on 04-15-2008 12:20 PM
Hi all,
we tried to repair the RFC connections between SolMan and any satellit system.
They already exist, but don't work correct.
While checking the rfc destination we got the following problem:
RFC-Verbindung SM_E59CLNT100_TRUSTED kann nicht aufgebaut werden (Keine Berechtigung zur Anmeldung als Trusted System (Trusted RC=2).)
Meldungsnr. SCDT_DIST113
While searching for SCDT_DIST113 I got 0 results
The satellit system is mark in SolMan as a trusted system via smt1.
The authority_check_rfc (se80) is positiv on solman, but the authority_chek_trusted_system is negativ.
RFC User on satellit system has the SAP_ALL profile and role SAP_S_RFCACL.
Ta sm59, taking the "trusted"-connection under abap-connection and trying the connection test is positiv.
At one connection between SolMan and a satellit system we mark the rfc connection not as trusted system and log in with a normal user with a lot of authorities. Everything is fine in that situation.
But that is not really trusted.
Note 128447 don't solve the problem.
No differences in changing typ of rfc-user to services, communication etc.
I already searched at forum and blogs, but i don't get anything that solved the problem.
How can i make the rfc-connection be trusted?
Regards,
René
Go to SM59 in Solman check whether the Trusted RFC under Logon & Security Tab has selected the option "Yes" for Trusted System and if "Current User" is checked.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Ruben,
I tried it, but as long as trusted is checked, it doesn't work (at the moment only with the workaround).
Now I see in SolMan in SM59 an ABAP-Connection TRUSTING_SYSTEM@<satellit_system>
I cannot change anything in their properties. Due to testing the connection i get failures.
The date of creation of this Connection (TRUSTING_SYSTEM@<satellit_system>) are older than my last recreation of the RFC-Connection (_READ, _TRUSTED).
I think due to that I get this failures:
Failure of testing the connection TRUSTING_SYSTEM@<satellit_system>:
Logon - Connection Error
Failure details - Failure during open RFC-Connection
Failure details - ERROR: service 'sapms<satellit_system>' unknown
Failure details - LOCATION: SAP-Server <solman_server>_SSM_00 on host <solman_server> (wp 1)
Failure details - DETAIL: NiPGetServByName: service 'sapms<satellit_system>' not found
Failure details - CALL: getservbyname
Failure details - COMPONENT: NI (network interface)
Failure details - COUNTER: 213
Failure details - MODULE: niuxi.c
Failure details - LINE: 1669
Failure details - RETURN CODE: -3
Failure details - SUBRC: 0
Failure details - RELEASE: 700
Failure details - <Time_of_trying_connection>
Failure details - VERSION: 38
Ensurethe User has the correct authoriaztions make sure the S_RFCACL is assigned.
1. In Solution Manager create an RFC destination to the Remote System
2. In remote system Create User for RFC with Authoriation S_RFCACL
3. In the remote System Create an RFC to Solution Manager
4. In Solution Manager create ( or use existing ) User for the Remote system to login and ensure user has S_RFCACL
4. In remote System run transaction SMT1 - Create - Select RFC to Solution Manager - Save ( assuming login info and auth's in Solution Manager are correct it will save ) You will see a SID entry ( Eaxmple SMD ) for Solution Manager in the Remote system.
5. Login to Solution Manager SMT1 - Create - Select RFC to Remote System- Save ( assuming login info and auth's in Remote System are correct it will save ) You will see a SID entry ( Eaxmple DEV ) for the remote system in Solution Maanger.
6. Test RFC's - sm59 - double click RFC - Remote login.
Here is the SAP Help
http://help.sap.com/saphelp_nw70/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/content.htm
Hi,
i tried it very often, but i don't get it.
Like in the [Help|http://help.sap.com/saphelp_nw70/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/content.htm] i tried to configure it, but it doesn't run.
1. Login SolMan; SM59; Create Destination to Remote System (dev) name c00_system
(No Check at trusted system and no logon specification)
2. SolMan; SMT1; Create Destination c00_system ; logon with the future rfc-user, who has got sap_s_rfcacl and SAP_ALL
3. and here i think i get the first failure:
In the scenario where the same user and client are used, you can use the menu option Entry to perform authorization checks: These checks first attempt to reach the client using the logon data specified in the definition destination (in the example, C00_SYSTEM), and then try to log back on to the server system with the same logon data, using a trusted RFC. Choosing the menu option Current Server forces the return path to occur on the current application server, and choosing menu option Trusting System induces load balancing, meaning that the logon takes place on any application server in the server system.
In trusting system everything is red. This is also the same, if i take the way Clive Brown has posted.
Logon runs successfull with logon-data, but trusted doesn't work
There also aren't create a trusted system on dev after logon on it.
Are there any solutions for that problem?
Is there a special need on the remote systems? (i.e. SAP_BASIS 700)
Edited by: Rene Hinsch on May 26, 2008 2:45 PM
Hi René.
I had the same trouble with the trusted RFCs.
Your Failurmessage:
RFC-Verbindung SM_E59CLNT100_TRUSTED kann nicht aufgebaut werden (Keine Berechtigung zur Anmeldung als Trusted System (Trusted RC=2).)
Meldungsnr. SCDT_DIST113
the given RC=2 means, that you do not have the permission S_RFCACL at the target system OR that you using a secured user like DDIC or SAP* for the RFC connections!
As far as i understood you, you already gave the S_RFCACL Object to your user on the satellite system. But did you configured it right?
in the S_RFCACL object you must have the attributes
EQUSER=n
SYSID=sm1 (or the equivalent system ID for your Solution Manager)
the other attributes can stay on their standard settings. Check out the Help for this object for further information.
Maybe this can help you
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Udo,
i tried your advice, unfortunately it didn't solve the problem.
This is my errormessage
Keine Berechtigung zur Anmeldung als Trusted Syste
Meldungsnr. SR000
in ST22 it's the following error:
Errorcode of Trusted Systems was 2
Meaning:
...
2: User "RFC_USER" do not have the authority (authorization object (S_RFCACL) for User "myLogin" with Mandant number
...
The Errorcode of SAP-Logonprocedure was 0
Meaning:
0 Logon was correct
....
Now I am confused.
Logon is ok, but there are still missings authority-objects? S_RFCACL is in SolMan and in Satellit System User added.
I tried it with
EQUSER=n
and with
EQUSER=y
and with
SYSID= SID
And while testing i got the errormessages from above.
+ RFC-User in Satellit-System and SolMan are equal +
Edited by: Rene Hinsch on May 26, 2008 4:49 PM
Seem to me your user has not the authorizations needed to establish a trusted rfc connection.
Maybe your modifications of S_RFCACL are not correct:
GoTo PFCG
modify your created role (Z_RFC_ACL, or else)
Change the Authorizations (Berechtigungen)
Display Authorization if your Authorization object is origin S_RFCACL
if you don't have this auth. object add it manual to your role
SETTING for S_RFCACL in the role Z_RFC_ACL(working)
RFC -> TRUSTED Trusted-Beziehung
Manuell Anwendungsübergreifende Berechtigungsobjekte
Manuell Berechtigungsprüfung für RFC Benutzer (z.B. Trusted System)
Manuell Berechtigungsprüfung für RFC Benutzer (z.B. Trusted System)
RFC Client oder Domäne *
RFC gleiche Benutzerkennung Alle Werte
RFC Information *
System-Id (für SAP- und extern *
RFC Transaktionscode *
RFC User (SAP oder extern) * (CAVE: better use a for rfc-connections restricted user
because of security reasons, but for testing it`ll be
OK)
Generate the role.
Save.
Add your needed user(s) to the role (tab users)
Complete comparison
Save.
You have to create identically users (name & password, I think)in the satelite systems with the same authorizations.
Good luck
kind regards
Tom
Hi René,
as far i understood you, you almost got it. But there is one little thing still incorrect:
and with
SYSID= SID
You added and configured the S_RFCACL in your remote system (e.g c00). But the attribute SYSID has to be "sm00". So it has to be the !
maybe this helps you a bit more.
Best Regards
Hi all,
Problem is solved.
There was the missing Service as Christian was mentioned.
After checking it again, one entry was missing.
Sorry and thank you for your time and advice.
btw: I need a * at RFC-User, although rfc-user are the same. sy-name didn't pass too.
With it works fine.
Thanks a lot.
Regards
René
When you create the RFCs Destinations did you get any errors in the creation log? if so please attach it so we can take a look, must be no errors in the creation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
<Grün> Generierung von RFC-Destination <name>_READ erfolgreich abgeschlossen
<Grün> Funktionsprüfung von RFC-Destination <name>_READ verlief fehlerfrei
<Grün> Generierung von RFC-Destination <name>_TRUSTED erfolgreich abgeschlossen
<Grün> Funktionsprüfung von RFC-Destination <name>_TRUSTED ergab nachfolgende Fehler
<Rot> RFC-Verbindung <name>_TRUSTED kann nicht aufgebaut werden (Keine Berechtigung zur Anmeldung als Trusted System (Trusted RC=2).)
<Rot> Funktionsgruppe SCCA kann im RFC-System <name>_TRUSTED nicht aufgerufen werden
<Grün> Generierung von RFC-Destination <name>_TMW erfolgreich abgeschlossen
<Grün> Funktionsprüfung von RFC-Destination <name>_TMW verlief fehlerfrei
<Grün> Zum Generieren von Destination '<name_back>_BACK' wird Destination '<name>_TRUSTED' verwendet
<Rot> Fehler beim Anlegen der RFC-Destination '<name_back>_BACK' im System '<system>'
<Rot> Generierung von RFC-Destination <name_back>_BACK nicht erfolgreich
<Grün> Automatische Datenermittlung für System '<system>' gestartet
<Rot> Keine RFC-Destination für lesende Zugriffe für Mandant <nr> zugewiesen
Translation:
<green> Creation of READ was succesfull
<green> Creation of RFC-Destination <name>_TRUSTED successfull completed
<green> Function test of RFC-Destination <name>_TRUSTED is giving following failure
<red> RFC-Connection <name>_TRUSTED can't established (no authorization for log on as Trusted System (Trusted RC=2).)
<red> Functiongroup SCCA can't called in RFC-System <name>_TRUSTED
<green> Creation of destination <name>_TMW successful completed
<green> Function test of RFC-Destination <name>_TMW without failure.
<green> For creation of destination '<name_back>_BACK' the destination '<name>_TRUSTED' is used
<red> Failure during apply/create of RFC-Destination '<name_back>_BACK' in system '<system>'
<red> Creation of RFC-Destination <name_back>_BACK was not successfull
<green> Automatic data-tracing for system '<system>' is started
<red> None RFC-Destination assigned for reading access of client <nr>
I'm sorry, but i don't see another way to 'attach' the message here. (I didn't find a solution for it in a short time)
Hope it's understandable.
Regards,
René
Hi!
Check the following:
- Same UserID in both systems.
- RFC Connection points to the correct client
- Profile for Role SAP_S_RFCACL is generated (in satellite system)
- Check if there are any restrictions for S_RFCACL within role SAP_S_RFCACL (e.g. System ID, RFC-User)
- User comparison is done
/cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
As I mentioned before check if the Trusting Services are active for the Satellite Domain Controller, this can be check in transaction STMS->System Overview->Go to->Transport Domain in the Satellite Domain Controller.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
the workaround is running fine, but the trusted/trusting RFC doesn't work at all.
* Same UserID in both systems.
RFC Connection points to the correct client
Profile for Role SAP_S_RFCACL is generated (in satellite system)
Check if there are any restrictions for S_RFCACL within role SAP_S_RFCACL (e.g. System ID, RFC-User)
User comparison is done
Everything is done but don't solve the problem.
@Ruben: I activated it, unfortunately the trusted rfc connection does not run after changing it.
I try it now only between one satellit system and the SolMan,
so in every RFC-Destination it is the same user (in _TRUSTED, _READ, on both Systems)
But none connection is running.
It seems to be the same problem as before
Keine Berechtigung zur Anmeldung als Trusted System (Trusted RC=2).
S_RFC* is in both Systems implemented and i don't use DDIC or SAP*
I am appreciative for further suggestions.
Regards,
René
Hi Gurus,
I deleted the RFC-connection between SolMan and the satellit system and create it new
through this tutorial:
But it doesn't work fine.
At the end i must logon with my user on all Systems (so the rfc-destinations could be createt, i guess),
but it failed.
I took new users to generate and don't take existed ones.
It creates the _TRUSTED rfc connection without the _BACK and _READ connection on the satellit system.
But no one is working.
In SMSY clear-up rfc destination, i select the _READ one and get information , but i get only the _TRUSTED one. (see some lines above, that _BACK and _READ was not created).
I use the workaround for this destination and it works, although _BACK and _READ don't exist.
What could be the problem?
Regards,
René
The Trusting Services are active for the Satellite Domain Controller?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Good day Rene.
Try granting authorization object S_RFC (*) to your users in Solution Manager and in your child systems.
This did the trick for us. Unfortunately, this authorization object is not found in the SAP_S_RFCACL role...
Thanks,
Charles.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
i am sorry for late reply, but we updated to sp15. It takes some time.
Furthermore, we checked your advice to add S_RFC*. These are already added through profile sap_all and a customized profile. Unfortunately it isn't that problem. By the way on satellit system there are only the objects S_RFC and S_RFCACL.
Next we tried the workaround with disable trusted system and therefor put login + pw in the fields. The box for logonscreen is not checked, but at testing the RFC-Destination I get the logonscreen with my user, although the boxes for actual user are unchecked (on SolMan and Satellit System).
Does anyone know how to solve one of these problems?
Thanks in advance for further replies
René
User | Count |
---|---|
92 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.