Skip to end of metadata
Go to start of metadata

Troubleshooting Guide for End-User Experience Monitoring

in SAP Solution Manager 7.0 EHP1 SP23-25


Design Time

Unable to render {include} The included page could not be found.


Editor finished execution half way of a replay without any error infomation. Go to workspace\.metadata\.log,
there is some OOM identified.


Open EemEditor.ini file and add the following parameters to increase the Java heap size: -XX:MaxPermSize=64m, -Xmx128m

You are recording SAPGUI Script under usage of a F4 help dialog and action dumps with
"Runtime error MESSAGE_TYPE_X has occurred occurs"


Open the SAPGUI menu HELP => SETTINGS => tab F4 Help

Set Display radio button to "Dialog(modal)"

Configuration Time

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.

Run Time

EEM Robot

Unable to render {include} The included page could not be found.


EEM Robot fails to execute SAPGUI script due to missing privilegs of MS Windows service-user "SAPService<DASID>"


Add the "SAPService<DASID>" to group Administrators and restart the EEM Robot

java.lang.RuntimeException: No implementation for SHA or MD5: no such provider: IAIK


Follow the description to enable SSL for WSnotify.


Revert to http.


SAPGUI script aborts at step 3 with exception The control could not be found by id

The issue is caused by the configuration of the backend ABAP system in respect to multiple user logons. 


A SAPGUI script is recorded after the login procedure; the login procedure is not part of the recording.  To handle the logon the EEM Editor automatically adds the necessary steps. During the import it inserts 4 specific steps bevor the “main” the script logic.

From those 4 the steps 1 and 2 handle the regular login. The step 3 and 4 are conditional steps which are automatically inserted by the EEM Editor to confirm the multi login pop-up. That is, to handle the situation, when an active user session already exists and the backend system prompts the user on which actions he wants to take: “terminate the current logon”, “terminate other logons” or  the “continue with this logon, without ending any other logon”. The steps 3 and 4 will attempt to select the “continue with this logon” checkbox in the corresponding pop-up window and press the “login”. 


However, in some systems multiple login is not allowed (setting profile parameter login/disable_multi_gui_login). In this case the step 3 will always fail. It will try to find that “continue with this logon” checkbox which simple won’t be presented in the backend system. If the system does not allow multiple logons this pop-up has only two checkboxes, and the login will not succeed. All further steps of the script will probably fail either. The error message “FAILED: control could not be found by id” means that the particular “third” checkbox could not be found.


The issue may not occur in the EEM editor and the SAPGUI script work fine. The situation is typically different in the Solution Manager system, if multiple robots are login on the ABAP system with the same user credentials and if by chance two robots/executions happen to run in parallel or shortly one after another.


To get the script running successfully you have the following options:

  1. Configure different users per robot. Use for each script execution another user. This can be reached by setting the properties sapgui.user and sapgui.password in scope  script_on_robot (different for each script instance on the robots).
  2. Change the type of the user to SERVICE. This will prevent the pop-up for this user and as the advantage that the password will not expire.
  3. Allow multiple logons with same user in the backend systems. Add the user to the profile parameter login/multi_login_users
  4. Avoid parallel executions of the script. Synchronize executions in a way that a robot always logs out before another one tries a logon. See also Script Synchronization and Serialization


When executing a https script you get the exception"java.lang.NoClassDefFoundError: javax/crypto/SunJCE_b"

Jce-policy file is not extracted to the lib\security folder of the SAP JVM during the installation of agent 7.11 (SAP Note 1234387), which makes the https doesn't work for EEM.


  • Download the JCE jurisdiction policy files as described in SAP Note 1240081.
  • Unzip it and copy the two JAR files, local_policy.jar and US_export_policy.jar, in the following folder:
  • On Unix platform do not forget to set the owner of the files to the Diagnostics Agent user (<dasid>adm:sapsys) and to set the permissions mode to 777.
  • Restart the agent.
  • Goto the folder \usr\sap\<AGENT_SID>\<AGENT_INSTANCE>\exe\sapjvm\jre\lib\security and check if the local_policy.jar and US_export_policy.jar exist. If not, please also copy the local_policy.jar and US_export_policy.jar to this folder.

You are running a script which aborts with " Connection timed out: connect"


Check if a proxy is required to reach the url.
Set the properties and http.proxy.port to the corresponding values and set http.proxy.enable to true.

Depending of the called system it might be required to set properties in different scopes:

  • If the called system and therefore the script always require these proxy properties you need to set them in the editor in the script properties (in the scope of the Script):
  • If the location/robot always require a proxy to reach called system(s) you need to set these proxy settings in SOLMAN_SETUP in the scope of the Robot:
  • If the called system requires requires these proxy settings only from some locations you need to set them in SOLMAN_SETUP in the scope of the Script on Robot:




You are running a https script which aborts with " java.lang.UnsupportedOperationException"


Check if the script has a valid truststore or if the password for the global password is set.
When the password for the global truststore is not set you can add in eem_admin for the scope global the property
global.trustore.password and set it to eemstore.



When executing a script the following exception is thrown:

EXCEPTION PKIX path building failed: unable to find valid certification path to requested target[
Issuer: CN=Company CA 5, OU=Trust Center Company, O=Company Services GmbH, C=DE
Subject:, C=DE, ST=NRW, L=Anywhere, Company GmbH
SerialNum: 8166
Expires: Thu Nov 25 08:25:04 CET 2010
Index: 1

Issuer: C=BE, O=GlobalSign nv-sa, OU=RootSign Partners CA, CN=GlobalSign RootSign Partners CA
Subject: CN=CompanyCA 5, OU=Trust Center Company, O=Company Services GmbH, C=DE
SerialNum: 40000000001094550f4da
Expires: Thu Feb 07 12:00:00 CET 2013
Exception: null
Index: 2

Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Subject: C=BE, O=GlobalSign nv-sa, OU=RootSign Partners CA, CN=GlobalSign RootSign Partners CA


At least one of the bold written certificates above must be entered to the truststore (either global trustore or script specific truststore).

Please check 'How to Import HTTP Trust Certificate'  to import the certificate.

How to identify which truststores are used and what is contained?
To get information which certificates are already part of which truststores you have to increase tht log level of SMDAgentApplication.log of an SMD Agent to Debug and then stop and start the script. This is an extract of the output:
Info - loadKeyStore: Return the cached key store for file <Agent_path>\exe\sapjvm_5\jre\lib\security/cacerts
Debug - dumpKeys: TrustedCertificateEntry Subject:CN=VeriSign Class 1 Public Primary Certification Authority ...
Debug - dumpKeys: TrustedCertificateEntry
Info - loadKeyStore: Return the cached key store for file <Agent_path>\SMDAgent\applications.config\\scripts/<Script_Name>/trustStore.jks

Debug - dumpKeys: TrustedCertificateEntry,C=DE,ST=...
Info - loadKeyStore: Return the cached key store for file <Agent_path>\SMDAgent\applications.config\
Debug - dumpKeys: TrustedCertificateEntry,C=DE,ST=...

Monitoring UI:

The Monitoring UI does not display any script executions. You just see the deployed scripts with grey icons and status 509 or 109.
The system does not get any notifications from the robots. There could be several reasons:

  1. The user for sending the notifications is locked
    The user for sending the notifications is stored on each robot. If the password is changed in user master record (SU01) and not in the setup application the robots use still the old password. But even if the password is changed in the the setup application it might happen that there is a small overlap when robots still using the old password until they receive the new password. The user can be unlocked in SU01. The name of the user is specified with parameter wsnotify.user .
  2. Accepting notifications is disabled
    For 7.1 in the setup application (SOLMAN_SETUP) and for 7.01 in eem_admin accepting notifications can be disabled globally.
  3. Robots are not available
    If robots are not reachable they are usually displayed at disconnected and they cannot send any notification.
  4. URL for sending the notification has been changed or is not correct
    The URL (including protocol, host and port) has been changed or is not correct. This might happen if the URL is using a host name and port for the message server that is not reachable from the robot location. The URL can be adapted by adjusting the parameter wsnotify.url .
  5. Notification is using https but iaik files are not installed. In SMDAgentApplication.log you can find this exception
    java.lang.Exception: Could not create https handler:java.lang.ClassNotFoundException iaik.protocol.https.Handler
    See also
  6. After upgrading to Solution Manager 7.20 some robots cannot send notifications.
    See also AiEemBulkNotificationSt is not found

In general you should check the SMDAgentApplication.log of the robot if there is an error when sending the notification.


You cannot see any system data in the Monitoring UI or jump-in to E2E Trace is not available.

Executions (Timestamp and steps below) are written with bold letters if system data or a trace is available. If the execution is triggered with a trace level > 0 the text is written in italic letters.
Currently there are 3 types of scripts where system data or traces can be collected/displayed:

1. HTTP Script for SAP J2EE based applications

System data/traces are only available if tracing has been enabled (Run Script with trace or Set temporary configuration). It is possible to configure that HTTP log and DSR records are written always. See also Trace Enabling for EEM  

2. HTTP Script for ABAP based application

System data/statistical records are always available. Detail traces (SQL, ABAP Trace,..) are only available when tracing has been enabled.

3. SAPGUI Script

System data/statistical records are not for all steps available. Detail traces (SQL, ABAP Trace,..) are not possible at the moment.


When system data/traces are missing (see description above) you can check the following steps:

1. The parameter "Expire in seconds" of temporary configuration should have a value higher than 60 seconds (default 1800)
2. Is the script assigned to a technical scenario (are systems assigned to the script)?

3. Is the extractor running?
4. Check the log of the extractor.

If there is an error message like

Trace collection failed: 1/0 exceptions occurred during synchronous/asynchronous trace collection.

an error occurred during trace collection in Solution Manager J2EE and  you need to check the log viewer of the Solution Manager Java Stack.

- Start the NWA log viewer ( /NWA -> Monitoring -> Logs and Traces -> Show Default trace.

- open the filter and enter:  location   contains and click on 'Apply filter '

From the screen shot above it is clear why the trace collection aborted (SMD Agent cannot be reached at this time) but in other cases when the BusinessTransaction*.xml could be retrieved it makes sense to start a single analysis just with one file that is uploaded in the E2E Trace application for the system.

- Get the BusinessTransaction.xml from robot

- Open the E2E Trace application from the RootCause Analysis workcenter for the system you want to collect the trace.

- Upload the BusinessTransaction.xml and check the progress and in parallel the default.trc as mentioned above.

Known Problems
1. HTTP Script for SAP J2EE based applications
-HTTP log or DSR records could not be found.

2. HTTP Script for ABAP based application
-ICM HTTP log does not have the correct format.

3. SAPGUI Script
-ABAP Statistic records could not be found because the time difference of Robot and called system is too high.

4. In SAP Solution Manager 7.1 SP03 and SP04
- No system data can be found if the Technical Scenario name has been created including lower case characters. Because of a data element change it is possible to create Technical Scenarios with lower case but internally another data element was used which translates them to upper case. The problem is solved with SP05. As a workaround in SP03 and SP04 you need to create the Technical Scenario name only in upper case.


  • No labels