Symptom
In transaction code SM59 – RFC Connections, you noticed below error message, RFC callback chk not secure.
Solution
Full explanation from SAP Note 1971118 – No RFC callback check. Copied from the SAP Note,
Cause
The security level for whitelist checks of incoming RFC callbacks is determined by profile parameter rfc/callback_security_method which has settings from 0 to 3, where 0 is least secure and 3 is most secure. Then, these messages can appear if:
• Your system has this parameter with value 1 (default), which means that for destinations without active maintained callback whitelist, no whitelist check for incoming RFC callbacks is performed at runtime;
• Your RFC entries are not properly maintained in the Callback Whitelist.
Resolution
If you want to have a green traffic light in SM59, corresponding to parameter rfc/callback_security_method = 3, you need to:
1. Activate the Security Audit Log (transaction SM19). Using the “Detailed Configuration”, select the Message ID DUK (“RFC callback executed in simulation mode”) in Audit Class “RFC Function Call”. SAP Note 539404 details more regarding the Audit Log settings;
2. Set the profile parameter rfc/callback_security_method = 2, that is the simulation mode;
3. After running the system for some days, generate in transaction SM59 RFC callback whitelist entries from DUK Security Audit Log entries, as described in the helptext referenced below, or manually maintain such whitelist entries in destinations with transaction SM59, as also described in the helptext;
4. Set the profile parameter rfc/callback_security_method = 3, that is the secure mode.
