Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

An SNC client is trying to connect to an ABAP Application Server via SNC and gets a client or server error message.
The error message includes a short error text and an error code. These error codes are also written into the trace and log files on the server side.

 

A2200204 Unspecified internal error. See logs.

This is an unspecified error that occurred on the client side. Activate the traces for further analysis of the problem.

A2210204 Unspecified server error.

This is an unspecified error that occurred on the server side. Activate the traces for further analysis of the problem.

A220020D Received alert with an unknown error code.

Sent by the server to report problems with the client configuration or environment. The error means that a received alert message with an error code is unknown to the client. This might be caused if a server is newer than the client.

A2200202 Actual server name differs from requested one.

The name of the server's certificate used for authentication does not match the configured SNC name on the client. This might mean that a man-in-the-middle attack has been attempted.

A2200203 Ill formatted GSS name.

The client configuration entry "serverSNC name" has a format which cannot be processed properly.

A2200207 Configuration: Protocol parameters inconsistent

The protocol parameters gss/client/protocol_XXXX in the client configuration file gss.xml are missing or disabled.

A2210207 Server configuration: Protocol parameters inconsistent.

The protocol parameters gss/server/protocol_XXXX in the server configuration file gss.xml are missing or disabled.

A220020A improperly formatted or erroneous configuration.

The GSS configuration file (gss.xml) is not a well-formed XML file, or contains illegal parameter values.

A221020A improperly formatted or erroneous server configuration.

The server's GSS configuration file (gss.xml) is not a well-formed XML file, or it contains illegal parameter values.

A220023A Client signature mode not accepted by server.

For authentication, the client uses a signature certificate, a mode, which is rejected by the server.

A221023A Client signature mode not accepted by server.

For authentication, the client uses a signature certificate, a mode, which is not accepted by the server.

A220023B Client encryption mode not accepted by server

For authentication, the client uses a encryption certificate, a mode, which is not accepted by the server.

A221023B Client encryption mode not accepted by server .

For authentication, the client uses an encryption certificate, a mode, which is not accepted by the server.

A2200205 Have no key to sign with.

The GSS client had to provide a digital signature, but did not find an adequate private key and certificate.

A2210205 Server has no key to sign with.

The GSS server had to provide a digital signature, but did not find an adequate private key and certificate.

A2200208 No certificate found.

This error code is not used any more with version 2.0 or higher.

A220020C Chosen certificate does not match a required crypto operation.

A certificate does not meet the requirements for the selected crypto operation. Check your SNC configuration. For example, you may have chosen a key and a certificate for RSA, but the required extensions for encryption or signature are missing.

A2200215 Failed to get a Kerberos ticket.

Cannot get a Kerberos ticked. Perhaps the user is logged on to the wrong or to no domain, or the configured server name is wrong, or no domain user has been created for the server.

A220022E Own certificate uses unknown algorithm.

The own client certificate has an unsupported key type.

A221022E Server certificate uses unknown algorithm.

The own server certificate has an unsupported key type.

A2200206 Failed to provide signature.

An error occurred while generating a signature. Maybe there is a problem with the middleware or driver.

A2210206 Server failed to provide signature.

An error occurred while providing a signature on server side. Maybe there is a problem with the middleware or driver.

A2200209 Decryption: Private key operation failed.

The private key cannot be used for decryption. Maybe there is a problem with the middleware or driver.

A2210209 Decryption: Private key operation failed on server.

The private key on the server side cannot be used for decryption.

A2200214 Token/PSE error.

This error code is not used any more with version 2.0 or higher.

A2210214 Token/PSE error on server.

This error code is not used any more with version 2.0 or higher.

A2200216 Error in Kerberos en/decryption.

Internal error occurred when processing the encrypted Kerberos ticket on the client side.

A2210216 Server failed to en/decrypt Kerberos ticket.

Internal error occurred when processing the encrypted Kerberos ticket on the server side.

A2200219 Symmetric cipher, hash or pseudo random function operation failed.

Internal error occurred when processing cryptographic algorithms.

A2210219 Symm. cipher, hash or pseudo random function failure on server.

Internal error occurred when processing cryptographic algorithms.

A220020B Initialization of GSS library failed.

Components may be missing or have been misconfigured. Check your SNC installation and traces for details.

A220020F No agreement about authentication method.

Authentication fails because there is no agreement about the offered authentication methods and algorithm. Perhaps an uncommon key type is used.

A221020F No agreement about authentication method.

Authentication fails because there is no agreement about the offered authentication methods and algorithm. Perhaps an uncommon key type is used.

A2200211 No agreement about algorithms

This error code is not used any more with version 2.0 or higher.

A2200213 Protocol not allowed.

Make sure that the same protocol has been configured for the client and the server.

A2210213 Client requested disabled protocol.

Make sure that the same protocol has been configured for the client and the server.

A220021D No agreement about key exchange algorithm.

Make sure that that the client and the server have credentials for the same key exchange method (Kerberos/X.509).

A221021D Server refuses offered key exchange algorithms.

Make sure that the client and the server have credentials for the same key exchange method (Kerberos/X.509).

A220021E Don't accept kerberos key exchange.

The client wants to use Kerberos, but the server has no keytab.

A221021E Server refuses kerberos key exchange.

The client wants to use Kerberos, but server has no keytab.

A220021F Don't accept certificate based key exchange.

The client wants to use certificate-based authentication, but the server has no certificate.

A221021F Server refuses certificate based key exchange.

The client wants to use certificate-based authentication, but the server has no certificate.

A2200228 No agreement about algorithms (data mac).

Different data MAC algorithms have been configured on the client and server.

A2210228 No agreement about algorithms (data mac).

Different data MAC algorithms have been configured on the client and server.

A2200229 No agreement about algorithms (cipher).

Different cipher algorithms have been configured on the client and server.

A2210229 No agreement about algorithms (cipher).

Different cipher algorithms have been configured on the client and server.

A220022A No agreement about algorithms (handshake hash).

Different handshake hash algorithms have been configured on the client and server.

A221022A No agreement about algorithms (handshake hash).

Different handshake hash algorithms have been configured on the client and server.

A220022B No agreement about algorithms (PRF).

Different PRF algorithms have been configured on the client and server.

A221022B No agreement about algorithms (PRF).

Different PRF algorithms have been configured on the client and server.

A220022C No agreement about algorithms (encoding).

Different encoding algorithms have been configured on the client and server.

A221022C No agreement about algorithms (encoding).

Different encoding algorithms have been configured on the client and server.

A220022D No agreement about algorithms (sign).

Different signature algorithms are supported on the client and server.

A221022D No agreement about algorithms (sign).

Different signature algorithms are supported on client and server.

A2200212 Protocol violation.

Protocol violation detected. Messages were modified during transport. Reason: an attack, a network problem, or an internal error occurred.

A220021B Received invalid handshake checksum.

Messages were modified during transport. Reason: an attack, a network problem, or an internal error occurred.

A221021B Server detected invalid handshake checksum.

Messages were modified during transport. Reason: an attack, a network problem, or an internal error occurred.

A220021C Received an unexpected handshake message.

Messages were modified during transport. Reason: an attack, a network problem, or an internal error occurred.

A221021C Server detected unexpected handshake message.

Messages were modified during transport. Reason: an attack, a network problem, or an internal error occurred.

A2200239 The server does not support client encryption.

Update the Secure Login Library on the server.

A2200210 Peer certificate verification failed.

The verification of the peer certificate failed. See the log files to find out more details about this non-typical error.

A2210210 Verification of own certificate by server failed.

The verification of the peer certificate failed on the server side. See the log files to find out more details about this non-typical error.

A2200217 The verification of the Kerberos ticket failed.

The verification of the Kerberos ticket failed. See the log/trace files for details about this non-typical error.

A2210217 The verification of the Kerberos ticket failed.

The verification of the Kerberos ticket failed. See the log/trace files for details about this non-typical error.

A2200218 An anonymous peer is not accepted.

The client has been configured to run in anonymous mode, but the server does not allow this mode.

A2210218 An anonymous peer is not accepted by server.

The client has been configured to run in anonymous mode, but the server does not allow this mode.

A2200220 Peer certificate expired.

The certificate verification failed because the certificate has expired.

A2210220 Own certificate is expired.

The certificate verification failed because the certificate has expired.

A2200221 Peer certificate not yet valid.

The certificate verification failed because the certificate is not yet valid. This could be a time synchronization problem.

A2210221 Own certificate not yet valid.

The certificate verification failed because the certificate is not yet valid. This could be a time synchronization problem.

A2200222 Peer certificate key usage not accepted.

The certificate verification failed because the certificate has not the appropriate the appropriate key usage.

A2210222 Bad key usage in own certificate.

The certificate verification failed because the certificate has not the appropriate key usage.

A2200223 Peer certificate path not trusted.

The certificate verification failed because the certificate path is not complete (CA certificate is missing), or the root certificate is not trusted.

A2210223 Server does not trust my certificate path.

The certificate verification failed because the certificate path is not complete (CA certificate is missing), or the root certificate is not trusted.

A2200224 Peer certificate was revoked.

The certificate verification failed because the certificate has been revoked.

A2210224 Own certificate was revoked.

The certificate verification failed because the certificate has been revoked.

A2200230 Kerberos ticket uses unknown algorithm.

The Kerberos ticket uses an unsupported algorithm. Analyze the traces for more details.

A2210230 Kerberos ticket uses unknown algorithm.

The Kerberos ticket uses an unsupported algorithm. Analyze the traces for more details.

A2200231 Kerberos ticket uses unknown algorithm.

The Kerberos ticket uses an unsupported algorithm. Analyze the traces for more details.

A2200231 Kerberos ticket not yet valid.

The Kerberos ticket is not yet valid. There may be a time synchronization problem between Active Directory and the server.

A2210231 Kerberos ticket not yet valid.

The Kerberos ticket is not yet valid. There may be a time synchronization problem between Active Directory and the server.

A2200232 Kerberos ticket expired.

The Kerberos ticket has expired. There may be a time synchronization problem between AD and server.

A2210232 Kerberos ticket expired.

The Kerberos ticket has expired. There may be a time synchronization problem between AD and server.

A2200233 Kerberos ticket contains unknown service name.

On the client side, the wrong server SNC name was configured, or the server got the wrong keytab entries.

A2210233 Kerberos ticket contains wrong service name

On the client side, the wrong server SNC name was configured, or the server got the wrong keytab entries.

A2200234 No key for algorithm used in kerberos ticket.

The server got the wrong keytab entries, and an entry for a special algorithm is missing. See traces.

A2210234 Server has no key for algorithm used in kerberos ticket.

The server got the wrong keytab entries, and an entry for a special algorithm is missing. See traces.

A2200235 Name component missing in peer certificate.

The use of a special certificate component as SNC name has been configured, but the certificate does not contain this component nor any of the configured fallbacks.

A2210235 Name component missing in my certificate.

The use of a special certificate component as SNC name has been configured, but the certificate does not contain this component nor any of the configured fallbacks.

A220021A Peer's ephemeral key is not yet valid or expired

This error code is not used any more with version 2.0 or higher.

A221021A Server's ephemeral key is not yet valid or expired.

This error code is not used any more with version 2.0 or higher.

A2200236 The ephemeral key validity is too long.

Configuration error. The value of "ttl" on the client side is greater than the value of "acceptedttl" on the server side.

A2210236 The ephemeral key validity is too long.

Configuration error. The value of "ttl" on the client side is greater than the value of "acceptedttl" on the server side.

A2200237 The ephemeral key is expired.

A temporary key used by the client has expired. Normally the client should have created a new key. Perhaps this is a time synchronization problem between the client and server, or a configuration error: The value of "ParallelSessionsTTL" on the client side is greater than the value of "acceptedttl" on the server side.

A2210237 The temporary key is expired.

A temporary key used by the client has expired. Normally the client should have created a new key. Perhaps this is a time synchronization problem between the client and server, or a configuration error: The value of "ParallelSessionsTTL" on the client side is greater than the value of "acceptedttl" on the server side.

A2200238 The ephemeral key is not yet valid.

This might be a time synchronization problem between the client and the server.

A2210238 The temporary key is not yet valid.

This might be a time synchronization problem between the client and the server.

A2600214 Authentication token is of type NTLM instead of SPNEGO

The browser has send a NTLM token instead of a Kerberos token. This is caused by a client that can not obtain a Kerberos token from the KDC. Please check that the browser configuration is correct, the Service Principal Name (SPN) is unique and the SPN entry is registered for all AS_ABAP aliases.

A2600215 SPNEGO authenticator token contains wrong client name

The user name in the Kerberos token is not the one expected for authentication.

  • No labels