Troubleshooting SAP configuration for Azure Logic App SAP trigger

  • Article

When you create a Logic App with the SAP connector trigger "When a message is received from SAP", the configuration of SAP is non-trivial, especially for engineers not familiar with SAP.

The first step is to create the connection itself. As you add for the first time either a trigger or an action from the SAP connector it will prompt you to create a connection, which if you don't all the connection parameters quite right may fail. In case you do not get all the error details in the Logic App Designer, enable network tracing under the F12 debugging tools of your internet browser (details for Edge network tracing here, details for Chrome network tracing here). Reproduce the connection creation failure and look for an HTTP call failure, look then at the response payload for that failure. You might find there for instance a failure to locate assembly SAP .NCo, and need to follow prerequisite step of download and install the latest SAP client library.

You will need from SAP the program id to which you will register your RFC Server, aka tp partner in SAP terminology. If you don't have one already, create a new TCP/IP type connection in SM59 opcode (Configuration of RFC Connections) of the SAP Logon GUI.

The activation type for that new destination must be "Registered Server Program".

When you use the SAP built-in "Connection Test" for that RFC connection prior to creating the Logic App with the SAP trigger, you should get an error "Program ID not registered". This is also the error you get if you disable or delete the Logic App later.

Then you enter the required details of your registration in the Logic App SAP trigger - SAP gateway host, service name or port, program id. Optionally you may provide a filter array of SAP action URIs so only specific RFC/BAPI/IDOC calls are sent to your Logic App. Once you save your new Logic App with its trigger, the RFC Server registration will happen.

As you save the Logic App the trigger registration call is asynchronous. So you need to look at the trigger history (under the Logic App Summary Evaluation) to confirm it was successful.

This is an example with a failed registration, that was followed by a successful registration, followed by a successful call by SAP of Logic Apps (the entry tagged 'Fired').

Here is the input details of a subscribe call for a new trigger:

You may have succeeded saving the Logic App itself because the connection and parameters were valid as far as Logic App can assert, but the asynchronous registration may fail, which Logic App designer doesn't know.

Here for instance the On-Premises Data Gateway was not connected to the VPN on which the SAP system resides, so the registration call timed out on failure to reach the IP address:

Then connecting the OPDG to the SAP VPN, the registration succeeded. Note the specific response code 'Created', indicating that the OPDG did not have such SAP webhook registered before and created it accordingly:

Note also the renewal internal of 5 minutes. This is to ensure that if the OPDG malfunctions for some reason, such as event of the hosting machine restarting, the webhook registration is repaired within 5 minutes of the OPDG coming back online. If you have an high availability setup of the OPDG, the fail-over OPDG will receive the renewal notice and realizing the webhook is not in its list will create it again. Here is an example respond for a renewal when the registration was already active (no call made to SAP in this case), note how the response code is different, 'OK' and not 'Created':

In case you are troubleshooting your OPDG, have restarted the machine or the service and want to test the subscription call immediately, you can disable and re-enable the Logic App with the SAP trigger to force the immediate call to subscribe.

Now with the Logic App registered as RFC Server on the given program ID, you can return to SAP Logon GUI and test the connection successfully:

You can then proceed for a more thorough test by calling an actual RFC in SE37, Function Module op code. Don't forget to provide the matching Program ID as RFC target system. A good start is STFC_CONNECTION. See details of that in earlier post about responding back to SAP.

Now sometimes the trigger registration by Logic App succeed and yet the SAP connection test still fails. You may be able to locate with the help of a SAP BASIS engineer error in the SAP Gateway logs such as:

LOCATION    SAP-Gateway on host

SAP*****.*****.cloudapp.

net / sapgw00

ERROR       registration of tp DAVIBURG-P722 from host ??? not allowed

TIME        Tue May 07 18:49:57 2019

RELEASE     753

COMPONENT   SAP-Gateway

VERSION     2

RC          720

 

MODULE      D:/depot/bas/753_REL/src/krn/si/gw/gwxxrd.c

LINE        4184

COUNTER     900142

A couple of configuration aspects of SAP should be investigated in such case, starting with the SAP gateway security parameters. Please refer to the SAP documentation https://help.sap.com/doc/saphelp_nw73/7.3.16/en-US/48/ad5b358bc96744e10000000a421937/content.htm?no_cache=true

Also, the SAP user account you are using to connect to SAP must be allowed to register as RFC Server. The user account may have for instance the role SAP_BC_AI_LANDSCAPE_DB_RFC to authorize this. This can be configured in either of SU01 (single user) or SU10 (bulk edit of users).