Java system error: Call of FM RSRD_X_PRODUCE_PROXY to ProgId HOST_PORTAL_SID on host host.com with SSO not authorized: Missing Password
Message no. RSBOLAP018
Diagnosis
An error occurred in the BI components on the SAP J2EE Engine.
Procedure
Contact your system administrator to have the error analyzed in detail.
Procedure for System Administration
Start the Visual Administrator, log on to the SAP J2EE Engine and choose "<J2EE_SID>" ->"Server" -> "Services" -> "Log Viewer".
The file "defaultTrace.trc" includes detailed information about the error that occurred. In Windows, you can find this file in the Log Viewer under "Cluster <computer name>" -> "Server <server number>" -> "<drive>:\usr\sap\<SID>\JC<INSTANCE>\j2ee\cluster\server<NUMBER>\log". ". In Unix, the file is located under "/usr/sap/<SID>/JC<INSTANCE>/j2ee/cluster/server<NUMBER>/log".
If the file does not include enough detail about the error, you can increase the log level to obtain more information. To do this, choose "<J2EE_SID>" -> "Server" -> "Services" -> "Log Configurator". On the "Locations" tab page, choose "com" -> "sap" -> "ip" -> "bi" -> "webapplications". Using the selection list on the right side of the screen, you can increase the log level, whereby "DEBUG" represents the log level with the most information. You can save your settings by choosing the "Save" icon. The change to the log level is active immediately. Once you have successfully analyzed the error, you should set the log level back to its default value using the appropriate pushbutton; continuous writing to the log file negatively affects the overall performance of the system
_____________________________________________________________________________________________________________________________________
First things first you always get pointed to this knowledge base article.
1575891 - After executing a USER setting you receive the Java error: call FM RSRD_X_PRODUCE_PROXY to ProgId 'abc' on host 'xyz' with SSO not authorized
Which hosts these suggestions:
- 1.Apply each of these steps sequentially. After each step please re-test the issue to see if the error persists. Only if the issue is not resolved move to the next step:
- 1. Execute the Support Desk Tool as per Note 937697. Download the latest version of the tool attached to the note. Ensure that all items are Green by following the solutions provided in the generated supportdesk.zip file. Ensure all configuration checks are GREEN as per Note 1177154.
- 2. 2. Recreate the certificates on Java side (J2EE Visual Administrator) & import them to ABAP to redefine the trust relationship between the systems. Refer to Note 912229 for the whole procedure.
- 3. 3. Apply SAP Note 1388694 - 'Hanging connections to JCo'.
What I did
1. Checked my support desk tool from from note 937697 all was green
2. Reconfigured ABAP+JAVA trust - error persisted
3. Note 1388694 was not applicable to me.
4. I checked the J2EE_GUEST use and related configurations as the error I received was as follows in J2EE default trace file insufficient information for me.
#1.#F4CE46A87E27007B0000003E0000D95F0004DDAE4DDB6F45#1369640607117#com.sap.engine.services.rfcengine##com.sap.engine.services.rfcengine.handleRequest#J2EE_GUEST#0##n/a##0b03272ec6a111e2c49200000050d26e#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Plain###java.lang.RuntimeException:Call of FM RSRD_X_PRODUCE_PROXY to ProgId HOST_PORTAL_SID on host host.com with SSO not authorized: Missing Password
5. I checked the dev_rfc* files directly after reproducing the error error was insufficient to me.
Exception thrown [Mon May 27 16:31:05,285]:Exception thrown by application running in JCo Server
- java.lang.RuntimeException: Call of FM RSRD_X_PRODUCE_PROXY to ProgId HOST_PORTAL_SID on host host.com with SSO not authorized: Missing Password
at com.sap.engine.services.rfcengine.RFCDefaultRequestHandler.handleRequest(RFCDefaultRequestHandler.java:80)
at com.sap.engine.services.rfcengine.RFCJCOServer$J2EEApplicationRunnable.run(RFCJCOServer.java:254)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
6. Download the diagtool from sap Note 957666 - Diagtool for Troubleshooting Security Configuration unzip and copy to saphost j2ee directory ,take not of conf directory in subfolder of diagtool.
wssec.conf
traces_snapshot.conf
sso2.conf
ssl.conf
spnego.conf
secstore.conf
remote_traces_snapshot.conf
keytabgen.conf
authentication.conf
agent.conf
7. Start the tool as per note 982127 - Troubleshooting authentication problems since this is SSO error use the SSO conf
i.e. sidadm@suse9> ./go.sh /usr/sap/SID/DVEBMGS99/j2ee/diagtool/conf/sso2.conf /usr/sap/SID/DVEBMGS99/j2ee/configtool
This will run for almost a minute before it reaches a prompt where it asks you to reproduce your action that cause the error and ENTER on the diagtool screen immediately afterward
8. This creates an output directory i.e. /usr/sap/SID/DVEBMGS99/j2ee/diagtool/output it will create the following files
diagtool_{timestamp}.zip
diagtool_{timestamp}.log
diagtool_(timestamp}.html
9. Check for relevant errors easiest just using the html I found the following error which pointed to user USER being error.
12:42:45:594
|
Path
|
J2EE_GUEST
|
~n_Thread[impl:3]_16
|
~
|
[md=getUserAccountByLogonId][cl=135873]
|
Entering method
| |||
12:42:45:594
|
Debug
|
J2EE_GUEST
|
~n_Thread[impl:3]_16
|
~
|
[md=getUserAccountByLogonId][cl=135873]
|
Found uniqueID for logonId
|
USER
12:42:45:594
|
Path
|
J2EE_GUEST
|
~n_Thread[impl:3]_16
|
~
|
[md=getUserAccountByLogonId][cl=135873]
|
Exiting method with userAccount
|
from cache
12:42:45:595
|
Path
|
J2EE_GUEST
|
~n_Thread[impl:3]_16
|
~engine.services.security.authentication
|
Exception : Missing
|
Password
- java.lang.Exception
at
10. To confirm this I set parameter rfc/signon_error_log from value -1 to 2 in RZ11 and did a dynamic switch which gave me the additional information in the dev_rfc* file
RFC SignOn> delete old Assertion-Ticket (1)
======> Call of FM RSRD_X_PRODUCE_PROXY to ProgId HOST_PORTAL_SID on host host.com with SSO not authorized: Missing Password
ABAP Programm: SAPLRSRD_X_RUNTIME (Transaction: )
Called function module: RSRD_X_PRODUCE_PROXY
User: USER (Client: 012)
Destination: HOST_HOST_ISID(Handle: 25, DtConId: 51A3DA3A696886BDE1000000AC103B5C, DtConCnt: 1, ConvId: 82594371,{51A3DA3B-6968-86BD-E100-0000AC103B5C})
EPP RootContextId: F4CE46A86F6B1EE2B1DB41DB0BF818C1, ConnectionId: 00000000000000000000000000000000, ConnectionCnt: 0
EPP TransactionId: 51A3D90D696886BDE1000000AC103B5C
11. Turns out the user is used by BW guys to do their configuration and process chain. The password had expired once it was reset the functionality worked. User is set to DIA user and therefore password change policy affects it.
To avoid problem I changed type of user to SERVICE to avoid this human error factor in future hopefully by ignoring password change. Since dialog functionality is required by this user for BW related configuration SERVICE user is sufficient.
No comments:
Post a Comment