cancel
Showing results for 
Search instead for 
Did you mean: 

Setting bwcepubsvc.exe for SNC

former_member205400
Active Participant
0 Kudos

I was having trouble running my BW Publisher in SNC mode and found when i enabled my trace=1 in the registry that the service was NOT running in SNC mode from the output of the trace.

In part the trace showed:

        • Trace file opened at , SAP-REL 640,0,117 RFC-VER 3 815402 MT-SL

*> RfcAcceptExt: -aMY_PROG_ID -gaersnd02.mycomp.com -xsapgw06

*> RfcInstallUnicodeStructure

So, I am trying to find out how I can set the service to feed in SNC params.

I looked at the registry entry and it does not have any SNC entries there.

I'm wondering if I can add them to the registry or feed them through the bwcepubsvc.exe service properties in the Central Config Manager.

Anyone see this before?

Mike

Accepted Solutions (0)

Answers (1)

Answers (1)

IngoH
Active Contributor
0 Kudos

Hi Michael,

will provide the details on Monday / Tuesday. need to put it together in a good way

Ingo

former_member205400
Active Participant
0 Kudos

Hi Ingo,

Very good. I appreciate that.

Looks like maybe the service "bwcepubsvc.exe" gets the params from the registry at:

HKEY_LOCAL_MACHINE ->

SOFTWARE ->

Business Objects ->

Suite XX.X (depends on the version) ->

SAP ->

BW Publishing

and then passes them to program "bwcepub.exe" like:

"bwcepub.exe -aMY_PROG_ID -gaersnd02.mycomp.com -xsapgw06"

Seems to me bwcepub.exe should have an option to call a destination in the saprfc.ini like:

"bwcepub.exe -Dmy_destination"

My environment variable "RFC_INI" is set to be able reference the saprfc.ini.

Here is an excerpt from "The RFC API" specification calling the program rfcexec.exe:

rfcexec -ap10234.rfcexec -ghs0311 -xsapgw53 -t

or

rfcexec -Drfctest

and an entry in saprfc.ini can be defined as follows:

DEST=rfctest

TYPE=R

PRGOGID=p10234.rfcexec

GWHOST=hs0311

GWSERV=sapgw53

RFC_TRACE=1

Mike

Edited by: Michael Hill on Oct 6, 2008 11:06 PM

former_member205400
Active Participant
0 Kudos

Hello Ingo,

Did you ever figure out how to include params in the registry and invoke a -D option with bwcepub.exe?

Mike

IngoH
Active Contributor
0 Kudos

Hi Michael,

the publishing service needs the additional items in the "extra" box:

-L<path to SNC library> -S<SNC name for publisher>

in SM59:

on the Logon / Security tab you need to configure the SNC items.

On the "Partners" you need to enter the SNC name of the principal under which the publishing service will run

ingo

former_member205400
Active Participant
0 Kudos

Ingo,

Thanks for that input. I can see in the trace file that the program is picking up my values and trying to apply them.

In my trace rfcxxxxxx.trc I see:

*> RfcAcceptExt: "C:\Program Files\Business Objects\Common\3.5\bin\bwcepub.exe"

-aMY_PROG_ID

-gaersnd02.mycomp.com

-xsapgw06

-Lc:\windows\system32\gsskrb5.dll

-Sp:fcabc821/@xyz.us.mycomp.com

*> RfcRegisterProgram ...

Server Program ID = MY_PROG_ID

Host name of Gateway = aersnd02.mycomp.com

Service of Gateway = 3306

RFC-Trace = OFF

SNC Own Name = p:fcabc821/@xyz.us.mycomp.com

SNC Library Name = c:\windows\system32\gsskrb5.dll

RFC Handle = 1

In my dev_rfc.trc I see:

        • ERROR file opened at , SAP-REL 640,0,117 RFC-VER 3 815402 MT-SL

T:9528 Error in program 'Dummy': <* RfcWaitForRequest [1] : returns 1:RFC_FAILURE

And of course the tests in SM59 and /crystal/rptadmin fail as well.

Questions:

1) the SNC users manual says that snc_lib and snc_mode are required entries. snc_name is optional. You didn't give me params for snc_mode. I'm wondering why and are there other params that can be specified as well?

2) the -S<SNC name for publisher> I am using is p:fcabc821/@xyz.us.mycomp.com which is the domain account and is the user found on the properties of the service bwcepubsvc.exe. Is this the same name that should be on the SM59?

Thanks for your help. I think we are getting closer. Please advise.

Mike

former_member205400
Active Participant
0 Kudos

BTW,

I found out the -Q sets the mode of security.

I set this for 3 like: -Q3 in the BW Publisher registry "Extra" setting as well as in the SM59.

3 specifies data security which is what we are doing here publishing documents.

former_member205400
Active Participant
0 Kudos

I saw this except from saprfc.h

  • If an RFC server program is working with SNC (Secure Network Communications) it can be started with the following SNC parameters:

*

  • -L SNC library name on the local system, e.g. /krb5/hpux/lib/libkrb5.sl

*

  • -S SNC name of this local instance

Mike

IngoH
Active Contributor
0 Kudos

great - what are we missing ?

ingo

former_member205400
Active Participant
0 Kudos

Ingo,

I'm getting the RFC_FAILURE message in the trace I described above. Apparently my SNC names must be wrong. I don't know why. I'm using the snc name on the bw publishing service and its also on the sm59.

I took the SNC off and I get beautiful trace details, but when it is on I just get summary kinds of data.

I'm going to try putting the snc protection level to 1 and see if I can get some trace details.

Mike

former_member205400
Active Participant
0 Kudos

No go ... no trace details.

IngoH
Active Contributor
0 Kudos

wouldn't the SNC name follow the LDAP conventions with p:CN=...OU=...O=....C=...

Ingo

former_member205400
Active Participant
0 Kudos

Ingo,

I am using the same values as I did on my GUI SNC Connection.

In the CMC under SAP Tab I have invoked SNC there and the SNC name I am using there matches the SNC name I am using on SNC0. It is the domain acct and is also on the services. This works great !!

It is like: p:fcabc821/@xyz.us.mycomp.com

(I had to put a slash in there to display the at sign)

So, it makes sence that this should be the same on the BW Publishing service and the SM59 as well.

Make sence?

Mike

IngoH
Active Contributor
0 Kudos

hi Michael,

quick question : why running the service with SNC anyway ?

ingo

former_member205400
Active Participant
0 Kudos

I'm thinking it should be secure as opposed to insecure.

SNC QP Level 3 which is for Data.

So in my configuration and testing I'd like to say it all works, instead of SNC BW Publisher doesn't work.

Mike

IngoH
Active Contributor
0 Kudos

but the publisher is not around data. the publisher service is taking the CR object and pushes it to the BOE server.

can we try if it works without SNC. If so - more than happy to continue to work on it but want to make sure you can continue other things as well

ingo

former_member205400
Active Participant
0 Kudos

Yes, it works without SNC ... I think I mentioned that in the first posting.

Hmmm, I guess not. Of course that should be the going in position for it to work with the basic config.

Edited by: Michael Hill on Oct 14, 2008 11:47 PM

IngoH
Active Contributor
0 Kudos

Hi Michael,

ok - so the Basic config works but you would like to add SNC for publishing as well ?

just to be clear the publishing is only use to push the CR object from BW to the BOE Server

ingo

former_member205400
Active Participant
0 Kudos

Ok, so I'm using the same domain accout as I am using in the SNC connection between the CMC and the BI System through the GUI.

This acct: "p:fcabc821/@xyz.us.mycomp.com" is used on the SAP SNC0 transaction (cpic and ext id activated) and the CMC SAP Entitlement Tab. On the SAP SNC Tab I have the acct that is on the SAP RZ10 snc/identity/as and this is working fine. I can verify that SNC is enbled by using the SAP SMGW trans details and I can see my roles on the SAP Roles Tab.

Here is an example I gave in a previous post of the params I am using in the registry of my BOE:

Server Program ID = MY_PROG_ID

Host name of Gateway = aersnd02.mycomp.com

Service of Gateway = 3306

RFC-Trace = ON

SNC Own Name = p:fcabc821/@xyz.us.mycomp.com

SNC Library Name = c:\windows\system32\gsskrb5.dll

RFC Handle = 1

This acct: "p:fcabc821/@xyz.us.mycomp.com" is used on all my BOE services as well as on my Websphere services.

I'll send you an email with my latest trace results. I get the "CM_NO_DATA_RECEIVED" message in my snc processing area trace.

Any help is appreciated.

Mike

Edited by: Michael Hill on Oct 28, 2008 4:29 PM