Highlighted
Absent Member.
Absent Member.
3272 views

Need your help on a HTTP 403 error when testing SAP CRM7.0 using loadrunner 11.00

We were doing a SAP CRM upgrade from 5.0 to 7.0. I'm using Loadrunner Vugen 11.00 (on Windows Server 2003, service pack 2) to record a user logon and then creating a new customer account. The protocol I used is SAP-Web. And I'm using IE 8.0 to access and record the website.

When replaying the script, the logon seems to work fine. But when it starts to click on a button to create a new account, it keeps generating a HTTP 403 (Unauthorized Request) Error. Here is the error message:

 

vuser_init.c(464): Error -26628: HTTP Status-Code=403 (Unauthorized Request) for "http://xxxdomain:portnumber/sap(bD1FTiZjPTMwMCZpPTEmZT1TRXRUU1U1SFNGOWZYMTlmTWw5Zk1UQXlBQmVrZHdBMkh0R08tR0tjMHhsNVRRJTNkJTNk)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=300&sap-domainrelax=min&sap-language=EN"   [MsgId: MERR-26628]

vuser_init.c(464): web_custom_request("BSPWDApplication.do") highest severity level was "ERROR", 0 body bytes, 204 header bytes   [MsgId: MMSG-26388]

 

Here is the code:

web_custom_request("BSPWDApplication.do",
  "URL=http://domain:port/sap({SAP_Param66})/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=300&sap-domainrelax=min&sap-language=EN",
  "Method=POST",
  "TargetFrame=",
  "Resource=0",
  "RecContentType=text/html",
  "Referer=http://Domain:Port/sap({SAP_Param66})/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=300&sap-domainrelax=min&sap-language=EN",
  "Snapshot=t191.inf",
  "Mode=HTML",
  "Body=htmlbevt_ty=htmlb%3Abutton%3Aclick%3A0&htmlbevt_frm=myFormId&htmlbevt_oid=C3_W18_V19_V21_Search&htmlbevt_id=search&htmlbevt_cnt=0&onInputProcessing=htmlb&SVH_INPUTFIELD_ID=&SVH_INPUTFIELD_VALUE=&thtmlbModifiedInputfieldIds=&sap-htmlb-design=&sap-ajaxtarget=C1_W1_V2_C1_W1_V2_V3_C2_W12_V13_C2_W12_V13_V14_C3_W18_V19_C3_W18_V19_V21_bupasearchb2b.do&sap-ajax_dh_mode=AUTO&wcf-secure-id=E9E266C22456AB8BED4B8DB1F97312F2&thtmlbKeyboardFocusId=C3_W18_V19_V21_Search&thtmlbKeyboardSelectId=&"
... ...

... ...

 

Looking closely at where the error is generated, I noticed the field "wcf-secure-id=E9E266C22456AB8BED4B8DB1F97312F2", I have a feeling that it might need to be correlated. But I couldn't find where that valued is returned prior to this point.

 

I tried manually correlating this value and setting recording rules, But couldn't capture this value.

I tried to use a different account to record the script, and was getting the same error.

I turned off the "Data Execution Prevention" and had it on only for Windows programs and services. Because I read it somewhere that DEP might prevent Vusers from editing and making changes. But that didn't help either.

 

If anyone has experienced the same issue or has any suggestions or inputs, I would like to know.

 

Thanks in advance.

0 Likes
4 Replies
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Need your help on a HTTP 403 error when testing SAP CRM7.0 using loadrunner 11.00

I would look into using the function web_set_user in your script.  Sometimes scripts require this to be added manually when a site uses NTLM or Digest authentication methods.   The function reference has a good explanation on how to use this function.  

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Need your help on a HTTP 403 error when testing SAP CRM7.0 using loadrunner 11.00

Hi 

 

wcf-secure-id=E9E266C22456AB8BED4B8DB1F97312F2",  need to do correlation for the value for this cal and your script work fine.

 

Simple example:

//<input type="hidden" name="sap-wd-secure-id" value="b8633ef6aac011e0bd3a0000009290e70909256638">

web_reg_save_param("SAPsecure_ID","lb=\"sap-wd-secure-id\" value=\"","rb=\">",LAST);

 

Please let us know if you still facing the problem.

 

Thanks

Satish


Highlighted
Absent Member.
Absent Member.

Re: Need your help on a HTTP 403 error when testing SAP CRM7.0 using loadrunner 11.00

Hi, after an upgrade I'm also facing this issue. Have you managed to find a solution? All my correlations are in place including the secure-id. I don't see any other correlations that I need to do. Is it a authentication problem? Thank you in advance. Patrick

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Need your help on a HTTP 403 error when testing SAP CRM7.0 using loadrunner 11.00

Hi,

 

this is obviously a common problem. Does anyone has a  generic solution?

 

The sap-wd-secure-id" value=" can be found at a later stage in the script I double checked each and every respond in the script but this value does not appear in the area where the error ocour in my case. This is the call that causes my headache:

 

web_custom_request("BSPWDApplication.do_7",
  "URL=http://sapcrm-pba-qas.de/sap(ZT1VRUpCUT{Cor_SAP_URL_10}=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&sap-language=DE&sap-domainrelax=min&sap-domainrelax=min",
  "Method=POST",
  "TargetFrame=",
  "Resource=0",
  "RecContentType=text/html",
  "Referer=http://sapcrm-pba-qas.de/sap(ZT1VRUpCUT{Cor_SAP_URL_10}=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&sap-language=DE&sap-domainrelax=min&sap-domainrelax=min",
  "Snapshot=t22.inf",
  "Mode=HTML",
  "Body=htmlbevt_ty=htmlb%3Abutton%3Aclick%3A0&htmlbevt_frm=myFormId&htmlbevt_oid=C16_W36_V50_thtmlb_button_1&htmlbevt_id=Go&htmlbevt_cnt=0&onInputProcessing=htmlb&SVH_INPUTFIELD_ID=&SVH_INPUTFIELD_VALUE=&thtmlbModifiedInputfieldIds=&sap-htmlb-design=&sap-ajaxtarget=C1_W1_V2_C9_W26_V27_C14_W44_V45_C16_W36_V50_Launcher.do&sap-ajax_dh_mode=AUTO&wcf-secure-id=9189E41872ED2A58EC9830A0B8CC862A&thtmlbKeyboardFocusId=C16_W36_V50_thtmlb_button_1&thtmlbKeyboardSelectId=&C14_W44_V45_SearchMenuAnchor1=UP&"
  "C16_W36_V50_selected_key=0017A477C5F01ED1B3E4832E18DC6526&thtmlbSliderState=&crmFrwScrollXPos=0&crmFrwScrollYPos=0&crmFrwOldScrollXPos=0&crmFrwOldScrollYPos=0&flashIslandsAsString=&callbackFlashIslands=%2Fsap(bD1ERSZjPTEwMCZpPTEmZT1VRUpCUTBGUU16VmZYMTlmTXpGZk5sOWZBQmVrZDhYd0h0R3o1SjFDNlU1bFZRJTNkJTNk)%2Fwebcuif%2Fuif_callback%3Fcrm_handler%3DCL_THTMLBX_FLASH_ISLAND&silverlightIslandsAsString=&callbackSilverlightIslands=%2Fsap"
  "(bD1ERSZjPTEwMCZpPTEmZT1VRUpCUTBGUU16VmZYMTlmTXpGZk5sOWZBQmVrZDhYd0h0R3o1SjFDNlU1bFZRJTNkJTNk)%2Fwebcuif%2Fuif_callback%3Fcrm_handler%3DCL_THTMLBX_SILVERLIGHT_ISLAND&th-mes-isex=&C1_W1_V2_V3_V51_bchistory_selection=&C12_W35_V37_V38_search_parameters[1].FIELD=OBJECT_ID&C12_W35_V37_V38_search_parameters[1].OPERATOR=EQ&C12_W35_V37_V38_search_parameters[1].VALUE1=&C12_W35_V37_V38_search_parameters[1].VALUE2=&C12_W35_V37_V38_search_parameters[2].FIELD=ZZAFLD000028&C12_W35_V37_V38_search_parameters[2]"
  ".OPERATOR=EQ&C12_W35_V37_V38_search_parameters[2].VALUE1=&C12_W35_V37_V38_search_parameters[2].VALUE2=&C12_W35_V37_V38_search_parameters[3].FIELD=ZZFLD00000E&C12_W35_V37_V38_search_parameters[3].OPERATOR=EQ&C12_W35_V37_V38_search_parameters[3].VALUE1=&C12_W35_V37_V38_search_parameters[3].VALUE2=&C12_W35_V37_V38_search_parameters[4].FIELD=ZZFLD00000F&C12_W35_V37_V38_search_parameters[4].OPERATOR=EQ&C12_W35_V37_V38_search_parameters[4].VALUE1=&C12_W35_V37_V38_search_parameters[4].VALUE2=&"
  "C12_W35_V37_V38_search_parameters[5].FIELD=USER_STATUS_KEY&C12_W35_V37_V38_search_parameters[5].OPERATOR=EQ&C12_W35_V37_V38_search_parameters[5].VALUE1=&C12_W35_V37_V38_search_parameters[5].VALUE2=&C12_W35_V37_V38_search_parameters[6].FIELD=ZZAFLD00001K&C12_W35_V37_V38_search_parameters[6].OPERATOR=EQ&C12_W35_V37_V38_search_parameters[6].VALUE1=&C12_W35_V37_V38_search_parameters[6].VALUE2=&C12_W35_V37_V38_search_max_hits=100&C12_W35_V37_V39_ResultTable_editMode=NONE&"
  "C12_W35_V37_V39_ResultTable_isCellerator=TRUE&C12_W35_V37_V39_ResultTable_selectedRows=&C12_W35_V37_V39_ResultTable_rowCount=0&C12_W35_V37_V39_ResultTable_lastSelectedRow=&C12_W35_V37_V39_ResultTable_allRowSelected=FALSE&C12_W35_V37_V39_ResultTable_visibleFirstRow=1&C12_W35_V37_V39_ResultTable_scrollPosition=&C12_W35_V37_V39_ResultTable_hscrollPosition=&C12_W35_V37_V39_ResultTable_bindingString=%2F%2FSEARCHRESULT%2FTable&C12_W35_V37_V39_ResultTable_fixedColumns=&"
  "C12_W35_V37_V39_ResultTable_filterApplied=FALSE&C12_W35_V37_V39_ResultTable_firstSelectedRow=&C12_W35_V37_V39_ResultTable_ctrlShiftKeyMode=&C12_W35_V37_V39_ResultTable_previousSelectedRange=&C12_W35_V37_V39_ResultTable_isNavModeActivated=TRUE&C12_W35_V37_V39_ResultTable_tableIsFiltered=&C12_W35_V37_V39_ResultTable_multiParameter=36%2F%2F%2F%2F0%2F%2F%2F%2F23%2F%2F%2F%2F20&C12_W35_V37_thtmlbShowSearchFields=true&thtmlbScrollAreaWidth=0&thtmlbScrollAreaHeight=0&LTX_PREFIX_ID=C1_W1_V2_&"
  "C1_W1_V2_LTX_VETO_FLAG=&C1_W1_V2_ACTION_GUID=&C1_W1_V2_AC_OBJECT_KEY=&C1_W1_V2_AC_VALUE=&C1_W1_V2_AC_CONTAINER=&C1_W1_V2_MYITSLOCATION=&sap-ajax_request=X",
  EXTRARES,
  "Url=/SAP(====)/BC/BSP/SAP/thtmlb_styles/sap_skins/nova/_images/selector.gif", "Referer=http://sapcrm-pba-qas.de/sap(ZT1VRUpCUT{Cor_SAP_URL_10}=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&sap-language=DE&sap-domainrelax=min&sap-domainrelax=min", ENDITEM,
  "Url=/SAP(====)/BC/BSP/SAP/thtmlb_styles/sap_skins/nova/styling/pager_back.gif", "Referer=http://sapcrm-pba-qas.de/sap(ZT1VRUpCUT{Cor_SAP_URL_10}=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&sap-language=DE&sap-domainrelax=min&sap-domainrelax=min", ENDITEM,
  "Url=/SAP(====)/BC/BSP/SAP/thtmlb_styles/sap_skins/nova/styling/pager_forward.gif", "Referer=http://sapcrm-pba-qas.de/sap(ZT1VRUpCUT{Cor_SAP_URL_10}=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&sap-language=DE&sap-domainrelax=min&sap-domainrelax=min", ENDITEM,
  "Url=/SAP(====)/BC/BSP/SAP/thtmlb_styles/sap_skins/nova/_images/tButtonAC.gif", "Referer=http://sapcrm-pba-qas.de/sap(ZT1VRUpCUT{Cor_SAP_URL_10}=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&sap-language=DE&sap-domainrelax=min&sap-domainrelax=min", ENDITEM,
  "Url=/SAP(====)/BC/BSP/SAP/thtmlb_styles/sap_skins/nova/styling/table_columnaction.gif", "Referer=http://sapcrm-pba-qas.de/sap(ZT1VRUpCUT{Cor_SAP_URL_10}=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&sap-language=DE&sap-domainrelax=min&sap-domainrelax=min", ENDITEM,
  "Url=/SAP(====)/BC/BSP/SAP/thtmlb_styles/sap_skins/nova/_images/tableColumnBG_hov.gif", "Referer=http://sapcrm-pba-qas.de/sap(ZT1VRUpCUT{Cor_SAP_URL_10}=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&sap-language=DE&sap-domainrelax=min&sap-domainrelax=min", ENDITEM,
  LAST);

 

As you can see are some values already corelated.

 

Best regards

 

Stephan

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.