2588975 - Communication between sapstartsrv processes denied due to ACL restrictions

It is noticed that SM21, sapcontrol, SAPMMC, and STRUST are not correctly reporting data in their correspondent functions. Some of the possible symptoms are shown below.

1. The process sapstartsrv no longer respond to commands. The output is similar as below:
   
   FAIL: NIECONN_BROKEN (Connection reset by peer), NiRawRead failed in plugin_sapfrecv()
   
   It is confirmed that the relevant process is running and correctly bound to http port 5$$13 where $$ stands for the instance number. Still, no luck in getting it respond to any issued commands.
   
   
2. In the sapstartsrv.log trace file from the target instance, the following entries are written:
   
   Using network access control list for http: <filesystem path to file>
   First soap_accept failure
   
   
3. Another common symptom could be that SAPMMC cannot report the correct status for the processes of a given instance, even though it is confirmed that the application server in question is running fine.
   
   
4. In transaction SM21, when trying to read the system log for one or a group of instances of an SAP system, the error "No access to instances <instance names> (SOAP:1023" is reported.
   
   
   
   
5. In STRUST, remote instance(including ASCS) PSE couldn't be opened, error message like:
   

   SOAP:1023 SRT: Processing error in Internet Communication Framework: ("SSL handshake with <remote hostname>:5$$14 failed: SSSLRC_CONN_CLOSED (-10)Remote Peer has closed the network connectionSapSSLSessionStartNB()==SSSLRC_CONN_CLOSED")

• SAP NetWeaver
• Startup services

security, ACL, access control lists, network, connection refused, STRUST, SSSLRC_CONN_CLOSED , KBA , BC-CST-STS , Startup Service , BC-OP-NT , Windows , BC-CCM-MON , CCMS Monitoring & Alerting , Problem