SAP Agent is not connecting via SNC: "Unencrypted communication is rejected"


Article ID: 196819


Updated On:


CA Automic Workload Automation - Automation Engine


While trying to implement SNC communication with the SAP Agent towards a SAP System with SNC enabled, the Agent refuses to connect to SAP as the certificate seems not to be used by the Agent.
Error in the Agent log:

20200707/174311.357 - U02004172 Error while calling function module 'RFC_SYSTEM_INFO'.
20200707/174311.357 -  Initialization of repository destination XX failed: Unencrypted communication is rejected by this system on SAP_SYSTEM


Agent SAP had been started by a Service Manager that had not set the necessary environment variables (SECUDIR among others)


Release : 12.x


Subcomponent: Agent SAP


To fix the problem, please start the SAP Agent manually from a shell where the SECUDIR and other related SAP SNC variables are set or from  a Service Manager that has these variables set.

In order to find out what are the environment variables of a process on AIX, try the command:

ps eww PID_OF_THE_PROCESS | tr ' ' '\n' | grep = | sort

For example:
[email protected]:/automic/uc4/agents/FRSTAIX727_WO122_SAP121/bin#export SECUDIR=/tmp
[email protected]:/automic/uc4/agents/FRSTAIX727_WO122_SAP121/bin#java -jar ucxjr3x.jar &
[1] 13107356
[email protected]:/automic/uc4/agents/FRSTAIX727_WO122_SAP121/bin#ps eww 13107356 | tr ' ' '\n' | grep = | sort

Additional Information

You can set the SECUDIR and its environment variables by following these steps:

1. Created SECUDIR in my users home dir. eg. /home/uc4/sec

2. Set the ENV variable of SECUDIR=/home/uc4/sec

3. Placed my in the SECUDIR directory.

4. Used sapgenpse utility to create the SAPSNCS.pse with the root signed ca cert.

5. Initialized the .pse with user uc4 (user who starts the agent). ./sapgenpse seclogin -p SAPSNCS.pse


running seclogin with USER="uc4"
 Added SSO-credentials for PSE "/home/uc4/sec/SAPSNCS.pse"

6. Enable SNC in connection object and add the library for the cryto:


7. lastly partner name in connection was provided by SAP team as their application give that output.


Check SAP notes: