Symptom
On Cloud Connector, the SAC subaccount certificate expired.
When attempting to refresh it, below error message appears:
- An error occurred when trying to connect — see logs for details (unless log level is 'Off')
In the Cloud connector ljs_trace.log this can be seen:
- "at java.lang.Thread.run(Thread.java:807)
Caused by: com.sap.scc.servlets.SccHandshakeException: SCC handshake failed: 403 — Forbidden"
In the Cloud connector ljs_trace.log this can be seen:
- #INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-6# #Returned Http Response with code 401
Environment
- SAP Cloud Connector (SCC)
- SAP Analytics Cloud (SAC)
- Datasphere
Reproducing the Issue
- Click "Certificate" button to refresh certificate in SAP Cloud Connector (SCC) subaccount
- Enter user and password -> The error is seen.
Cause
- This is usually caused by a mismatch of users between the SAC BTP Core Account info and the user credentials being used for the certificate refresh in Cloud Connector. The users needs to be the same.
- Another reason is password of the s-user was just renewed in minutes, so the profile of s-user was not yet updated. For example, after renew password, when open https://accounts.sap.com , "reset password" is prompted instead of the profile page.
Resolution
- Solution 1
- Access SAP Analytics Cloud.
- Go to the Main Menu > System > Administration
- Click on Data Source Configuration and scroll until "SAP BTP Core Account".
- Check the email that is displayed there. If it is not yours, choose Edit and set to your email which is associated to an S-user ID.
- Try to refresh the certificate in the Cloud Connector with this email and password.
- Solution 2
- After renewing password, double check the logon result in https://accounts.sap.com, if "reset password" is prompted then wait for a little more time until the user is synced.
See Also
- 2950537 - Subaccount certificate expired from SAP Cloud Connector
- 2397165 - How do I connect SAP Analytics Cloud (SAC) to the SAP BTP Cloud Connector and SAP Analytics Cloud Agent?
Keywords
Authorization, handshake, unauthorized, 401, SCC handshake failed: 403 — Forbidden, SAP BTP Core Account, credentials, SAC Subaccount, Certificate, Refresh, Cloud Connector. , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , LOD-ANA-ADM , SAC Administration , How To
Product
SAP Analytics Cloud 1.0