Technical Articles
SAP HANA Cloud : Unable to connect remote source. SAP DBTech JDBC: [4321]: only secure connections are allowed
If you are new to SAP HANA Cloud, and you want to replicate some tables, there is already a nice blog post available for transferring of data from on-premise SAP HANA to SAP HANA Cloud using SDI.
However, I will cover in this blog post only a small portion of how you can update a remote source for SSL encryption. Mainly section 2.1 from above mentioned link.
Scenario
Your source database i.e. on-premise SAP HANA database server has got SSL encryption enabled for all connections. In this case, the remote source created on SAP HANA Cloud instance, also needs to be adjusted so that it can connect securely connect to on-premise SAP HANA DB.
If you try to open a virtual table, in this situation you may face below error :
Could not open 'SAPH2Q_VST'.'USR02'.
Error: (dberror) [5921]: Unable to connect remote source: Cannot establish JDBC connection. Error: SAP DBTech JDBC: [4321]: only secure connections are allowed
Steps to follow
- Open SQL console and suspend the remote source connection (Eg: VST_H2E in my case).
ALTER REMOTE SOURCE VST_H2E Suspend Capture ; ALTER REMOTE SOURCE VST_H2E Suspend Distribution;
-
- Select the remote source and go to ‘Edit’ :
- In the Configurations tab, go to section ‘Connection Security’ & change the parameter ‘Enable SSL encryption’ as ‘true’ :
Click on Save.
- Once the configuration is adjusted, open SQL console again and resume the remote source connection :
ALTER REMOTE SOURCE VST_H2E Resume Capture; ALTER REMOTE SOURCE VST_H2E Resume Distribution;
- Once done, refresh in database explorer catalog and try to open the virtual table again. It will work fine.
This is how, you can enable a secure connection between SAP HANA Cloud instance and an on-premise SAP HANA server.
This is not the correct quality of the answer. When a users experiences this error, and visits a blog on SAP's web site, its expect to find the solution on how to connect to the database "securely".
In this post we tell the users how to disable encryption on transit and opt for a less secure config state of the system.
Encryption in transit is set to true by default to follow the principles of Security by Design, and we should not just disable it because its the easiest solution to get rid of the error message.
--
Best regards
Shiva Saxena
Hello Shiva Saxena
Appreciate your feedback here. Thanks.
Just to clarify couple of things you mentioned :
1) In this post we tell the users how to disable encryption on transit and opt for a less secure config state of the system. ---> This is incorrect. I have actually shared, how to enable a secure connection from on-premise system.
2) When a users experiences this error, and visits a blog on SAP’s web site, its expect to find the solution on how to connect to the database “securely”. --> This is very much true, but if you are facing the similar issue on SAP HANA on-premise system, this blog post is definitely not for you. I have intentionally not assigned tag for SAP HANA. See in top right corner of the post.
3) In Scenario section, it's clearly mentioned if your source on-prem HANA server got ssl enabled for all connections, so these adjustments are necessary for existing remote connections.
Nevertheless I modified the title of this post, for better understanding. Added SAP HANA Cloud explicitly. 🙂
Best Regards,
Vivek Sahu