentioned.

After checking it again, one entry was missing.

Sorry and thank you for your time and advice.

btw: I need a * at RFC-User, although rfc-user are the same. sy-name didn't pass too.

With it works fine.

Thanks a lot.

Regards

René

Former Member
‎04-25-2008 11:48 PM
0 Kudos

When you create the RFCs Destinations did you get any errors in the creation log? if so please attach it so we can take a look, must be no errors in the creation.

Show replies
Show replies
Former Member
‎04-28-2008 8:48 AM
0 Kudos 
<Grün> Generierung von RFC-Destination <name>_READ erfolgreich abgeschlossen
<Grün> Funktionsprüfung von RFC-Destination <name>_READ verlief fehlerfrei
<Grün> Generierung von RFC-Destination <name>_TRUSTED erfolgreich abgeschlossen
<Grün> Funktionsprüfung von RFC-Destination <name>_TRUSTED ergab nachfolgende Fehler
<Rot> RFC-Verbindung <name>_TRUSTED kann nicht aufgebaut werden (Keine Berechtigung zur Anmeldung als Trusted System (Trusted RC=2).)
<Rot> Funktionsgruppe SCCA kann im RFC-System <name>_TRUSTED nicht aufgerufen werden
<Grün> Generierung von RFC-Destination <name>_TMW erfolgreich abgeschlossen
<Grün> Funktionsprüfung von RFC-Destination <name>_TMW verlief fehlerfrei
<Grün> Zum Generieren von Destination '<name_back>_BACK' wird Destination '<name>_TRUSTED' verwendet
<Rot> Fehler beim Anlegen der RFC-Destination '<name_back>_BACK' im System '<system>'
<Rot> Generierung von RFC-Destination <name_back>_BACK nicht erfolgreich
<Grün> Automatische Datenermittlung für System '<system>' gestartet
<Rot> Keine RFC-Destination für lesende Zugriffe für Mandant <nr> zugewiesen

Translation:

<green> Creation of READ was succesfull
<green> Creation of RFC-Destination <name>_TRUSTED successfull completed
<green> Function test of RFC-Destination <name>_TRUSTED is giving following failure
<red> RFC-Connection <name>_TRUSTED can't established (no authorization for log on as Trusted System (Trusted RC=2).)
<red> Functiongroup  SCCA can't called in RFC-System <name>_TRUSTED
<green> Creation of destination <name>_TMW successful completed
<green> Function test of RFC-Destination <name>_TMW without failure.
<green> For creation of destination '<name_back>_BACK' the destination '<name>_TRUSTED' is used
<red> Failure during apply/create of RFC-Destination '<name_back>_BACK' in system '<system>'
<red> Creation of RFC-Destination <name_back>_BACK was not successfull
<green> Automatic data-tracing for system '<system>' is started
<red> None RFC-Destination assigned for reading access of client <nr>

I'm sorry, but i don't see another way to 'attach' the message here. (I didn't find a solution for it in a short time)

Hope it's understandable.

Regards,

René

Former Member
‎04-24-2008 7:22 AM
0 Kudos

Hi!

Check the following:

- Same UserID in both systems.

- RFC Connection points to the correct client

- Profile for Role SAP_S_RFCACL is generated (in satellite system)

- Check if there are any restrictions for S_RFCACL within role SAP_S_RFCACL (e.g. System ID, RFC-User)

- User comparison is done

/cheers

Show replies
Show replies
Former Member
‎04-23-2008 3:38 PM
0 Kudos

Hi,

As I mentioned before check if the Trusting Services are active for the Satellite Domain Controller, this can be check in transaction STMS->System Overview->Go to->Transport Domain in the Satellite Domain Controller.

Show replies
Show replies
Former Member
‎04-24-2008 2:28 PM
0 Kudos

Hi all,

the workaround is running fine, but the trusted/trusting RFC doesn't work at all.

  •    * Same UserID in both systems.
  • RFC Connection points to the correct client
  • Profile for Role SAP_S_RFCACL is generated (in satellite system)
  • Check if there are any restrictions for S_RFCACL within role SAP_S_RFCACL (e.g. System ID, RFC-User)
  • User comparison is done

Everything is done but don't solve the problem.

@Ruben: I activated it, unfortunately the trusted rfc connection does not run after changing it.

I try it now only between one satellit system and the SolMan,

so in every RFC-Destination it is the same user (in _TRUSTED, _READ, on both Systems)

But none connection is running.

It seems to be the same problem as before

Keine Berechtigung zur Anmeldung als Trusted System (Trusted RC=2).

S_RFC* is in both Systems implemented and i don't use DDIC or SAP*

I am appreciative for further suggestions.

Regards,

René

Former Member
‎04-24-2008 2:49 PM
0 Kudos

Hmm... did you check SM59 in satellite system? (depending on your release) Menu: RFC -> Trusted Systems

or Menu: Extras -> Trusted Systems

Your Solution Manager should be listed there.

Former Member
‎04-24-2008 3:00 PM
0 Kudos

The Solution Manager is in trusted and trusting systems.

In trusted systems it's looking fine.

Besides creater was SAP*.

In trusting systems SolMan is red and i cannot change the entries.

Former Member
‎04-25-2008 10:11 AM
0 Kudos

Hi Gurus,

I deleted the RFC-connection between SolMan and the satellit system and create it new

through this tutorial:

RFC_tut

But it doesn't work fine.

At the end i must logon with my user on all Systems (so the rfc-destinations could be createt, i guess),

but it failed.

I took new users to generate and don't take existed ones.

It creates the _TRUSTED rfc connection without the _BACK and _READ connection on the satellit system.

But no one is working.

In SMSY clear-up rfc destination, i select the _READ one and get information , but i get only the _TRUSTED one. (see some lines above, that _BACK and _READ was not created).

I use the workaround for this destination and it works, although _BACK and _READ don't exist.

What could be the problem?

Regards,

René

Former Member
‎04-16-2008 4:06 PM
0 Kudos

The Trusting Services are active for the Satellite Domain Controller?

Show replies
Show replies
Former Member
‎04-15-2008 9:43 PM
0 Kudos

Good day Rene.

Try granting authorization object S_RFC (*) to your users in Solution Manager and in your child systems.

This did the trick for us. Unfortunately, this authorization object is not found in the SAP_S_RFCACL role...

Thanks,

Charles.

Show replies
Show replies
Former Member
‎04-23-2008 3:31 PM
0 Kudos

Hi all,

i am sorry for late reply, but we updated to sp15. It takes some time.

Furthermore, we checked your advice to add S_RFC*. These are already added through profile sap_all and a customized profile. Unfortunately it isn't that problem. By the way on satellit system there are only the objects S_RFC and S_RFCACL.

Next we tried the workaround with disable trusted system and therefor put login + pw in the fields. The box for logonscreen is not checked, but at testing the RFC-Destination I get the logonscreen with my user, although the boxes for actual user are unchecked (on SolMan and Satellit System).

Does anyone know how to solve one of these problems?

Thanks in advance for further replies

René

Ask a Question