Contact Us
How you can contact us:

Troubleshooting for Managed ABAP Systems


When executing /SDF/ALM_SETUP at least one HTTP destination is created. You can display them in SM59 (type G) with prefix ZSDF_<your destination name>.

When you need a proxy access with authentication a second destination ZSDE_ <your destination name> is created.

Don't manipulate the Path Prefix in SM59!

A connection check in SM59 with http status 400 is normal. Everything else e.g. 401 (wrong credentials) , 403 (forbidden), 500 (error) is not normal.

Length of client credentials

In case the client credentials are longer than 64 characters you might get the following error when saving the destination:

Cannot save HTTP Destination : Password Too long

In that case you need to apply SAP_BASIS 7.40 SP2 (7.50 SP19) or note 2909503 - Use max Password length Destination API Type G


When clicking on register a synchronous call to the ALM platform is executed. If no LMS ID is retrieved and displayed the registration was not successful. There might be several reasons:

  1. Cannot create HTTP Client: Operation successfully executed
    Your setup user has probably not enough authorizations or the SAP_BASIS version is too low.
  2. Direct connect to ... failed NIECONN_REFUSED(-10)
    Your system cannot reach the target directly and a proxy is required.
  3. IcmConnInitClientSSL: Proxy connection to https://....:443 via proxy:3128 failed (proxy returned 403 Forbidden)
    In case you need a proxy to reach the target this must be allowed in the proxy. In the ECS environment this should be ensured. 
  4. IcmConnInitClientSSL: Proxy connection to https://....:443 via proxy:3128 failed (proxy returned 407 Proxy Authentication Required)
    In case the proxy requires authentication you should check in SM59 if both destinations ZSDF_<your_name> and ZSDE_<your_name> exist and if proxy credentials are available. If this is not case delete the destination from /SDF/ALM_SETUP and create a new destination.
  5. ERROR => SSL handshake with failed: SSSLERR_ALERT_PROTOCOL_VERSION ... Server aborted TLS handshake with fatal TLS
    Check the dev_icm ( in SMICM) for details. It indicates a wrong configuration of ssl/client_ciphersuites (Check SAP Note 51007 section 7)
  6. ERROR during secussl_read() from SSL_read()==SSL_ERROR_SSL... secussl_read: SSL_read() failed => "Failed to verify peer certificate. Peer not trusted."
    It seems the DigiCert Global Root CA is not installed. Check this setup step in STRUST.
  7. Oauth access_token not found from Destination 401
    Apply the latest ST-PI SP.

Use Case Specific Setup

During initial setup you can specify in each client which data should be collected. However the ALM platform is the leading instance and a use case and a user can define there if data collection is not allowed anymore. In that case you cannot re-enable the data collection in /SDF/ALM_SETUP. It must be done in the central platform.

However you still have the possibility to disable data collection for some use cases.


Runtime (Data Collection)

Data collection is triggered periodically by the scheduled job CALM Scheduler <your name> (Report /SDF/CALM_SCHEDULER) as tasks via asynchronous RFCs.

  1. Check the scheduler (Report /SDF/CALM_SCHEDULER) is running in the correct client.
  2. Check the job logs of the scheduler.
    In case there are not enough resources probably not all tasks were executed.
  3. The result of the last execution is persisted in table /SDF/CALM_SCHED, for instance specific collectors in table /SDF/CALM_INST
  4. Each application can write more logging information in application log (SLG1) for object /SDF/CALM.

Additionally the job CALM Heartbeat <your name> (Report /SDF/CALM_HEARTBEAT) is scheduled.


Data collection for Business Process Monitoring is triggered periodically by the jobs: