Current Security Context Not Trusted When Using Linked Server From ABAP

Hello,
I am experiencing a head-scratcher of a problem when trying to use a Linked Server connection to query a remote SQL Server database from our R/3 system.  We have had this working just fine for some time, but after migrating to new hardware and upgrading OS, DBMS, and R/3, now we are running into problems.
The target database is a named instance on SQL Server 2000 SP3, Windows 2000 Server.  The original source R/3 system was 4.7x2.00, also on SQL Server 2000 (SP4), Windows 2000 Server.  I had been using a Linked Server defined via SQL Enterprise Manager (actually defined when the source was on SQL Server 7), which called an alias defined with the Client Network Utility that pointed to the remote named instance.  This alias and Linked Server worked great for several years.
Now we have migrated our R/3 system onto new hardware, running Windows Server 2003 SP1 and SQL Server 2005 SP1.  The application itself has been upgraded to ECC 6.0.  I performed the migration with a homogeneous system copy, and everything has worked just fine.  I redefined the Linked Server on the new SQL 2005 installation, this time avoiding the alias and referencing the remote named instance directly, and it tests out just fine using queries from SQL Management Studio.  It also tests fine with OSQL called from the R/3 server console, both when logged on as SAPServiceSID with a trusted connection, and with a SQL login as the schema owner (i.e., 'sid' in lowercase).  From outside of R/3, I cannot make it fail.  It works perfectly.
That all changes when I try to use the Linked Server within an ABAP application, however.  The basic code in use is
EXEC SQL.
   SET XACT_ABORT ON
   DELETE FROM [SERVER\INSTANCE].DATABASE.dbo.TABLE
ENDEXEC.
The only thing different about this code from that before the upgrade/migration is the reference to [SERVER\INSTANCE] which previously used the alias of just SERVER.
The program short dumps with runtime error DBIF_DSQL2_SQL_ERROR, exception CX_SY_NATIVE_SQL_ERROR.  The database error code is 15274, and the error text is "Access to the remote server is denied because the current security context is not trusted."
I have set the "trustworthy" property on the R/3 database, I have ensured SAPServiceSID is a member of the sysadmin SQL role, I've even made it a member of the local Administrators group on both source and target servers, and I've done the same with the SQL Server service account (it uses a domain account).  I have configured the Distributed Transaction Coordinator on the source (Win2003) system per Microsoft KB 839279 (this fixed problems with remote queries coming the other way from the SQL2000 system), and I've upgraded the system stored procedures on the target (SQL2000) system according to MS KB 906954.  I also tried making the schema user a member of the sysadmin role, but naturally that was disastrous, resulting in an instant R/3 crash (don't try this in production!), so I set it back the way it was (default).
What's really strange is no matter how I try this from outside the R/3 system, it works perfectly, but from within R/3 it does not.  A search of SAP Notes, SDN forums, SAPFANS, Microsoft's KnowledgeBase, and MSDN Forums has not yielded quite the same problem (although that did lead me to learning about the "trustworthy" database property).
Any insight someone could offer on this thorny problem would be most appreciated.
Best regards,
Matt

Good news! We have got it to work. However, we did it in something of
a backwards way, and I'm sure you'll laugh when you see how it was done. Also, the solution depends upon the fact that the remote server is still using SQL Server 2000, and so doesn't have quite so many restrictions placed upon it for distributed transactions and Linked Servers as SQL Server 2005 now does.
At the heart of the solution is the fact that the Linked Server coming FROM the remote server TO our SAP system works fine. Finally, coupled with the knowledge that using DBCON on the SAP side to the remote server also does actually provide a connection (see Notes 323151 and 738371), we set up a roundabout way of achieving our goal. In essence, from ABAP, we set up the DBCON connection to the remote server, at which point all the Native SQL commands execute in the context of the remote server. From within that connection, we
reference the tables in SAP via the Linked Server defined on the remote
server, as if SAP were the remote server, selecting data from SAP and inserting it into the remote (but apparently local to this connection) tables.
So, to spell it out, we define a Linked Server on the remote server pointing back to the SAP server as SAPSERV, with a SQL login mapping defined on the remote system pointing back to a SQL login in the SAP database. We also define a connection to the remote server from SAP using DBCON, using that remote SQL login for authentication.
Then, in our ABAP code, we simply do something along the lines of
exec sql.
   set connection 'REMOTE'
endexec.
exec sql.
   connect to 'REMOTE'
endexec.
exec sql.
   insert into REMOTE_TABLE
      select * from SAPSERV.SID.sid.SAP_TABLE
endexec.
exec sql.
   commit
endexec.
exec sql.
   disconnect 'REMOTE'
endexec.
This is, of course, a test program, but it demonstrated that it worked,
and we were able to see that entries were appropriately deleted and inserted in the remote server's table. The actual program for use is a little more complex, in that there are about four different operations at different times, and we had to resolve the fact that the temp table SAP_TABLE was being held in a lock by our program, resulting in a deadly embrace, but our developer was able to work that out, and all is now well.
I don't know if this solution will have applicability to any other customers, but it works for us, for now.
SAPSERV, REMOTE, REMOTE_TABLE, and SAP_TABLE are, of course, placeholder names, not the actual server or table names, so as not to confuse anyone.
Best regards,
Matt

Similar Messages

  • The server principal "XYuser" is not able to access the database "Ydb" under the current security context

    SQL2005 on winserver 2003. I have a view in Xdb that accesses tables in 2 different databases (Xdb and Ydb) on the same server. I have mixed mode security. I have a SQL user (XYuser) that has read access to all tables and views on both databases, yet when I try to access the view using a C# windows application I get the following error:
    The server principal "XYuser" is not able to access the database "Ydb" under the current security context
    This same scenario works under SQL 2000. I looked through the postings and tried to set TRUSTWORTHY ON on both databases but that didn't help. I can access any other views or tables on the SQL 2005 server, just not the one that joins the tables cross databases. Any help is much appreciated... john

    This appears to be a Login/Database Mapping issue.  I was having this problem, but was able to resolve it as follows:
    Using the SQL Server management Studio:
    In the Object explorer, under the SERVER security folder (not the database security folder), expand Logins. 
    That is: ServerName -> Security -> Logins
    NOT: ServerName -> Databases -> DatabaseName -> Security -> Users
    Select the Login that is having the troubles.  Right click on the Login and select ‘Properties.’
    The ‘User Mapping’ page should list all databases on the server with a check mark on the databases that the Login has been mapped to.  When I was getting the error, the database in question was not checked (even though the Login was assigned as a User on the database itself).  Map the Login by checking the box next to the database name.  Set the default schema.  Then select the roles for the Login in the Database role membership list box.  I selected db_datareader and public.  After clicking OK to save the changes, the problem was resolved.
    In order to ‘Map’ the Login, the Login must not already be as User on the database, so you may have to go to the database security (ServerName -> Databases -> DatabaseName -> Security -> Users) and delete the Login from the list of database Users before mapping the Login to the database.

  • Using Firefox (and having ZoneAlarm), when logging into my work email (Lotus Notes) through a secure Citrix program, a quesitonmark types as and accented "E". This does not happen when using IE (which I prefer not to use). I have turned off the anti-key

    Using Firefox (and having ZoneAlarm), when logging into my work email (Lotus Notes) through a secure Citrix program, a question mark types as and accented "E". This does not happen when using IE (which I prefer not to use). I have turned off the anti-keylogger in ZA (an old, and no longer successful fix). Can anyone help? I need my question marks at work.
    Thanks!
    PS. my keyboard language is not set to French.
    == This happened ==
    Every time Firefox opened
    == I tried to type a "?" in a work email using remote access.

    Perform the suggestions mentioned in the following articles:
    * [https://support.mozilla.com/en-US/kb/Template:clearCookiesCache/ Clear Cookies & Cache]
    * [[Troubleshooting extensions and themes]]
    Check and tell if its working.
    May not be related to your problem but some of your Firefox Plugins are out-dated
    * Update All your Firefox Plugins -> https://www.mozilla.org/en-US/plugincheck/
    * '''When Downloading Plugins Update setup files, Remove Checkmark from Downloading other Optional Softwares with your Plugins (e.g. Toolbars, McAfee, Google Chrome, etc.)'''

  • Security Cert Not Trusted error setting up Exchange, should I continue?

    When setting up my exchange account (settings-mail-accounts-Exchange) I receive an error like "Security Certificate not trusted". I have the option to continue or exit.  Do I need to continue anyway? Or is their a setting for Security Certificates?  I'm reluctant to continue if my iPad is at risk.

    Wow! That's a lot of code just to get an image out of the resource, but if it works....
    What I need to do with the image is place it on a button and I didn't think that going out to a servlet to read it in from a database or a flat file made sense given it was already in the resource. I think the button will take an ImageIcon so this should work for me.
    Anyway, I'll give it a try on Monday and report back here.
    Thanks!
    The following seems to work for me;-) But I don't
    know what you want to do with the ImageIcon after
    that;-)
    ExternalContext context =
    ontext = (ExternalContext)getExternalContext();
    HttpSession session = (HttpSession)
    Session)
    ((HttpServletRequest)context.getRequest()).getSession(
    InputStream is =
    eam is =
    session.getServletContext().getResourceAsStream("/reso
    urces/marco.jpg");
    ByteArrayOutputStream os = new
    os = new ByteArrayOutputStream();
    byte[] buf = new byte[1024];
    try {
    int len = 0;
    while ((len = is.read(buf, 0, 1024)) > 0)
    1024)) > 0) {
    os.write(buf, 0, len);
    } catch(IOException e) {
    System.out.println("IOException caught.
    tion caught. Error was: " + e.toString());
    return null;
    ImageIcon icon = new
    on = new ImageIcon(os.toByteArray());
    System.err.println("mw icon=" + icon);Thanks,
    -- Marco

  • Images on Facebook do not appear when using different web browsers

    Images on Facebook do not appear when using Safari on my Macbook Pro (I've tried Google Chrome too with the same result).  This makes me think it's a setting within OS Mavericks that I'm missing.  I have not seen this issue on any other computers.  This only occurs on my, and others' profile pictures on my profile page and on the news feed, not photos that are posted in albums or on walls.  and yes, i have images enabled in Safari.
    In safari the images don't appear, and in their place is a small blue "?" square >>.
    In Chrome it appears as a broken image link >>
    Has anyone encountered this?  Is there a fix?  It is very annoying.

    Please read this whole message before doing anything.
    This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
    The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, or by corruption of certain system caches. 
    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled on some models, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Ask for further instructions.
    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including sound output and  Wi-Fi on certain models. The next normal boot may also be somewhat slow.
    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin. Test while in safe mode. Same problem? After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

  • The volume up and down controls on my wireless keyboard show a no entry sign and do not respond when used...please help?

    The volume up and down controls on my wireless keyboard show a no entry sign and do not respond when used...please help?

    If you want to get a little more "exotic" you can try remapping the function keys.  I did a little google searching and the hits that looked promising are,
    Mapping volume and eject keys to 3rd-party keyboard Other Hardware
    Spark
    Spark is a powerful, and easy Shortcuts manager. With Spark you can create Hot Keys to launch applications and documents, execute AppleScript, control iTunes, and more...
    You can also export and import your Hot Keys library, or save it in HTML format to print it.
    Spark is free, so use it without moderation!

  • How can i set songs within a playlist, or an entire playlist, so that they are not included when using the shuffle function on IPOD Classic? Is this possible?

    How can i set songs within a playlist, or an entire playlist, so that they are not included when using the shuffle function on IPOD Classic?
    Is this possible?

    You can set any song to Skip when shuffling.
    In your iTunes Library, highlight the song and right-click/Get Info. On the Options tab is the Skip when shuffling box. Select that and then Sync the iPod with your Library.

  • How do I set up a mail group on mac mail?  All the advise on line seems to refer to 'address book' and I only have 'contacts'.  The guidance does not work when using 'contacts' - can anyone help me?

    How do I set up a mail group on mac mail?  All the advise on line seems to refer to 'address book' and I only have 'contacts'.  The guidance does not work when using 'contacts' - can anyone help me?

    Create a group and send mail
    http://www.dummies.com/how-to/content/how-to-create-a-basic-contact-group-in-mac -os-x-li.html
    http://www.macworld.com/article/1165582/how_to_email_groups_with_mail.html
    Best.

  • Module borders not displaying when using Aggregator

    I am using Captivate 4.  I created a TOC for both modules in a project. Then I created an Aggregator to connect them and display both TOCs.
    The issue I am havving is that the individual modules have borders on all 4 sides, yet they do not display when using the aggregator. How do I correct this?
    Thank you.

    Lenny,
    I apologize for not having an answer to your question, but I'm envious that you've successfully configured mod_jk. I've read several different versions of how to configure this, but nothing has worked so far. I wonder if you could either point me to some correct instructions on how to integrate Apache and Tomcat so I might try to duplicate your success.
    Thanks in advance,
    Vince

  • U/tube videos open when using Safari but will not open when using Firefox.

    u/tube videos open fine when using Safari but will not open when using Firefox. With Firefox I get the unhighlighted Quicktime symbol with a question mark in the center. WHY?? Any help appreciated --- Toroya

    Hmmmm, strange you view YouTube in Safari & not FF. Which version of FF are you using?
    Try the following:
    Repair permissions & restart.
    Make sure you have the latest versions of Adobe Flash Player Software
    QuickTime Preferences > Advanced > MIME Stettings > Miscellaneous.
    Deactivate the "Flash Media" option.

  • Look for a progarm that will let me have 2 moniters but one will lock on and will not change when using spaces

    look for a progarm that will let me have 2 moniters but one will lock on and will not change when using spaces

    ok so i have one moniter to the right of me and i want to keep my google chrome on that one but still be abel to use space on the many monter. cuz when you go to spaces it movies both moniter i hope that help and i hope that you can help me.

  • Photoshop CC. Colour selection not working when using alt and brush.

    Hi, Photoshop CC. Windows 8.1 64 bit. Colour selection not working when using alt and brush. I have tried rebooting and other things like closing swatch panel etc.
    The alt key is otherwise OK.  It's not the recent upgrade from Win 8 to 8.1 (5 days ago) because the colour selection facility was working yesterday. Any ideas.

    I'd say things sound desperate enough to try resetting Preferences
    Reset Preferences
    Windows — Hold down Shift Ctrl Alt immediately after starting Photoshop
    Mac — Hold down Shift Cmd Opt immediately after starting Photoshop
    If that fails, we need to know your operating system?
    Do you have a full CC subscription, or by apps do you mean Photoshop, Bridge and Lightroom?
    Another other information that might pertain ?

  • Serial number not  accepted when using disc to download on second computer.

    Serial number not accepted when using disc ot download CS6 to second computer. Help...

    make sure you're entering the correct serial number for the correct product:  http://helpx.adobe.com/x-productkb/global/find-serial-number.html
    if you're certain that you are doing that, contact adobe support:  http://www.adobe.com/support/chat/ivrchat.html

  • Siri does not work when used for calling a contact function

    Siri does not work when used for calling a contact function

    Very strange, try to turn off/on your iPhone. Or make a reset (home+power button)...
    If it continues try to restore it.

  • HT204168 touch screen function not working when using facetime

    Why is my iPad touch screen function not working when using FaceTime?

    Hi megascones,
    I apologize, I'm a bit unclear on the exact nature or scope of the issue you are describing. If you are having issues with the touch screen on your iPad, you may find the troubleshooting steps outlined in the following article helpful:
    If the screen on your iPhone, iPad, or iPod touch doesn't respond to touch - Apple Support
    Regards,
    - Brenden

Maybe you are looking for