Connectivity FAQ – Integrating Cloud for Customer with SAP ERP/CRM
This blog serves as FAQ document for the Integrating Cloud for Customer with SAP ERP/CRM and contains answers to the most commonly asked questions about the connectivity. It will be updated with new information from time to time as the need arises.
1) Question : How to configure Basic Authentication with SAP Hana Cloud Integration (HCI) connecting to Cloud for Customer and On-Premise ERP/CRM system?
Solution : Refer to How-to Guide in SCN, http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/4037b5a5-47a5-3110-e891-f3d9dbafbe86
2) Question : How to configure certificate based Authentication with SAP Hana Cloud Integration (HCI) connecting to Cloud for Customer and On-Premise ERP/CRM system?
Solution : Refer to our How-to Guide SCN, https://scn.sap.com/docs/DOC-55037
3) Question : Why does Check Connection from Outbound Communication Arrangement of Cloud for Customer connecting to HCI always fails with 405 Method not allowed error?
Solution : Technically we are sending a HTTP GET instead of an HTTP POST and hence the error 405 Method not allowed reported. But a 405 Error measns connectivity is established between C4C and HCI.
4) Question : When I Check Connection from the Communication Arrangement in Cloud for Customer I get an error “SRT: Processing error in Internet Communication Framework: (“ICF Error when receiving the response: ICM_HTTP_SSL_CERT_MISMATCH”)”.
Solution : This is caused when the HCI or PI server certifcate is not trusted by C4C. This happens when the distinguished name of the certificate does not match the host name of the URL. For example, the certificate has CN =abc.com – but host name in the communication arrangement is abd.com. Check your URL hostname in the communication arrangement in C4C.
5) Question : When sending message from on-premise CRM/ERP to the Cloud for Customer the message fails in Cloud for Customer with error message “SRT: Plain SOAP: Reliable messaging (RM) configured, but no Messaging ID and no WSRM assertion provided”
Solution : Make sure the protocol defined in the Communication System of C4C should be 5 – Web Services. Also when using PI the receiver communication channel pointing to C4C should have the MessageID and Encoded Header option selected, use the communication channel template provided as part of the standard content.
6) Question : When sending message from on premise to Cloud for Customer using HCI as a middleware the message fails in HCI with 401 Unauthorized while using certificate authentication.
Solution : Refer to How-to Guide in SCN, http://scn.sap.com/docs/DOC-55037
7) Question : When sending message from Cloud for Customer to on premise ERP/CRM using HCI as a middleware the message fails in HCI with 401 Unauthorized while using certificate authentication.
Solution : Refer to How-to Guide in SCN, http://scn.sap.com/docs/DOC-55037
8) Question : When Check Connection is performed on an Outbound Communication Arrangement in Cloud for Customer the check fails with ICM_HTTP_SSL_ERROR error.
Solution : Check if the root certificate are exchanged correctly and the Cloud for Customer has the Root certificate of the on-premise reverse proxy in the trust list. Refer to the SCN Blog under SSL section: http://scn.sap.com/community/cloud-for-customer/blog/2014/03/27/sap-cloud-for-customer-integration-with-erp-and-crm-how-to-guides-and-e-learning
9) Question : When Test Connection is performed on the RFC Destination in SM59 transaction of on premise ERP/CRM the test fails with ICM_HTTP_SSL_ERROR error.
Solution : Ensure that SSL Standard is active in the authorizations tab of the RFC destination. Also, ensure the root certificate of ERP is in the middleware keystore and the middleware root certificate is in ERP. To check this for HCI use the URL: https://<operationsserver>/cxf in Google chrome and look at Check if the root certificate are exchanged correctly (to add details) _ GG – I have this answer in an email I can copy over but want to use screenshots- should we switch this to word to more easily use screen shots.
10) Question : When sending message from on-premise CRM/ERP thoughg SAP Netweaver PI the message fails in Cloud for Customer with error message “SRT: Plain SOAP: Reliable messaging (RM) configured, but no Messaging ID and no WSRM assertion provided”. The Communication System in Cloud for Customer has the protocol set to “5 – Web Service”.
Solution : In the soap communication the message ID must be provided. It should be added to the URL in the format ?messageID. This is covered in question 2 in the SOAP Adapter FAQ note 856597.
11) Question : How to monitor outgoing and incoming message in my on premise ERP/CRM solution when integrating with Cloud for Customer?
Solution : WE02 or WE05 IDoc monitor for Idocs. For synchronous WS, SRT_UTIL. Refer to How-to Guide in SCN, https://scn.sap.com/docs/DOC-55420
12) Question : How to monitor message in Cloud for Customer when integrating with on premise CRM/ERP solution?
Solution : Administrator –> WS Message Monitoring. Refer to How-to Guide in SCN, https://scn.sap.com/docs/DOC-55420
13) Question : Is there a way to look at the XML payload in Cloud for Customer and if yes then how can I view the XML payload?
Solution : Administrator –> WS Message Monitoring –> View Payload (possible only for asynchronous messages), Refer to How-to Guide in SCN, https://scn.sap.com/docs/DOC-55420
14) Question : How to filter the messages in the message monitor of Cloud for Customer?
Solution : Refer to How-to-Guide on SCN, https://scn.sap.com/docs/DOC-55420
15) Question : How to monitor message in SAP Hana Cloud Integration without installing Eclipse?
Solution : Refer to How to Guide on SCN, https://scn.sap.com/docs/DOC-55420
16) Question : “When sending a message using PI you get a String index out of bounds expection.
com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at com.sap.aii.adapter.soap.web.SOAPHandler.processSOAPtoXMB(SOAPHandler.java:746)”
Solution : This can happen when you send a message C4C to PI use if customer is using 7.1 version onwards and they using the the new URL type. To fix this you need to uncheck the encoded header in the soap sender adapter (conversion parameter. Please use the communicate channel template that comes with the standard PI content.
17) Question : When sending a message using PI you get a java exception that says P/S/A binding not found.
Solution : This happens when using the new URL format. The new URL format is described in the soap adapter FAQ 856597.
18) Question : When using PI typically you connect PI to ERP via RFC’s for sendign idoc formats – but in addition we have syncrhonous.e.g. pricing, query sales docs. The syncrhonous calls are on the SOAP adapter. When using this adapter for synchronous calls you get SSL errors between PI and ERP.
Solution : First check that you are using the correct SSL port provided by ERP. Second, import the ERP root certificate into NWA keystore trusted CA’s. Note: Some cusotmers may not use SSL between PI and ERP, but if you want to have a secure communication between PI/ERP you can consider using SSL.
19) Question : When connecting from On-premise to HCI the connection fails with 403 error thought the certificates are configured while deploying the iFlow.
Solution : Make sure the Client Certificate is signed by the list provided in the Integration Guide and also make sure the Certificate has the value “Client Authentication” set and that can be found by opening the Certificate and go to Details tab and from the dropdown “Show” select Extensions Only and check the value for the filed “Enhanced Key Usage”.
20) Question : When using HCI as the middleware the message fails with ICM_HTTP_PROXY_UNAUTHORIZED.
Solution : Make sure to use port 443 for connections from HCI to on-Premise. If 443 cannot be used then please create an incident.
21) Question : What are the reverse proxies that are supported when using Certificate based authentication?
Solution : SAP Web Dispatcher is the recommended reverse proxy. 3rd Party reverse proxies are supported but make sure that reverse proxy can forward client certificates for e.g. Apache reverse proxy.
22) Question: Cloud for Customer Client certificate expired and how to renew the client certificate?
Solution: Refer to blog in SCN, When and how to update your SAP Cloud for Customer SSL Client Certificate
23) Question : How to analyze the HTTP 401 Authorization issues?
Solution : Refer to the blog in SCN, Analyzing Authorization Problems (http 401) with ICM and Security Audit Log
Super- thank you, Prakash!!!
This would have solved a lot of my struggles when I did my integration
For item 19, our signed client certificate has both Server Authentication and Client Authentication for the field Enhanced Key Usage and we're getting 403-Forbidden response, kindly advice.
While I am trying to check Connection for Business Partner replication to ERP services, i receive and error saying Service Ping ERROR: Not Implemented (501). Can you advise on this?
I am getting this error when checking the Outbound connection to PI
Error accessing service; Service Ping ERROR: Error when calling SOAP Runtime functions: SRT: Processing error in Internet Communication Framework: ("ICF Error when receiving the response: ICM_HTTP_PROXY_UNAUTHORIZED") ()
Can you please advice?
verify the User ID Passwrod being used.
I have added a new logical port to connect to SAP HCI. when i ping the web service i get error NIECONN_REFUSED(-10). I am not familiar with these settings. Please suggest where could be the issue?