cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP 8.8 over the internet

Go to solution
marco_laporta
Participant

on ‎02-06-2010 4:15 PM

0 Kudos

Hi experts,

I have a SAP Server in a LAN. The LAN is connected to the internet through a router doing NAT.

I would like to access my B1 Server over the internet and so i do the following steps:

-) Mapped the server Ports 30000, 30001, 1433 on the corresponding ports of the public ip

-) Verified the above ports are opened

I cannot reach the licence server, so I installed a network packet sniffer and I understand the problem.

The client/server handshake was the following:

1) Client do a request on <server-public-ip>:30000

2) Server responds

3) Client do a request on <server-private-ip>:30000

Point 3) is the problem because obviously a remote computer cannot reach the private Server IP Address.

So the problem seems to be that B1Licence Server send to the client it's private IP address (the only address it can know), for the subsequent transmissions.

Does anyone installed with success a SAP Client in a machine remotely connected over the internet to a natted SAP Server (without Remote Desktop or similar) ?

I think a VPN can be a solution but I will preferr an easier way, if it exist.

Thanks in Advance

Marco

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-17-2010 6:00 PM
0 Kudos

Hi Marco,

We have recently upgraded to SAPB1 8.8, PL 05 (I think this is important) .

We have the same setup as you, with NAT-Internet-NAT, and we have had the same struggle as you describe.

We do forward ports (30000, 30001, 1433 and some more) on the serverside.

We have used several (unsuccessful) methods to work around, basicly setting LicenseManager to:

private IP 192.168.1.12

localhost - denied

local - does not work

hq.tmnet.xx ( our public DNS for this machine )

84.243.62.xx ( Our public IP, where ports are forwarded to the private IP)

And, we have used similar combinations on the clientside.

We have also added the public IP to the NIC ( Windows - network - settings ) , and hoped that the license manager should use this IP instead...;-) - No success, but parts of these settings can remain in our setup. (and cache)

What WORKS, right now, iin our environmmnent , only 1 installation, and MAYBE with some sideeffect from actions above (everything is not cleaned up) is the following :

Edit : C:windowssystem32driversetchosts on THE CLIENT you wish to connect.

1. Copyright (c) 1993-1999 Microsoft Corp.

2. Det här är HOSTS-exempelfilen som används av Microsoft TCP/IP för Windows.

DELETED TO SAVE ROWS

1. 102.54.94.97 rhino.acme.com # källserver

2. 38.25.63.10 x.acme.com # klientvärddatorn x

127.0.0.1 localhost

#ADD your servers NAME :

84.243.62.66 WINDOWSSERVERNAME

TEST : CMD - PING WINDOWSSERVERNAME - Get a IPresolve onscreen. This step confirms that your hosts-editing was successful.

USE WINDOWSSERVERNAME in your client-SAPB1 8.8 installation, when the popup comes : supply liccense server name.

Thats it. (And its FAST !!!! B1 mas mostly Stored procedures, so it does not load the network a lot)

I would be glad if somebody could verify this workaround.

Brg,

Göte Haluza, Teknikmejeriet AB, Sweden

Show replies
Show replies
Former Member
‎02-17-2010 6:28 PM
0 Kudos

Hi Göte Haluza,

Please identify if you have installed more than one client already. Is it on active database? If yes, how big your db is?

Thanks,

Gordon

juan_marrero
Active Participant
‎02-17-2010 6:42 PM
0 Kudos

Hi all,

Dear Gordon, do you mind to clarify what is the relevance of the database size when the proposed workaround will allow a successfull comunication with the server license in the scenario described.

In terms of communication, there are some more relavant factors as having more than one NIC or several DNS configured, that could lead to have a time out in the client machine while trying to reach the license server.

This thread is quite interesting and we need to focus in the initial issue.

Thanks to Göte for this old and simple solution.

Regards,

Juan Manuel Marrero

SAP Business One Forums Team

Former Member
‎02-17-2010 7:53 PM
0 Kudos

I don't have any other intentions but want to know more detail. That is all. I doubt it could work in production environment. If yes, it will be a good news to more users.

Former Member
‎02-18-2010 7:22 AM
0 Kudos

CORRECTION : IT IS SAP B1 8.8 PL 07 ,( not PL05 as previous written.) END CORRECTION

Hi Gordon,

>Please identify if you have installed more than one client already. Is it on active database? If yes, how big your db is?

Right now, a collegue to me followed the instructions for workaround, he was up and running in 10 minutes. No problems (he is a Network engineer) So, we do now have 2 clients (inside same NAT-LAN) . One Vista, one XP. (Latest upgrades) . More will come

There are 7 companies on this SAPserver, the actual DB is ~1,2GB. The smallest is ~300MB. Some users are present in more companies. One company is a TESTing company (DB-clone of a production) , others are production. Win2003, MSSQL2005.

The server is a SUNx4450 (8 core) , with 32GBRAM , so its FAST, also on RDP. This workaround is FASTER (feeling). And scalable The server is BOTH SQLserver and Licenseserver (an also RDP-target with local SAP client)

Best regards,

Göte Haluza, Teknikmejeriet AB, Sweden

Former Member
‎02-18-2010 10:58 AM
0 Kudos

Hi All,

The host-file workaround is a bit inefficient when dealing with a lot of clients, so another Network engineer made the following high-volume solution. This solution requires that all you clients use THATDNSserver, and that you have control over it. (Able to edit DNSserver records)

THATDNSserver is the one your clients use.

Background:

I used a packet analyzer to look at the exact DNS request, this is the output of me pinging the windows name of the server

ping WINDOWSSERVERNAME

>1.442095 192.168.1.167 192.168.1.1 DNS Standard query A WINDOWSSERVERNAME.yourdomain.TLD

>1.501424 192.168.1.1 192.168.1.167 DNS Standard query response, No such name

This shows that it adds the local domain to the request when it sends it to the DNS server

This setting is normally inside the NATdevice, and propagated through the DHCPserver.

If you do NOT add the localdomain to your DNS, you need to do that, and use that server for DNSresolve.

(That DNS server has to be prefered DNS in all client settings - can be propagated through DHCP)

Solution:

then, in your /etc/hostfile/yourdomain.TLD (we use Bind9) , you ADD following row :

WINDOWSSERVERNAME IN CNAME yourSubDomain.yourdomain.TLD

(of course you allready have a Arecord for the yourSubDomain.yourdomain.TLD, otherwise, ADD)

reload bind, (rndc reload) and verify from a command prompt of your choice :

$ ping WINDOWSSERVERNAME

PING yourSubDomain.yourdomain.TLD (84.243.62.xx) 56(84) bytes of data.

64 bytes from yourSubDomain.yourdomain.TLD (84.243.62.xx😞 icmp_seq=1 ttl=124 time=2.39 ms

Confirm that your client can resolve. Be aware of DNScaching, TTL, expirytime.

I have successfully used this to install a clint with no modifications on the client side. (XP)

So -now we have four clients over Internet.

Other :

I assume that most of this can be done in an "easier way" - eg in your local NAT-device, which normally also is a DNScache and also a DHCPserver. But we are an ISP and love BIND...;-)

Combinations of these workarounds / solutions should be possible.

Propagating host-records from main DNS (Internet) to your local NATdevice should be possible with cooperation from your ISP.

Med vänlig hälsning, Best regards

Göte Haluza Teknikmejeriet.se http://www.tm.se

marco_laporta
Participant
‎02-20-2010 9:57 AM
0 Kudos

Hi Göte, thanks for all suggestions.

Sorry for the delay but I was out of office for a while.

In tests I described in my first post, I already tried to put public IP server address in c:windowssystem32driveretchosts, with no luck.

The problem was that in step 3) client issues a request to the server private ip address, surely sanded to the client by the license server.

The big difference I have from your configuration is the client version end the client installation.

In fact Iu2019m a developer and so I start to use SAP B1 8.8 PL0, that I can use for 30 days without license each time I install it.

After some work I realized that SAP 8.8 PL0 is really buggy, so I decided to use the customer SAP 8.8 PL4.

Customer office in not so near to my office and so I needed a remote connection.

I discarded Remote Destkop Connection because, if i will used RDP i will need to install all development tools on a new remote computer (not the production server) that at the moment didn't exists.

Then I decided to remotelly connect my local client to the customer License Server:

1. I configured port forwarding as described in first post

2 .I added SAP server name in c:windowssystem32driveretchosts

3. I stopped the Licence server from my PC

4. I started B1 and putted the SAP server name in the popup window.

The results was described in the first post.

Now the customer has a SAP 8.8 PL05, so I will try to remove all my local installation and to setup a new B1 8.8 PL05 Client directly with the remote license server.

If this doesn't work, I could also try SAP 8.8 PL07 used by Göte. If even this will work, i will consider to buy a SAP Licence

I will post the results.

Best Redards

Former Member
‎02-21-2010 8:16 AM
0 Kudos

Hi Marco

1,2,3,4 / I see that you have a license server LOCAL also ? This configuration is not covered by the workaround. (Not used)

>USE WINDOWSSERVERNAME in your client-SAPB1 8.8 installation, when the popup comes : supply liccense server name

I mean, that first time you start your 8.8 client, after setup, it might (if not found) popup a box : supply liccense server name.

There you add WINDOWSSERVERNAME which you added in your LOCAL/host. Nothing else.

If the same name is used on the server license manager, this should work. Otherwise, read below :

Other :

>In tests I described in my first post, I already tried to put public IP server address in c:windowssystem32driveretchosts,

Did you PIING ? Successfully IPresolve ?

>USE WINDOWSSERVERNAME in your client-SAPB1 8.8 installation, when the popup comes : supply liccense server name.

You dont say anything about what you used, but i am quite sure, that the important thing is above : Do NOT use anything else

than that name fore reference from SAPclient OR License server . (Dont use IP, FQDNS etc.)

>3) client issues a request to the server private ip address,

I guess , that the Lic server PREFERS to use its own WINDOWSSERVERNAME if it can ( So - The licenserver itself also has to be set for that name ! No IP ! )

>, i will consider to buy a SAP Licence

I dont think there is a difference between 05 and 07. But create licenses for the system you choose to test.

Login to the License-portal (where you create you licensefiles) , create a new license for 2 PRO users. I am not sure, but if you "over-use" your ammount , we normally gets 1months licenses...and a lot of RED TEXT in the mail from SAP....;-) (This step takes 5 minutes when you know how.) When you finnished testing, just go back and DELETE the system you created for testing. I do believe (<>know) there is a difference between unlicensed systems and licensed - after all - it is a license manager.

Have to go, will checkup your anservs in the week

Göte Haluza Teknikmejeriet.se

PS We have had NO setbacks with any of solutions above. They both work, tested by several employees DS

Former Member
‎02-24-2010 5:23 PM
0 Kudos

Today , we can say that this part is essential in the setup :

>We have also added the public IP to the NIC ( Windows - network - settings ) , and hoped that the license manager should use this

Cause we "cleaned up" things a bit, and both workaround and solution stopped working ...;-)

SO : Public IP used for the NATforwarding has to be set in the NIC on the license server.

Göte Haluza, Teknikmejeriet.se

Edited by: Göte Haluza on Feb 24, 2010 6:53 PM

SO : Public IP used for the NATforwarding has to be set in the NIC on the license server.

former_member445201
Participant
‎03-02-2011 1:53 PM
0 Kudos

HI All,

I am too having issues with this. We have just upgraded our SAP2005 (which worked fine with VPN) to SAP8.8 PL17. The response time from the client's laptop on 8.8 via VPN using a doogle is un-usable (takes too long and crashes most of the time).

Is a workaround to this issue is to use terminal services to a server with SAP client loaded? or RDP to a machine in the office. I am running out of ideas and have tried the host task and enabling VPN with no luck.

We require this as many sales people need access whilst on client sites.

Regards

Former Member
‎07-10-2014 12:39 PM
0 Kudos

We had the same problem on our version 9PL11.

We have a VPN setup which external users connect into to access our server. They have SAP client installed on their laptops. Over the VPN, it was impossible to connect until we modified the host file as indicated by Göte and it works like a charm.

Funnily enough, I remember having to modify the client host file for a multidimensional software about 17 years ago, otherwise it couldn't connect to the server. This BI software has long disappeared from the shelves and the editor has been sold many times to bigger and bigger companies. The one before last was Business Object, who was bought by ... SAP!

Pretty sad to see that SAP is not putting much effort into connecting the remote users.

Answers (4)

Answers (4)

Former Member
‎12-05-2013 5:13 PM
0 Kudos

Marco:

I have similar problem with you, in which I cannot connect to the License Server over the Internet. If you don't mind, could you please share your solution? I tried to understand what userID Göte Haluza posted on the thread but his solution is a bit confusing for me. I am not Network Engineer.


I appreciate if you can share your solution.

Thanks,

Show replies
Show replies
marco_laporta
Participant
‎02-24-2010 11:05 AM
0 Kudos

Finally i could connect to B1 License Server through a VPN. The Client is OpenVPN, I donu2019t know yet the server VPN type but if someone need to know I can ask.

So I put in c:windowssystem32driveretchosts the SAP Server private IP address and the connection is done correctly.

The problem is that B1 Client works with a really poor performance, like said by Gordon: about 10 minutes to startup B1 Client the first time, and significant delays in normal work.

Probably it depends on DSL Speed (and perhaps Server Load); my line is a 2Mbps, but really I'm not patient enough to use a similar solution.

Thanks to Göte to point me about the possibility to ask a temporary (not one month for me, only 15 days, sigh) license.

I will try to use this license and to renew it after expiration.

Regards Marco

Show replies
Show replies
Former Member
‎03-18-2010 1:19 PM
0 Kudos

Hi Marco!

One of our customers has the same requirement to use only the LS (not the whole SAP) over the VPN, and environment is similar to your one. But still the LS is not available from SAP.

>> Finally i could connect to B1 License Server through a VPN. The Client is OpenVPN,

>> I donu2019t know yet the server VPN type but if someone need to know I can ask.

Could you please let us know the environment details (VPN server, its settings, client settings, where is LS installed - on VPN server or client) and how it is set up (just replace the IPs with xxx/yyyy or like that).

Thank you in advance!

marco_laporta
Participant
‎02-06-2010 6:05 PM
0 Kudos

Gordon, thanks for the response.

Why do you think VPN may be not enough?

If I enable the VPN Server on the win2003 server, I should be able to browse the network like if I was locally connected.

I should browse the remotes PC by theirs private IP Addresses opening only two ports on the router (the ports needed by the VPN client).

The problem is that is not so simple configure the VPN Server, expecially if the server has only 1 NIC like mine.

However, I will try to setup a VPN in the next days and I will post my progresses or my failures.

Marco

Show replies
Show replies
Former Member
‎02-07-2010 6:45 AM
0 Kudos

By successful VPN link, you could browse network. That will not mean you could use B1. So many peoples tried it already. Do not waste your time. Unless you have a very small database, the time to run B1 over VPN is not realistic.

Former Member
‎02-16-2010 2:15 PM
0 Kudos

Hi

A VPN is not supported by SAP. Which means it may works or not and also may varies from patch to patch.

In SAP Portal you can get the list of the supported plataforms (like Citrix XenAppu2122 or VMware ESX.

http://service.sap.com/smb/sbo/ -> PRODUCT AVAILABILITY -> Deploy -> Supported Platforms .

Paulo Calado

SAP Business One Forums Team

Former Member
‎02-06-2010 5:12 PM
0 Kudos

Hi Marco,

There is no easy way. RDP is mandatory for remote connection. Even VPN may not be enough to use B1.

Thanks,

Gordon

Show replies
Show replies
Ask a Question