2018-11-26 1532825
1532825 - Deleting SECSTORE entries during system export/system copy
Version
Language
Priority
Release Status
Component
22
English
Correction with high priority
Released for Customer
BC-MID-RFC ( RFC )
Type
Master Language
Category
Released On
Please find the original document at https://launchpad.support.sap.com/#/notes/ 1532825
SAP Note
German
Program error
26.04.2013
Symptom
1. After a system export, a system copy, or a system upgrade, remote function calls (RFCs) lead to the short dump "CALL_FUNCTION_SIGNON_INCOMPL" ("Incomplete logon data").
2. The connection test of the RFC destination "NONE" causes the runtime error
"CALL_FUNCTION_SIGNON_INCOMPL with the error text:
"Anmeldedaten unvollständig" or "Incomplete logon data".
3. In the case of a system upgrade, the upgrade n the phase
"MAIN_NEWBAS/JOB_BATCHCHECK_XPRA" or
"MAIN_SHDIMP/SUBMOD_SHD2_RUN/CREATERFCDEST_S2OX" results in a short dump with runtime error "CALL_FUNCTION_CONNECT_ERROR".
4. The work process trace contains entries of the form:
N RSEC: The entry with identifier
"/HMAC_INDEP/RFC_EXTERNAL_TICKET_4_TRUSTED_SYSTEM"
N was encrypted by a system
N with different SID and cannot be decrypted here. and/or entries of the form:
N RSEC: The entry with identifier
"/HMAC_INDEP/RFC_INTERNAL_TICKET_4_TRUSTED_SYSTEM"
N was encrypted by system "..."
N and cannot be decrypted here ("...").
5. In transaction SECSTORE, the entry
"/HMAC_INDEP/RFC_EXTERNAL_TICKET_4_TRUSTED_SYSTEM" and/or the entry
"/HMAC_INDEP/RFC_INTERNAL_TICKET_4_TRUSTED_SYSTEM" is marked with a red traffic light. In transaction SECSTORE, both entries are assigned to the application
"Secure Hash Function (HMAC)".
Other Terms secstore, trust relationship, system export, system copy, system upgrade
Reason and Prerequisites
Prerequisites:
• You have applied the kernel patches for the following SAP Basis Releases:
© 2018 SAP SE or an SAP affiliate company. All rights reserved 1 of 4
2018-11-26 1532825
SAP Release 700 (kernel patch level 285 or higher)
SAP Release 640 (kernel patch level 359 or higher)
SAP Release 701 (kernel patch level 117 or higher)
• After system exports, system copies, or system upgrades during which the system ID (SID) changes, certain SECSTORE entries are invalid.
Solution
1. Solution by migrating the invalid SECSTORE entry
/HMAC_INDEP/RFC_EXTERNAL_TICKET_4_TRUSTED_SYSTEM, provided that SAP Note
1491645 was implemented.
The validity check and the migration of an SECSTORE entry are described in SAP
Note 816861.
2. Solution by manually deleting two SECSTORE entries (as of Release 7.00):
• Call transaction SECSTORE.
• Choose "Execute" (F8).
• In the entries that are displayed, delete the entry
/HMAC_INDEP/RFC_INTERNAL_TICKET_4_TRUSTED_SYSTEM if it is marked with a red traffic light.
• In the entries that are shown, delete the entry
/HMAC_INDEP/RFC_EXTERNAL_TICKET_4_TRUSTED_SYSTEM if it is marked with a red traffic light. After the deletion of this entry, all the trust relationships to trusted systems (systems that are trusted by the current system) are invalid and, if required, have to be deleted in the current system using transaction SMT1 and then have to be recreated.
• In transaction SE37, execute the function module RFC_PING with the destination NONE. If the system displays an error message, execute the function module RFC_PING again; the error message cannot appear a second time in this case.
3. Solution by executing a report (as of SAP Basis Release 620):
• Execute the report RS_TT_CLEANUP_SECSTORE. If you cannot implement the report using transaction SNOTE (due to the RFC problem), copy the source code of the report for the relevant release from the attachment of this note. This report deletes invalid secstore entries
/HMAC_INDEP/RFC_INTERNAL_TICKET_4_TRUSTED_SYSTEM and
/HMAC_INDEP/RFC_EXTERNAL_TICKET_4_TRUSTED_SYSTEM. After the deletion of the entry for /HMAC_INDEP/RFC_EXTERNAL_TICKET_4_TRUSTED_SYSTEM, all the trust relationships to trusted systems (systems that are trusted by the current system) are invalid and, if required, have to be deleted in the current system using transaction SMT1 and then have to be recreated.
Software Components
Software Component
SAP_BASIS
© 2018 SAP SE or an SAP affiliate company. All rights reserved
620 - 640
Release
2 of 4
2018-11-26
SAP_BASIS
SAP_BASIS
SAP_BASIS
SAP_BASIS
SAP_BASIS
1532825
700 - 702
710 - 730
731 - 731
800 - 803
740 - 740
Correction Instructions
Software Component
SAP_BASIS
SAP_BASIS
SAP_BASIS
From
700
701
620
To
700
730
640
1
1
3
Version Changed on
18.01.2011 20:22:33
15.12.2010 16:11:31
19.01.2011 09:03:09
ID
0001299433
0001282370
0001299692
Support Package
SAP_BASIS
SAP_BASIS
SAP_BASIS
SAP_BASIS
SAP_BASIS
SAP_BASIS
SAP_BASIS
SAP_BASIS
SAP_BASIS
Software Component
701
702
710
711
620
640
700
720
730
Release Support Package
SAPKB62070
SAPKB64028
SAPKB70024
SAPKB70109
SAPKB70207
SAPKB71012
SAPKB71107
SAPKB72005
SAPKB73003
Support Package Patches
© 2018 SAP SE or an SAP affiliate company. All rights reserved 3 of 4
2018-11-26
Software Component Version
SAP KERNEL 8.00 64-BIT UNICODE
1532825
Support Package
SP008
Patch Level
000008
This document refers to
SAP Note/KBA
816861
1611854
1491645
Title
Migration of entries in secure storage
Profile import fails after system copy
Unauthenticated system access via RFC or HTTP
This document is referenced by
SAP Note/KBA
2048215
2413291
1681885
1611854
Title
Troubleshooting CALL_FUNCTION_SIGNON_INCOMPL runtime errors
RFC communications error with system/destination
Treatment of "RFC Trusted" in the Secure Storage ABAP/DB
Profile import fails after system copy
Attachments
File Name source_code_for_cleanup_program.z ip
3
File Size Mime Type application/x-zip-compressed
© 2018 SAP SE or an SAP affiliate company. All rights reserved 4 of 4
