Monday, 25 November 2024

Error codes during logon (list) # SAP Basis Adminstrator

 ERROR: 

1:   During an (RFC) logon, the system displays the following text:

"You are not authorized to logon to the target system (error code...)"

with an error code number whose meaning is unclear to you.


2:  You find the following unfamiliar lines in the developer trace file (dev_w..):

DyISigni: client=..., user=..., lang=... , access=..., auth=...

usrexist: effective authentification method: ....

DyISigni: return code=... (see Note 320991)


The extended trace messages (starting from trace level 2, for the "Security" component, you can activate them dynamically using transaction SM50) are available starting from the following kernel versions:


4.6D kernel starting from patch level 141

4.5B kernel starting from patch level 506

Explanation of the Error Codes/Return Codes

0 No error - successful logon

1 Incorrect logon data (client, user name, password)
2 User account is locked
3 Incorrect logon data; for SAPGUI: connection closed
4 Successful logon using virtual user or emergency super user
5 Error when constructing the user buffer (==> possible follow-on error)
6 User exists only in the central user administration (CUA)
7 Invalid user type
8 User account outside validity period
9 SNC name and specified user/client do not match
10 Logon requires SNC (Secure Network Communication)
11 No ABAP user with this SNC name exists in the system
12 ACL entry for SNC-secured server-server link is missing
13 No suitable SAP account found for the SNC name
14 Ambiguous assignment of SNC names to ABAP users
15 Unencrypted SAP GUI connection refused
16 Unencrypted RFC connection refused
20 Logon using logon/assertion ticket is generally deactivated
21 Syntax error in received logon/assertion ticket or reentrance ticket not valid
22 Digital signature check for logon/assertion ticket fails
23 Logon ticket/assertion issuer is not in the ACL table
24 Logon/assertion ticket is no longer valid
25 Assertion ticket receiver is not the addressed recipient
26 Logon/assertion ticket contains no/an empty ABAP user ID
27 Reauthorization check: ticket does not match current user
28 Ticket logon denied by security policy
30 Logon using X.509 certificate is generally deactivated
31 Syntax error in the received X.509 certificate
32 X.509 certificate does not originate from the Internet Transaction Server
34 No suitable ABAP user found for the X.509 certificate
35 Ambiguous assignment of X.509 certificate to ABAP users
36 36 Certificate is older than the date entered as "min. date" (USREXTID)
37 X.509 certificate is not currently valid
41 No suitable ABAP user found for the external ID
42 Ambiguous assignment of external ID to ABAP users
50 Password logon was generally deactivated or denied by security policy
51 Initial password has not been used for too long
52 User does not have a password
53 Password lock active (too many failed logons)
54 Productive password has not been used for too long
60 SPNego logon denied by security policy
61 Invalid SPNego token (syntax)
62 NTLM token received instead of SPNego token
63 Missing/incorrect Kerberos keytab entry
64 Invalid SPNego token (time)
65 SPNego replay attack detected
66 SPNego: Error when creating the SNC name
67 SPNego: No suitable SAP account found for the SNC name
68 SPNego: Ambiguous assignment of SNC names to ABAP users
69 Reauthentication check: SPNego token does not match current user
100 Client does not exist
101 Client is currently locked for logons
102 External WebSocket RFC communication is not allowed (RFC runtime)
103 External WebSocket RFC communication requires alias user (RFC runtime)
104 System is in maintenance mode and locked against logons
110 Tenant was stopped (runlevel STOPPED)
111 Tenant cannot be used generally (runlevel ADMIN)
112 No authorization to log on to the current logon category
120 Server does not allow logon
121 No special rights for logon on this server
300-399 OpenID connect (OIDC) error; see SAP Note 3111813
1001 Password is initial/has expired - interactive change required (RFC/ICF)
1002 Trusted system logon failed (no S_RFCACL authorization)
3000 Reauthorization check: SAML bearer assertion is not compatible with current user
3001 Internal SAML bearer assertion verification error
3002 SAML bearer assertion could not be parsed
3003 SAML bearer assertion was already used (replay)
3004 SAML bearer assertion could not be assigned to a user
3005 Issuer of SAML bearer assertion is not trusted
3006 NameID format of SAML bearer assertion is not supported
3007 Signature of SAML bearer assertion is not valid
3008 SAML bearer assertion is not valid or is no longer valid
3009 SAML is not activated or SAML bearer assertion provider is not activated


Explanations for "access" (access types):

A Dialog logon (SAP GUI)
B Background processing (batch)
C CPIC
F RFC (as of 4.6C: internal RFC)
R RFC (as of 4.6C: external RFC)
I RFC system call (internal SRFC)
S RFC system call ( [external]* SRFC) - *see SAP Note 2590963
U User switch (internal call)
H HTTP
u Restore session (ABAP class CL_USERINFO_DATA_BINDING)
" " API call (such as SUSR_CHECK_LOGON_DATA)
M SMTP authentication (MTA): Password check
P ABAP push channel (APC)/WebSockets
E Establishment of a shared memory area (internal call)
O AutoABAP (internal call)
T Server startup procedure (internal call)
V SAP start service (internal call)
J Java Virtual Machine (internal call)
W BGRFC watchdog (internal call)
G ABAP Resource Manager (internal call)
r RFC via WebSockets (external)
Y TRFC/QRFC/bgRFC (internal)

Explanations for "auth" (authentication types):

P Password-based authentication
T Logon ticket
t Assertion ticket
X Certificate-based logon (X.509, https)
S SNC (Secure Network Communication)
R Internal RFC or trusted system RFC
A Internal call via background processing, for example
E External authentication (PAS, SAML, ...)
U Inverse user switch (ABAP class CL_USER_POC)
s HTTP security session
2 SAML2
1 SAML1
o OAuth2
N SPNego
a APC session (WebSockets)
B SAML bearer
r Reentrance ticket
D OIDC logon
d OIDC bearer

List: CPIC error codes in SAP Systems # SAP Basis Administrator

 This note concerns error analysis in the network environment and CPIC return codes in particular.
The meaning of the return code numeric values is unclear.


  CPIC return codes (not SAP-specific)

  CM_OK                          0
  CM_ALLOCATE_FAILURE_NO_RETRY  1
  CM_ALLOCATE_FAILURE_RETRY      2
  CM_CONVERSATION_TYPE_MISMATCH  3
  CM_SECURITY_NOT_VALID          6
  CM_SYNC_LVL_NOT_SUPPORTED_PGM  8
  CM_TPN_NOT_RECOGNIZED          9
  CM_TP_NOT_AVAILABLE_NO_RETRY  10
  CM_TP_NOT_AVAILABLE_RETRY    11
  CM_DEALLOCATED_ABEND          17
  CM_DEALLOCATED_NORMAL        18
  CM_PARAMETER_ERROR            19
  CM_PRODUCT_SPECIFIC_ERROR    20
  CM_PROGRAM_ERROR_NO_TRUNC    21
  CM_PROGRAM_ERROR_PURGING      22
  CM_PROGRAM_ERROR_TRUNC        23
  CM_PROGRAM_PARAMETER_CHECK    24
  CM_PROGRAM_STATE_CHECK        25
  CM_RESOURCE_FAILURE_NO_RETRY  26
  CM_RESOURCE_FAILURE_RETRY    27
  CM_UNSUCCESSFUL              28
  CM_OPERATION_INCOMPLETE      35
  CM_SYSTEM_EVENT               36

Gateway error codes


  CPIC_ERROR                    221 Error in the CPIC interface
  CANT_GET_MEMORY              222 Memory bottleneck
  NI_READ_FAILED                223 Network read error
  NI_WRITE_FAILED              224 Network write error
  INVALID_REQUEST              225 Invalid request
  NOT_YET_CONNECTED            226 Not yet connected
  GW_WP_DIED                    227 Gateway process died
  SHM_READ_FAILED              228 Shared memory problem (read)
  SHM_WRITE_FAILED              229 Shared memory problem (write)
  NO_MORE_LU                    230 No available LU
  NO_MORE_WP                    231 No available gateway process
  CANT_START_WORKPROCESS        232 Error when starting the gateway process
  WRONG_COMM_TYPE              233 Wrong communication type
  CONNECT_FAILED                234 Connection setup failed
  COMM_TABLE_ERROR              235 Error in comm. table
  GW_CONNECT_FAILED            236 No connection to the gateway
  GW_DISCONNECTED              237 Connection to the gateway disconnected
  WRITE_TO_GW_FAILED            238 Error with GW comm. (write)
  READ_FROM_GW_FAILED          239 Error with GW comm. (read)
  INVALID_LEN                  240 Invalid length
  INVALID_ENVIRONMENT           241 Invalid environment
  GW_TIMEOUT                    242 Timeout
  GW_CONNECT_TO_R3              243 Error when setting up R/3 connection
  SYSTEM_DISCONNECTED          244 Partner disconnected connection
  MEM_OVERFLOW                  245 Memory overflow
  WRONG_APPCHDR_VERSION         246 Incorrect APPC header version
  GW_APPC_SERVER_DOWN          247 Loc. gateway not started
  TXCOM_TABLE_FAILED            248 Error when accessing TXCOM
  COMM_TABLE_OVERFLOW           249 Comm. table full
  C_NO_MEM                      450 No memory
  C_NO_SIDE_INFO                451 No SIDE INFO entry
  C_TP_START                    452 TP-START failed
  C_NO_INIT                    453 No initialization
  C_GETLU                      454 "getlu" failed
  C_SIGNAL                      455 "signal" failed
  C_TIMEOUT                    456 Timeout when establishing connection
  C_ALLC                        457 CMALLC failed
  C_SEND                        458 CMSEND failed
  C_PREPARE                    459 Prepare-To-Receive failed
  C_FLUSH                      460 CMFLUS failed
  C_RECEIVE                    461 CMRCV failed
  C_NO_ARGUMENT                462 Missing argument
  C_GET_ALLOCATE                463 "get_allocate" failed
  C_DEAL                        464 CMDEAL failed
  C_TP_END                      465 TP-END failed
  C_MAX_CONV                    466 Max. number conv. reached
  C_SNAOPEN                    467 "snaopen" failed
  C_SNACTL                      468 "snactl" failed
  C_NO_FLUSH                    469 No flush in IBM environment
  C_SNACLSE                    470 "snaclse" failed
  C_STATE_CHECK                471 Status error
  C_NO_SIDE_INFO_ENTRY          472 No side info entry
  C_NO_CONV                    473 No conversation
  C_MANUAL_CANCELD              474 Connection manually cancelled
  C_AUTO_CANCELD                475 Connection automatically cancelled
  C_NO_PARTNER                  476 No partner found
  C_CONFIRM                    477 Confirm failed
  C_CONFIRMED                  478 Confirmed failed
  C_NO_HOST_IN_SIDE_INFO        479 GWHOST not in side info entry
  C_NO_SERV_IN_SIDE_INFO        480 GWSERV not in side info entry
  C_NO_PROT_IN_SIDE_INFO        481 PROTOCOL not in side info entry
  C_NO_LU_IN_SIDE_INFO          482 LU not in side info entry
  C_NO_TP_IN_SIDE_INFO          483 TP not in side info entry
  C_NO_GATEWAY_CONNECTION       484 No connection to the gateway
  C_GETHOSTNAME                485 gethostname failed
  C_NO_SAP_CMACCP              486 SAP_CMACCP not executed
  C_NO_PROGRAM_NAME_ARG         487 Program not in arg. list
  C_NO_HOST_ARG                488 Host not in arg. list
  C_NO_SERV_ARG                489 Service not in arg. list
  C_NO_CONVID_ARG              490 Conv. ID not in arg. list
  C_ILLEGAL_PARAMETER           491 Illegal parameter
  C_LU62CVCT                    492 LU62CVCT failed
  C_LU62ATTACH                  493 LU62ATTCH failed
  C_NO_CONV_TABLE              494 No conv. table
  C_ILL_CONV_TABLE              495 Incorrect conv. table
  C_ILL_MOD_VALUES              496 Invalid conv. modification
  C_NIHOSTTOADDR                497 NiHostToAddr failed
  C_NIADDRTOHOST                498 NiAddrToHost failed
  C_THOST_FAILED                499 Reading table THOST failed
  INVALID_MODE                  630 Invalid mode number received
  MAX_NO_OF_GATEWAYS            631 Max. no. of gateways reached
  MISSING_LU_SPEC              632 No LU specified
  MAX_CPIC_CLIENTS              633 Max. no. of clients reached
  BAD_TPNAME                    634 Invalid TP name
  FORK_FAILED                  635 Fork failed
  BAD_NI_HANDLE                636 Invalid NI handle
  REXEC_FAILED                  637 rexec failed
  TP_START_FAILED              638 Starting the TPs failed
  NI_DG_SEND_FAILED            639 NiDgSend failed
  INTERNAL_ERROR                640 Internal error
  GW_HOST_UNKNOWN              664 Gateway host unknown
  GW_SERVICE_UNKNOWN            665 Gateway service unknown
  GW_NI_ERROR                  666 NI error
  GW_EXEC_FAILED                667 exec failed
  R2_RESTARTED                  668 R/2 restarted
  SYM_DEST_TOO_LONG            669 Symb. destination too long
  NO_MORE_SIDE_INFO_ENTRY       670 No more side info entries
  R3_LOGIN_FAILED              672 R/3 Login failed
  IMS_ERROR_PURGING            673 IMS error purging
  PENDING_TERM_OUTPUT          674 Timeout of reg. programs
  GW_SECURITY_ERROR            676 TP not registered
  GW_TIMEOUT_REG_PRGM          677 Timeout of registered program
  TP_REGISTERED                678 TP is registered
  TP_NOTREGISTERED              679 TP not registered
  TP_REG_SECU_ERROR            720 Security violation for reg. prgrms
  GW_SNC_DISABLED              721 SNC deactivated
  GW_SNC_REQUIRED              722 SNC required
  GW_SNC_NAME_NOT_SET           723 SNC name not defined
  GW_SNC_NAME_NO_DEFAULT        724 Default SNC name not permitted
  GW_SNC_PROT_NOT_SUPP          725 Log does not support SNC
  GW_R3_NOT_CONNECTED          726 No local R/3 system
  GW_SNC_REQUIRED_FOR_LU_TP     727 SNC required
  CONV_ID_NOT_FOUND            728 Conversation ID not found
  GW_SNC_SECURE_PORT            729 Comm. must make SNC
  GW_SNC_START_EXT_DIS          730 Start of ext. Program deactivated
  GW_SHUTDOWN                  731 Gateway was shut down
  GW_REM_PRGM_DISABLED          732 No external programs
  GW_STOLEN_CONVID              733 Conversation ID does not fit
  GW_NET_CONV_ERROR             734 Net Conv Error
  GW_MONITOR_DISABLED           735 Monitor not active
  GW_DUPLICATE_CVID            736 Conv. ID not unique
  GW_CONNECT_TIMEOUT            737 Timeout of connection setup to remote system
  GW_REQ_TO_DP_FAILED          738 Request could not be transferred to the dispatcher
  GW_CLIENT_ALREADY_DISC        739 Connection partner has already disconnected the connection
  GW_NO_HOST_IN_ROUTE           740 No hosts contained in route
..GW_ROUTE_CONNECT_DIS          741 Route already disconnected (no longer used)
  GW_CONN_IS_FREE              742 Connection already released
  GW_CONN_IS_DISC              743 Connection disconnected
  GW_REQBLK_ADM_ERROR           744 Error in request processing
  GW_BUFINFO_ERROR              745 Error in buffer handling
  GW_HDLINFO_ERROR              746 Error in network handling
  TP_REG_NOREG_ERROR            747 Number of registrations exceeded for this program
  TP_REG_ACCESS_DENIED          748 Access to registered server denied
  GW_PARAM_NOT_FOUND            749 Parameter could not be found
  GW_PRXY_ACCESS_DENIED         750 Gateway must not be used as a proxy
  GW_ACCEPT_TIMEOUT            751 Timeout when logging on (gw/accept_timeout)
  GW_WRONG_SERVER              752 not connected to the gateway
  C_NO_SIDE_INFO_GW            760 No side info file
  C_RECEIVE_WITH_PAR            761 CMRCV failed
  C_NO_SNC_LIB_ARG              762 SNC library not in arg. list
  C_NO_SNC_NAME_ARG            763 SNC name not in argument list
  C_SNC_INV_HANDLE              764 SNC invalid handle
  C_SNC_DISABLED                765 SNC deactivated
  C_SNC_ERROR                  766 General SNC error
  C_SNC_MODE_ON                767 SNC required
  C_SNC_NOT_AVAILABLE           768 SNC not available
  C_ILLEGAL_PARAMETER2          769 Invalid parameter
  C_AREA_TOO_SMALL              770 Memory area too small
  C_SNC_INV_STATE              771 Invalid SNC status
  C_RETURN_CODES                772 Error numbers
  C_REG_STATE_CHECK            773 Status violation during registration
  C_CPICTERR                    774 Error text for error number
  C_NO_SYMDEST                  775 No symbolic destination
  C_FUNCTION_NOT_SUPPORTED      776 Function not supported
  C_NET_CONV_ERROR              777 Conversion error when reading or writing data
  C_SIDEINFO_DISABLED          778 Access to side info file deactivated
  C_TIMEOUT_BLOCK              779 Timeout for blocking network call
  C_FAILOVER_ERROR              780 Error when communicating with failover software
  C_PROXY_ERROR                781 Error when communicating with the proxy server
  C_MPI_ERROR                  782 Error when communicating with memory pipes (Mpi)
  C_MTX_ERROR                  783 Error with lock management (mutex)
  C_CS_ERROR                    784 Error with lock management (critical section)