cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Router Configuration error

manish_singh13
Active Contributor
0 Kudos

Hi,

We have configured the SNC and SAP Router in our system, but our saprouter is not working and the SAPOSS RFC is giving error of "Network not reachable". We have tried putting together and one by one Public & Private entries also under # SNC connection to local system for R/3-Support but of no use.

Port 3299 is already opened. Below is the technical parameter details of OSS1:

host: <hostname>

IP Address: 192.168..

Inst Number: 99

Below is our saprouttab table entries:

  1. SNC connection to and from SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299

  1. SNC connection to local system for R/3-Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.. 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.. 3201

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 82.129.. 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 82.129.. 3201

  1. SNC-connection from SAP to local R/3-System for saptelnet

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 82.129.. 23

  1. Access from your local Network to SAP R/3 Frontend (OSS)

P 192.168.. 194.39.131.34 3299

  1. All other connections will be denied

P * * *

Below is the output of dev_rout log file:

-


trc file: "dev_rout", trc level: 1, release: "700"

-


Fri Jan 22 03:51:46 2010

SAP Network Interface Router, Version 38.10

command line arg 0: ./saprouter

command line arg 1: -r

main: pid = 10921, ppid = 10232, port = 3299, parent port = 0 (0 = parent is not a saprouter)

reading routtab: './saprouttab'

      • ERROR => SNC field without SNC active, skip line 2 [nirout.cpp 7765]

      • ERROR => SNC field without SNC active, skip line 4 [nirout.cpp 7765]

      • ERROR => SNC field without SNC active, skip line 5 [nirout.cpp 7765]

      • ERROR => SNC field without SNC active, skip line 6 [nirout.cpp 7765]

      • ERROR => SNC field without SNC active, skip line 7 [nirout.cpp 7765]

      • ERROR => SNC field without SNC active, skip line 9 [nirout.cpp 7765]

Kindly check and suggest if anything needs to be changed in configuration.

Please find below system details:

Private IP: 192.168..

Public IP: 82.129..

OS: HP-UX 11.31

(I have put . in this post in place of original IP Address Range)

Kindly suggest what can be done to make this working.

Thanks & Regards,

Manish Singh

Accepted Solutions (1)

Accepted Solutions (1)

JPReyes
Active Contributor
0 Kudos

Did you installed and setup the router as a service under the right user (same as the one registered in the certificate)?, Is the right SAP cryptographic library installed?

Regards

Juan

Answers (9)

Answers (9)

manish_singh13
Active Contributor
0 Kudos

Hi Anil,

SAP has replied that there is no issue at there end regarding firewall or communication port.

Thanks & Regards,

Manish Singh

manish_singh13
Active Contributor
0 Kudos

Dears,

Issue was at the network level as TCP protocol and DNS configuration was not correct.

We have now configured SAP Router properly and SAP Router is started. SAP RFC SAPOSS is also working fine, but when we try to connect SAP system using sap router string its not connecting.

Its giving error of host with ip address <> service sapdp99 not reached.

Any ideas or guidance for how to correct this.

Regards,

Manish Singh

Former Member
0 Kudos

Hello,

Please check the below entries are exists in /etc/services if not please add.

1. sapdp99 3299/tcp

2. sampms<SID> 3600/tcp (Entries should exists in source server and SAP Router installed Server)

Let us know how it works.

Thanks.

manish_singh13
Active Contributor
0 Kudos

Hi Srinivas,

Both entries exists in the system.

Still same issue.

Regards,

Manish P Singh

Former Member
0 Kudos

I think you should post a new message to SAP with the component 'XX-SER-NET'.

former_member227283
Active Contributor
0 Kudos

Hi ,

Error clearly indicate there is a communication problem.

* LOCATION SAProuter 38.10 on 'host'
* ERROR partner '194.39.131.31:sapdp99' not reached

as you said earlier port are open from your side.

Know you have to confrim from SAP all the communication is open for your network / public ip.

Thanks

Anil

manish_singh13
Active Contributor
0 Kudos

Hi Anil,

SNC_LIB variable is set for /usr/sap/saprouter/hpia64-11.23-64/libsapcrypto.so

Also find below niping command status:

niping -c -O -H/H/192.168../H/194.39.131.31/H/194.39.131.34

Fri Jan 22 17:10:42 2010

      • ERROR => NiBufIProcMsg: hdl 0 received rc=-92 (NIEROUT_CONN_REFUSED) from pe

er [nibuf.cpp 2120]

      • ERROR => NiBufIConnect: route connect for non-buffered hdl 0 failed (rc=-92;

/H/192.168../H/194.39.131.31/H/194.39.131.34); pong not received [nibuf.cpp

4726]

      • ERROR => NiTClientLoop: NiHandle (rc=-92) [nixxtst.cpp 2853]

*****************************************************************************

*

  • LOCATION SAProuter 38.10 on 'host'

  • ERROR partner '194.39.131.31:sapdp99' not reached

*

  • TIME Fri Jan 22 17:10:42 2010

  • RELEASE 700

  • COMPONENT NI (network interface)

  • VERSION 38

  • RC -92

  • MODULE nixxi.cpp

  • LINE 2512

  • DETAIL NiPConnect

  • SYSTEM CALL connect

  • ERRNO 229

  • ERRNO TEXT Network is unreachable

  • COUNTER 7

*

*****************************************************************************

Thanks & Regards

Manish Singh

former_member227283
Active Contributor
0 Kudos

Hi Maish,

Can you share what is a value set for enviroment variable

SNC_LIB

Thanks

Anil

former_member227283
Active Contributor
0 Kudos

Hi Maish,

Ignore the previuos reply. , i have mistaken the reply.

your reply was as below

telnet  give following out put


Trying...
telnet: Unable to connect to remote host: Network is unreachable

1. Did you raised request with SAP to register your saproutrer with SAP.

2. did you shared your public ip to SAP.

if yes already SAP has register your system with them.

then it mean port is not open from you network

from your network to SAP ( 194.39.131.34 ) port 3299 should be open.

once port is open your sap router shoudl work.

Thanks

Anil

Edited by: Anil Bhandary on Jan 22, 2010 6:11 AM

manish_singh13
Active Contributor
0 Kudos

Hi Anil,

I have raised the message with SAP also and waiting for their reply.

I have started downloading and configuring SAP Router once after receiving the reply from SAP only for my SNC Certificate. For that I had shared with them all the details for configuring SAP Router (host, public ip, private ip etc).

Network Administrator is saying that ports are open in range 3200 to 3299 on this box just to make saprouter work but still there is error.

Regards,

Manish Singh

manish_singh13
Active Contributor
0 Kudos

Hi,

I have downloaded the latest SAP Cryptographic library files from SAP Servie Marketplace. The latest files available is for HP-UX 11.23 IA 64 bit but my OS version is HP-UX 11.31 IA 64 bit.

Is that might be the reason of not working saprouter.

Please find below the outputs:

1. Output of the command 'sapgenpse'

Usage: sapgenpse [-h] <command> [-h] [sub-options] .

Using default SAPCRYPTOLIB library name "libsapcrypto.so"

Platform: HP HP-UX IA64 64-bit (hpia64_11.23_64)

Versions: SAPGENPSE = 1.5.24 pl21 (Nov 27 2009)

SAPCRYPTOLIB = 5.5.5.C pl28 (Dec 4 2009) MT-safe

USER="scdadm"

Environment variable $SECUDIR is defined:

"/usr/sap/saprouter"

shared library search path LD_LIBRARY_PATH not currently defined

2. Output of the command 'sapgenpse get_my_name -n all'

SSO for USER "scdadm"

with PSE file "/usr/sap/saprouter/local.pse"

Subject : CN=host, OU=0001082645, OU=SAProuter, O=SAP, C=DE

Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

Serialno: 01:E5:A7

KeyInfo : RSA, 1024-bit

Validity - NotBefore: Thu Jan 21 14:29:13 2010 (100121122913Z)

NotAfter: Fri Jan 21 14:29:13 2011 (110121122913Z)

3. Output of the command 'sapgenpse seclogin -l'

running seclogin with USER="scdadm"

4. CN=host, OU=0001082645, OU=SAProuter, O=SAP, C=DE

/usr/sap/saprouter/local.pse

Options: LIFETIME= Fri, 21 Jan 2011 12:29:13 (GMT)

DIRACCESS=FALSE

CRLCHECK=FALSE

1 readable SSO-Credentials available

5. Output of dev_rout file is as below:

host:scdadm 43> more dev_rout

-


trc file: "dev_rout", trc level: 2, release: "700"

-


Fri Jan 22 13:59:49 2010

NiHsLInit: alloc host/serv bufs (200/200 entries)

NiIInit: allocated nitab (811 at 60000000000f9110)

NiIInit: host/serv bufs already initialized

SAP Network Interface Router, Version 38.10

Compiled Oct 3 2009 04:18:00

command line arg 0: ./saprouter

command line arg 1: -r

command line arg 2: -V

command line arg 3: 2

command line arg 4: -K

command line arg 5: p:CN=host, OU=0001082645, OU=SA OU=SAProuter, O=SAP,

C=DE

service : 3299

routtab : ./saprouttab

plug-in : no plug-in

-argument: 'no argument'

...skipping...

-


trc file: "dev_rout", trc level: 2, release: "700"

-


Fri Jan 22 13:59:49 2010

NiHsLInit: alloc host/serv bufs (200/200 entries)

NiIInit: allocated nitab (811 at 60000000000f9110)

NiIInit: host/serv bufs already initialized

SAP Network Interface Router, Version 38.10

Compiled Oct 3 2009 04:18:00

command line arg 0: ./saprouter

command line arg 1: -r

command line arg 2: -V

command line arg 3: 2

command line arg 4: -K

command line arg 5: p:CN=host, OU=0001082645, OU=SA OU=SAProuter, O=SAP, C=DE

service : 3299

routtab : ./saprouttab

plug-in : no plug-in

-argument: 'no argument'

clients : 800

max servers : 1

quelength : 1

maxheap : 20000000

timeoutL : 5000

tracefile : dev_rout

logfile : no logging active

portrange : no portrange active

local address : default address

SncInit(): Initializing Secure Network Communication (SNC)

HP (IA-64) with HP-UX (st,ascii,SAP_UC/size_t/void* = 8/64/64)

SncInit(): Trying environment variable SNC_LIB as a

gssapi library name: "/usr/sap/saprouter/hpia64-11.23-64".

      • ERROR => DlLoadLib()==DLENOACCESS - dlopen("/usr/sap/saprouter/hpia64-11.23-64") FAILED

"'/usr/sap/saprouter/hpia64-11.23-64' is not a valid load module: Bad magic number" [dlux.c 445]

      • ERROR => SncPDLInit()==SNCERR_INIT, Adapter #1 (/usr/sap/saprouter/hpia64-11.23-64) not loaded [sncxxdl.c 639]

<<- SncInit()==SNCERR_INIT

sec_avail = "false"

      • ERROR => NiSncInit: SncInit failed (rc=-1) [nisnc.c 647]

      • ERROR => main: NiSncInit failed (rc=-17) [nirout.cpp 1218]

*****************************************************************************

*

  • ERROR SNC processing failed:

  • SncInit

*

  • TIME Fri Jan 22 13:59:49 2010

  • RELEASE 700

  • COMPONENT NI (network interface)

  • VERSION 38

  • RC -17

  • MODULE nisnc.c

  • LINE 646

  • DETAIL NiSncInit: sncrc=-1

  • COUNTER 4

*

*****************************************************************************

<<- ERROR: SncDone()==SNCERR_INIT_FIRST

NiIExit: free nitab 60000000000f9110

Regards,

Manish Singh

Edited by: Manish Singh on Jan 22, 2010 6:33 AM

former_member227283
Active Contributor
0 Kudos

hi,

By which user you are starting saprouter.

you have to start saprouter with the user by which you have configured the sap router

1. login on to OS with the user by which you have configured the saprouter.

2. run the following command and let us know the output.

sapgenpse get_my_name -v -n Issuer

-


secondly try following command to start saprouter with the user by which you have configured sap router

saprouter -r -S 3299 -K "p:CN=<distingush name>, OU=<customer no >, OU=SAProuter, O=SAP, C=DE"

Thanks

Anil

former_member227283
Active Contributor
0 Kudos

Hi,

telnet 194.39.131.34 3299 shows blank screen

it mean there is no problem of network.

can u share what command you are using to start SAP router.

Thanks

Anil

manish_singh13
Active Contributor
0 Kudos

Hi Anil,

I am using below command to start saprouter

./saprouter -r -K "p:CN=abcdedfgh, OU=0001087865, OU=SAProuter, O=SAP, C=DE"

Regards,

Manish Singh

manish_singh13
Active Contributor
0 Kudos

Hi,

Yes, I have installed the right Cryptographic library downloaded from Service Marketplace for HP-UX IA-64 bit.

The output of telnet 194.39.131.34 3299 is as below:

Trying...

telnet: Unable to connect to remote host: Network is unreachable

as ours is SNC SAProuter so while starting with -K option to activate SNC its giving below output:

trcfile dev_rout

*****************************************************************************

*

  • ERROR SNC processing failed:

  • SncInit

*

  • TIME Fri Jan 22 13:46:49 2010

  • RELEASE 700

  • COMPONENT NI (network interface)

  • VERSION 38

  • RC -17

  • MODULE nisnc.c

  • LINE 646

  • DETAIL NiSncInit: sncrc=-1

  • COUNTER 4

*

*****************************************************************************

Regards,

Manish Singh

Edited by: Manish Singh on Jan 22, 2010 5:47 AM

former_member227283
Active Contributor
0 Kudos

Hi Manish,

Pls let us know the output of below command

login to OS of your system where saprouter is installed.

and run the following command

telnet 194.39.131.34 3299

the ouput of above command should be blank.

Thanks

Anil