cancel
Showing results for 
Search instead for 
Did you mean: 

RFC_ERROR_LOGON_FAILURE - This system rejects all logons using SSO tickets

Former Member
0 Kudos

Hi Gurus,

I met a portal problem when I try to execute my BW queries in the portal (before it worked!!!).

Today I have an IE error page: (Exception in BI runtime... RFC_ERROR_LOGON_FAILURE - This system rejects all logons using SSO tickets...Exception (103)...).

I already had a look in the SDN forum, I read several posts and often saw these information:

**************************************************************************************************************

You can check the following

1 - the following profile parameters are set:

login/create_sso2_ticket = 2

login/accept_sso2_ticket = 1

2 - if the corresponding R3 user is not locked or expired;

3 - if the portal certificate is added to the ACL list of the R/3 System (using STRUSTSSO2);

**************************************************************************************************************

1 - I had a look in AL11 (directory DIR_PROFILE = G:\usr\sap\EC1\SYS\profile) and the file EC1_DVEBMGS00_sapecc contains the information login/accept_sso2_ticket = 1 & login/create_sso2_ticket = 2.

2 - my user is not locked or expired ))))

3 - I don't know if a portal certificate is added to the ACL list but there are 2 records ("OU=J2EE, CN=EC1" and "CN=ID3"). How to know if both of these certificates are always valid?? How to know what a certificate does?

After having checked these 3 points it doesn't still work and I'd need your help.

Thanks in advance

Samuel

Thanks in advance

Accepted Solutions (0)

Answers (1)

Answers (1)

i827647
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi, Samuel

Set the parameters via RZ10

login/create_sso2_ticket = 1

login/accept_sso2_ticket = 1

Check the tickets via SSO2

Open STRUSTSSO2 and export the certificate.

Import this file into portal via Visual Admin.

Export the Portal Certificate and import it into R/3 via STRUSTSSO2.

Regards,

Edson Thomaz

Former Member
0 Kudos

Hi,

1 - Parameters in RZ10 are OK.

2 - I don't know which RFC connection test in SSO2

3 - Which certificate have to be export? I try to export our own certificated nammed "CN=ID3" (upper block) and the result file is blank. I don't manage to do the same operation with the second nammed "OU=J2EE, CN=EC1"

I'm sorry but I'm absolutly not efficient in administration

Samuel

i827647
Product and Topic Expert
Product and Topic Expert
0 Kudos

Samuel, do you try to reimport the Potal Certificate??

1 - expot the portal Certificate: System Admin / System Config / Keystore Admin

2 - import into R/3 system using STRUSTSSO2

You can get more details in http://wiki.sdn.sap.com/wiki/display/SRM/EnablingSSOforSRMand+Portal

Regards,

Edson Thomaz

Former Member
0 Kudos

hi samuel,

i got problem like this,

1. Do you have dialog instance on your backen system? if yes, trys to change paramter login/accept_sso2_ticket = 1 distributed, by run t-code RZ11, enter this param and klik Change Value , do not forget tick "switch all server"

2. Try to delete all certificate between backend and Portal, try to test JCO Connection, i am sure error message is different, it's Good news, it means previous error has been changed

3. Try to import again all certificate SSO between Portal and Backend, vice versa

4. Try test JCO Connection, 100 % its will be OK

hope this help you much

regards,

ghochi