Skip to Content
Previous

Troubleshooting UAA Errors

By Lsubatin

Troubleshooting authentication error message when using XS Advanced client to log in to SAP HANA

How-To Details

When attempting to log in to the XS Advanced engine from the XS Advanced Client, the following error occurs: Authentication failed. UAA at http://your-host:30030 uaa-security is not up.

The error occurs when trying to log in to XS in HANA using the XS Advanced Client with command xs login –a http://hostname:30030.

There seem to be plenty of root causes for this issue, involving different components and, of course, different possible solutions. This How-To document covers some of the common root causes and how to identify them.


Step 1: Make sure UAA is up

Discard the obvious first and make sure the service is running.

Open the SAP HANA Cockpit and scroll to the SAP HANA Database administration:
SAP HANA Cockpit

Manage Services:

Manage Services

Find xsuaaserver in the list.

Step 2: Ensure all components are up to date, including the XSA Client

Not having the latest version of the XSA Client can also be the cause for the uaa-security is not up error. You can find the latest version of SAP Web IDE and XSA Client from the marketplace.

Step 3: Make sure the proper access is granted to the user you are logging in with

Lack of proper access will lead to even more notable errors, such as an XSA not authorized error. As of SPS12, Patch 1, you will need to assign the right role collections to the user you are connecting with

    i. To create role collection:
    1. Open to Application Role Builder tile
    2. Press on the menu button on the left upper corner. Choose Role Collection.
    3. Press on the **+** sign on the right bottom to create a new Role Collection.
    4. Provide the name (e.g. WebIDE_Developer, WebIDE_Administrator) and assign Application Role:
      1. WebIDE_DEVELOPER role collection, select app name - webide!1, role template = application role - WebIDE_Developer
      2. WebIDE_ADMIN role collection, select app name - webide!1, role template = application role - WebIDE_Administrator
    5. Save
    ii. Assign Role Collection to a user
    1. Open User Management tile
    2. Select a user
    3. Got to Role Collection section -> add WebIDE_xxxx role collection accordingly

You can find more details here: https://blogs.sap.com/2016/08/16/sap-web-ide-for-sap-hana-sps-12-patch-1-tips-and-tricks/

Alternatively, you can test these steps by copying the preconfigured user into a new one, applying the proper role collections and enabling the access to the space with command xs set-space-role.

Step 4: Check the right ports are open

If you look at the message thrown by the client, you will find that although you explicitly call port 30030 in the API_URL parameter, the error message returns port 30032. Not having the right ports open would mean more errors when trying to connect to other sites, as login requests will go through the UAA.

This means we need to make sure communications into those ports are free of blocks:

  1. Make sure the instance has the proper ports enabled. In CAL, the configuration would look like this for this scenario from `Access points` section in the Virtual Machines tab:
    image 1
  2. If you are running behind a local or corporate firewall, VPN and/or proxy, make sure traffic is coming in and out. There are some quick ways to check network traffic is flowing freely without installing complex tools. The following commands can be executed from a terminal or command prompt and can help uncover a network issue:
    1. - ping `hostname`, e.g: ping http://vhcalhdbdb
      If, for example, you forgot to configure your hosts file, the host name will not get resolved and you will get a message similar to `Ping request could not find host xxxxx. Please check the name and try again`. Please remember to configure your hosts file with the reachable, external IP of the server.
    2. - telnet `hostname port`, e.g., telnet google.com 80
      If the connection is somehow unavailable, you will get a message similar to Could not open connection to the host, on port 22: Connect failed . Any other message probably means that the server and port are reachable, although not all servers and ports are available for telnet. A `Connect failed` clearly indicates the connection cannot be established.
Step 5: Check the Hostname

If you recently performed an upgrade, make sure the hostname and Fully Qualified Domain Name (FQDN) are still correct. The file /etc/hosts in the operating system of the HANA instance contains this information

Next Steps

Updated 12/05/2017

Time to Complete

20 Min.

Beginner

Prerequisites

  • Systems used: SAP HANA SPS12, SAP HANA, express edition

Next Steps

Next
Back to top