cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SCC handshake failed: 401 — Unauthorized

prabalrakshit
Employee
Employee

on ‎01-26-2021 10:19 AM

Hello All,

I am trying to configure SAP Cloud Connector (v2.13.0) to integrate with a sub account in Cloud Foundry. I am following the instructions mentioned in the documentation at

https://developers.sap.com/tutorials/cp-connectivity-install-cloud-connector.html#e07fff20-3dfe-4abc...

I am getting an error while defining a sub account using the Cloud Connector Administration UI. The detailed error log in the ljs_trace.log is as follows: 

2021-01-25 22:38:49,181 +0530#INFO#com.sap.scc.config#https-jsse-nio2-8443-exec-5#          #Proxy update not required - no changed detected
2021-01-25 22:38:49,465 +0530#WARN#com.sap.scc.config#https-jsse-nio2-8443-exec-5#          #Creating an sslContextProvider for account <<sub account id>>@cf.eu10.hana.ondemand.com without SSLContext. Keystore did not contain a certificate.
2021-01-25 22:38:49,467 +0530#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5#          #Will retrieve Connectivity CA certificate from SAP Cloud Platform
2021-01-25 22:38:49,467 +0530#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5#          #Executing Http Get request to https://connectivitycertsigning.cf.eu10.hana.ondemand.com:443/certificate/management/v1/trusted/ca/a... account id>>
2021-01-25 22:38:49,709 +0530#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5#          #Returned Http Response with code 200
2021-01-25 22:38:49,710 +0530#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5#          #Connectivity CA certificate retrieved successfully from SAP Cloud Platform
2021-01-25 22:38:59,550 +0530#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5#          #New RSA keypair was generated. Key size used 4096, time 9837 ms
2021-01-25 22:38:59,603 +0530#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5#          #Send Certificate Signing Request for Cloud Connector certificate to SAP Cloud Platform
2021-01-25 22:38:59,604 +0530#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5#          #Executing Http Post request to https://connectivitycertsigning.cf.eu10.hana.ondemand.com:443/certificate/management/v1/sign/account... account id>>
2021-01-25 22:39:00,993 +0530#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5#          #Returned Http Response with code 401
2021-01-25 22:39:00,995 +0530#INFO#com.sap.scc.config#https-jsse-nio2-8443-exec-5#          #Stopping service channels on <<sub account id>>@cf.eu10.hana.ondemand.com
2021-01-25 22:39:00,995 +0530#WARN#com.sap.scc.rt#https-jsse-nio2-8443-exec-5#          #Tunnel account:///<<sub account id>> is inoperative. SccEndpoint com.sap.scc.config.TunnelSccEndpoint@6f1daa0f ok, and context == null
2021-01-25 22:39:00,999 +0530#ERROR#com.sap.scc#https-jsse-nio2-8443-exec-5#          #SCC handshake failed: 401 — Unauthorized
com.sap.scc.servlets.SccHandshakeException: SCC handshake failed: 401 — Unauthorized

I have referred to the following KBs

https://apps.support.sap.com/sap/support/knowledge/en/2461997

https://launchpad.support.sap.com/#/notes/2571763

and verified the following:

Region: Correctly chosen as Europe Frankfurt AWS (and not Europe Frankfurt)

Sub Account: The full sub account id (GUID form)

Sub Account User: Used the email address

Sub Account Password: Used the password with passcode as it is an MFA account (tried without the passcode as well).

Any thoughts on what else could be going wrong?

Thanks for your inputs. Prabal Rakshit

Show replies
Show replies
metehankocaoglu
Explorer
‎07-18-2023 2:32 PM

Hi,

In order to be sure you can renew your P/S user's password below link.

https://account.sap.com/manage/accounts

After that you must use your user id password , not universal id password.

You must not use login email address.

Answer

Accepted Solutions (0)

Answers (9)

Answers (9)

constantin-lange
Member
‎06-06-2023 7:47 AM

Hello everyone,

I am probably late to the party. However, I think the problem still occurs and I have a strong hypothesis why it is not working in some cases and how to solve it:

  • I recognized that I had 2 different passwords active for my SAP account.
  • The old one used before SAP universal ID was introduced and the new one after SAP universal ID was introduced.
  • I realized when I was trying to change my password here "https://accounts.sap.com/ui/protected/profilemanagement" using my new one that I also use to login into SAP BTP it was not working.
  • However, I could only change it using the old password.
  • My guess is that something went wrong with the password synchronization after the migration to SAP universal ID. Maybe SAP could check this.
  • I changed the password there to my new SAP universal ID.
  • Then in the Cloud Connector I added a subaccount for Cloud Integration using my S-User ID (not mail) with the changed password.
  • After that I could add the subaccount successfully.

I hope that helps some of you! Of course as described in all the other SAP notes, there might plenty of other reasons to this issue. But this solution I have not seen yet.

Best Regards

Constantin

Show replies
Show replies
talu-camelot1
Discoverer
‎06-07-2023 9:55 AM
0 Kudos

I think you are right about the password synchronization issue. I was having the same issue with SAP cloud connector creating subaccount. Thanks, your fix works.

Missschaaa
Participant
‎07-13-2023 7:49 PM
0 Kudos

constantin-lange

Do you have any news about this? We are facing the same 401 handshake error here when trying to setup our new HANA system in cloud connector. Funfact, I tried to renew the subaccount certificate in old ERP system and cloud connector and got the same error message, so looks like it is something general in cloud connectors.

I made the same detection like you, that I had two different passwords one in Universal ID and one in SAP User. I did like you said, made them both the same and tried, first with my email from BTP account then with OSS S-user, but still got the same error. But for me it also looked like that it was something with password, because after entering it I got an email that my account was locked for 1 hour due to 5 wrong password attempts which were made by CC. But now after synchronizing both passwords I do not get wrong passwort attempt mail anymore but error still stays the same.

Regards

Michael

metehankocaoglu
Explorer
‎07-18-2023 2:33 PM
0 Kudos

Hi,

In order to be sure you can renew your P/S user's password via below link.

https://account.sap.com/manage/accounts

After that you must use your user id password , not universal id password.

You must not use login email address.

Like;

tommy_baunwall_dsg
Explorer
‎08-10-2023 11:37 AM
0 Kudos

Thanks, Constantin.
I had precisely the same problem, which was fixed by doing the same as you did.
BR Tommy

kurt_renner
Explorer
‎01-10-2024 7:39 PM
0 Kudos

I also had the same problem. Thanks for documenting this!

geert-janklaps
Active Contributor
‎01-26-2021 10:37 AM

Hi,

Did you assign the Cloud Connector Administrator role collection to your user in the SAP Cloud Platform Cloud Foundry environment?

Best regards,

Geert-Jan Klaps

Show replies
Show replies
mohitc1991
Discoverer
‎02-01-2022 9:31 AM
0 Kudos

Hi Geert,

I am also having same issue while connecting Neo Cloud to SCC.

Did you find any solution for it.

Regards,

Mohit.

picklerk_jas
Discoverer
‎07-27-2023 10:17 AM
0 Kudos

Hi everyone,

I encountered the same issue and solved with the steps below (don't know which step helped):

  • Make sure the region matches with btp region
  • Don’t use email to login, use S/P account to login
  • Make sure that S/P/Universal account shares the same password

Good luck!

Show replies
Show replies
wout_por
Discoverer
‎08-10-2023 12:40 PM
0 Kudos

Please follow instructions in note https://me.sap.com/notes/3085908 as CC is still a legacy product that doesn't support SAP Universal ID.

andrevo
Explorer
‎11-09-2022 10:42 AM
0 Kudos

Hello together,

i solved the Issue with Installation from coud Connector.

when i try to Use the Cloud Connector as Protable version this will not working face me the isue 417 500 etc..

Show replies
Show replies
former_member245181
Explorer
‎09-26-2022 7:03 AM
0 Kudos

Hi Rico,

I'd like to share that I had the same issue as you and found that I needed to choose a 'Region' which matched the Provider of my Subaccount (In my case it was AWS ). I therefore needed to choose "Australia (Sydney) – AWS" as my Region. Once done, my Cloud Connector magically connected. This issue was driving me up the wall for a full day.

Hope it helps.
Anthony

Show replies
Show replies
negroseptiembrenegro56
Discoverer
‎07-08-2022 9:30 PM
0 Kudos

Hi everybody!

have you found the solution?...

I'm stuck in the same place...

Best regards,

A Rico

Show replies
Show replies
uullrich
Member
‎06-16-2022 5:14 PM
0 Kudos

Hello,

I am facing the exact same problem with my SAP BTP Trial account and the SAP Cloud Connector. I have searched for hours to find a solution but I do not find one. There are so many posts for this problem but no working solution.

My approaches:

- Enabled MFA

- Created a new subaccount

- Checked that no proxy is enabled because I do not need one

- Checked subaccount-id, mail-account, password, region multiple times

- Checked my user to have the Role "Cloud Connector Administrator"

Maybe this helps someone else.

This problem occurs for over a year. SAP please help us.

2022-06-16 15:35:42,100 +0000#WARN#com.sap.scc.config#https-jsse-nio2-8443-exec-5# #Cannot find host mapping configuration file /opt/sap/scc/scc_config/cf.us10.hana.ondemand.com/<id>/backends.xml
2022-06-16 15:35:42,190 +0000#WARN#com.sap.scc.config#https-jsse-nio2-8443-exec-5# #Creating an sslContextProvider for account <id>@cf.us10.hana.ondemand.com without SSLContext. Keystore did not contain a certificate.
2022-06-16 15:35:42,194 +0000#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Will retrieve Connectivity CA certificate from SAP Cloud Platform
2022-06-16 15:35:42,195 +0000#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Executing Http Get request to https://connectivitycertsigning.cf.us10.hana.ondemand.com:443/certificate/management/v1/trusted/ca/a...;
2022-06-16 15:35:42,741 +0000#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Returned Http Response with code 200
2022-06-16 15:35:42,742 +0000#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Connectivity CA certificate retrieved successfully from SAP Cloud Platform
2022-06-16 15:35:43,753 +0000#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #New RSA keypair was generated. Key size used 4096, time 1008 ms
2022-06-16 15:35:43,762 +0000#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Send Certificate Signing Request for Cloud Connector certificate to SAP Cloud Platform
2022-06-16 15:35:43,762 +0000#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Executing Http Post request to https://connectivitycertsigning.cf.us10.hana.ondemand.com:443/certificate/management/v1/sign/account...;
2022-06-16 15:35:45,791 +0000#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Returned Http Response with code 401
2022-06-16 15:35:45,793 +0000#INFO#com.sap.scc.config#https-jsse-nio2-8443-exec-5# #Stopping service channels on <id>@cf.us10.hana.ondemand.com
2022-06-16 15:35:45,796 +0000#ERROR#com.sap.scc#https-jsse-nio2-8443-exec-5# #SCC handshake failed: 401 — Unauthorized
Show replies
Show replies
ONavas
Participant
‎03-25-2022 7:52 PM
0 Kudos

Some time ago, I connected to my trial btp account with scc without any issue, ... but Now with a fresh install of SCC, I have the same error "#SCC handshake failed: 401"

Show replies
Show replies
amontella96
Active Contributor
‎03-25-2022 9:57 PM
0 Kudos

Hi oscar.navasserrano

your description match the symptoms of note 2837206 , did you try updating the Cloud Connection certificate as per help.sap.com

Let me know,cheers!A

ONavas
Participant
‎03-28-2022 8:00 AM
0 Kudos

About comments from Amo Ntella with note 2837206, this is for already working SCC configuration with an expired certificate, but my installation is a fresh installation. This is, I don't option to renew the certificate because it's not connected SCC to BTP.

Now I have HTTP417 error, and I review some notes without get a solutions:

2571763 - Authorization problem in SAP Cloud Connector when adding Cloud Foundry subaccount
2461997 - Adding Neo subaccount to SAP Cloud Connector fails due to authorization error
2837206 - Cloud Connector suddenly stops working and the error "Invalid status of handshake response: 401 Unauthorized" is thrown
2697152 - Adding Neo subaccount to SAP Cloud Connector fails - SCC handshake failed: 403 — Forbidden

hassen_hmila1
Explorer
‎01-10-2022 8:04 AM
0 Kudos

Hi,

I have the same issue here how did you resolve this problem ?

Best regards,

Hassen

Show replies
Show replies
Ask a Question