on 01-21-2010 7:19 PM
Hi,
We have configured the SNC and SAP Router in our system, but our saprouter is not working and the SAPOSS RFC is giving error of "Network not reachable". We have tried putting together and one by one Public & Private entries also under # SNC connection to local system for R/3-Support but of no use.
Port 3299 is already opened. Below is the technical parameter details of OSS1:
host: <hostname>
IP Address: 192.168..
Inst Number: 99
Below is our saprouttab table entries:
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
SNC connection to local system for R/3-Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.. 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.. 3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 82.129.. 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 82.129.. 3201
SNC-connection from SAP to local R/3-System for saptelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 82.129.. 23
Access from your local Network to SAP R/3 Frontend (OSS)
P 192.168.. 194.39.131.34 3299
All other connections will be denied
P * * *
Below is the output of dev_rout log file:
-
trc file: "dev_rout", trc level: 1, release: "700"
-
Fri Jan 22 03:51:46 2010
SAP Network Interface Router, Version 38.10
command line arg 0: ./saprouter
command line arg 1: -r
main: pid = 10921, ppid = 10232, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
ERROR => SNC field without SNC active, skip line 2 [nirout.cpp 7765]
ERROR => SNC field without SNC active, skip line 4 [nirout.cpp 7765]
ERROR => SNC field without SNC active, skip line 5 [nirout.cpp 7765]
ERROR => SNC field without SNC active, skip line 6 [nirout.cpp 7765]
ERROR => SNC field without SNC active, skip line 7 [nirout.cpp 7765]
ERROR => SNC field without SNC active, skip line 9 [nirout.cpp 7765]
Kindly check and suggest if anything needs to be changed in configuration.
Please find below system details:
Private IP: 192.168..
Public IP: 82.129..
OS: HP-UX 11.31
(I have put . in this post in place of original IP Address Range)
Kindly suggest what can be done to make this working.
Thanks & Regards,
Manish Singh
Did you installed and setup the router as a service under the right user (same as the one registered in the certificate)?, Is the right SAP cryptographic library installed?
Regards
Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anil,
SAP has replied that there is no issue at there end regarding firewall or communication port.
Thanks & Regards,
Manish Singh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dears,
Issue was at the network level as TCP protocol and DNS configuration was not correct.
We have now configured SAP Router properly and SAP Router is started. SAP RFC SAPOSS is also working fine, but when we try to connect SAP system using sap router string its not connecting.
Its giving error of host with ip address <> service sapdp99 not reached.
Any ideas or guidance for how to correct this.
Regards,
Manish Singh
Hi ,
Error clearly indicate there is a communication problem.
* LOCATION SAProuter 38.10 on 'host'
* ERROR partner '194.39.131.31:sapdp99' not reached
as you said earlier port are open from your side.
Know you have to confrim from SAP all the communication is open for your network / public ip.
Thanks
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anil,
SNC_LIB variable is set for /usr/sap/saprouter/hpia64-11.23-64/libsapcrypto.so
Also find below niping command status:
niping -c -O -H/H/192.168../H/194.39.131.31/H/194.39.131.34
Fri Jan 22 17:10:42 2010
ERROR => NiBufIProcMsg: hdl 0 received rc=-92 (NIEROUT_CONN_REFUSED) from pe
er [nibuf.cpp 2120]
ERROR => NiBufIConnect: route connect for non-buffered hdl 0 failed (rc=-92;
/H/192.168../H/194.39.131.31/H/194.39.131.34); pong not received [nibuf.cpp
4726]
ERROR => NiTClientLoop: NiHandle (rc=-92) [nixxtst.cpp 2853]
*****************************************************************************
*
LOCATION SAProuter 38.10 on 'host'
ERROR partner '194.39.131.31:sapdp99' not reached
*
TIME Fri Jan 22 17:10:42 2010
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -92
MODULE nixxi.cpp
LINE 2512
DETAIL NiPConnect
SYSTEM CALL connect
ERRNO 229
ERRNO TEXT Network is unreachable
COUNTER 7
*
*****************************************************************************
Thanks & Regards
Manish Singh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maish,
Can you share what is a value set for enviroment variable
SNC_LIB
Thanks
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maish,
Ignore the previuos reply. , i have mistaken the reply.
your reply was as below
telnet give following out put
Trying...
telnet: Unable to connect to remote host: Network is unreachable
1. Did you raised request with SAP to register your saproutrer with SAP.
2. did you shared your public ip to SAP.
if yes already SAP has register your system with them.
then it mean port is not open from you network
from your network to SAP ( 194.39.131.34 ) port 3299 should be open.
once port is open your sap router shoudl work.
Thanks
Anil
Edited by: Anil Bhandary on Jan 22, 2010 6:11 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anil,
I have raised the message with SAP also and waiting for their reply.
I have started downloading and configuring SAP Router once after receiving the reply from SAP only for my SNC Certificate. For that I had shared with them all the details for configuring SAP Router (host, public ip, private ip etc).
Network Administrator is saying that ports are open in range 3200 to 3299 on this box just to make saprouter work but still there is error.
Regards,
Manish Singh
Hi,
I have downloaded the latest SAP Cryptographic library files from SAP Servie Marketplace. The latest files available is for HP-UX 11.23 IA 64 bit but my OS version is HP-UX 11.31 IA 64 bit.
Is that might be the reason of not working saprouter.
Please find below the outputs:
1. Output of the command 'sapgenpse'
Usage: sapgenpse [-h] <command> [-h] [sub-options] .
Using default SAPCRYPTOLIB library name "libsapcrypto.so"
Platform: HP HP-UX IA64 64-bit (hpia64_11.23_64)
Versions: SAPGENPSE = 1.5.24 pl21 (Nov 27 2009)
SAPCRYPTOLIB = 5.5.5.C pl28 (Dec 4 2009) MT-safe
USER="scdadm"
Environment variable $SECUDIR is defined:
"/usr/sap/saprouter"
shared library search path LD_LIBRARY_PATH not currently defined
2. Output of the command 'sapgenpse get_my_name -n all'
SSO for USER "scdadm"
with PSE file "/usr/sap/saprouter/local.pse"
Subject : CN=host, OU=0001082645, OU=SAProuter, O=SAP, C=DE
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
Serialno: 01:E5:A7
KeyInfo : RSA, 1024-bit
Validity - NotBefore: Thu Jan 21 14:29:13 2010 (100121122913Z)
NotAfter: Fri Jan 21 14:29:13 2011 (110121122913Z)
3. Output of the command 'sapgenpse seclogin -l'
running seclogin with USER="scdadm"
4. CN=host, OU=0001082645, OU=SAProuter, O=SAP, C=DE
/usr/sap/saprouter/local.pse
Options: LIFETIME= Fri, 21 Jan 2011 12:29:13 (GMT)
DIRACCESS=FALSE
CRLCHECK=FALSE
1 readable SSO-Credentials available
5. Output of dev_rout file is as below:
host:scdadm 43> more dev_rout
-
trc file: "dev_rout", trc level: 2, release: "700"
-
Fri Jan 22 13:59:49 2010
NiHsLInit: alloc host/serv bufs (200/200 entries)
NiIInit: allocated nitab (811 at 60000000000f9110)
NiIInit: host/serv bufs already initialized
SAP Network Interface Router, Version 38.10
Compiled Oct 3 2009 04:18:00
command line arg 0: ./saprouter
command line arg 1: -r
command line arg 2: -V
command line arg 3: 2
command line arg 4: -K
command line arg 5: p:CN=host, OU=0001082645, OU=SA OU=SAProuter, O=SAP,
C=DE
service : 3299
routtab : ./saprouttab
plug-in : no plug-in
-argument: 'no argument'
...skipping...
-
trc file: "dev_rout", trc level: 2, release: "700"
-
Fri Jan 22 13:59:49 2010
NiHsLInit: alloc host/serv bufs (200/200 entries)
NiIInit: allocated nitab (811 at 60000000000f9110)
NiIInit: host/serv bufs already initialized
SAP Network Interface Router, Version 38.10
Compiled Oct 3 2009 04:18:00
command line arg 0: ./saprouter
command line arg 1: -r
command line arg 2: -V
command line arg 3: 2
command line arg 4: -K
command line arg 5: p:CN=host, OU=0001082645, OU=SA OU=SAProuter, O=SAP, C=DE
service : 3299
routtab : ./saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
logfile : no logging active
portrange : no portrange active
local address : default address
SncInit(): Initializing Secure Network Communication (SNC)
HP (IA-64) with HP-UX (st,ascii,SAP_UC/size_t/void* = 8/64/64)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "/usr/sap/saprouter/hpia64-11.23-64".
ERROR => DlLoadLib()==DLENOACCESS - dlopen("/usr/sap/saprouter/hpia64-11.23-64") FAILED
"'/usr/sap/saprouter/hpia64-11.23-64' is not a valid load module: Bad magic number" [dlux.c 445]
ERROR => SncPDLInit()==SNCERR_INIT, Adapter #1 (/usr/sap/saprouter/hpia64-11.23-64) not loaded [sncxxdl.c 639]
<<- SncInit()==SNCERR_INIT
sec_avail = "false"
ERROR => NiSncInit: SncInit failed (rc=-1) [nisnc.c 647]
ERROR => main: NiSncInit failed (rc=-17) [nirout.cpp 1218]
*****************************************************************************
*
ERROR SNC processing failed:
SncInit
*
TIME Fri Jan 22 13:59:49 2010
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -17
MODULE nisnc.c
LINE 646
DETAIL NiSncInit: sncrc=-1
COUNTER 4
*
*****************************************************************************
<<- ERROR: SncDone()==SNCERR_INIT_FIRST
NiIExit: free nitab 60000000000f9110
Regards,
Manish Singh
Edited by: Manish Singh on Jan 22, 2010 6:33 AM
hi,
By which user you are starting saprouter.
you have to start saprouter with the user by which you have configured the sap router
1. login on to OS with the user by which you have configured the saprouter.
2. run the following command and let us know the output.
sapgenpse get_my_name -v -n Issuer
-
secondly try following command to start saprouter with the user by which you have configured sap router
saprouter -r -S 3299 -K "p:CN=<distingush name>, OU=<customer no >, OU=SAProuter, O=SAP, C=DE"
Thanks
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
telnet 194.39.131.34 3299 shows blank screen
it mean there is no problem of network.
can u share what command you are using to start SAP router.
Thanks
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Yes, I have installed the right Cryptographic library downloaded from Service Marketplace for HP-UX IA-64 bit.
The output of telnet 194.39.131.34 3299 is as below:
Trying...
telnet: Unable to connect to remote host: Network is unreachable
as ours is SNC SAProuter so while starting with -K option to activate SNC its giving below output:
trcfile dev_rout
*****************************************************************************
*
ERROR SNC processing failed:
SncInit
*
TIME Fri Jan 22 13:46:49 2010
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -17
MODULE nisnc.c
LINE 646
DETAIL NiSncInit: sncrc=-1
COUNTER 4
*
*****************************************************************************
Regards,
Manish Singh
Edited by: Manish Singh on Jan 22, 2010 5:47 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Manish,
Pls let us know the output of below command
login to OS of your system where saprouter is installed.
and run the following command
telnet 194.39.131.34 3299
the ouput of above command should be blank.
Thanks
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
25 | |
12 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.