Skip to Content
Author's profile photo Former Member
Former Member
June 6, 2013 1 minute read

Registration of external program on SAP gateway not allowed

Issue :

Error from dev_jrfc.trc file

================================================

LOCATION SAP-Gateway on host <hostname>

ERROR registration of tp <Jco destination name> from host

<hostname> not allowed

TIME Fri May 10 10:30:58 2013

RELEASE 720

COMPONENT SAP-Gateway

VERSION 2

RC 720

MODULE gwxxrd.c

LINE 3642

COUNTER 6303

Return code: RFC_FAILURE(1)

error group: 102

key: RFC_ERROR_COMMUNICATION

Solution :

As of 720 kernel, registration of external server program is controlled by profile parameters gw/acl_mode, gw_reg_info and gw/sec_info.

For security reasons, SAP has made it mandatory to use gw/reg_info and gw/sec_info to allow any external program to get registered on host.

So, entries of the host wanting to register program in gateway, has to be maintained in the file reg_info and sec_info.

Location of these files is maintained using gw/reg_info and gw/sec_info profile parameter.

If the files are created without any entries, then no external server is allowed to register external programs. If files are created then entries for the servers has to be maintained.

If the files are not created, then parameter gw/acl_mode can be used to control registration of external programs on the system.

gw/acl_mode = 0 will allow registration of external server program

gw/acl_mode = 1 will not allow registration of external server programs and you need to maintain reg_info and sec_info files.

More information about the same can be found in below SAP notes :

Note 1408081 – Basic settings for reg_info and sec_info

Note 1069911 – GW: Changes to the ACL list of the gateway (reginfo)

Assigned Tags

      9 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ady Purnama
      Ady Purnama

      Hi Denish,

      Thanks for this sharing, it help me to solve the issue related with TREX and Gateway.

      https://scn.sap.com/thread/3418227

      Best Regards,

      Ady Purnama

      Author's profile photo Former Member
      Former Member

      Hi,

      The gateway security loggingis very usefull to pin point ACL related errors. It isn't activated by default.

      To activate it: SMGW => Goto => Expert Functions => Logging => you will get the screen where you can choose what you want to log.

      For "denied ACL errors" the most usefull is the Security (Rejected Accesses Only).

      To check the log you need to click on the display file icon just on the right of the log file name.

      Krs,

      Aidan

      Author's profile photo Former Member
      Former Member

      Hi Denish

      we faced the same issue.. thanks it is resolved now ..with this doc 😆

      Author's profile photo Former Member
      Former Member

      Hi,

      I just want to say thank you for posting this.

      Very useful information.

      Cheers

      Author's profile photo Former Member
      Former Member

      Yes, that helped!

      Thanks for such a great post 🙂

      regards,

      pavan

      Author's profile photo Former Member
      Former Member

      Thanks mate, it worked like a charm.

      Regards

      Raghu

      Author's profile photo Isaias Freitas
      Isaias Freitas

      Hi all,

      Take a look at Gateway Access Control Lists - Application Server Infrastructure - SCN Wiki for a detailed view of the gateway security features.

      Regards,

      Isaías

      Author's profile photo sam yee cheng
      sam yee cheng

      Hi Denish,

      Is there anyway i can check this parameter without request to basis accessing into PI server? like NWA ?

      Thanks.

      Author's profile photo Marcelo García
      Marcelo García

      You can check the profile parameters on tx "RZ11" or function module "TH_CHANGE_PARAMETER"

       

      Regards