on 05-03-2010 1:34 PM
Hi,
I am in process of configuring sap router on Solaris.
i applied all the certificates succesfully , but when i am trying to start the sap router using SIDADM user and as well as root user i am getiing the following error,
dev_rout
-
Mon May 3 15:34:28 2010
SAP Network Interface Router, Version 38.10
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -R
command line arg 3: /usr/sap/saprouter/saprouttab
command line arg 4: -S
command line arg 5: 3299
command line arg 6: -K
command line arg 7: p:CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
Solaris on x86_64 CPU (st,ascii,SAP_UC/size_t/void* = 16/64/64)
SncInit(): Trying builtin default as a
gssapi library name: "sncgss.so".
ERROR => DlLoadLib: dlopen()= ld.so.1: saprouter: fatal: sncgss.so: open failed: No such file or di
rectory -> DLENOACCESS (0,Error 0) [dlux.c 314]
ERROR => SncPDLInit(): DlLoadLib("sncgss.so")=DLENOACCESS
[sncxxdl.0339]*** ERROR => SncPDLInit()==SNCERR_INIT, Adapter (#0) sncgss.so not loaded
[sncxxdl.0603]<<- SncInit()==SNCERR_INIT
sec_avail = "false"
ERROR => NiSncInit: SncInit failed (rc=-1) [nisnc.c 647]
ERROR => main: NiSncInit failed (rc=-17) [nirout.cpp 1219]
*****************************************************************************
*
ERROR SNC processing failed:
SncInit
*
TIME Mon May 3 15:34:28 2010
RELEASE 701
COMPONENT NI (network interface)
VERSION 38
RC -17
MODULE nisnc.c
LINE 646
DETAIL NiSncInit: sncrc=-1
COUNTER 3
*
*****************************************************************************
<<- ERROR: SncDone()==SNCERR_INIT_FIRST
-
please advise..
regards,
Irfan
Hi Irfan,
Is your issue resolved? there seems tobe issue in certificate you imported for router configuration :
verify out put of :sapgenpse get_my_name -v -n Issuer
name should come as :p:CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE
Also verify if SAPROUTTAB entries are valid:
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
repeat this for the servers and port_numbers you will need to allow,
please make sure that all explicit ports are inserted in front of a
generic entry '*' for port_number
outbound connections to <sapservX> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
permission entries to check if connection is allowed at all
P <IP address of a local host> <IP address of sapserv2>
all other connections will be denied
D * * *
hope above comments will help you to start Router successfully
Regards,
Rupali B
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
i have deleted the saprouter directory , uncar the saprouter and crypto file using SIDADM
i set the env variables
solmgr:soladm 4% printenv
HOME=/home/soladm
PATH=/oracle/SOL/102_64/bin:/usr/jdk/j2sdk1.4.2_17/bin:/home/soladm:/usr/sap/SOL/SYS/exe/run:/bin:/usr/bin:/usr/ucb:/etc:.:/usr/ccs/bin
LOGNAME=soladm
HZ=
TERM=dtterm
SHELL=/bin/csh
MAIL=/var/mail/soladm
LANG=en_US.ISO8859-1
LC_CTYPE=en_US.ISO8859-1
LC_NUMERIC=en_US.ISO8859-1
LC_TIME=en_US.ISO8859-1
LC_COLLATE=en_US.ISO8859-1
LC_MONETARY=en_US.ISO8859-1
LC_MESSAGES=C
TZ=Asia/Riyadh
PWD=/home/soladm
USER=soladm
SAPSYSTEMNAME=SOL
DIR_LIBRARY=/usr/sap/SOL/SYS/exe/run
LD_LIBRARY_PATH=/usr/sap/SOL/SYS/exe/run:/oracle/client/10x_64/instantclient
JAVA_HOME=/usr/jdk/j2sdk1.4.2_17
THREAD=NOPS
dbms_type=ORA
dbs_ora_tnsname=SOL
dbs_ora_schema=SAPSR3
ORACLE_SID=SOL
DB_SID=SOL
ORACLE_BASE=/oracle
TNS_ADMIN=/usr/sap/SOL/SYS/profile/oracle
ORACLE_HOME=/oracle/SOL/102_64
NLS_LANG=AMERICAN_AMERICA.UTF8
SAPDATA_HOME=/oracle/SOL
SECUDIR=/usr/sap/saprouter=
SNC_LIB=/usr/sap/saprouter/libsapcrypto.so=
-
when i execute the command sapgenpse it am getting the following error,
solmgr:soladm 5% sapgenpse get_pse -v -r certreq -p local.pse "CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "/usr/sap/saprouter=/local.pse".
Please enter PIN: ****
Please reenter PIN: ****
Supplied distinguished name: "CN=solmgr, OU=xxxxxxxx, OU=SAProuter, O=SAP, C=DE"
Creating PSE with format v2 (default)
No License ticket file found (trying /usr/sap/saprouter=/ticket):
No License ticket file found (trying /usr/local/secude/etc/ticket):
get_pse: Can't create PSE.
ERROR in af_create: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):
No License ticket file found (trying /usr/local/secude/etc/ticket):
"
ERROR in ??: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):
No License ticket file found (trying /usr/local/secude/etc/ticket):
-
pls advise..
Regards,
Irfan
Hi IRfan,
ERROR in ??: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):
No License ticket file found (trying /usr/local/secude/etc/ticket):
When you extract Cryptography library in SAProuter folder , at that time some additional folder get created , in that addtional folder you will get ticket file , copy that ticket file from there and paste it to /usr/sap/sarpouter
Once above task is done carry on with your activity.
Thanks
Anil
Hi,
1) i have uncar saprouter and sapcrypto files using SIDADM user, and able to get the below files.
x niping
x saprouter
x Changelog.txt
x LEGAL.TXT
x LICENSE.TXT
x Ver555.pl29
x WHICH.TXT
x sunx86-5.10-32
x sunx86-5.10-32/sapgenpse
x sunx86-5.10-32/libsapcrypto.so
x sunx86-5.10-32/sapcrypto.lst
x sunx86-5.10-64
x sunx86-5.10-64/sapgenpse
x sunx86-5.10-64/libsapcrypto.so
x sunx86-5.10-64/sapcrypto.lst
x sunx86.txt
x ticket
2) Found the below three files under sunx86-5.10-64 direcoty, i copied these three files to /usr/sap/saprouter and also to /sapmnt/SOL/exe
libsapcrypto.so sapcrypto.lst sapgenpse
3) i copied ticket file to /home/sidadm/sec/ directory.
and also to /sapmnt/SOL/exe using root user
4) Environment Variables, using SIDADM
-
setenv SECUDIR=/usr/sap/saprouter
setenv SNC_LIB=/usr/sap/saprouter/libsapcrypto.so
after that using SIDADM i executed the command
sapgenpse get_pse -v -r certreq -p local.pse "CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE"
yet i get the same error
solmgr:soladm 14% sapgenpse get_pse -v -r certreq -p local.pse "CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "/usr/sap/saprouter=/local.pse".
Please enter PIN: ******
Please reenter PIN: ******
Supplied distinguished name: "CN=solmgr, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE"
Creating PSE with format v2 (default)
No License ticket file found (trying /usr/sap/saprouter=/ticket):
No License ticket file found (trying /usr/local/secude/etc/ticket):
get_pse: Can't create PSE.
ERROR in af_create: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):
No License ticket file found (trying /usr/local/secude/etc/ticket):
"
ERROR in ??: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):
No License ticket file found (trying /usr/local/secude/etc/ticket):
-
please advise.
Regards,
Irfan
Hi Irfan,
Why there is an equal sign
/usr/sap/saprouter=/ticket
check while set the enviroment varible you have given the equal sign, give us the output of following command in forum
for running the following command login with SIDADM user on OS
first command
echo $SECUDIR
second command
cd /usr/sap/saprouter
ls -ltr
paste the output of above command in forum.
Thanks
Anil
Hi Anil
i am able to generate the certificates successfully,
you have rightly pointed , Env Varibales were not been set properly.
now i am trying to start the router with the below command, and i am getting the following error.
solmgr:soladm 31% saprouter -r -K "p:CN=solmgr, OU=0000xxxxx, OU=SAProuter, O=SAP, C=DE"
trcfile dev_rout
no logging active
ERROR => invalid lines in './saprouttab', see 'dev_rout' [nirout.cpp 7998]
-
Please advise.
Regards,
Irfan
Hi Irfan,
As per your previous reply , you are using following command to start SAP router
saprouter -r -K "p:CN=solmgr, OU=0000xxxxx, OU=SAProuter, O=SAP, C=DE"
If you have to put your saprouter start command in baground , then use the following command
saprouter -r -K "p:CN=solmgr, OU=0000xxxxx, OU=SAProuter, O=SAP, C=DE" &
just use & to your end of sap router start command as shown above
Thanks
Anil
Edited by: Anil Bhandary on May 5, 2010 1:19 PM
Do not copy and paste.
Read the "Rules of Engagement"
Edited by: Juan Reyes on May 4, 2010 10:05 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Irfan,
verify that the two necessary environment variables have been defined:
SECUDIR = <directory_of_saprouter>
SNC_LIB = <path_to_libsecude>/<name_of_sapcrypto_library>
Regards
Niraj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
If you have your certificates and routtab file intact (previously configure), you don't need to configure it again...
You can try to starting saprouter with <sid>adm user.
Otherwise reconfigure it using <sid>adm user.
Make sure that you have configure environment variable for user <sid>adm as suggested by Niraj Kumar Soni.
SECUDIR = <directory_of_saprouter>
SNC_LIB = <path_to_libsecude>/<name_of_sapcrypto_library>
Regards.
Rajesh Narkhede
Hello ,
Kindly check whether u have set the variable SNC_LIB under the environment of the user used to configure saprouter.
This will surely solve your problem.
Regards,
Nirmal.K
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.