Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

System refresh - application startup fails with SNC error

Go to solution
asif_rahmetulla
Participant

‎09-07-2022 6:07 PM

0 Kudos

Hello all,

SAP AS ABAP system fails to start after system refresh. We have recently enabled SNC and first time performing system refresh with SNC enabled. The application fails to start after the database recovery. The work process trace shows the application could not acquire accepting credentials for name (p:CN=SAPsncTARGETSID, O=CompanyName, L=Cityname, C=CountryName) associated to target system. It shows the default acceptor name from the source system (p:CN=SAPsncSOURCESID, O=CompanyName, L=Cityname, C=CountryName).

We use ABAP PCA to export and import system specific data, however, unable to bring system up. We have tried copying the PSE file from SOURCE system into the SECUDIR and created cred_v2 file but that did not help.

What is the best practice followed to perform system refresh on systems with SNC enabled?

1 ACCEPTED SOLUTION

Go to solution
asif_rahmetulla
Participant

‎10-12-2022 6:51 PM

0 Kudos

We checked with SAP support and following feedback was given:

"When the STRUST-managed "SNC SAPCryptolib" PSE (aka SAPSNCS.pse) is used for SNC, then the original of that PSE file is persisted on the database by STRUST, and the PSE file contents are downloaded from the database and written into $(DIR_INSTANCE)$(DIR_SEP)sec$(DIR_SEP)SAPSNCS.pse during AppServer start, and before SncInit is called.

If the STRUST database table currently contain an incorrect "SNC SAPCryptolib" PSE as result of a database copy, then system should be started without SNC (snc/enable=0), then contents of "SNC SAPCryptolib" PSE in STRUST need to be replaced with the actually desired SNC PSE for the new system (such as a from a file-based backup copy of the previous SNC PSE), and that "SNC SAPCryptolib" PSE need to be imported and saved in tx STRUST, and then system needs to be restarted with the appropriate value for "snc/identity/as" & "snc/enable=1""

Regards,Asif
3 REPLIES 3

Go to solution
gabriel_cordovan
Participant

‎10-04-2022 7:36 PM

0 Kudos

Hi,

The SAPSNCS.pse should contain the certificate with the subject defined by snc/identity/as parameter. This is certificate that the system is expecting during startup.


Best regards,
Gabriel

Go to solution
asif_rahmetulla
Participant
In response to gabriel_cordovan

‎10-12-2022 6:51 PM

0 Kudos

Thank you for your feedback

Go to solution
asif_rahmetulla
Participant

‎10-12-2022 6:51 PM

0 Kudos

We checked with SAP support and following feedback was given:

"When the STRUST-managed "SNC SAPCryptolib" PSE (aka SAPSNCS.pse) is used for SNC, then the original of that PSE file is persisted on the database by STRUST, and the PSE file contents are downloaded from the database and written into $(DIR_INSTANCE)$(DIR_SEP)sec$(DIR_SEP)SAPSNCS.pse during AppServer start, and before SncInit is called.

If the STRUST database table currently contain an incorrect "SNC SAPCryptolib" PSE as result of a database copy, then system should be started without SNC (snc/enable=0), then contents of "SNC SAPCryptolib" PSE in STRUST need to be replaced with the actually desired SNC PSE for the new system (such as a from a file-based backup copy of the previous SNC PSE), and that "SNC SAPCryptolib" PSE need to be imported and saved in tx STRUST, and then system needs to be restarted with the appropriate value for "snc/identity/as" & "snc/enable=1""

Regards,Asif