Issues with client authentication using certificates

We have upgraded from sun-one directory server 5.1 sp4 to odsee 11g. We were using client certificates for authenticating connections to the directory server and it is no longer working. We had a certmap.conf that worked fine on 5.1 but it no longer seems to work on 11g. We are getting the following errors in the access log:
[04/Apr/2011:16:41:17 -0400] conn=1692 op=-1 msgId=-1 - SSL failed to map client certificate to LDAP DN (User's LDAP entry doesn't have any certificates to compare)
[04/Apr/2011:16:41:17 -0400] conn=1692 op=0 msgId=1 - BIND dn="" method=sasl version=3 mech=EXTERNAL
[04/Apr/2011:16:41:17 -0400] conn=1692 op=0 msgId=1 - RESULT err=49 tag=97 nentries=0 etime=0.099660, client certificate mapping failed
I checked and there is a usercertificate;binary entry which contains the certificate.
Also, it does seem to find the entry for the cn, as shown by these two lines:
[04/Apr/2011:16:41:17 -0400] conn=-1 op=-1 msgId=-1 - ENTRY dn="cn=XXXXXXXX, ou=certs, ou=yyyy,dc=zzzzzzz,dc=net"
[04/Apr/2011:16:41:17 -0400] conn=-1 op=-1 msgId=-1 - RESULT err=0 tag=101 nentries=1 etime=0.001150
All we did was to install the upgraded server software and migrate the data. Is there something more required for this version in order to implement client certificate authentication? I thought I saw something about a directory server proxy, which we aren't running. Is that necessary for this to work?
Any help you can provide would be greatly appreciated.
Thanks.
dean

I am using verifycert set to on. We want to verify the certificate.
I am not using CmapLdapAttr. I saw a reference in one other post regarding using that attribute. I am hesitant to go there because while it seems to be a fix, I was unsure whether it was something which happened to work but was not part of standard implementation of using client certificates or whether it was a requirement in order for it to work and it was just serendipitous that it wasn't needed in 5.1. I wouldn't want to start using, apply a patch, and have it stop working again because that was a workaround.
Thanks.

Similar Messages

  • HTTPS with Client Authentication in SOAP sender Adapter

    Hi All,
    In SOAP Sender communication channel. When I generate WSDL with “HTTP Security Level = HTTP:” it works when third party tries to send data to XIwebservice.
    But when I tried with “HTTPS with Client Authentication” option its giving error
    “InfoPath either cannot connect to the data source, the service has timed out, or the server has an invalid certificate.”
    Please guide how to use “HTTPS with Client Authentication” option, and what all configuration need to apply in XI & in third party to use this.
    Regards

    Rohan,
    With spy you can trace the entire route, since you are using client authentication using certificate, it would be a better option to verify with the certificate.
    You also have the option of using a username/pwd combo though that is not advocated as it lowers security levels and is permeable to passive sniffing.
    So the answer to your question is yes, after importing the certificate with sender and third party reciever a test would reveal the complete scenario along with any issues that you could encounter..
    Regards
    Ravi Raman

  • I'm often having issues with clients not seeing or being able to open attachments, font formatting changes (on the pc end) and the inability to use HTML signatures to promote our company brand.

    I'm often having issues with clients not seeing or being able to open attachments, font formatting changes (on the pc end) and the inability to use HTML signatures to promote our company brand.

    I imagine your clients must be using Outlook, which is seriously broken when it comes to e-mail standards, especially HTML e-mail. You can work around the issues with Outlook by only sending plain-text e-mails and making sure that, in the Edit -> Attachments menu, the last two options are checked. Unfortunately, that means that HTML signatures are out.
    If you need something with a fancy layout, either attach a PDF file to the e-mail or include a link to a website in the e-mail.

  • Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

    Hello All,
    We are currently building up a HTTPS message exchange with an external client.
    Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
    The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
    Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
    Now we have to configure the addtional Client Authentication.
    At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
    But what are the next steps to get this scenario successfully in place?
    Many thanks in advance!
    Jochen

    Hi Colleagues,
    following Steps still have to be done:
    - Mapping public key to technical user at Java Stack
      As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
    - Be sure CA root certivicate at Database under STRUSTSSO2
    - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
    - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
    Many thanks to all for support!
    Regards,
    Jochen

  • HTTPS With Client Authentication

    Hi,
    I've created a simple Web Service in PI 7.11 SP 4 when trying to connect to the Web Service from Soap UI I get the following error:
    java.security.AccessControlException: client certificate required
    In the the transaction scim the following can be seen:
    [Thr 5061] <<- SapSSLSessionInit()==SAP_O_K
    [Thr 5061]      in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"
    [Thr 5061]     out: sssl_hdl = 1117534b0
    [Thr 5061] <<- SapSSLSetSessionCredHdl(sssl_hdl=1117534b0)==SAP_O_K
    [Thr 5061]      in: sssl_hdl = 1117534b0
    [Thr 5061]      in: cred_hdl = 116cfc110
    [Thr 5061] NiIBlockMode: set blockmode for hdl 271 TRUE
    [Thr 5061]   SSL NI-sock: local=XX.XX.XX.XX:50001  peer=XX.XX.XX.XX:2310
    [Thr 5061] <<- SapSSLSetNiHdl(sssl_hdl=1117534b0, ni_hdl=271)==SAP_O_K
    [Thr 5061] <<- SapSSLSessionStart(sssl_hdl=1117534b0)==SAP_O_K
    [Thr 5061]          status = "resumed SSL session, NO client cert"
    The fault is not at the Soap UI end as I've fired the request at a Tomcat server and confirmed that a certificate is sent when requested.
    Sender Communication Channel, 
    Transport Protocol: HTTP,
    Message Protocol: Soap 1.1,
    Adapter Engine: Central Adepter Engine,
    HTTPS with Client Authentication,
    Keep Headers
    Any ideas?
    Kind regards,
    John

    Hi Peter,
    If memory serves we did not find a solution to this problem. I think, and a quick check of the configuration suggests I'm right, that we're handling the HTTPS connection on an IIS box and passing it through to a non encrypted HTTP sender on PI.
    It may be that Soap UI is not configured correctly, however when I was getting the 'client certificate required', as mentioned in the original post, I'd confirmed that soap UI was correctly configured by connecting to an alternative Web Service. I also used Wireshark to see whether or not a certificate was being requested, or sent. It's invaluable if you're using Soap UI.
    All the best,
    John

  • SOAP Sender with HTTP(with SSL)=HTTPS with Client Authentication config

    Hi All,
    I have a Web-service-XI-Proxy scenario where we use SOAP Sender Adapter with HTTPs.  Double authentication (client- server) sertificate shall be used.
    Testing simple HTTP and XI user name/password works fine.
    Now I installed requred sertificates in TrustedCA and ssl-provider in VIsualadmin.
    But i can't see how i can configure certificates in SOAP sender Adapter. I've just did SOAP receiver for another scenario and there I could give keystore entry.
    I also doesn't know how to disable asking for name/password.  I am using XI 7.0.
    Please advise.
    Thanks,
    Nataliya

    Hi Nataliya,
    Go to SOAP Adapter> Inbound Security Checks-> HTTP Security Level--> Here you can specify  option "HTTP with Client Authentication. 
    One more thing HTTP Security level option is always available in Sender Adapter.
    For more clarity about HTTPS find below link.
    http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
    To enable the TrustedCA in SOAP Sender adapter. Go SOAP Sender> Security Parameter> Security Profile--> Web Service
    security. Then go to sender agreement there you need to give key store entry.

  • Machine authentication using certificates

    Hi,
    I am facing this error while machine authenticates agaist AD for wireless users. My requirement is users with corporate laptop get privileged vlan and BYOD should get normal vlan.I am using Cisco ISE 1.1.1 and configured authentication policies to diffrenciate clients based on corp asset and BYOD. Authentication policy result is identity sequnce which uses certificate profile and AD. All corp laptops should be authenticated using certificates and then followed by AD user and pass. when I configure XP users to validate server certificate this error comes in ISE log "Authentication failed : 11514 Unexpectedly received empty TLS message; treating as a rejection by the client" and if I disable validate sewrver certificate then this error "Authentication failed : 22049 Binary comparison of certificates failed".
    Any help??
    Thanks in advance.

    Hi [answers are inline]
    I  have tried using Cisco Anyconnect NAM on Wondows XP for machine and  user authentication but EAP-chaining feature is not working as expected.  I am facing few challenges. I have configured NAM to use eap-fast for  machine and user authentication and ISE is configured with required  authorisation rule and profiles/results. when machine boots up it sends  machine certificate and gets authenticated against AD and ISE matches  the authorisation rule and assigns authZ profile without waiting for  user credentials.
    This is expected for machine authentication, since the client hasnt logged in machine authentication will succeed so the computer has connectivity to the domain.
    Now when a user logs on using AD user/pass,  authentication fails as the VLAN assigned in AuthZ profile does not have  access to AD. ISE should actually check with their external database  but Its not.
    Do you see the authentication report in ISE? Keep in mind that you are authenticating with a client that has never logged into the workstation before. I am sure you are looking for the feature which starts the NAM process before the user logs in. Try checking this option here:
    http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac04namconfig.html#wp1074333
    Note the section below:
    –Before  User Logon—Connect to the network before the user logs on. The user  logon types that are supported include user account (Kerberos)  authentication, loading of user GPOs, and GPO-based logon script  execution.
    If you choose Before User Logon, you also get to set Time to Wait Before Allowing a User to Logon:
    Time to Wait Before Allowing User to Logon—Specifies the maximum (worst  case) number of seconds to wait for the Network Access Manager to make a  complete network connection. If a network connection cannot be  established within this time, the Windows logon process continues with  user log on. The default is 5 seconds.
    Note If the Network Access Manager is configured to manage wireless connections, set Time to wait before allowing user to logon to 30 seconds or more because of the additional time it may take to  establish a wireless connection. You must also account for the time  required to obtain an IP address via DHCP. If two or more network  profiles are configured, you may want to increase the value to cover two  or more connection attempts.
    You will have to enable this setting to allow the supplicant to connect to the network using the credentials you provide, the reason for this is you are trying to authenticate a user that has never logged into this workstation before. Please make changes to the configuration.xml file, and then select the repair option on the anyconnect client and test again.
    Interestingly, if I login with an AD user which is local to  the machine its gets authenticated and gets correct AuthZ  profile/access level. If I logoff and login with different user, Windows  adapter gets IP address and ISE shows successful authentication /authz  profile but NAM agent prompts limited connectivity. Any help??
    Please make the changes above and see if the error message goes away.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • KDC identifying both with client authentication

    hi everybody
    i am using a client authentication certificate template's ,
    and i also want to use a KDC identifying both with client authentication
    looking for this configure specified
    thank you
    Marv Kikovanovich

    Hey Marv
    Thanks for posting ,
    You've need to add another Application Policy: "KDC Authentication" on client
    certificate template.
    Certification Authority\Certificate Templates\Manage
    properties the client certificate template - extensions TAB
    Edit Application Polices , and Add the "KDC Authentication" Policy.
    Good Luck.
    I'd be glad to answer any question

  • OfficialFile.asmx The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ERROR

    We are getting an error on the authentication piece when trying to submit a file to the OfficialFile.asmx web service to submit a document to the Drop-Off Library. Here is the code snippet -
    public string FileUpload(HttpPostedFile FileInput, RecordsRepositoryProperty[] properties)
    string strFileUrl = string.Empty;
    RecordsRepositorySoapClient repository = new RecordsRepositorySoapClient();
    BinaryReader b = new BinaryReader(FileInput.InputStream);
    byte[] binData = b.ReadBytes(FileInput.ContentLength);
    repository.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(iUserID, iUserPassword, iUserDomain);
    repository.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
    repository.SubmitFile(binData, properties, null, FileInput.FileName, HttpContext.Current.User.Identity.Name);
    strFileUrl = repository.GetFinalRoutingDestinationFolderUrl(properties, null, FileInput.FileName).Url;
    return strFileUrl;
    Although we are setting the network credential in the client call we still get the error
    - The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
    Ideas?
    Thanks in advance.

    Hi,
    Based on the error message, the issue is related to the authentication type.
    I suggest you can specify the credential type like the below:
    CredentialCache credentialCache = new CredentialCache();
    NetworkCredential credentials = new NetworkCredential(UserName, PassWord, sDomain);
    credentialCache.Add(new Uri(recordCenterUrl), "NTLM", credentials);
    Here is a detailed code demo for your reference:
    http://blogs.msdn.com/b/mcsnoiwb/archive/2011/06/06/sending-files-to-a-record-center-using-the-sp2010-webservice-officialfile-asmx.aspx
    Best Regards
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Jerry Guo
    TechNet Community Support

  • The HTTP Request is unauthorized with client authentication scheme negotiate - MDS Excel Plugin error

    Hi,
    Some users in my company are experiencing a strange issue when connecting to our MDS server using the MDS Excel plugin. They receive the error message:
    "The HTTP Request is unauthorized with client authentication scheme negotiate. The authentication header received from the server was "NTLM,BASIC real="DOMAIN NAME IWA"
    They are receiving this error when first trying to connect. For some reason they only receive this error when connected to the work network via the VPN. They don't receive this error from within our network.
    Does anyone know what might be causing this issue and how to resolve?
    Many Thanks,
    Phil

    Try the following links and see if it helps:
    https://support.microsoft.com/en-us/kb/896861/
    https://social.technet.microsoft.com/Forums/projectserver/en-US/912c7179-8858-4c48-a71d-d9a21ff10a1b/the-http-request-is-unauthorized-with-client-authentication-scheme-ntlm-the-authentication?forum=project2010custprog
    -Nithesh Shetty Software Engineer, C & E -> IMML -> MDS, Microsoft.

  • Autoscaling Application block for Azure worker role console app not working. Get error as The HTTP request was forbidden with client authentication

    I have written a console application to test the WASABi(AutoScaling Application Block) for my worker role running in azure. The worker role processes the messages in the queue and I want to scale-up based on the queue length. I have configured and set the
    constraints and reactive rules properly. I get the following error when I run this application.
    [BEGIN DATA]{}
        DateTime=2013-12-11T21:30:02.5731267Z
    Autoscaling General Verbose: 1002 : Rule match.
    [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","MatchingRules":[{"RuleName":"default","RuleDescription":"The default constraint rule","Targets":["AutoscalingWebRole","AutoscalingWorkerRole"]},{"RuleName":"ScaleUpOnHighWebRole","RuleDescription":"Scale
    up the web role","Targets":[]},{"RuleName":"ScaleDownOnLowWebRole","RuleDescription":"Scale down the web role","Targets":[]},{"RuleName":"ScaleUpOnHighWorkerRole","RuleDescription":"Scale
    up the worker role","Targets":[]},{"RuleName":"ScaleDownOnLowWorkerRole","RuleDescription":"Scale down the worker role","Targets":[]},{"RuleName":"ScaleUpOnQueueMessages","RuleDescription":"Scale
    up the web role","Targets":[]},{"RuleName":"ScaleDownOnQueueMessages","RuleDescription":"Scale down the web role","Targets":[]}]}
        DateTime=2013-12-11T21:31:03.7516260Z
    Autoscaling General Warning: 1004 : Undefined target.
    [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","TargetName":"AutoscalingWebRole"}
        DateTime=2013-12-11T21:31:03.7516260Z
    Autoscaling Updates Verbose: 3001 : The current deployment configuration for a hosted service is about to be checked to determine if a change is required (for role scaling or changes to settings).
    [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","HostedServiceDetails":{"Subscription":"psicloud","HostedService":"rmsazure","DeploymentSlot":"Staging"},"ScaleRequests":{"AutoscalingWorkerRole":{"Min":1,"Max":2,"AbsoluteDelta":0,"RelativeDelta":0,"MatchingRules":"default"}},"SettingChangeRequests":{}}
        DateTime=2013-12-11T21:31:03.7516260Z
    Autoscaling Updates Error: 3010 : Microsoft.Practices.EnterpriseLibrary.WindowsAzure.Autoscaling.ServiceManagement.ServiceManagementClientException: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure'
    in subscription id 'af1e96ad-43aa-4d05-b3f1-0c9d752e6cbb' and deployment slot 'Staging'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException:
    The remote server returned an error: (403) Forbidden.
       at System.Net.HttpWebRequest.GetResponse()
       at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
       --- End of inner exception stack trace ---
    Server stack trace: 
       at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
       at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
       at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
       at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
    If anyone know why I am getting this anonymous access violation error. My webrole is secured site but worker role not.
    I appreciate any help.
    Thanks,
    ravi
      

    Hello,
    >>: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure' in subscription id **************
    Base on error message, I guess your azure service didn't get your certificate and other instances didn't have certificate to auto scale. Please check your upload the certificate on your portal management. Also, you could refer to same thread via link(
    http://stackoverflow.com/questions/12843401/azure-autoscaling-block-cannot-find-certificate ).
    Hope it helps.
    Any question or result, please let me know.
    Thanks
    Regards,
    Will 
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • HTTPS with Client Authentication not available in EHP1?

    Hi Guys,
    I am not seeing this option in PI 7.1 EHP1.
    At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
    any help would be appreciated
    Thanks,
    Srini

    Hi Srinivas,
    I didnot use it personally. But when I see on SAP help I dont see that option anywhere. Please see this sap help:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/48/3555240bea31c3e10000000a42189d/content.htm
    But you have an option sender agreeement for security. Please see this help:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/48/ceb8cf18d3424be10000000a421937/content.htm
    Since we have the option to skip the adapter engine they have enabled this option in http adapter. So you can directly hit to integration engine skipping the adapter framework, which will help in improving the performance. Please see this help on this:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/43/64db4daf9f30b4e10000000a11466f/frameset.htm
    Regards,
    ---Satish

  • SOAP sender adapter with  client authentication

    Hi,
    Can you please tell me the steps to be followed to configure SOAP sender adpater for HTTPS with client authentication.
    Thanks

    Hello,
    Check out this SAP NOTE
    [Note 891877 - Message-specific configuration of HTTP-Security|https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=891877]
    Check out below blog for step by step process.
    /people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter
    Hope this will help.
    Nilesh
    Edited by: Nilesh Kshirsagar on May 28, 2009 11:31 AM

  • HTTP request was forbidden with client authentication scheme 'anonymous'

    Hi,
    We have updated our support Package for version BPC NW 10.0 release 801 from 0002 to 0005.
    After the update we are not being to access the server folders in EPM Add-in.
    We have the following error "HTTP request was forbidden with client authentication scheme 'anonymous'". Nevertheless we only can't access to the content of folders that are not public or local.
    In SLG1 log, we have the error " Access not granted, You are not the member of team: BUSINESS ADMIN". This is not true because the user has SAP_ALL in BW and is a primary administrator in BPC. The data access profile associated is the administrator member access profile.
    Has anybody seen this error?
    Best regards,
    JA

    Hi Nilanjan,
    We are able to log in into EPM Add-in.
    We have the error when we try to open input forms or reports from server, but only from some folders.
    When we select the folder we have the error.
    For example we can see the content from:
    WEBEXCEL\REPORTLIBRARY\
    ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
    But we can't see the content from:
    BUSINESS ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
    TEAM FI\WEBEXCEL\TEAMREPORTLIBRARY\
    The user has administrator member access profile ans is included in all teams (ADMIN, BUSINESS ADMIN and TEAM FI)
    We really can't see what could be the problem
    Hope you can help us.
    regards,
    JA

  • Compatibility issue with developer 6i using (64 bit) OS

    Hi All,
    I am using oracle 9iR2 (32 bit) on Linux Red Hat (32 bit) with developer 6i. Now i want to upgrade OS Red Hat (64 bit) and migrate database 10gR2 (64 bit).Is there any compatibility issue with developer 6i using 64 bit Red Hat OS / Oracle Database ?
    Thanks

    Is there any compatibility issue with developer 6i using 64 bit Red Hat OS / Oracle Database ?
    No, as long as developer 6i is at least patch 16. We use it.

Maybe you are looking for

  • BTE 503113 - FIS_VBREVK_1&FIS_VBREVK_2 always empty

    Hi, Did anyone worked with BTE 503113? It seems  FIS_VBREVK_1&FIS_VBREVK_2 are always empty. It's called within FORM MAINTAIN_RR_STATUS (include LVFRRF0M), like this, so with dummy parameters: perform maintain_rr_status using pis_xvbak               

  • Challan date new and GR date past, How to reconcile?

    Hi, We have some material document in subcontracting process and user did not reconcile challan for these GR no. and these Material documents were from previous period , now while J1IFQ he is getting following error " Excise document is posted later

  • Access field from dynamic selection screen of LDB in local program

    I am using ldb PSJ in my program. I want to use input given in fields "Plant" and "Business Area" in my program and do some process based on input in this field. Both these fields come as part of dynamic selection. How can I access this field in my p

  • Paste Special from Word

    I am currently inputing a large amount of copy done in MS Word with tons of hyperlinks. I notice that DWcs3 eliminates the deprecated span and font tags, but in the process drops the hyperlinks. Is there no way to retain these? I have looked in Prefe

  • Server configuration EPM system

    Hi Experts, I want to install following Hyperion products on my distributed/mixed environments:- Oracle Hyperion Shared Services. Oracle Hyperion Planning. Oracle Hyperion Essbase. Oracle Hyperion Reporting and Analysis (Financial Reporting). Oracle