SCC - Shadow attempts to authorize itself unintent...

jokawoth · ‎2025 Feb 06

Hello everyone,

I am currently trying to configure the High Availability Setup between our SAP Cloud Connector.

LDAP is set up on both the master and the shadow. Accordingly, the shadow should also authorize itself with username and password on the master.

However, when I try to establish the connection, an error occurs. Here is the LOG from the shadow.

Spoiler

2025-02-06 14:14:08,426 +0100#INFO#org.apache.catalina.core.ContainerBase.[Catalina]#https-jsse-nio2-8443-exec-1# #Exception performing authentication. Retrying... javax.naming.CommunicationException: Connection reset at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2031) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1873) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1677) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1512) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1462) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1279) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1159) at com.sap.scc.tomcat.multildap.PositionAwareCombinedRealm.authenticate(PositionAwareCombinedRealm.java:62) at com.sap.scc.tomcat.multildap.PositionAwareLockOutRealm.authenticate(PositionAwareLockOutRealm.java:103) at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:269) at com.sap.scc.tomcat.valve.SccMultiportAuthenticator$MyFormAuthenticator.doAuthenticate(SccMultiportAuthenticator.java:298) at com.sap.scc.tomcat.valve.SccMultiportAuthenticator.doAuthenticate(SccMultiportAuthenticator.java:152) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660) at com.sap.js.statistics.tomcat.valve.RequestTracingValve.callNextValve(RequestTracingValve.java:113) at com.sap.js.statistics.tomcat.valve.RequestTracingValve.invoke(RequestTracingValve.java:59) at com.sap.core.js.monitoring.tomcat.valve.RequestTracingValve.invoke(RequestTracingValve.java:27) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:383) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:937) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1734) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:1335) at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$2.completed(Nio2Endpoint.java:645) at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$2.completed(Nio2Endpoint.java:621) at org.apache.tomcat.util.net.SecureNio2Channel$1.completed(SecureNio2Channel.java:1026) at org.apache.tomcat.util.net.SecureNio2Channel$1.completed(SecureNio2Channel.java:949) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) at java.lang.Thread.run(Thread.java:838) Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:210) at java.net.SocketInputStream.read(SocketInputStream.java:141) at sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:475) at sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:469) at sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:69) at sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1333) at sun.security.ssl.SSLSocketImpl.access$300(SSLSocketImpl.java:76) at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:979) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) at java.io.BufferedInputStream.read(BufferedInputStream.java:345) at com.sun.jndi.ldap.Connection.run(Connection.java:946) ... 1 common frames omitted 2025-02-06 14:14:11,030 +0100#INFO#com.sap.scc.ha#https-jsse-nio2-8443-exec-4# #Shadow 27up0t9m: Start thread 'Ping To Master' 2025-02-06 14:14:11,030 +0100#INFO#com.sap.scc.ha#com.sap.scc.ha.PingToMaster# #Shadow 27up0t9m: PingToMaster started 2025-02-06 14:14:11,108 +0100#ERROR#com.sap.scc.ha#com.sap.scc.ha.PingToMaster# #Shadow 27up0t9m: get master version failed with An internal error occurred. See 'Log And Trace Files' and in particular scc_core.trc for details. Associated entries were logged on or around 2025-02-06 14:14:11,108 +0100. com.sap.scc.ha.HaHttpClientException: request https://HOSTNAME:8443/ failed with 401 ()

But what puzzles me the most is this part:

Spoiler

<!DOCTYPE html> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title>Cloud Connector</title> <script src="/resources/sap-ui-core.js" type="application/javascript" data-sap-ui-theme="sap_fiori_3"></script> <link rel="stylesheet" type="text/css" href="/notification.css"> <link rel="stylesheet" type="text/css" href="/info_css.jsp"> </head> <body class="sapUiBody sapUiSizeCompact"> <div id="infoDivPos"><div id="infoDiv"><h1>You are on Cloud Connector - TEST instance </h1><br> Please use your Windows Username and Password to login</div></div> <div class="content"> <div class="valigned"> <img id="alertIcon" width="64" height="64" title="Warning" alt="Warning" src="data&colon;image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAByUlEQVR42u2a263DIAyGO0KlLsAIGYGROgKbMEKf+5RROsKZ4KhtJCJVasrNF7DBkl8iBYn//yDG5HSaMWPGjAbxf79c3/kM6UabvPmY/J5mJAH8gQB+ZPfHoeCH+2NQkHBfPwUJ93VTkOm+Xgoy3ddJQaH7+igodF8XBZXu66Gg0n0dFADdl08B0H3ZFCC5L5eChPt/Ww/gnTakC890UJBwf5vocvDOkhDBaHHfRd5z4inIWPs28q4Vvxdk7PwQAbx096EC9E1B5ncfKoCX7D5kE+ybgoKqD0MAL9V9LAH6oqCw5r9FxrmJOyNU1PxrZKxV3Bmh4sSHKYCX5v6Wj8h4D1EnxdrzfmQ8Of0CyHkfWYA2FAC7PeeD8c5iukYI3R5bWQb3QQFCr49CAC/FfSoBeChA6vQ6YBnchgLETi+VALQUILl/WAxVFkF8FCD3+Z+h7N3b4ivy2KZn9znS9+4+R5pR3celQKj7eBQQub/fDS4hU3eDbSggcr/2bpCfAiL3sZqitBQQrn3oxQgPBYQ7fwsBfE87P/cSKKeA+LvPvQmWUcD03S/9RYaPAqFVHx4Fiicf7UhPAeYS+N4IrbLs/werGTP44wUqtsmkV+ao6AAAAABJRU5ErkJggg=="> <p class="centerText largeText"> Logon with client certificate failed </p> <p class="centerText"> Consult documentation or your Cloud Connector administrator </p> <a href="https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/logon-to-cloud-connector-via-client-c..."> <img id="infoIcon" title="Go to documentation"

<!DOCTYPE html> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title>Cloud Connector</title> <script src="/resources/sap-ui-core.js" type="application/javascript" data-sap-ui-theme="sap_fiori_3"></script> <link rel="stylesheet" type="text/css" href="/notification.css"> <link rel="stylesheet" type="text/css" href="/info_css.jsp"> </head> <body class="sapUiBody sapUiSizeCompact"> <div id="infoDivPos"><div id="infoDiv"><h1>You are on Cloud Connector - TEST instance </h1><br> Please use your Windows Username and Password to login</div></div> <div class="content"> <div class="valigned"> <img id="alertIcon" width="64" height="64" title="Warning" alt="Warning" src="data&colon;image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAByUlEQVR42u2a263DIAyGO0KlLsAIGYGROgKbMEKf+5RROsKZ4KhtJCJVasrNF7DBkl8iBYn//yDG5HSaMWPGjAbxf79c3/kM6UabvPmY/J5mJAH8gQB+ZPfHoeCH+2NQkHBfPwUJ93VTkOm+Xgoy3ddJQaH7+igodF8XBZXu66Gg0n0dFADdl08B0H3ZFCC5L5eChPt/Ww/gnTakC890UJBwf5vocvDOkhDBaHHfRd5z4inIWPs28q4Vvxdk7PwQAbx096EC9E1B5ncfKoCX7D5kE+ybgoKqD0MAL9V9LAH6oqCw5r9FxrmJOyNU1PxrZKxV3Bmh4sSHKYCX5v6Wj8h4D1EnxdrzfmQ8Of0CyHkfWYA2FAC7PeeD8c5iukYI3R5bWQb3QQFCr49CAC/FfSoBeChA6vQ6YBnchgLETi+VALQUILl/WAxVFkF8FCD3+Z+h7N3b4ivy2KZn9znS9+4+R5pR3celQKj7eBQQub/fDS4hU3eDbSggcr/2bpCfAiL3sZqitBQQrn3oxQgPBYQ7fwsBfE87P/cSKKeA+LvPvQmWUcD03S/9RYaPAqFVHx4Fiicf7UhPAeYS+N4IrbLs/werGTP44wUqtsmkV+ao6AAAAABJRU5ErkJggg=="> <p class="centerText largeText"> Logon with client certificate failed </p> <p class="centerText"> Consult documentation or your Cloud Connector administrator </p> <a href="https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/logon-to-cloud-connector-via-client-certificate"> <img id="infoIcon" title="Go to documentation"

This reads to me as if the shadow is trying to authenticate itself using a certificate, although it is actually supposed to use the specified user and LDAP.

Do you have any ideas on how I can proceed here? This has been bothering me for a while and I'm slowly running out of ideas.

Many thanks and best regards!

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

SCC - Shadow attempts to authorize itself unintentionally with a certificate

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (0)