Skip to end of metadata
Go to start of metadata

It can happen that SAP cloud connector cannot establish a secure tunnel to the SAP cloud platform.

The normal tunnel establishment records similar entries with INFO severity level in the ljs_trace.log file:

ljs_trace.log
#INFO
#com.sap.core.connectivity.tunnel.client.handshake.ClientProtocolHandshaker#notification-client-3-1       
#Sending handshake request for tunnel: account:///c012345abc/centos and host connectivitynotification.ap1.hana.ondemand.com:443|

#INFO
#com.sap.core.connectivity.tunnel.core.impl.context.TunnelRegistryImpl#notification-client-3-1       
#Registered tunnel channel [id: 0xb80c2c8b, L:/xx.xx.52.129:53096 - R:connectivitynotification.ap1.hana.ondemand.com/157.133.97.47:443] for tunnel id "account:///c012345abc/centos" and client id "1C9480707A4011E8C764DF2EC0A83481"|

#INFO
#com.sap.core.connectivity.tunnel.client.notification.NotificationClient#notification-client-3-1        
#Successfully established tunnel channel to notification service: [id: 0xb80c2c8b, L:/xx.xx.52.129:53096 - R:connectivitynotification.hanatrial.ondemand.com/157.133.97.47:443]|

 

However, when connection establishment fails, you need to look for the cloud connector log file ljs_trace.log for details:

Connection timed out

ljs_trace.log
#ERROR#com.sap.scc.rt#http-bio-8443-exec-7#          #Tunnel Connect Failed
java.net.ConnectException: Connection timed out: no further information: connectivitynotification.ap1.hana.ondemand.com/157.133.97.47:443
	at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
	at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
	at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:224)
	at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:289)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:545)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:485)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:399)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:371)
	at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
	at java.lang.Thread.run(Thread.java:745)|

In this case, the SAP cloud connector cannot reach the notification server due to a timeout

The accessibility of the notification server can be checked with networking tools:

tracert tool

On Windows OS check route with tracert tool:

tracert -d <hostname>

C:\Tools\tracert -d connectivitynotification.ap1.hana.ondemand.com

Tracing route to connectivitynotification.ap1.hana.ondemand.com [157.133.97.47]
over a maximum of 30 hops:

  1     2 ms     2 ms     2 ms  xx.xx.xx.1
  2    31 ms    31 ms    27 ms  xx.xx.xx.169
  3    39 ms    38 ms    45 ms  xx.xx.xx.209
  4     *       79 ms    87 ms  xx.xx.xx.225
  5     *       92 ms    86 ms  xx.xx.xx.96
  6    71 ms    43 ms    31 ms  xx.xx.xx.6
  7    50 ms    49 ms    53 ms  xx.xx.xx.6
  8    82 ms    91 ms    99 ms  xx.xx.3.159
  9     *       54 ms    53 ms  xx.xx.204.37
 10   170 ms     *      189 ms  xx.xx.47.10
 11   193 ms   161 ms   166 ms  xx.xx.50.165
 12   270 ms   247 ms   259 ms  xx.xx.115.102
 13   212 ms   251 ms   248 ms  xx.xx.114.18
 14     *        *        *     Request timed out.
 15     *      440 ms   436 ms  xx.xx.48.30
 16     *      467 ms     *     xx.xx.7.202
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19   453 ms   426 ms   466 ms  157.133.97.47

Trace complete.

 

nmap tool

On Windows or Linux systems check route with nmap tool:

nmap -sn -traceroute <host name>

C:\Tools>nmap -sn --traceroute connectivitynotification.ap1.hana.ondemand.com
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-29 09:33 W. Europe Daylight Time
Nmap scan report for connectivitynotification.ap1.hana.ondemand.com (157.133.97.47)
Host is up (0.41s latency).

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   0.00 ms   xxxxxxxxxxxxxxxxxxxxxxxxx.corp (xx.xx.xx.1)
2   0.00 ms   xxxxxxxxxxxxxxxxxxxxxxxxx.corp (xx.xx.xx.169)
3   0.00 ms   xxxxxxxxxxxxxxxxxxxxxxxxx.corp (xx.xx.xxx.209)
4   0.00 ms   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (xx.xx.139.225)
5   ... 6
7   21.00 ms  xx.xx.3.6
8   0.00 ms   xx.xx.3.159
9   17.00 ms  xx.xx.204.37
10  117.00 ms xx.xx.47.10
11  121.00 ms xxxxxxxxxxxxxxxxxxxxxxxx.NET (xx.xx.50.165)
12  237.00 ms xxxxxxxxxxxxxxxxxxxxxxxx.NET (xx.xx.15.102)
13  237.00 ms xxxxxxxxxxxxxxxxxxxxxxxx.NET (xx.xx.114.18)
14  ...
15  406.00 ms xxxxxxxxxxxxxxxxxxxxxxxx.NET (xx.xx.48.30)
16  503.00 ms xx.xx.7.202
17  ... 18
19  400.00 ms 157.133.97.47

Nmap done: 1 IP address (1 host up) scanned in 17.77 seconds

The nmap tool can be downloaded from https://nmap.org/ site.

 

traceroute tool

On Linux system execute command traceroute -n <host name> command:

[root@boxes ~]$ traceroute -n connectivitynotification.ap1.hana.ondemand.com

 

The tunnel establishment can be traced with Wireshark (www.wireshark.org) or tcpdump tools as well.

 

  • No labels