SAP Trusted RFC Not Working : SMT1, SMT2
Many times while working on SAP systems, you get issue from end users stating some functionality is not working or it’s giving pop-up for login. You wonder what happened suddenly, as there was no change in system. When you troubleshoot you observe that the Trusted RFC not working. Sound familiar right? This is very annoying issue as all details will be correct, still trusted connection get broken. Let’s see how to address such issue.
Nature of Errors
While dealing with Trusted connection issues or Trusted RFC not working, sometimes error details are not straight forward. Few error details are as shown in previous screenshots, like
- 00024 rabax during sapgui logon
- No authorization to log on via trusted system
- Error while opening a RFC connection
For rabax error, you need to do some additional steps to get to the actual cause of issue. For that please follow our previous post dedicated to that issue. For rest of the issues, you will get fair idea from the error text and also from the error code i.e. L-RC and T-RC. Few error codes references are as below.
- For L-RC
- 0 => USER_OK => Login was correct
- 1 => USER_NOT_ALLOWED => User or password incorrect
- 2 => USER_LOCKED => User locked
- 3 => STOP_SESSION => Too many attempts to log on
- 5 => BAD_BUFFER => Error in the authorization buffer
- 6 => CUA_MASTER_RECORD => No external user check
- 7 => BAD_USER_TYPE => Invalid user type
- 8 => USER_NOT_VALID => Validity of user exceeded
- 9 => SNC_MAPPING_MISMATCH => User does not correspond to SNC name
- 10 => SNC_REQUIRED => Secure connection required
- 11 => SNC_NAME_NOT_IN_ACL => User not found in USRACL(EXT)
- 12 => SNC_SYST_NOT_IN_ACL => System not found in USRACL(EXT)
- 13 => SNC_MAPPING_NO_MATCH => No matching user found
- 14 => SNC_MAPPING_AMBIGUOUS => Multiple user matches found
- 20 => TICKET_LOGON_DISABLED => Logon process deactivated
- 21 => TICKET_INVALID => Data received not SSO ticket
- 22 => TICKET_ISSUER_NOT_VERIFIED => Digital signature not verified
- 23 => TICKET_ISSUER_NOT_TRUSTED => Ticket issuer not trusted
- 24 => TICKET_EXPIRED => Ticket expired
- 25 => TICKET_WRONG_RECIPIENT => Wrong recipient
- 26 => TICKET_WITH_EMPTY_USERID => Ticket coontains an empty User ID
- 30 => X509_LOGON_DISABLED => Snc/extid_login_diag = 0
- 31 => X509_BASE64_INVALID => Cert not base64-encoded
- 32 => X509_INVALID_SERVER => X.509 not provided by ITS
- 33 => X509_HTTPS_REQUIRED => Cert not transferred via SSL
- 34 => X509_MAPPING_NO_MATCH => No matching account
- 35 => X509_MAPPING_AMBIGUOUS => Multiple matching accounts
- 40 => EXTID_LOGON_DISABLED => snc/extid_login_diag = 0
- 41 => EXTID_MAPPING_NO_MATCH => No matching account
- 42 => EXTID_MAPPING_AMBIGUOUS => Multiple matching accounts
- 50 => PASSWORD_LOGON_DISABLED => login/disable_password_logon
- 51 => PASSWORD_IDLE_INIT => login/password_max_idle_init
- 52 => USER_HAS_NO_PASSWORD => USR02.CODVN = ‘X’ (flag)
- 53 => PASSWORD_ATTEMPTS_LIMITED => Lock counter exceeded
- 54 => PASSWORD_IDLE_PROD => login/password_max_idle_prod
- 100 => CLIENT_NOT_EXIST => Client does not exist
- 101 => CLIENT_LOCKED => Client locked
- 200 => MULTIPLE_RFC_LOGON => login/disable_multi_rfc_login
- 1002 => Trusted system logon failed (no S_RFCACL authorization)
- For T-RC
- 0 => Correct logon via trusted system.
- 1 => No trusted system entry for the caller system “XXX” with the installation number “YYYYYY”, if this exists, or the security key entry for system “XXX” is invalid.
- 2 => User “XXXX” does not have RFC authorization (authorization object (S_RFCACL) for user “YYYYY” with client .
- 3 => The time stamp of the logon data was invalid.
Also ReadReset or Refresh Table Buffer in SAP
How to Address the Issue
In most of the cases it will be authorization issue, so try to address it by updating user roles for missing authorizations. In some cases, it will be Certificate issue, so try to check if there are any recent update to certificate and if yes, make sure to exchange updated certificates between the systems. In case of issue with specific parameters as per the return code mentioned previously, do adjust those parameters to address the issue. You can take reference of below Notes,
If you still face issue of Trusted RFC not working, even after resolving all authorization, certificate, SSL and parameters issues, then it mostly the case of corrupt RFC. To solve this,
- Create fresh RFC in SM59, make sure to select “Current User” checkbox in Logon tab.
- Leave client field empty.
- In SMT1, go to Tab “System that trust current system”, remove old entry which is in issue.
- Create new entry with the help of Wizard.
- Provide freshly created RFC in previous step when asked in Wizard.
- Complete the Wizard.
- Your connection should be working fine now.
Note : Do not try to reuse any other existing RFC. Quick way to solve this is by creating fresh new RFC in SM59.
Hope you find this information helpful. Do mention your feedback in comment section. Till next article, Stay Safe, Stay Healthy, Jai Hind!