Symptom
After having updated the SAP Solution Manager 7.10 system to SP11/SP12/SP13/SP14 the Diagnostics Agents no longer connect to the Solution Manager, in case the certificate based authenticationis used.
Additionally, in the Agent Administration UI -> Tab “Non-authenticated agents”, the following error is shown:
The following picture describes the issue:
Additionally, in the Agent Administration UI -> Tab “Non-authenticated agents”, the following error is shown:
| Registration error J2EE connection user : CN=SMD_AGT,OU=SAP AGS,O=SAP,C=DE Authentication method: certificate Exception: com.sap.engine.services.jndi.persistent.exceptions.NoPermissionException : Exception during getInitialContext operation. Wrong security principle/credentials. [Root exception is com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.] |
Environment
- SAP Solution Manager 7.10 SP11, SP12, SP13 and SP14.
- SAP Solution Manager Diagnostics
Reproducing the Issue
- Enable the SMDAgents authentication via Certificates method
- Runs Solution Manager 7.1 SP11, SP12 SP13 or SP14 (eventually after an update from 7.1 SP05 and higher)
- Applied NW J2EE patches, like requested in the Solution Manager SAP notes (1953075 or 2020219)
- As a consequence, all Diagnostics Agents are now off-line.
Cause
A security fix present in the latest patch levels of the NetWeaver Java stack (SP14 patch 3 and above) introduced a disruptive change in the way certificate authentication is performed. This non-backward compatible change prevents Diagnostics Agent to
authenticate when they are using certificates.
authenticate when they are using certificates.
