none
Microsoft BizTalk Server Negative Acknowledgment, An error occurred while processing the message RRS feed

  • Question

  • Hello All,

    I'm new to Biztalk I'm trying to call a SAP service and I receive the following error, can you please let me know what exactly this error and what to do for fixing this error. 

    <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP:Body><SOAP:Fault><faultcode>Microsoft BizTalk Server Negative Acknowledgment </faultcode><faultstring>An error occurred while processing the message, refer to the details section for more information </faultstring><faultactor>sap://CLIENT=xx;LANG=EN;@a/xxxxx/09</faultactor><detail><ns0:NACK Type="NACK" xmlns:ns0="http://schema.microsoft.com/BizTalk/2003/NACKMessage.xsd"><NAckID>{0BDF028E-376A-483A-A83E-96D84692F218}</NAckID><ErrorCode>0xc0c0167a</ErrorCode><ErrorCategory>0</ErrorCategory><ErrorDescription>System.Configuration.ConfigurationErrorsException: Unrecognized attribute 'externalIdentificationData'. Note that attribute names are case-sensitive. (C:\Users\xxx\AppData\Local\Temp\Config\eb6d9fad-e73b-4624-811e-83341b3e3e5c.config line 28)
       at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult)
       at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object&amp; result, Object&amp; resultRuntimeObject)
       at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object&amp; result, Object&amp; resultRuntimeObject)
       at System.Configuration.ConfigurationSectionCollection.Get(String name)
       at System.ServiceModel.Configuration.ServiceModelSectionGroup.get_Bindings()
       at Microsoft.BizTalk.Adapter.Wcf.Converters.ConfigurationProxy.GetBindingElement(String wcfExtensions, Type bindingElementType)
       at Microsoft.BizTalk.Adapter.Wcf.Converters.BindingFactory.CreateUserBinding(String wcfExtensions, String bindingName, String bindingConfiguration, String referencedBindings)
       at Microsoft.BizTalk.Adapter.Wcf.Converters.BindingFactory.CreateBinding(String wcfExtensions, String bindingName, String bindingConfiguration, String bindings)
       at Microsoft.BizTalk.Adapter.Wcf.Config.CustomTLConfig.CreateBinding(THConfig thConfig)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.InitializeValues(IBaseMessage message)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2..ctor(IBaseMessage message, WcfTransmitter`2 transmitter)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfTransmitter`2.GetClientFromCache(String spid, IBaseMessage message)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfAsyncBatch`2.BatchWorker(List`1 messages)</ErrorDescription></ns0:NACK></detail></SOAP:Fault></SOAP:Body></SOAP:Envelope>

    Thanks,

    Kush

    Friday, May 6, 2016 10:01 PM

Answers

  • For clarity,

    Logon tickets are not support in SAP adapter with BizTalk server because single logon ticket can expire very soon, however you can always use Impersonation and logon tickets using biztalk dynamic ports where you create new binding for each request.

    I see similiar implementation working on your other machine. You need to debug the functionality and see how this is setup on the working environment.

    Please refer the discussion here:  https://social.msdn.microsoft.com/Forums/azure/en-US/bf309df2-0cfe-457b-be49-bd5eda56cc4c/guidance-on-sso-with-biztalk-and-sap?forum=biztalkr2adapters

    I think your implementation is similar to what has been described by Rohit in the above post:

    ----------------------------------------------------------------------------------------------------------------------------------

    In you scenario I would suggest you use Impersonation  using the following binding properties -

    • ExternalIdentificationData
    • ExternalIdentificationType

    By using this , you will nither have to worry about "how to genrate the ticket" or about "the ticket getting expired".

    These  properties are binding properties.
    So, if you use static port in Biztalk , then you can impersonate only a single user ,
    or use only a single logon ticket (the ticket will expire very soon- this is the reason we don't  support logon tickets with BizTalk).

    However , you  can use both Impersonation and logon tickets using biztalk dynamic ports, creating a new biding for every request ,
    and setting the ExternalIdentificationData /LogOnTicketPassword for the current user .

    --------------------------------------------------------------------------------------------------------------------------------



    Rachit Sikroria (Microsoft Azure MVP)

    Thursday, May 12, 2016 6:59 PM
    Moderator

All replies

  • Hello,

    For Clarity, Error reads 'System.Configuration.ConfigurationErrorsException: Unrecognized attribute 'externalIdentificationData'. Note that attribute names are case-sensitive'

    Please check your machine.config entries for the sapBinding.

    Also verify the web.config. Check for the attribute 'externalIdentificationData' and replace it with 'ExternalIdentificationData'. Refer: Specifying a Client Binding for the SAP System

    <system.serviceModel>
        <bindings>
      <sapBinding>
       <binding name="SAPBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
           receiveTimeout="00:10:00" sendTimeout="00:02:00" enableBizTalkCompatibilityMode="false"
           receiveIdocFormat="Typed" enableSafeTyping="false" generateFlatFileCompatibleIdocSchema="true"
           maxConnectionsPerSystem="50" enableConnectionPooling="true"
           idleConnectionTimeout="00:15:00" flatFileSegmentIndicator="SegmentDefinition"
           enablePerformanceCounters="false" autoConfirmSentIdocs="false"
           enableBusinessObjects="false" acceptCredentialsInUri="false"
           padReceivedIdocWithSpaces="false" sncLibrary="" sncPartnerName="" />
      </sapBinding>
     </bindings>
     <client>
      <endpoint address="sap://CLIENT=400;LANG=EN;@b/ZA01SAPPRD00/01?RfcSdkTrace=False&amp;AbapDebug=False" binding="sapBinding" bindingConfiguration="SAPBinding" contract="Rfc" name="SAPBinding_Rfc" />                   
     </client>                                                   
      </system.serviceModel>

    You must be using SNC to authenticate a user against the SAP system.

    Please note the property is case sensitive it should be 'ExternalIdentificationData' and NOT 'externalIdentificationData'.

    The ExternalIdentificationData binding property specifies the valid SAP user who will be impersonated. The value for this property can be a username, a token, and so on. For example, a value for this property could be in the form of domain\username.    

    Refer: Connect to mySAP Business Suite in a BizTalk Services Project

    Also verify the SAP connection URI.


    Rachit Sikroria (Microsoft Azure MVP)


    Friday, May 6, 2016 11:10 PM
    Moderator
  • Hi

    Couple of things-

    1) Make sure you set UseSNC to True when connecting to SAP to generate the schemas. This will append UseSnc=True to the connection URI

    UseSnc 


    Optional parameter that specifies whether SAP Secure Network Communications (SNC) is enabled. The value can be True or False; if True, SNC is enabled. The default is False

    When you enable SNC, you must also set the SncPartnerName and SncLibrary binding properties. For more information, see Working with BizTalk Adapter for mySAP Business Suite Binding Properties.

    If SNC is enabled and the connection URI contains credentials, the adapter throws an exception.

    Dd788617.note(en-US,BTS.10).gifNote

    UseSnc connection parameter is applicable only for connection types A and B. The different connection types and their significance is described in detail later in this topic.

    Ref - https://msdn.microsoft.com/en-us/library/dd788617%28BTS.10%29.aspx

    2) Make sure you're spcifying the SNC parameters in the actual Send Port-

    SncLibrary : Specifies the location of the SNC library on your computer. If the PATH environment variable contains the directory in which the library resides, you only have to supply the filename of the library; otherwise you must supply the full path. The SncLibrary binding property surfaces an SAP connection property. For more information see the SAP documentation.

    You must set the UseSnc parameter in the connection URI to enable Secure Network Communications (SNC). For more information about the SAP connection URI, see The SAP System Connection URI.


    SncPartnerName : Specifies the SNC partner name. The SncPartnerName binding property surfaces an SAP connection property. For more information, see the SAP documentation.

    You must set the UseSnc parameter in the connection URI to enable Secure Network Communication (SNC). For more information about the SAP connection URI, see The SAP System Connection URI.

    Ref:

    https://msdn.microsoft.com/en-us/library/dd788572%28v=bts.10%29.aspx


    Thanks Arindam

    Saturday, May 7, 2016 5:19 AM
    Moderator
  • Hi Rachit,

    Please find the binding information below, I'm setting this in BRE rule. I'm using MySapSSO2 with logon ticket.

    BindingType=sapBinding&BindingConfiguration=<binding name="SAPBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" enableBizTalkCompatibilityMode="true" receiveIdocFormat="Typed" enableSafeTyping="false" generateFlatFileCompatibleIdocSchema="true" maxConnectionsPerSystem="50" enableConnectionPooling="true" idleConnectionTimeout="00:15:00" flatFileSegmentIndicator="SegmentDefinition" enablePerformanceCounters="false" autoConfirmSentIdocs="false" acceptCredentialsInUri="false" padReceivedIdocWithSpaces="false" sncLibrary="" sncPartnerName="" rfcAllowStartProgram="" externalIdentificationData="" externalIdentificationType="" logOnTicketType="MySapSSO2" logOnTicketPassword="AjExMDAgAA1wb3.."><dataTypesBehavior datsMinToDateTime="0001-01-01T00:00:00" datsMaxToDateTime="ERROR" invalidDatsToDateTime="ERROR" emptyDatsToDateTime="0001-01-01T00:00:00" emptyTimsToDateTime="0001-01-01T00:00:00" dateTimeMaxToDats="99991231" dateTimeMinToDats="00010101" timsMaxToDateTime="ERROR" invalidTimsToDateTime="ERROR" dateTimeMaxToTims="235959" dateTimeMinToTims="000000" invalidNumcToInt="0" emptyNumcToInt="0" dateTimeNullToDats="SKIP" dateTimeNullToTims="SKIP" /></binding>&EndpointBehaviorConfiguration=<behavior name="EndpointBehavior"><sapCustomClientBehavior /></behavior>

    Not sure where to check for this property -'ExternalIdentificationData' . Didnt see this property in machine.config.

    Saturday, May 7, 2016 5:13 PM
  • Hi Arindam,

    I'm using two way dynamic send port, not sure where to check for this properties.

    Thanks,

    Sasi

    Saturday, May 7, 2016 5:19 PM
  • Hello,

    Please see the highlighted below. I am talking about them. All these properties are case sensitive.

    -------------------------------------------------------------------------------------------------------------

    BindingType=sapBinding&BindingConfiguration=<binding name="SAPBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" enableBizTalkCompatibilityMode="true" receiveIdocFormat="Typed" enableSafeTyping="false" generateFlatFileCompatibleIdocSchema="true" maxConnectionsPerSystem="50" enableConnectionPooling="true" idleConnectionTimeout="00:15:00" flatFileSegmentIndicator="SegmentDefinition" enablePerformanceCounters="false" autoConfirmSentIdocs="false" acceptCredentialsInUri="false" padReceivedIdocWithSpaces="false" sncLibrary="" sncPartnerName="" rfcAllowStartProgram="" externalIdentificationData="" externalIdentificationType="" logOnTicketType="MySapSSO2" logOnTicketPassword="AjExMDAgAA1wb3.."><dataTypesBehavior datsMinToDateTime="0001-01-01T00:00:00" datsMaxToDateTime="ERROR" invalidDatsToDateTime="ERROR" emptyDatsToDateTime="0001-01-01T00:00:00" emptyTimsToDateTime="0001-01-01T00:00:00" dateTimeMaxToDats="99991231" dateTimeMinToDats="00010101" timsMaxToDateTime="ERROR" invalidTimsToDateTime="ERROR" dateTimeMaxToTims="235959" dateTimeMinToTims="000000" invalidNumcToInt="0" emptyNumcToInt="0" dateTimeNullToDats="SKIP" dateTimeNullToTims="SKIP" /></binding>&EndpointBehaviorConfiguration=<behavior name="EndpointBehavior"><sapCustomClientBehavior /></behavior>

    ---------------------------------------------------------------------------------------------------------------

    Important: You must specify these binding properties -externalIdentificationData, externalIdentificationType, sncLibrary and sncPartnerName ONLY while using SNC to authenticate a user against the SAP system. You must set the UseSnc parameter in the connection URI to enable Secure Network Communications (SNC). For more information about the SAP connection URI, see The SAP System Connection URI.

    If in the URI you are not setting UseSnc to True then don't set these binding properties unnecessarily.


    Rachit Sikroria (Microsoft Azure MVP)

    Saturday, May 7, 2016 5:31 PM
    Moderator
  • Hi Sasi

    This is not a supported configuration, i.e., using Logon tickets with the WCF-SAP adapter. This is meant for clients that are directly consuming the sapBinding in .NET WCF client code.

    Secondly, Logon tickets don't work with SNC - so you cannot pass the ExternalIdentificationData and ExternalIdentificationType parameters when  the LogOnTicketType and LogOnTicketPassword parameters are also being specified. 

    https://support.microsoft.com/en-in/kb/974801

    • Logon tickets should not be used if you are using SNC for authentication.
    • Logon tickets are not supported when you are using the SAP adapter with BizTalk Server.

    So, what you should do is discuss with your SAP Basis Admins if you can use standard username/password authentication instead. If yes, set UserName and Password in your BindingConfiguration section above. And remove the one's related to SNC/LogonTickets (sncLibrary, sncPartnerName, externalIdentificationData, externalIdentificationType, logOnTicketType, logOnTicketPassword).


    Thanks Arindam


    Sunday, May 8, 2016 5:09 AM
    Moderator
  • Hi Arindam,

    We are using WCF-Custom transport type.  Can you please point me if there are any references which can help me.

    Thanks,

    Sasi


    Wednesday, May 11, 2016 11:09 PM
  • Hi Rachit,

    The same bindings are working on a different machine.  The other machine was setup by someone else long time back. Not sure what I'm missing.

    Thanks,

    Sasi

    Wednesday, May 11, 2016 11:15 PM
  • Hi Rachit,

    Also, tried to remove the externalidentificationData type, snclibrary now I got same error for logontickettype. Not sure if some other setting is there to solve this.

    Thanks,

    Sasi

    Thursday, May 12, 2016 12:35 AM
  • Hi Sasi

    You can keep using WCF-Custom. But, as discussed in my previous post you are using an unsupported config that contains logonTickets and SNC. So, first thing you should do is check with SAP Basis Admins in your org if they can share a simple username and password to access the SAP system. Once you have it, you can set the config in your BRE rule to something like this-

    BindingType=sapBinding&BindingConfiguration=<binding name="SAPBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"  UserName="abc" Password="xyz" enableBizTalkCompatibilityMode="true" receiveIdocFormat="Typed" enableSafeTyping="false" generateFlatFileCompatibleIdocSchema="true" maxConnectionsPerSystem="50" enableConnectionPooling="true" idleConnectionTimeout="00:15:00" flatFileSegmentIndicator="SegmentDefinition" enablePerformanceCounters="false" autoConfirmSentIdocs="false" acceptCredentialsInUri="false" padReceivedIdocWithSpaces="false" rfcAllowStartProgram=""><dataTypesBehavior datsMinToDateTime="0001-01-01T00:00:00" datsMaxToDateTime="ERROR" invalidDatsToDateTime="ERROR" emptyDatsToDateTime="0001-01-01T00:00:00" emptyTimsToDateTime="0001-01-01T00:00:00" dateTimeMaxToDats="99991231" dateTimeMinToDats="00010101" timsMaxToDateTime="ERROR" invalidTimsToDateTime="ERROR" dateTimeMaxToTims="235959" dateTimeMinToTims="000000" invalidNumcToInt="0" emptyNumcToInt="0" dateTimeNullToDats="SKIP" dateTimeNullToTims="SKIP" /></binding>&EndpointBehaviorConfiguration=<behavior name="EndpointBehavior"><sapCustomClientBehavior /></behavior>

    Refer (on how username/password credentials can be set on WCF-Custom adapter with SAP binding)-

    https://msdn.microsoft.com/en-us/library/dd788634.aspx

    https://msdn.microsoft.com/en-us/library/dd787947.aspx


    Thanks Arindam

    Thursday, May 12, 2016 3:49 AM
    Moderator
  • Hi Arindam,

    Thanks for the help. Did few changes to the bindings. The issue is resolved with Username and Password.  :)

    I've to still figure out the way with token. As users will send their tokens. And I've a working environment with tokens, not sure what I'm missing.

    Regards,

    Sasi

    Thursday, May 12, 2016 3:58 PM
  • Hi Sasi

    How is it setup in the working environment?

    In the config, you are hard-coding the LogOnTicketPassword property, so how are you accepting the token from different users and passing them on to SAP?

    Note: As already mentioned earlier-

    Logon tickets are not supported when you are using the SAP adapter with BizTalk Server.

    https://support.microsoft.com/en-in/kb/973683


    Thanks Arindam

    Thursday, May 12, 2016 4:44 PM
    Moderator
  • For clarity,

    Logon tickets are not support in SAP adapter with BizTalk server because single logon ticket can expire very soon, however you can always use Impersonation and logon tickets using biztalk dynamic ports where you create new binding for each request.

    I see similiar implementation working on your other machine. You need to debug the functionality and see how this is setup on the working environment.

    Please refer the discussion here:  https://social.msdn.microsoft.com/Forums/azure/en-US/bf309df2-0cfe-457b-be49-bd5eda56cc4c/guidance-on-sso-with-biztalk-and-sap?forum=biztalkr2adapters

    I think your implementation is similar to what has been described by Rohit in the above post:

    ----------------------------------------------------------------------------------------------------------------------------------

    In you scenario I would suggest you use Impersonation  using the following binding properties -

    • ExternalIdentificationData
    • ExternalIdentificationType

    By using this , you will nither have to worry about "how to genrate the ticket" or about "the ticket getting expired".

    These  properties are binding properties.
    So, if you use static port in Biztalk , then you can impersonate only a single user ,
    or use only a single logon ticket (the ticket will expire very soon- this is the reason we don't  support logon tickets with BizTalk).

    However , you  can use both Impersonation and logon tickets using biztalk dynamic ports, creating a new biding for every request ,
    and setting the ExternalIdentificationData /LogOnTicketPassword for the current user .

    --------------------------------------------------------------------------------------------------------------------------------



    Rachit Sikroria (Microsoft Azure MVP)

    Thursday, May 12, 2016 6:59 PM
    Moderator