Theobald Software Community Day 2024: Jetzt Early Bird Ticket SICHERN und mit dem Code EARLY20 20% sparen

Registering RFC Server in SAP Releases in Kernel Release 720 and higher

As of Kernel Release 720, you can use the parameter gw/acl_mode to set an initial security environment with regard to starting and registering external programs, e.g., RFC Server required for DeltaQ processing / customizing check. If this value is set to 1, the DeltaQ component cannot register the RFC Server and the Customizing Check quits with following exception: RFC server is not working, please check gateway info.

Regarding this faulty behavior, following alternative settings can be adjusted in the corresponding SAP source system.

Alternative I 

You can change the Profile Parameter gw/acl_mode in the SAP transaction RZ10 to 0 (default value of the parameter is 1). All RFC-Destinations/ RFC-Server with different Program IDs e.g., XTRACT01 can register.

  1. Open ‘Edit Profile’ using SAP transaction RZ10
  2. Select the profile name Default and select Extended Maintenance
  3. Click Change and edit the parameter value to 0



Alternative II

You can define a whitelist of programs that can register at the SAP Gateway. To do so, you have to create two files named secinfo and reginfo. Both files don’t exist per default.

Warning! Registration of the RFC-server fails!
The content of both files secinfo and reginfo overrides the parameter gw/acl_mode.
Make sure that both files secinfo and reginfo allows the registration of the RFC-server. See the example below.

The first file secinfo has to contain the following lines:



#VERSION=2
P TP=* HOST=internal,local CANCEL=internal,local ACCESS=internal,local
# the following line should be the LAST line in the secinfo file
P TP=XTRACT01 USER=* USER-HOST=* HOST=* 



This means, the RFC-Server XTRACT01 is allowed to register.

The second one reginfo has to contain the following lines:



#VERSION=2
# the following line should be the LAST line in the reginfo file
P TP=XTRACT01



Same here, this means, the RFC-Server XTRACT01 is allowed to register.

You have to copy both files to the following path (data path): /usr/sap/<SID>/<INSTANCE>/data/

Then you have to extend the following two parameters to the Profile Parameter in the TA RZ10:

  • gw/reg_info = $(DIR_DATA)/reginfo
  • gw/sec_info = $(DIR_DATA)/secinfo

After restarting the Gateway or rereading the security parameters by using SAP transaction SMGW and navigate to the following path: Menu -> Goto -> Expert Functions -> External Security -> Reread.

After the external security file(s) reread, the Customizing Check will execute without error messages
Creation date: 4/12/2022 8:17 AM      Updated: 1/18/2024 9:54 AM
get help Get help for this page