SAP Trusted RFC Not Working : SMT1, SMT2
Many times while working on SAP systems, you get issues from end users stating some functionality is not working or it’s giving a pop-up for login. You wonder what happened suddenly, as there was no change in the system. When you troubleshoot you observe that the Trusted RFC not working. Sound familiar right? This is a very annoying issue as all details will be correct, but still, the trusted connection gets broken. Let’s see how to address such an issue.
Nature of Errors
While dealing with Trusted connection issues or Trusted RFC not working, sometimes error details are not straightforward. A few error details are shown in previous screenshots, like
- 00024 rabax during sapgui logon
- No authorization to log on via a trusted system
- Error while opening an RFC connection
For the rabax error, you need to do some additional steps to get to the actual cause of the issue. For that please follow our previous post dedicated to that issue. For the rest of the issues, you will get a fair idea from the error text and also from the error code i.e. L-RC and T-RC. A few error code references are as below.
- For L-RC
- 0 => USER_OK => Login was correct
- 1 => USER_NOT_ALLOWED => User or password incorrect
- 2 => USER_LOCKED => User locked
- 3 => STOP_SESSION => Too many attempts to log on
- 5 => BAD_BUFFER => Error in the authorization buffer
- 6 => CUA_MASTER_RECORD => No external user check
- 7 => BAD_USER_TYPE => Invalid user type
- 8 => USER_NOT_VALID => Validity of user exceeded
- 9 => SNC_MAPPING_MISMATCH => User does not correspond to SNC name
- 10 => SNC_REQUIRED => Secure connection required
- 11 => SNC_NAME_NOT_IN_ACL => User not found in USRACL(EXT)
- 12 => SNC_SYST_NOT_IN_ACL => System not found in USRACL(EXT)
- 13 => SNC_MAPPING_NO_MATCH => No matching user found
- 14 => SNC_MAPPING_AMBIGUOUS => Multiple user matches found
- 20 => TICKET_LOGON_DISABLED => Logon process deactivated
- 21 => TICKET_INVALID => Data received not SSO ticket
- 22 => TICKET_ISSUER_NOT_VERIFIED => Digital signature not verified
- 23 => TICKET_ISSUER_NOT_TRUSTED => Ticket issuer not trusted
- 24 => TICKET_EXPIRED => Ticket expired
- 25 => TICKET_WRONG_RECIPIENT => Wrong recipient
- 26 => TICKET_WITH_EMPTY_USERID => Ticket coontains an empty User ID
- 30 => X509_LOGON_DISABLED => Snc/extid_login_diag = 0
- 31 => X509_BASE64_INVALID => Cert not base64-encoded
- 32 => X509_INVALID_SERVER => X.509 not provided by ITS
- 33 => X509_HTTPS_REQUIRED => Cert not transferred via SSL
- 34 => X509_MAPPING_NO_MATCH => No matching account
- 35 => X509_MAPPING_AMBIGUOUS => Multiple matching accounts
- 40 => EXTID_LOGON_DISABLED => snc/extid_login_diag = 0
- 41 => EXTID_MAPPING_NO_MATCH => No matching account
- 42 => EXTID_MAPPING_AMBIGUOUS => Multiple matching accounts
- 50 => PASSWORD_LOGON_DISABLED => login/disable_password_logon
- 51 => PASSWORD_IDLE_INIT => login/password_max_idle_init
- 52 => USER_HAS_NO_PASSWORD => USR02.CODVN = ‘X’ (flag)
- 53 => PASSWORD_ATTEMPTS_LIMITED => Lock counter exceeded
- 54 => PASSWORD_IDLE_PROD => login/password_max_idle_prod
- 100 => CLIENT_NOT_EXIST => Client does not exist
- 101 => CLIENT_LOCKED => Client locked
- 200 => MULTIPLE_RFC_LOGON => login/disable_multi_rfc_login
- 1002 => Trusted system logon failed (no S_RFCACL authorization)
- For T-RC
- 0 => Correct logon via the trusted system.
- 1 => No trusted system entry for the caller system “XXX” with the installation number “YYYYYY”, if this exists, or the security key entry for system “XXX” is invalid.
- 2 => User “XXXX” does not have RFC authorization (authorization object (S_RFCACL) for user “YYYYY” with the client.
- 3 => The timestamp of the login data was invalid.
Also Read
Reset or Refresh Table Buffer in SAP
How to Address the Issue
In most of the cases it will be an authorization issue, so try to address it by updating user roles for missing authorizations. In some cases, it will be a Certificate issue, so try to check if there are any recent updates to the certificate and if yes, make sure to exchange updated certificates between the systems. In case of an issue with specific parameters as per the return code mentioned previously, do adjust those parameters to address the issue. You can take reference of below Notes,
- SAP Note 128447: Trusted/trusting systems
- SAP Note 320991: Error codes during logon (list)
If you still face the issue of Trusted RFC not working, even after resolving all authorization, certificate, SSL, and parameters issues, then it is mostly the case of corrupt RFC. To solve this,
- Create a fresh RFC in SM59, and make sure to select the “Current User” checkbox in the Logon tab.
- Leave the client field empty.
- In SMT1, go to Tab “System that trusts current system”, and remove the old entry which is in the issue.
- Create a new entry with the help of Wizard.
- Provide freshly created RFC in the previous step when asked in Wizard.
- Complete the Wizard.
- Your connection should be working fine now.
Note : Do not try to reuse any other existing RFC. A quick way to solve this is by creating a fresh new RFC in SM59.
Hope you find this information helpful. Do mention your feedback in the comment section. Till the next article, Stay Safe, Stay Healthy, Jai Hind!