on 03-26-2010 1:47 AM
Hello Gurus,
I need your expert opinion. Do i need to create saprouter to the server where I want to connect remotely? Like for example, I need to connect to Production remotely, do I need to create saprouter/saprouttab on this server? I'm really confused. We have SAProuter installed to certain server dedicated for itself but not to production server.
TIA
Hi,
SAProuter should be installed and configured on any server, that you want to open to SAP's support.
Chk the SAP Notes: 30289, 35010.
Regards,
Vishnu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gurus,
Our saprouter is configured correctly in a separate server. But my problem is when I tried connection testing with the production system through SM59 I'm getting the following error.
Connection Error
Error when opening an RFC connection
ERROR: SNC processing failed: SncProcessInput
LOCATION: SAProuter 39.2 (SP4) on 'sapserv2a'
DETAIL: NiSncIProcIn: sncrc=-4;80000001004d7e90
COMPONENT: NI (network interface)
COUNTER: 52
MODULE: nisnc.c
LINE: 946
RETURN CODE: -93
SUBRC: 0
RELEASE: 710
TIME: Fri Mar 26 07:14:15 2010
VERSION: 39
Anyone could help me on this.TIA
Hi,
My entries in OSS1 are below:
SAProuter 1
Name <Name of the server where SAProuer is located>
IP Address <IP where SAProuter is located>
Instance no. 99
SAProuter at SAP
Name sapserv2 Name oss001
IP Address 194.39.131.34 DB Name O01
Instance no. 99 Instance no. 01
Please let me know why I'm getting an error.
Thanks
Hi,
These settings look ok to me.
Did you check if the SAProuter service is running on the server where it is installed and configured?3
If not start the service. check the saprouttab file aswell.
You can also check the if the right certificate has been generated and applied.
Regards,
Vishnu
Edited by: vishnuarigela on Mar 26, 2010 9:13 AM
Hi,
ERROR: SNC processing failed: SncProcessInput
The error above seems like credential problem.
Pls share the error part regading SNC in dev_rout ( saprouter log file present in saprouter server )
Also provide the output of following command
sapgenpse get_my_name -v -n Issuer
sapgenpse get_my_name
-
i will suggest to apply the following solution :-
run the following command
sapgenpse seclogin -p local.pse -O <user through which you have will start saprouter>
above command will create credential file in your saprouter folder
Here user will that by which you have configured the SAProuter ( i.e you have created and import the SAP certificate )
Thanks
Anil
Hi Anil,
Here's the dev_rout
-
trc file: "C:\USR\SAPROUTER\dev_rout", trc level: 3, release: "710"
-
Fri Mar 26 13:51:05 2010
NiHsLInit: alloc host/serv bufs (200/200 entries)
NiIInit: allocated nitab (811 at 02030048)
NiIInit: host/serv bufs already initialized
NiPGetNodeAddrListInit: use GetAdaptersInfo implementation (00)
NiStrToAddrMask: '10.205.33.161' -> 10.205.33.161/32 (0/0)
NiPGetNodeAddrList00: got 1 interface(s) from operating system
[0] IP-Address: 10.205.33.161
SAP Network Interface Router, Version 39.1 (SP3)
Compiled Aug 9 2007 22:17:39
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -K
command line arg 3: p:CN=*********, OU=0000******, OU=SAProuter, O=SAP, C=DE
command line arg 4: -G
command line arg 5: C:\USR\SAPROUTER\saprouter.log
command line arg 6: -T
command line arg 7: C:\USR\SAPROUTER\dev_rout
command line arg 8: -V
command line arg 9: 3
command line arg 10: -R
command line arg 11: C:\USR\SAPROUTER\saprouttab
service : 3299
routtab : C:\USR\SAPROUTER\saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : C:\USR\SAPROUTER\dev_rout
logfile : C:\USR\SAPROUTER\saprouter.log
filelimit : off
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=00DBF9CB)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "C:\usr\saprouter\ntintel\sapcrypto.dll".
load shared library (C:\usr\saprouter\ntintel\sapcrypto.dll), hdl 0, addr 10000000
using "C:\usr\saprouter\ntintel\sapcrypto.dll"
DlLoadFunc: GetProcAddress(sapsnc_init_adapter) Error 127
Error 127 = "The specified procedure could not be found."
load shared func (gss_acquire_cred) from C:\usr\saprouter\ntintel\sapcrypto.dll
load shared func (gss_release_cred) from C:\usr\saprouter\ntintel\sapcrypto.dll
load shared func (gss_init_sec_context) from C:\usr\saprouter\ntintel\sapcrypto.dll
load shared func (gss_accept_sec_context) from C:\usr\saprouter\ntintel\sapcrypto.dll
load shared func (gss_process_context_token) from C:\usr\saprouter\ntintel\sapcrypto.dll
when i run the command sapgenpse get_my_name, the ff generated
C:\Documents and Settings\Administrator\sapgenpse get_my_name
SSO for user "Administrator"
with PSE file "C:\usr\saprouter\local.pse"
Subject: CN=*******, OU=0000*******, OU=SAProuter, O=SAP, C=DE
Issuer: CN=*******, OU=0000*******, OU=SAProuter, O=SAP, C=DE
Serialno: 20:10:02:14:11:24:37
KeyInfo: RSA, 1024-bit
Validity - Not Before: Sun Feb 14 19:24:37 2010 (100214112437Z)
NotAfter: Fri Jan 01 08:00:01 2038 (38010100001Z)
Hi Anil,
Here's the dev_rout
-
trc file: "C:\USR\SAPROUTER\dev_rout", trc level: 3, release: "710"
-
Fri Mar 26 13:51:05 2010
NiHsLInit: alloc host/serv bufs (200/200 entries)
NiIInit: allocated nitab (811 at 02030048)
NiIInit: host/serv bufs already initialized
NiPGetNodeAddrListInit: use GetAdaptersInfo implementation (00)
NiStrToAddrMask: '10.205.33.161' -> 10.205.33.161/32 (0/0)
NiPGetNodeAddrList00: got 1 interface(s) from operating system
[0] IP-Address: 10.205.33.161
SAP Network Interface Router, Version 39.1 (SP3)
Compiled Aug 9 2007 22:17:39
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -K
command line arg 3: p:CN=*********, OU=0000******, OU=SAProuter, O=SAP, C=DE
command line arg 4: -G
command line arg 5: C:\USR\SAPROUTER\saprouter.log
command line arg 6: -T
command line arg 7: C:\USR\SAPROUTER\dev_rout
command line arg 8: -V
command line arg 9: 3
command line arg 10: -R
command line arg 11: C:\USR\SAPROUTER\saprouttab
service : 3299
routtab : C:\USR\SAPROUTER\saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : C:\USR\SAPROUTER\dev_rout
logfile : C:\USR\SAPROUTER\saprouter.log
filelimit : off
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=00DBF9CB)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
when i run the command sapgenpse get_my_name, the ff generated
C:\Documents and Settings\Administrator\sapgenpse get_my_name
SSO for user "Administrator"
with PSE file "C:\usr\saprouter\local.pse"
Subject: CN=*******, OU=0000*******, OU=SAProuter, O=SAP, C=DE
Issuer: CN=*******, OU=0000*******, OU=SAProuter, O=SAP, C=DE
Serialno: 20:10:02:14:11:24:37
KeyInfo: RSA, 1024-bit
Validity - Not Before: Sun Feb 14 19:24:37 2010 (100214112437Z)
NotAfter: Fri Jan 01 08:00:01 2038 (38010100001Z)
when i execute sapgenpse seclogin -p local.pse -O <Administrator>, the following appeared:
running seclogin with USER= "Administrator"
creating credentials fo user "***SAPR01\Administrator"...
Please enter PIN: 1234
Adjusting credentials and PSE ACLs to include "***SAPR01\Administrator"...
Oh, you supplied your own name explicitly...ok.
C:\usr\saprouter\cred_v2 ...ok
C:\usr\saprouter\local.pse ...ok.
C:\usr\saprouter\local.pse ...ok.
C:\usr\saprouter\local.pse ...ok.
Added SSO-credentials for PSE "C:\usr\saprouter\local.pse"
"CN=*******, OU=0000*******, OU=SAProuter, O=SAP, C=DE"
Hi ,
when i execute sapgenpse seclogin -p local.pse -O <Administrator>, the following appeared:
running seclogin with USER= "Administrator"
creating credentials fo user "***SAPR01\Administrator"...
Please enter PIN: 1234
Adjusting credentials and PSE ACLs to include "***SAPR01\Administrator"...
Oh, you supplied your own name explicitly...ok.
C:\usr\saprouter\cred_v2 ...ok
C:\usr\saprouter\local.pse ...ok.
C:\usr\saprouter\local.pse ...ok.
C:\usr\saprouter\local.pse ...ok.
Added SSO-credentials for PSE "C:\usr\saprouter\local.pse"
"CN=********, OU=0000********, OU=SAProuter, O=SAP, C=DE"
After executing above command did you restarted the SAProuter .
If no , Then pls restart the SAP router , once saprouter is up then check the SM59 is working properly or not.
If it not working then pls again share the dev_rout and saprouter.log in the forum.
Thanks
Anil
Hi
The user that start the saprouter services have to be the same that register with.
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
Note: The account of the service user should always be entered in full <domainname>\<username>
Run the command
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
If not works the connection, you can request a new certificate
See the ports in firewall, please, you paste the saproutettab and DevRout.
Too i had many problems set the saprouter
Edited by: William Leonardo Neira on Mar 26, 2010 3:35 PM
Hi Anil,
I have already restarted the server where SAProuter is installed but still get the ff. error:
Connection Error
Error when opening an RFC connection
ERROR: SNC processing failed: SncProcessInput
LOCATION: SAProuter 39.2 (SP4) on 'sapserv2a'
DETAIL: NiSncIProcIn: sncrc=-4;80000001005cdd10
COMPONENT: NI (network interface)
COUNTER: 8
MODULE: nisnc.c
LINE: 946
RETURN CODE: -93
SUBRC: 0
RELEASE: 710
TIME: Mon Mar 29 03:38:17 2010
VERSION: 39
Guys,
I have found out the root cause of my problem. I have used different user in renewing SAPRouter certificate. Now my problem, how will I know what user was used in registering SAPRouter certificate since I'm just new in the company. Is there any command to know who registered the certicate?
TIA.
Hi Anil,
Thanks for your response.
The reason why I cant connect to SAPOSS in SM59 is because I used my user (w/c is new) to renew the SAProuter certificate.
Now my problem is I want to know who initially registered the SAProuter. I will use the user to renew the certificate.
Is there anyway to trace who initially have done it?
TIA.
Hi ,
You can install saprouter on any server or any Desktop.
For opening the connection for SAP, you have make neccesary entry in the saprouttab fiel which is present in the server where saprouter is install.
Thanks
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.