Skip to Content
Technical Articles
Author's profile photo Vivek Sahu

SAP HANA Cloud : Unable to connect remote source. SAP DBTech JDBC: [4321]: only secure connections are allowed

If you are new to SAP HANA Cloud, and you want to replicate some tables, there is already a nice blog post available for transferring of data from on-premise SAP HANA to SAP HANA Cloud using SDI.

However, I will cover in this blog post only a small portion of how you can update a remote source for SSL encryption. Mainly section 2.1 from above mentioned link.

Scenario

Your source database i.e. on-premise SAP HANA database server has got SSL encryption enabled for all connections. In this case, the remote source created on SAP HANA Cloud instance, also needs to be adjusted so that it can connect securely connect to on-premise SAP HANA DB.

If you try to open a virtual table, in this situation you may face below error :

Could not open 'SAPH2Q_VST'.'USR02'.
Error: (dberror) [5921]: Unable to connect remote source: Cannot establish JDBC connection. Error: SAP DBTech JDBC: [4321]: only secure connections are allowed 

Steps to follow

  1. Open SQL console and suspend the remote source connection (Eg: VST_H2E in my case).
    ALTER REMOTE SOURCE VST_H2E Suspend Capture ;
    ALTER REMOTE SOURCE VST_H2E Suspend Distribution;​
  2. At Database Explorer, just do a single click on “Remote Sources”, then select the corresponding remote source name.

  3. Select the remote source and go to ‘Edit’ :
  4. In the Configurations tab, go to section ‘Connection Security’ & change the parameter ‘Enable SSL encryption’ as ‘true’ :
    Click on Save.
  5. Once the configuration is adjusted, open SQL console again and resume the remote source connection :
    ALTER REMOTE SOURCE VST_H2E Resume Capture;
    ALTER REMOTE SOURCE VST_H2E Resume Distribution;​

     

  6. Once done, refresh in database explorer catalog and try to open the virtual table again. It will work fine.

This is how, you can enable a secure connection between SAP HANA Cloud instance and an on-premise SAP HANA server.

 

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Shiva Saxena
      Shiva Saxena

      This is not the correct quality of the answer. When a users experiences this error, and visits a blog on SAP's web site, its expect to find the solution on how to connect to the database "securely".

       

      In this post we tell the users how to disable encryption on transit and opt for a less secure config state of the system.

      Encryption in transit is set to true by default to follow the principles of Security by Design, and we should not just disable it because its the easiest solution to get rid of the error message.

       

      --

      Best regards

      Shiva Saxena

      Author's profile photo Vivek Sahu
      Vivek Sahu
      Blog Post Author

      Hello Shiva Saxena

      Appreciate your feedback here. Thanks.

      Just to clarify couple of things you mentioned :

      1) In this post we tell the users how to disable encryption on transit and opt for a less secure config state of the system. ---> This is incorrect. I have actually shared, how to enable a secure connection from on-premise system.

      2) When a users experiences this error, and visits a blog on SAP’s web site, its expect to find the solution on how to connect to the database “securely”. --> This is very much true, but if you are facing the similar issue on SAP HANA on-premise system, this blog post is definitely not for you. I have intentionally not assigned tag for SAP HANA. See in top right corner of the post.

      3) In Scenario section, it's clearly mentioned if your source on-prem HANA server got ssl enabled for all connections, so these adjustments are necessary for existing remote connections.

      Nevertheless I modified the title of this post, for better understanding. Added SAP HANA Cloud explicitly. 🙂

      Best Regards,
      Vivek Sahu