404 - Not Found error
Target host: transaction-engine.tax.service.gov.uk" and port 443, it gives "404 - Not Found" on test connection?
The configuration changes can be broken down into the following two requirements for the interface HR_GB_EFO_RESP_OUT.
1. If not already present in your system, add a new configuration for the SUBMISSION with the condition /p1:GovTalkMessage/p1:Header/p1:MessageDetails/p1:Function = delete
2. You probably already have the POLL in your system. Now add the condition /p1:GovTalkMessage/p1:Header/p1:MessageDetails/p1:Function NE delete to this configuration
Make sure that the communication channels point to the correct SM59 destinations for both submission and poll (which you have pointed to the new transaction engine).
401 UNAUTHORIZED error
It means, that the request has not been applied because it lacks valid authentication credentials for the target resource.
The server generating a 401 response MUST send a WWW-Authenticate header field1 containing at least one challenge applicable to the target resource.
Please try to check again, if you are logged in or the Secure Access is valid.
Most common reason I have encountered for this problem is authorizations on installation. You must have both network and local machine admin rights when installing content server software. If you don't, the installation will be successful but you encounter the 401 error. Try reinstalling with correct authorization and you should resolve the issue.
You could also try on the contentserver, to set the authorizations of the SAP Contentserver folder to EVERYONE FULL CONTROL. After this, you are no longer prompted for a user/pw in csadmin.
Certificate issue will also cause same situations like this. Just select the content repository (Tcode: cdadmin) and go to certificate tab and check whether the correct certificate is assigned .
See note 1800664 for instructions in deleting, resending, and reactivating your certificates.
HTTP error code: 400, error text: ICM_HTTP_CONNECTION_FAILED
Issue can be resolved by creating the communication channel in the PI. Missing communication was identified by new FPS configuration version 1.1. Can be found in Note:
2095195 - PY-GB RTI Legal Changes for Tax Year 2015/2016
Communication error in B2A Manager
The advice we give most customers is that 2 RFCs should be created in the XI ABAP system using note 1614588. These are normally named: GB_DPS and GB_DPSRetrieve
At sm59 for GB_DPS and GB_DPSRETRIEVE, in the tab 'Logon & Security',for SSL Client Certificate, select 'ANONYM SSL Client (Anonymous)' from the drop down and also in transaction STRUST, you should load the certificate under SSL Client Anonymous.
Another helpful Note is 2149035 - Incoming Efiling DPS for GB payroll fails with "Error in Communication"
Further on, make sure your PI configuration is up-to-date!
Check your PI config against the latest RTI Legal Changes Guides.
The latest patch levels available are:
SAPCRYPTOLIB 5.5.5 PL38
CommonCryptoLib 8.4 PL35
Those files can be found at following location:
https://support.sap.com/swdc -> Installations and Upgrades -> Browse our download catalog -> SAP Cryptographic Software -> SAPCRYPTOLIB
>> If it’s lower than 24:
Please read through the steps in SAP Note 1386889, it includes a fix that searches for the Alternative DNS entries where Pl is 24 for SAPCRYPTOLIB.
455033 - SAPCRYPTOLIB versions, bugs and fixes.
HTTP client code 110 reason HTTPIO_PLG_CANCELED
Manually update the icmbnd executable, taking a copy from another upgraded system which has the same kernel, and was updated manually. Update the owner and permissions to allow it to connect to port 443. Further details in the attachment DPS URL in note 1614588 it shows the service 443. Also helpful, but an older Note is 1568707.
1. Please check if the certificate downloaded and imported to your PI system through STRUST transaction is the correct one.
2. Then check the SM59 settings for the rfc destinations GB_DPS and GB_DPSRETRIEVE, as per Note 1614588.
3. Kernel patch needs to be checked to confirm to be on a higher level.
Connection to HMRC fails with SSSLERR_SERVER_CERT_MISMATCH
Customers should be able to download the certs directly from the target URL and upload to STRUST of the XI ABAP system - this is mentioned in the key BASIS note 1094342.
As mentioned in note 1094342 the general steps to export a certificate are -->
Use your Internet browser to connect to the required destination address e.g 'https://....'. - in this case
As soon as the connection has been established, display the security details (usually, by double-clicking the lock/padlock symbol). Display the certificate of the server. Export the server certificate into a file. If necessary, open the certificate or the certificates of the certificate chain from the certificate hierarchy, and also export this certificate or these certificates. This is then imported to STRUST of the XI ABAP system. If you are having issues with one browser/version doing this try a different browser product or a different browser version.
Also FYI 1614588 contains a ZIP file which provides example steps for Firefox.
The certs that are due to expire are for DPS - incoming efiling (P6/P9 etc) - the certificates for outgoing efiling should still be valid until Sept 2015 according to note 1925708.
HTTP/1.0 405 Method Not Allowed
The 405 issue is a new behaviour of DPS and probably this is mainly because of some recent changes to DPS service by HMRC. METHOD NOT ALLOWED error was coming because a test connection sends empty data in the request. When the report is run this does not happen and hence the result.
As per note 1094342 a workaround would be to lift the latest certs directly from the URL,
configure RFCs and upload to STRUST. It would be worth comparing the certs already available with the certs HMRC has online.
Helpful Note: 1925708 - New Government Gateway Security Certificates for eFiling
Also before trying new certs please check your current certs and configuration match note 1432871 recommendations. It could be a mis-match between older documentation/configuration and latest certs from note 1432871 - which is another possible cause for the issue.
The Firewall can also be a problem. Some modifications may be done for authorize to connect to the domain and not to a specific address.
HTTP client code 407 reason ICM_HTTP_SSL_ERROR
Note 2012035 - System failure HTTP client code 407 reason ICM_HTTP_SSL_ERROR.
Error: ‘The submission of this document has failed due to departmental specific business logic in the Body tag’
This error message usually occurs, when there is a misspelling in the XML. This is why usually the XML becomes invalid and the compression error is reported by HMRC.
Further on, please look closely at the data within the XML, you should look for "Hard Space" in them. This is a formatting option (probably used in MS Word) but which is not allowed in XML transmissions.
For example an empty space between two words is a hard space. In order to see this, you need to cut and paste it from the XML file into Word.
Hard spaces are represented by the "degree" symbol. Hard spaces are very hard to detect by just looking at data, and are not allowed in XML transmissions.
In order to remove hard spaces from data, a note has been released to solve this problem. The note is 2040670 (see point 3).
Please implement this note and generate the XML again.
HTTP client code 402 ICM_HTTP_TIMEOUT
Regarding the 402 ICM_HTTP_TIMEOUT issue, you might find helpful details and explanations of the possible cause and how to solve it in the following Notes:
1929464 - 402 ICM_HTTP_TIMEOUT 500 Connection timed out
1161469 - XI runtime: Interpretation of timeouts
824554 - ICM and SAP Web Dispatcher Timeout Parameter
Runtime exception occurred during application mapping com/sap/xi/tf/_HR_GB_EFO_EXB_OUT_Resp_; com.sap.aii.utilxi.misc.api.BaseRuntimeException:RuntimeException in Message-Mapping transformation: Cannot produce target element /ns4:GovTalkMessa~<(><<)>/SAP:Stack>
Interface HR_GB_EFO_RESP_OUT has the belw name spaces to choose from:
>> Resp in should always use 2005 namespace
- HTTPIO_PLG_CANCELLED errors occur for several reasons and the reason itself simply indicates that the http plugin was cancelled.
It could be due to a timeout, a broken connection, a manual cancel by the client…etc. Note 1568707 applies to a very specific scenario when the ICM is acting as a client. Not working all the time, its an old note, Customers should have it.
- Please try the following options in troubleshooting this issue.
1. Switch to "logon & security" tab and disable HTTPS there (e.g., set SSL to "inactive").
2. Increase the TIMEOUT and PROCTIMEOUT parameters for the ICM using icm/server_port_ <xx> parameter.
3. Increase icm/HTTP/max_request_size_KB and test the connection.
- First please ensure that you are using the latest version of the SAPHttp, the path to the latest version can be found in note 164203 - Problems with SAPHTTP
Then please set the SAPhttp & SAPhttpa traces and recreate the issue. You can use SM59 to activate a trace checkbox for the destinations SAPhttp & SAPhttpa. These traces can be displayed and/or deleted with the report RSHTTP40. Please first delete the SAPhttp & SAPhttpa traces using report RSHTTP40 before recreating the issue as this will ensure new information is captured in the trace. Please see note 1947876 for further details.
- As the error is occurring while sending certificate. Please follow the following instructions to resolve the issue. For each repository the SAP Content Server maintains two files that keep the system certificates in order to verify signatures. Both are named as the repository, one with extension ".cert" and one with ".pse".
These certificates and pse files are stored in the "Security" Directory below the server installation directory (C:\program files\SAP\Content Server\Security).
To resolve the issue, remove all files from the Security directory and make sure that the Security directory has access rights "full control" for everyone.
After that, distribute a new certificate to the content server for the repository in question and activate it. This should produce two files 'your_repository_name.cert and your_repository_name.pse.
Please then test the connection to your content repository in transaction OAC0 and let us know your findings.
Error: „No credentials found for tax ref &1/&2; maintain the appropriate IMG step”
See note 2122486 - PY-GB: FPS, EPS, EYU: "No credentials found for tax ref &1/&2; maintain the appropriate IMG step"
Fatal error for FPS
Please implement SAP Note No. 2152586 - HR GB: FPS Manual poll process fails with fatal error.
Fatal error for EPS
Please implement SAP Note No. 1974689 - PY-GB: RTI FPS and EPS corrections attached should solve the issue.
HTTP server code 500 reason Internal Server Error
The problem might not occur because of the Data, but because of the Target system. It’s a good idea to try and post other messages and see their results.
There are other options to test the target system with the same payload and confirm whether the problem lies at PI or target system. There are free standard http client tools available online. Please try and use any tool and post the message outside PI and see if that helps.
Please refer to this sample link:
Communication error: Error raised by Middleware
Error during XML => ABAP conversion: Response Message; CX_ST_MATCH_ELEMENT
This error occurs when no Operational Mapping has been added for the relevant scenario in PI. OM is mandatory for all RTI submissions. Please check this for the relevant scenario and correct the PI configuration according to the attachment of the relevant tax year's PY-GB "RTI Legal Changes" note.