cancel
Showing results for 
Search instead for 
Did you mean: 

RFC_COMMUNICATION_FAILURE for SNC Connection

jongilman
Explorer
0 Kudos
4,178

We have an external application making RFC calls into our SAP system without a problem. However, we have now decided to use SSO with Active Directory for user authentication. The user logs in to an ADFS service and the SAML response containing the user's X509 certicate is then sent through our application to SAP. For some reason port 4800 is not running on our SAP server. The error we are getting is below:

RFCCommunicationError: RFC COMMUNICATION ERROR: RFC connection open failed/ 1 / RFC_COMMUNICATION_FAILURE /

LOCATIONCPIC (TCP/IP) on local host with Unicode

ERROR partner '192.168.204.102:4800' not reached

TIMEMon Mar 26 10:24:33 2018

RELEASE 720

COMPONENT NI (network interface)

VERSION 40

RC-10

MODULEnibuf.cpp

LINE4658

DETAILNiBufIConnect: connection pending after 60000ms

SYSTEM CALL connect

ERRNO 115

ERRNO TEXTOperation now in progress

COUNTER 2

Here are the connection parameters we are using:

{

"lang": "EN",

"client": "010",

"ashost": "192.168.204.102",

"gwhost": "sapeccdb101",

"gwserv": "sapgw00",

"sysid": "DEV",

"snc_lib": "/home/ubuntu/sec/libsapcrypto.so",

"snc_mode": "1",

"extidtype": "UN",

"extiddate": "< user name >"

"x509cert": "< base64 encoded user certificate >"

"snc_myname": "< our app's canonical name >",

"snc_partnername": "< sap server's canonical name >"

}

I have confirmed that the process sapgw00s is not running. I've also confirmed that our users are using SAP's Secure Login Client for SNC connections into SAP, but that the SNC traffic for the GUI is flowing over port 3200. I was under the impression that SNC GUI traffic flowed over port 4700. How do you control the ports over which SNC traffic flows?

View Entire Topic
BJarkowski
Active Contributor
0 Kudos

Maybe it’s firewall issue?

Try to telnet to port 4800 from your network and from the external app location.

jongilman
Explorer
0 Kudos

We tried a telnet, saw the traffic flowing over the network nicely, and then getting blocked by SAP. My guess is the service sapgw00s is not running. I have the Basis team changing the snc/r3int_rfc_secure from 0 to 1 and they will reboot the SAP server tonight. Do you know if that parameter drives the start of the sapgw00s service?

jongilman
Explorer

Actually it was the firewall. The SAP instance is running on Amazon, and although our network was allowing traffic over port 4800, the security group in AWS was not allowing port 4800.