SAP Knowledge Base Article - Public

3503678 - Error: " Timed out waiting for tunnel to open for tunnelId account"

Symptom

The connection type is SAP S/4HANA On-Premise. When validating connection, the error occurs:

---------------------------------------------------------------------

Connection "XXX" couldn’t be established.
- Data flows can’t be used because of errors in the connection.
- Replication flows can’t be used because of errors in the connection.
- Remote tables are disabled. - Model Import is disabled.

Data Flows: Cause: ABAP connector(Axino) ABAP connection check FAILED: request failed: rc=1, msg="Message: Opening connection to backend failed: Timed out waiting for tunnel to open for tunnelId account:///XXX-XXX-XXX-XXX-XXX/<LOCATION_ID>\nCode: RFC_COMMUNICATION_FAILURE"
Please refer to SAP Note 2849542 for more information.
Replication Flows: Cause: ABAP connector(Axino) ABAP connection check FAILED: request failed: rc=1, msg="Message: Opening connection to backend failed: Timed out waiting for tunnel to open for tunnelId account:///XXX-XXX-XXX-XXX-XXX/<LOCATION_ID>\nCode: RFC_COMMUNICATION_FAILURE"
Please refer to SAP Note 2849542 for more information.

Correlation ID: 3f36f666-bcc6-402a-77a3-b758caf36562

---------------------------------------------------------------------

Environment

SAP Datasphere

Cause

Some domains are not added to the on-premise network.

Resolution

Add the following domains (wildcard) to the firewall/proxy allowlist in your on-premise network:

  • *.hanacloud.ondemand.com

      

  • *.k8s-hana.ondemand.com

      

After that, if the error persists, check the SCC logs for the following logs:

#Unexpected exception while establishing application tunnel connection for tunnelId: account:///

...

io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: connectivitytunnel.ingress.dis-6kyxv.di-ap11.shoot.live.k8s-hana.ondemand.com/XX.XXX.XX.XXX:443: connectivitytunnel.ingress.dis-xx.di-<region>.shoot.live.k8s-hana.ondemand.com/XX.XXX.XX.XXX:443

If present, whitelist the IP XX.XXX.XX.XXX in the firewall and try again. 

Run the services.msc as an Administrator and start SAP Cloud Connector.

Keywords

KBA , DS-DI-CON , Connections , Problem

Product

SAP Datasphere 1.0