You are trying to implement an extra security layer by explicitly informing the client hosts which are allowed to logon to the message server. The required configuration is performed according to SAP official documentation. At the end, the configuration seem not to work as expected and previously allowed hosts are being denied from access.
At the message server trace, you find the following entries:
[Thr 140010058409760] load acl file = /usr/sap/<SID>/SYS/global/ms_acl_info
[Thr 140010058409760] *** ERROR => HOST invalid argument (192.168.*) in line 10 [msxxacl.c 774]
[Thr 140010058409760] *** WARNING => Errors found in /usr/sap/<SID>/SYS/global/ms_acl_info
[Thr 140010058409760] *** WARNING => Please correct the invalid entry
For a J2ee system, the following entries would be seen at the message server traces:
[Thr 01] *** ERROR => MsSLoginClient: MS_JSTARTUP client JM_T1485284158868_kzo-<hostname> (12.23.345.567) is EXTERNAL, access denied [msxxserv_mt. 5027]
- Message server security
- Configuring additional security layer
- Access control list settings
KBA , BC-CST-MS , Message Service , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.