Showing results for 
Search instead for 
Did you mean: 

CAL Connect Error, both Remote Desktop and GUI

0 Kudos


I read the Guide, but I am still getting an error on Step 3 (Connect).

The CAL Appliance is Active and green. All good.

When I try to connect, both Remote Desktop or GUI, I get the following errors. I also tried without VPN.

Any idea or suggestion would be appreciated! Thank you.

Accepted Solutions (1)

Accepted Solutions (1)

Product and Topic Expert
Product and Topic Expert

Hi Sofia,

this looks like a network / firewall issue.

1. Check in the access points as Naeem said above (IP Range opens a certain port for all calling IP addresses - less secure but just to narrow down your issue)

2. Are you behind a corporate firewall (that might block access) or have some corporate IT regulations on your computer (RDP port 3389 or GUI port 3200 blocked) ?

3. Can you access eg. the Fiori launchpad with the plain IP address (https://<External_IP_S4_HANA>:44301/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html) ? Or any other component of the appliance eg. the cloud connector, web dispatcher (the Getting Started guide lists the URLs and ports) ?


Answers (2)

Answers (2)



In the guide there should be a section on security considerations. In there, it says to go to CAL console → Edit → Virtual Machine → Access Points., and use CIDR notation for your IP address (where you are connecting from). If you fill this correctly and save, the firewall settings will update. To restrict access only from your PC/laptop you can first go to a browser and find your public IP address (e.g. go to google and seach for my ip address). Then put this IP address with /32 at the end into CAL. Try the steps with and without VPN as your public IP address will change in each case.

Hope this helps.


0 Kudos

Hello both!

Thank you very much for your help. With your suggestions I asked for some Azure help internally and we solved the security issue. This is how:

1) Option 1: We first created a new Rule to allow the Inbound connection on Port 3389. It was working! But our policy doesn't allow that, and they deleted it.

2) Option 2: They suggested to use the "JIT". I followed the instructions from here and it did work! Secure management ports with just-in-time (JIT) access from Virtual Machine - Overview (

Now I am in. Thanks again.