SAP Knowledge Base Article - Public

3068483 - Error when trying to renew SAC subaccount certificate in Cloud Connector

Symptom

On Cloud Connector, the SAC subaccount certificate expired.

When attempting to refresh it, below error message appears:

  • An error occurred when trying to connect — see logs for details (unless log level is 'Off')

In the Cloud connector ljs_trace.log this can be seen:

  • "at java.lang.Thread.run(Thread.java:807)
    Caused by: com.sap.scc.servlets.SccHandshakeException: SCC handshake failed: 403 — Forbidden"

In the Cloud connector ljs_trace.log this can be seen:

  • #INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-6# #Returned Http Response with code 401

Environment

  • SAP Cloud Connector (SCC)
  • SAP Analytics Cloud (SAC)
  • Datasphere

Reproducing the Issue

  1. Click "Certificate" button to refresh certificate in SAP Cloud Connector (SCC) subaccount 
  2. Enter user and password -> The error is seen.

Cause

  • This is usually caused by a mismatch of users between the SAC BTP Core Account info and the user credentials being used for the certificate refresh in Cloud Connector. The users needs to be the same. 
  • Another reason is password of the s-user was just renewed in minutes, so the profile of s-user was not yet updated. For example, after renew password, when open https://accounts.sap.com , "reset password" is prompted instead of the profile page.

Resolution

  • Solution 1
    1. Access SAP Analytics Cloud.
    2. Go to the Main Menu > System > Administration
    3. Click on Data Source Configuration and scroll until "SAP BTP Core Account".
    4. Check the email that is displayed there. If it is not yours, choose Edit and set to your email which is associated to an S-user ID.
    5. Try to refresh the certificate in the Cloud Connector with this email and password.
  • Solution 2
    1. After renewing password, double check the logon result in https://accounts.sap.com, if "reset password" is prompted then wait for a little more time until the user is synced.

See Also

  • 2950537 - Subaccount certificate expired from SAP Cloud Connector
  • 2397165 - How do I connect SAP Analytics Cloud (SAC) to the SAP BTP Cloud Connector and SAP Analytics Cloud Agent?

Keywords

 Authorization, handshake, unauthorized, 401, SCC handshake failed: 403 — Forbidden, SAP BTP Core Account, credentials, SAC Subaccount, Certificate, Refresh, Cloud Connector. , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , LOD-ANA-ADM , SAC Administration , How To

Product

SAP Analytics Cloud 1.0