SAP Knowledge Base Article - Public

2685316 - Authorization Failed with On Premise to S/4HANA Cloud Connection

Symptom

Error while running authorization test in the on premise system in SM59: Authorization Failed

Environment

  • SAP S/4HANA Cloud
  • SAP Cloud Connector to On Premise system

Reproducing the Issue

  1. Set up the SAP Cloud Platform Cloud Connector - SAP_COM_0200
  2. Another Communication Arrangement, like SAP_COM_0109 as an example, must also be configured, as this arrangment will be used when connecting from the on premise system to S/4HANA Cloud
  3. Do a connection test and authorization test with the RFC destination that is created to connect to the SAP Cloud Connector

Cause

  • Username or password is incorrect
  • RFC destination is pointing to the wrong S/4HANA Cloud system
  • This may happen if the Inbound Communication username is more than 12 characters long

Resolution

  • The hostname for the Communication System should be similar to hana.ondemand.com,  hanatrial.ondemand.com, us1.hana.ondemand.com, etc. depending on the SAP Cloud Platform URL you are using
  • Make sure that you use the username of the communication user in the RFC destination configuration instead of the CC... communication user ID
    1. Go to the Communication Arrangements app
    2. View the communication arrangement that is set up for the other arrangement, like  SAP_COM_0109 in this example
    3. Check which communication user is set up for the arrangement's inbound service
    4. Ensure that you copy the username instead of the user id which will be the CC... user
      • ***NOTE*** This username must not be more than 12 characters, or it can not be used in the RFC connection
    5. Now go to the RFC destination (SM59) that is created to connect to the SAP Cloud Connector in the on premise system
    6. Ensure that the client for this connection is client 100
    7. Ensure that the usernamefrom step 4 is used in the logon details of the RFC connection
    8. If you do an authroization test several times, and the communication user becomes locked, then the wrong password is being used
      1. Go to the Maintain Communication Users app
      2. Select the communication user that is being used
      3. Click on Propose Password
      4. Copy the password here so you have it for the next step, and then click save
      5. Now go back to the RFC destination in the on premise system
      6. Edit the logon details and save the new password that you copied in step 4
  • Make sure that you are connecting to the correct system with the RFC destination, as described in Configure a Service Channel for RFC
    1. Go to the Cloud Connector that you have set up
    2. Go to the On Premise to Cloud service channel
    3. If there is more than 1 service channel configured, make sure you are connecting to the correct one
    4. Click on Edit for the service channel you want to connect to
    5. Copy the Local Instance Number
    6. Now go to theRFC destinationin the on premise system
    7. Review the technical settings to ensure that you have specified the correct cloud connector host, and that the instance number is the one you copied from step 5
    8. If the wrong instance number was selected then the wrong system was accessed which is why the user didn't have authorization to access the system

NOTE: SAP_COM_0200 is a prerequisite for arrangements like SAP_COM_0109

Keywords

SAP_COM_0109 SCC SAP_COM_0200 Cloud Connector local instance number destination configuration sm59 service channel authorisation test , KBA , BC-MID-RFC , RFC , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , BC-SRV-APS-COM , Maintain Communication System and Arrangement , Problem

Product

SAP S/4HANA Cloud 1808