Purpose
The purpose of this document is to list the error codes that can be returned during a trusted RFC connection, including the meaning of each return code.
Cause
A trusted RFC was configured between two ABAP systems.
However, something is not correct at this setup, causing an error while such trusted connection is being used.
Such error is usually observed at a "CALL_FUNCTION_SINGLE_LOGIN_REJ" dump (transaction ST22).
Solution
Fix the incorrect settings related to the trusted setup.
Knowing the meaning of the return codes can help identifying what needs to be fixed.
- The possible return codes for the "trusted system" (T-RC) are:
| 0 | Correct logon via trusted system. |
| 1 | No trusted system entry for the caller system "<SID> " with the installation number " ", if this exists, or the security key entry for system "<SID> " is invalid. |
| 2 | User "<user ID> " does not have RFC authorization (authorization object (S_RFCACL) for user "<user ID> " with client <client>. |
| 3 | The time stamp of the logon data was invalid. |
- The possible return codes for the "logon procedure" (L-RC) are:
| 0 | USER_OK | Login was correct |
| 1 | USER_NOT_ALLOWED | User or password incorrect |
| 2 | USER_LOCKED | User locked |
| 3 | STOP_SESSION | Too many attempts to log on |
| 5 | BAD_BUFFER | Error in the authorization buffer |
| 6 | CUA_MASTER_RECORD | No external user check |
| 7 | BAD_USER_TYPE | Invalid user type |
| 8 | USER_NOT_VALID | Validity of user exceeded |
| 9 | SNC_MAPPING_MISMATCH | User does not correspond to SNC name |
| 10 | SNC_REQUIRED | Secure connection required |
| 11 | SNC_NAME_NOT_IN_ACL | User not found in USRACL(EXT) |
| 12 | SNC_SYST_NOT_IN_ACL | System not found in USRACL(EXT) |
| 13 | SNC_MAPPING_NO_MATCH | No matching user found |
| 14 | SNC_MAPPING_AMBIGUOUS | Multiple user matches found |
| 20 | TICKET_LOGON_DISABLED | Logon process deactivated |
| 21 | TICKET_INVALID | Data received not SSO ticket |
| 22 | TICKET_ISSUER_NOT_VERIFIED | Digital signature not verified |
| 23 | TICKET_ISSUER_NOT_TRUSTED | Ticket issuer not trusted |
| 24 | TICKET_EXPIRED | Ticket expired |
| 25 | TICKET_WRONG_RECIPIENT | Wrong recipient |
| 26 | TICKET_WITH_EMPTY_USERID | Ticket coontains an empty User ID |
| 30 | X509_LOGON_DISABLED | Snc/extid_login_diag = 0 |
| 31 | X509_BASE64_INVALID | Cert not base64-encoded |
| 32 | X509_INVALID_SERVER | X.509 not provided by ITS |
| 33 | X509_HTTPS_REQUIRED | Cert not transferred via SSL |
| 34 | X509_MAPPING_NO_MATCH | No matching account |
| 35 | X509_MAPPING_AMBIGUOUS | Multiple matching accounts |
| 40 | EXTID_LOGON_DISABLED | snc/extid_login_diag = 0 |
| 41 | EXTID_MAPPING_NO_MATCH | No matching account |
| 42 | EXTID_MAPPING_AMBIGUOUS | Multiple matching accounts |
| 50 | PASSWORD_LOGON_DISABLED | login/disable_password_logon |
| 51 | PASSWORD_IDLE_INIT | login/password_max_idle_init |
| 52 | USER_HAS_NO_PASSWORD | USR02.CODVN = 'X' (flag) |
| 53 | PASSWORD_ATTEMPTS_LIMITED | Lock counter exceeded |
| 54 | PASSWORD_IDLE_PROD | login/password_max_idle_prod |
| 100 | CLIENT_NOT_EXIST | Client does not exist |
| 101 | CLIENT_LOCKED | Client locked |
| 200 | MULTIPLE_RFC_LOGON | login/disable_multi_rfc_login |
See also
- SAP note 128447: Trusted/trusting systems
- SAP Help - Maintaining Trust Relationships between SAP Systems
- Official SAP Support Video on Youtube
Related spaces: