Skip to Content
Technical Articles
Author's profile photo Ashish Verma

SAP Content Repository Setup with PBS Archiving Solution using HTTP Proxy

There was a case in recent time where in our customer environment, we are making use of HTTP proxy as a mandate.

Landscape Information –

  • S4HANA 2022 with NW 757 on IBM PowerVs with HANA 2.0 SP05 in IBM Cloud.
  • Squid Proxy with IPaddress-1 and IPaddress-2 hosted on VPC(x86).
  • PBS – 3rd party Archiving Solution hosted on Windows in On-Prem.

Problem Statement – HTTP Server was not reachable directly from S4HANA and fails using HTTP Proxy. As per the screenshot below, it complains client connection to http://<3rd party-http-server>:<port-no.> fails.


Phase 1: Connection Test / Send Certificate Issue – Fixed

Added Global Proxy configuration in Tx-SM59 -> Goto -> HTTP Proxy Configuration

Maintain the HTTP proxy under HTTP Protocol and HTTPS Protocol –

Based on the SAP note – 3165420, it talks about the symptom via “NIECONN_REFUSED” whereas our symptom is different i.e., “Connection Broken”. Secondly, the resolution part says – “Check whether the HTTP proxy is configured and deactivate it if it should not be used for the connection to the HTTP content server.” In addition to it, SAP note also suggests checking multiple configurations.

So, we should not be caught by the information that Archiving/Content Server does not work with HTTP Proxy. We’ll learn going further parts of this blog!

When tried to put Global Proxy in QA system temporarily and observed change in behaviour of the error message to “HTTP error: 403 forbidden Access denied for client <>” from OAC0. When further tried from Client VPN as a client reported same error because my Laptop’s IP is not whitelisted in PBS content server.

2.) After enforcing the proxy configuration, connection test started showing Denied entries for our Proxy IPs. Hence, requested PBS administrator to add/whitelist Proxy IPs in PBS server under Programs -> PBS -> PCS -> options.ini



After adding the IPs, Content Repo from PBS server was restarted from IIS on the Windows box.

This resulted in fixing Connection Test and Send Certificate issue from Tx – OAC0.

Certificate received successfully at PBS server side and Connection test was successful.

But this is not end of solution. There were many challenges after this.

Phase -2: URL and corrupted certificate when traversed from SAP to PBS.

If I try to do connection test from within the repository from Tx-OAC0.

The repository was giving an error “Access denied: Verification of signed URL failed”.  Connection tests are successful, however, logs indicate “SsfVerify: there are signer errors”.

Troubleshooting Steps:

  • When I try to reach content repository via proxy from OS level. It publishes 200 (OK) return code which is fine from connectivity perspective.

curl -S -v http://<pbs-http-server ip>:<port-no.>/PclHttp.dll?serverInfo&pVersion=0045&contRep=Q0

curl -S -v http://<pbs-http-server ip>:<port-no.>/PclHttp.dll?serverInfo&pVersion=0047&contRep=Q0

  • It sends the signal via serverProtocol HTTP/1.1 from QA server to PBS.
  • When we are sending the data via OAC0 from Q0 repository it is sending certificates using HTTP/1.0.
  • As per SAP note – 2763564 below, it was checked internet options in PBS windows server to allow HTTP/1.1 through proxy connections as we wanted to ensure there are no restrictions there in PBS windows box.

Later, when PBS logs were checked thoroughly, it was found that when SAP S4HANA (or ABAP) sends the certificate to content repository from STRUSTSSO2, it fills the comma or space field/area within the certificate to small-letter strings %2c or %3d instead of capital letters %3D or %2C. From PBS side, it seems it understands capital letter strings.

For sending signURL or secKey to ContentServer, function module SCMS_URL_SIGN is responsible as below SDN Link.

With reference to below SAP note 2520326 where it says URL gets corrupted when proxy is in place which is exactly the same case as ours. I also checked; it is applicable for our release NW – 757.

2520326 – URL corrupted when proxy configuration is in place.

Connection in OAC0 using HTTP Proxy is successful.

Phase – 3: Final Solution

But problem did not finish in Phase-2, we noticed that Connection test in SARA was successful for functional archiving object but its store file job still fails with error message in Tx – SM37–

Connection to http://<pbs-http-server>:<port-no>/PclHttp.dll?create&pVersion: TCP/IP error

We generated more traces using SAPHTTP and SAPHTTPA by changing its setting from SM59, to select the ‘Set trace flag’ under the Special Options.

Later, use report RSHTTP40 with both RFC destinations SAPHTTP and SAPHTTPA.

From the logs, we can make out the log which came to use the SAP Note – 2570180.

2570180 – ICM Plugin usage over SAPHTTP in Knowledge Provider framework

Maintain the entry in your customer’s client(other than 000).

After which retrieval and storage jobs were successful.

Finally, 3rd party Archiving solution worked fine using HTTP Proxy.

Best Regards,

Ashish Verma

Disclaimer – Please always follow the latest copy of the SAP notes from SAP Service Market Place.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Yogesh kumar
      Yogesh kumar

      Hi Ashish,

      Nice and very detailed blog.....




      Author's profile photo Ashish Verma
      Ashish Verma
      Blog Post Author

      Thanks Yogesh! 🙂

      Author's profile photo Kalyana Kollipara
      Kalyana Kollipara

      Ashish Verma - Thank you for the blog. Do you mind sharing which 3rd party archiving solution you are are using please. Another question if we leave table SDOKPROF blank, shouldn't it use ICM instead of SAPHTTP by default?

      Author's profile photo Ashish Verma
      Ashish Verma
      Blog Post Author

      Hi Kalyana,

      Thanks for your raising the query.

      Yes, we have PBS archiving solution in place. I mentioned in the subject line of the blog too :).

      Yes, by default this table SDOKPROF was empty. When I generated SAPHTTP & SAPHTTPA traces then we noticed errors like -

      [Thr 140736148892144] [92350:140736148892144] NiError: NIECONN_BROKEN
      [Thr 140736148892144] *** ERROR => [92350:140736148892144] No data received. NiError: NIECONN_BROKEN [httpnw.c     3695]
      [Thr 140736148892144] [92350:140736148892144] InValid response header - No response code received


      [Thr 140735829076464] [314923:140735829076464] RfcListenAndDispatch() ended with key= and message=
      [Thr 140735829076464] Hint: key=RFC_COMMUNICATION_FAILURE and message=CM_NO_DATA_RECEIVED is a standard situation and happens when application server closes the connection.

      Although, there are notes 2441912 & 2882905. But it didn't help me much.

      Since, I mentioned in the blog, we were using HTTP Proxy for the http inbound connections due to which our storage job was failing even after fixing the overall connection test/certificate issue from Tx-OAC0. Therefore, when I checked in depth, these errors was keeping the relevance with our issue.

      Hence, adding the entry same like mentioned in SAP Note - 2570180, helped me in fixing the issue.

      Conclusion - Using ICM HTTP Plug-in for HTTP communication instead of SAPhttp works with proxy and IBM-cloud(S4HANA) with PBS content server(OnPrem) here.

      P.S. HTTP Proxy is a squid proxy used for security reasons on our SAP Landscape.

      Best Regards,

      Ashish Verma

      Author's profile photo Kalyana Kollipara
      Kalyana Kollipara

      Thank you Ashish