Skip to main content
Do checkout my poem section. You are going to love it.

RFC Setup and configurations

 RFC (Remote Function Call) connection creation is a core task for any SAP Basis administrator. It's the backbone of inter-system communication. Let's delve into the detailed creation process for each RFC type in SAP Basis (using transaction SM59), highlighting critical configurations, common issues, and troubleshooting steps.

Understanding RFC Destination Creation (SM59)

All RFC types are created and managed via transaction SM59 - Configuration of RFC Connections. An RFC destination is an object that contains all the parameters necessary to establish and control a connection to a remote system.

The basic steps are:

  1. Open SM59: Log in to your SAP system and enter transaction SM59.
  2. Create New: Click on the "Create" button.
  3. RFC Destination: Provide a descriptive name for your RFC destination (e.g., ECC_CLNT100, HANA_DB_SID).
  4. Connection Type: This is the most crucial setting as it determines the RFC type and the fields that become relevant.

Detailed Explanation of RFC Types and Creation

1. ABAP Connections (Type 3) - For SAP to SAP Communication (sRFC, aRFC, tRFC, qRFC, bgRFC)

This is the most common and versatile type, used for communication between two ABAP-based SAP systems. All sRFC, aRFC, tRFC, qRFC, and bgRFC calls typically leverage an ABAP connection.

Creation Steps (SM59, Connection Type '3'):

  1. RFC Destination: MY_TARGET_ECC_SYSTEM
  2. Connection Type: 3 (ABAP Connections)
  3. Description 1: Descriptive text (e.g., "Connection to ECC Production Client 100")

Technical Settings Tab:

  • Target Host:
    • Load Balancing (Radio Button): Select this if connecting to an SAP system with multiple application servers behind a message server.
      • Target System: SAP System ID (SID) of the target system (e.g., PRD).
      • Message Server: Hostname or IP address of the target system's message server.
      • Logon Group: The logon group defined in the target system (transaction SMLG). This distributes user logins across available application servers in the group.
    • Direct Connection (Radio Button): Select this if connecting to a specific application server directly (e.g., for troubleshooting, or single-instance systems).
      • Target Host: Hostname or IP address of the target application server.
      • System Number: The instance number of the target SAP system (e.g., 00, 01).
  • SAProuter String: (Optional) If connecting via an SAProuter, enter the string here (e.g., /H/saprouter.mycompany.com/S/3299/H/).
  • Saved as: (Optional) IP Address or Host Name (usually Host Name is preferred for flexibility).

Logon & Security Tab:

  • Language: Logon language (e.g., EN for English).
  • Client: Target system client (e.g., 100). CRITICAL!
  • User: User ID for automatic logon to the target system. CRITICAL! This user must exist in the target system and have sufficient authorizations (e.g., S_RFC for RFC execution, S_RFC_ADM for admin tasks).
  • Password: Password for the logon user. CRITICAL!
  • Current User: (Checkbox) If selected, the system attempts to log on to the target system with the current user's credentials (SSO-like), rather than the specified user/password. Requires trusted relationships (see below).
  • Trusted System (Checkbox): Enables SNC (Secure Network Communication) for encrypting and authenticating the RFC communication.
  • RFC Trace: (Checkbox) Activates tracing for this RFC connection (for debugging, performance analysis). Use with caution in production due to performance overhead.

Unicode Tab:

  • Communication Type with Target System:
    • Unicode: Select this if both source and target systems are Unicode (recommended and most common for modern SAP systems).
    • Non-Unicode: Select this if the target system is non-Unicode (legacy systems). This handles character set conversion.

Critical Configurations for ABAP Connections:

  • Client & User/Password: The combination of client, user, and password must be correct and the user must have the necessary RFC authorization objects in the target system. This is the #1 cause of connection failures.
  • Target Host/Message Server/System Number: Accurate technical address of the target.
  • Logon Group (for Load Balancing): Ensure the logon group is correctly defined in SMLG on the target.
  • Unicode/Non-Unicode Setting: Crucial for correct character set handling and avoiding data corruption or connection failures.
  • Trusted System/SNC: For secure production environments.

2. TCP/IP Connections (Type T) - For External Programs/Gateways

Used to connect to external programs that communicate via RFC (e.g., third-party applications, external schedulers, SAP PI/PO Adapter Engine, SAP Gateway services).

Creation Steps (SM59, Connection Type 'T'):

  1. RFC Destination: MY_EXTERNAL_APP
  2. Connection Type: T (TCP/IP Connections)

Technical Settings Tab:

  • Activation Type:
    • Registered Server Program: The external program registers itself with the SAP Gateway using a specific program ID. SAP then connects to this registered program. CRITICAL!
      • Program ID: A unique string that the external program registers (e.g., MY_APP_PROGRAM_ID). This must match exactly between SM59 and the external program's configuration.
      • Gateway Host: Hostname or IP of the SAP Gateway where the program registers.
      • Gateway Service: Name of the SAP Gateway service (e.g., sapgw00 for instance 00).
    • Start on Application Server: SAP starts the external program on the specified application server.
      • Start Program: Full path to the executable of the external program.
      • Host: Hostname of the application server where the program will be started.
    • Start on Front End Workstation: SAP starts the external program on the user's local workstation (rarely used for server-side integration).
  • SAProuter String: (Optional) If connecting via an SAProuter.

Logon & Security Tab:

  • No specific user logon as it's an external program.
  • Security Options: Activate SNC if the external program supports it.

Critical Configurations for TCP/IP Connections:

  • Activation Type & Program ID/Path: This is the most vital configuration. For "Registered Server Program," the Program ID must match the ID used by the external program registering with the Gateway. For "Start on Application Server," the Start Program path must be correct and executable by the SAP user.
  • Gateway Host & Service: Ensure SAP can reach the Gateway.
  • Security (SNC): If sensitive data is exchanged.

3. HTTP Connections (Type G and H) - For Web-Based Communication

Used for HTTP/HTTPS communication, typically with web services or external web applications.

  • Type G (HTTP Connection to External Server): For connecting to any external web server/service.
  • Type H (HTTP Connection to ABAP System): Specifically for connecting to an ABAP system's ICM (Internet Communication Manager) for web services or ICF (Internet Communication Framework) services.

Creation Steps (SM59, Connection Type 'G' or 'H'):

  1. RFC Destination: MY_WEB_SERVICE or MY_ABAP_ICF_SVC
  2. Connection Type: G or H

Technical Settings Tab:

  • Target Host: Hostname or IP address of the web server.
  • Port: Port number (e.g., 80 for HTTP, 443 for HTTPS).
  • Path Prefix: (Optional) The URL path prefix (e.g., /sap/bc/soap/rfc or /my/service).
  • Service No.: (Optional, for Type H) The HTTP/HTTPS service number of the target ABAP system (e.g., 8000 for HTTP, 44300 for HTTPS).
  • Proxy Settings: If connecting via a web proxy.
  • Security: SSL Client Certificate: If using HTTPS, specify the SSL client PSE (Personal Security Environment) and certificate for secure communication. CRITICAL!

Logon & Security Tab:

  • Authentication:
    • Basic Authentication: User/password (least secure, but common).
    • SSL Client Certificate: (CRITICAL for HTTPS) For two-way SSL authentication.
    • Current User: (for Type H, if SSO is enabled).
  • User/Password: If using Basic Authentication.

Critical Configurations for HTTP Connections:

  • Target Host, Port, Path Prefix: Accurate URL components.
  • SSL Client PSE (for HTTPS): The correct SSL client certificate must be configured in STRUST and selected in SM59. This is the #1 issue for HTTPS connections.
  • Authentication Method: Ensure it matches the target web server's requirements.

Common Issues and Troubleshooting Steps

General RFC Connection Issues

  1. Issue: timeout while waiting for a reply or connection to host 'hostname' / service 'sapgwXX' failed (timeout)

    • Reason: Network connectivity issue, target system/Gateway not running, firewall blocking port.
    • Troubleshoot:
      • Ping/Telnet: From the source SAP application server, ping the target host. Then telnet <target_host> <sap_gateway_service_port> (e.g., telnet myhost 3300). If telnet fails, it's a network/firewall/target system issue.
      • Check Target System Status: Ensure the target SAP system or external program is running.
      • Firewall: Verify no firewalls are blocking the necessary ports (33xx for Gateway, 32xx for Direct Connection, 80/443 for HTTP).
      • SAProuter: If using SAProuter, check its status and configuration.

  2. Issue: Password logon no longer possible or User 'RFCUSER' in client 100 has no RFC authorization

    • Reason: Incorrect user/password, user locked, user expired, user doesn't have sufficient RFC authorizations (S_RFC, S_RFC_ACL for trusted, S_RFC_ADM).
    • Troubleshoot:
      • Verify Credentials: Double-check the user and password in SM59.
      • Target System (SU01): Log in to the target system (client 100) with the RFC user in question (e.g., RFCUSER). If you can't log in, the user is locked, expired, or password is wrong.
      • Target System (SU53/ST01): If the user can log in but RFC fails, check SU53 immediately after the failed RFC attempt (by RFCUSER if possible, or by an admin user who performed the test). This shows missing authorization objects. Alternatively, run ST01 trace for the RFCUSER while testing the RFC.

  3. Issue: Internal error in RFC library or RFC_ERROR_SYSTEM_FAILURE

    • Reason: Generic error, could indicate memory issues on target, inconsistent data, or program errors in the remote function module.
    • Troubleshoot:
      • Target System (SM21, ST22, SM50/SM66): Check system logs (SM21), ABAP dumps (ST22), and work process overview (SM50/SM66) on the target system for errors around the time of the RFC call.
      • RFC Trace: If activated, analyze the RFC trace (SM59 -> Utilities -> RFC Trace -> Display Trace) for more details.

Type 3 (ABAP Connection) Specific Issues

  1. Issue: No user defined for client ... (when "Current User" is checked or trusted relationship fails)

    • Reason: Trusted relationship not configured correctly, or the user in the calling system does not exist/have sufficient authorization in the target system.
    • Troubleshoot:
      • Trusted System Configuration (S_RFC_ACL): Ensure both systems are configured as trusted/trusting. This involves maintaining table RFCTRUST and ensuring the RFC user has authorization object S_RFC_ACL on both sides.
      • User Existence/Authorization: Verify the calling user exists in the target system and has S_RFC authorization.

  2. Issue: Code page conversion failed or Conversion of parameter ... failed (Unicode/Non-Unicode mismatch)

    • Reason: Incorrect Unicode/Non-Unicode setting in SM59 for the target system.
    • Troubleshoot:
      • Verify Target System Type: Check if the target system is Unicode or Non-Unicode (e.g., in SM51 -> Release Notes).
      • Adjust SM59: Correct the "Communication Type with Target System" setting on the Unicode tab of the RFC destination.

Type T (TCP/IP Connection) Specific Issues

  1. Issue: Program ID 'XYZ' not registered (for Registered Server Program)

    • Reason: The external program is not running, not correctly registered with the SAP Gateway, or the Program ID in SM59 doesn't match.
    • Troubleshoot:
      • Check External Program Status: Ensure the external program is running.
      • Verify Program ID: Double-check the Program ID in SM59 and the external program's configuration for exact match (case-sensitive).
      • Gateway Monitor (SMGW): In SMGW (Gateway Monitor), go to "GoTo" -> "Logged On Clients" to see if the external program's Program ID is registered. If not, the issue is with the external program's registration.
      • Gateway Logs: Check Gateway logs for any errors.

  2. Issue: Error starting program ... (for Start on Application Server)

    • Reason: Incorrect path to executable, permissions issue, or the executable itself is faulty.
    • Troubleshoot:
      • Verify Path: Check the full path to the executable in SM59.
      • OS Permissions: Log in to the application server (OS level) with the SAP service user (e.g., <sid>adm) and try to execute the program manually. Check file permissions.
      • Environment Variables: Ensure any necessary environment variables for the external program are set in the SAP user's profile.

Type G/H (HTTP Connection) Specific Issues

  1. Issue: SSL handshake with ... failed or Error in SSL (for HTTPS connections)

    • Reason: Incorrect SSL client certificate in SM59, missing trusted root certificate in STRUST, expired certificates, hostname mismatch in certificate.
    • Troubleshoot:
      • STRUST Check: Go to STRUST on the SAP system.
        • SSL Client Standard PSE: Ensure this PSE exists and contains a valid client certificate and its corresponding trusted root certificates.
        • Load Certificates: Make sure all necessary intermediate and root certificates of the target server are imported into your SAP system's "SSL Client Standard" PSE.
      • SM59 SSL Settings: Verify that the correct SSL Client PSE is selected in the RFC destination.
      • Target Server Certificate: Use a browser or openssl s_client command from the SAP server to inspect the target web server's certificate chain.
      • Hostname Mismatch: Ensure the hostname in the target server's certificate matches the hostname used in your SM59 destination.

  2. Issue: HTTP 401 Unauthorized or HTTP 403 Forbidden

    • Reason: Incorrect user/password for Basic Authentication, insufficient authorizations on the target web server, or misconfigured authentication.
    • Troubleshoot:
      • Verify Credentials: Double-check the user/password in SM59.
      • Test in Browser: Try accessing the URL directly in a web browser using the same credentials.
      • Target Web Server Logs: Check the logs of the target web server/application for authentication errors.

By understanding these common issues and following a systematic troubleshooting approach, a Basis administrator can efficiently resolve most RFC-related communication problems in an SAP landscape.

Comments

Post a Comment

Popular posts from this blog

An experiment with the life

"Best Thing about experiment is that it only improves the outcome." Well, I am Rakshit, hope you already know. I am not special and surely not especially gifted. Neither things go according to my wish. Neither I am the best writer.  But I am myself who is totally unique from anyone else. And I am Rakshit Ranjan Singh. I have my own fun, fights and fall in the most fundamentalistic way. Mechanical is my degree. IT is my Job. Beauty in nature is what I search. Words of my heart are what I write. Four different things I carry on my shoulder and a smile on my face, hope you might have seen that. What do I care for? Family, friends and nature. Do I have regrets? More than I can imagine. Let us move further to see what really is my life.
Read more

Learn Java

Hello Friends, You might already know what Java is. Without taking much of your time, I would like to ask you to please click below if you are ready to learn it from end to end. The Material over here is available on the internet and is free to access.  I would request you to bookmark this page and follow it. Please comment if you are happy with the learning. click here
Post a Comment
Read more

Driving

My Driving Journey: From Zero to (Almost) Hero! Hello everyone! I'm excited to share my ongoing adventure of learning to drive. It's been a mix of nervous excitement, hilarious near-misses, and the slow but steady feeling of progress. Buckle up, because here's a peek into my journey behind the wheel! The First Lesson: Clutch Confusion! My first time in the driver's seat was... memorable. Let's just say the clutch and I weren't immediate friends. Lots of jerky starts and a few stalls later, I began to understand the delicate dance between the pedals. My instructor was incredibly patient (thank goodness!). Mastering the Steering Wheel (Sort Of) Steering seemed straightforward enough, but navigating turns smoothly was a different story. I definitely had a few moments of feeling like I was wrestling with the wheel. Slowly but...
Post a Comment
Read more