Skip to Content
Technical Articles

ABAP Dump:CALLBACK_REJECTED_BY_WHITELIST resolution into SE51 Screen Painter layout

Introduction: 

I am working on S/4HANA 1909 FPS01 release as a partner. Post Installation, we faced few issues and one of the issues related to Screen Painter Layout.

In this Blog we will learn how to resolve ABAP Dump while opening Screen layout editor in SE51.

In S/4HANA, during initial setup or post upgrade the Profile parameter rfc/callback_security_method  is set as “3” for Higher security and System starts giving ABAP dump while opening the Screen Painter Layout.

ABAP Dump we receive: CALLBACK_REJECTED_BY_WHITELIST

It will help to those who are installing/upgrading S/4HANA  and sets the Security profile paramater and after the required configuration/Setting, Layout Editor will open.

 

Solution:

When we analyze the ABAP Dump in ST22, we  understand that it has been occuring due to missing of few Whitelist Function Modules into TCP/IP Destiation Port EU_SCRP_WN32.

 

Go to SM59 and expand TCP/IP Connection for Port “EU_SCRP_WN32”. Go inside this Destination as below. Goto Logon & Security tab.

We need to add below Callback Positive( Whitelist) List FMs. These callback FMs are called while opening the Screen Painter. If we miss any of the FMs then ABAP dump will be continued.

 

 

 

 

 

 

 

 

 

 

 

 

 

Called Function is RS_SCRP_GF_PROCESS_640 & Callback function are different.

Called FM                                            Callback FM

RS_SCRP_GF_PROCESS_640        RFC_GET_FUNCTION_INTERFACE

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_PROCESS_640RFC_GET

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RBUILDINFO

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RELEMTABLE

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RICONS

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RKEYS

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RKEYTEXTS

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RMESSAGES

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RPROPTABLE

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RSTATUS_40

RS_SCRP_GF_PROCESS_640        RS_SCRP_GF_RTEXTS

 

Conclusion:

Once these FMs are maintained then Layout will open. This is how security is maintained while calling RFC with destination parameter.

 

 

Note: 

I would like to mention that because of below Parameter profile set as 3 , we get RFC callback check secure is set as Green else it is shown as Red.

 

 You can see RFC Callback status is Green as highlighred.

 

Thanks.

Apprecite your comments!!

6 Comments
You must be Logged on to comment or reply to a post.
  • Just for interest see my question and the answers here: https://answers.sap.com/questions/12984331/adt-382-debugger-not-triggering.html

    This issue I was getting was debugging not working with unit tests, and was related to rfc/ext_debugging. It turned out that the recommend value for this parameter was (incorrectly) zero!

    It would be quite nice if it were hardcoded to 3.

    Armin Beil said

    Parameter rfc/ext_debugging should be 3 in all systems. Details are described in note 668256.

    Also, this configuration issue is not limited to ADT. If you create an external breakpoint in SAP GUI then it will also not stop for external requests like RFC or HTTP (OData). At least for the system where the value is 0 the SAP GUI debugger will also not work. Debugging your report from ADT worked because the embedded SAP GUI (just like the standalone SAP GUI) connects to the ABAP server via DIAG, not via RFC or HTTP.

    A colleague from ABAP kernel will also follow up on this topic:
    – The default value for this parameter is already 3, but it seems that the “recommended value” is actually 0. He will double check whether we can change that recommended value also to 3, in order to avoid future misconfigurations by admins.
    – He will also check whether it’s possible to just remove this quite old profile parameter completely and just “hard code” the value to 3 in the kernel
    – I will check whether we should extend the ADT backend configuration guide

     

      • I raised it as an issue with my client. Now the basis team are saying it needs to be applied in test and production (which it does, but I only care about development). Now there’s discussion about whether applying it to production fits in with the security policy.

        Which it must, otherwise, debugging of RFCs is no longer possible…