2629916 - sapcontrol returns: Creating credential from instance PSE failed | SAP Knowledge Base Article

SAP Knowledge Base Article - Preview

2629916 - sapcontrol returns: Creating credential from instance PSE failed

Symptom

The SUM is failing reporting the following error:

[Error ]: The following problem has occurred during step execution: com.sap.sdt.util.diag.DiagException: SUM has detected that the SystemPKI is supported by your system. To continue, you have to configure it as described in SAP Note 2200230.

Running the sapcontrol command triggered by SUM report the following error:

sapcontrol -nr <NR> -host <host> -systempki /usr/sap/<SID>/SYS/profile/<profile> -function AccessCheck Stop

Creating credential from instance PSE failed

Using sapcontrol on debug mode


sapcontrol -nr <NR> -host <host> -systempki <profile path> -debug -function AccessCheck Stop

[Thr 139770004993824] = disabled FIPS 140-2 crypto kernel
[Thr 139770004993824] = found CommonCryptoLib 8.4.49 (Mar 4 2016) [AES-NI,CLMUL,SSE3,SSSE3]
[...]
[Thr 139770004993824] = current UserID: "p01adm", env-var USER="p01adm"
[Thr 139770004993824] = using SECUDIR=/usr/sap/<SID>/<instance>/sec
[Thr 139770004993824] = [ctc] ssl/ciphersuites="HIGH:MEDIUM:+e3DES:!aNULL"
[Thr 139770004993824] = [ctc] ssl/client_ciphersuites="HIGH:MEDIUM:+e3DES:!aNULL"
[Thr 139770004993824] = Success -- SapCryptoLib SSL ready!
[Thr 139770004993824] =================================================
[Thr 139770004993824]
[Thr 139770004993824] <<- SapSSLInit(read_profile=1)==SAP_O_K
[Thr 139770004993824] ->> SapSSLCreateCredHdl(&cred_name=7ffd4d365e30, role=CLIENT, csize=-1, cltime=-1, csuites=(nil), &cred_hdl=7ffd4d367b18)
[Thr 139770004993824] SapISSLComposeFilename(): Filename = "#_MemPSE_#498392645980839848367840"
[Thr 139770004993824] *** ERROR => secussl_Create_SSL_CTX(): PSE "#_MemPSE_#498392645980839848367840": File not found! [ssslsecu.c 2413]
[Thr 139770004993824] secussl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed (4129/0x00001021)
[Thr 139770004993824] => "The PSE file does not exist."
[Thr 139770004993824] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 139770004993824] 0x00001021 | SAPCRYPTOLIB | SSL_CTX_set_default_pse_by_name
[Thr 139770004993824] SAPCRYPTO API error
[Thr 139770004993824] The PSE file does not exist.
[Thr 139770004993824] 0xa1d50108 | TOKEN_TOKPSE | sec_SSL_CTX_set_asc
[Thr 139770004993824] Token application not existing
[Thr 139770004993824] << ---------- End of Secu-SSL Errorstack ----------
[Thr 139770004993824] SapISSLDeleteCTX(): deleting SSL_CTX (cred "<NULL>",refcount=0)
[Thr 139770004993824] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create CLIENT Credential
for "#_MemPSE_#498392645980839848367840" [ssslxxi.c 3109]
[Thr 139770004993824] <<- ERROR: SapSSLCreateCredHdl()==SSSLERR_PSE_ERROR
[Thr 139770004993824] in: cred_name = "#_MemPSE_#498392645980839848367840"
[Thr 139770004993824] in: cache_size = -1
[Thr 139770004993824] in: cache_lifetime = -1
Creating credential from instance PSE failed

Read more...

Environment

  • Sapstartsrv with systemPKI support

Keywords

DETECT  input_credentials  input-credentials-dialog  check-sapcontrol-connection-for-ci  com.sap.sdt.j2ee.services.servicesimpl.CheckSapControlService  class com.sap.sdt.util.diag.DiagException UpdateInstancePSE UpdateSystemPKI , KBA , BC-CST-STS , Startup Service , BC-CST , Client/Server Technology , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.