cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP router configuration

Go to solution
Former Member

on ‎05-03-2010 1:34 PM

0 Kudos

Hi,

I am in process of configuring sap router on Solaris.

i applied all the certificates succesfully , but when i am trying to start the sap router using SIDADM user and as well as root user i am getiing the following error,

dev_rout

-

Mon May 3 15:34:28 2010

SAP Network Interface Router, Version 38.10

command line arg 0: saprouter

command line arg 1: -r

command line arg 2: -R

command line arg 3: /usr/sap/saprouter/saprouttab

command line arg 4: -S

command line arg 5: 3299

command line arg 6: -K

command line arg 7: p:CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE

SncInit(): Initializing Secure Network Communication (SNC)

Solaris on x86_64 CPU (st,ascii,SAP_UC/size_t/void* = 16/64/64)

SncInit(): Trying builtin default as a

gssapi library name: "sncgss.so".

      • ERROR => DlLoadLib: dlopen()= ld.so.1: saprouter: fatal: sncgss.so: open failed: No such file or di

rectory -> DLENOACCESS (0,Error 0) [dlux.c 314]

      • ERROR => SncPDLInit(): DlLoadLib("sncgss.so")=DLENOACCESS

[sncxxdl.0339]*** ERROR => SncPDLInit()==SNCERR_INIT, Adapter (#0) sncgss.so not loaded

[sncxxdl.0603]<<- SncInit()==SNCERR_INIT

sec_avail = "false"

      • ERROR => NiSncInit: SncInit failed (rc=-1) [nisnc.c 647]

      • ERROR => main: NiSncInit failed (rc=-17) [nirout.cpp 1219]

*****************************************************************************

*

  • ERROR SNC processing failed:

  • SncInit

*

  • TIME Mon May 3 15:34:28 2010

  • RELEASE 701

  • COMPONENT NI (network interface)

  • VERSION 38

  • RC -17

  • MODULE nisnc.c

  • LINE 646

  • DETAIL NiSncInit: sncrc=-1

  • COUNTER 3

*

*****************************************************************************

<<- ERROR: SncDone()==SNCERR_INIT_FIRST

-

please advise..

regards,

Irfan

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

rupali_karbhari3
Active Contributor
‎05-04-2010 12:37 PM
0 Kudos

Hi Irfan,

Is your issue resolved? there seems tobe issue in certificate you imported for router configuration :

verify out put of :sapgenpse get_my_name -v -n Issuer

name should come as :p:CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE

Also verify if SAPROUTTAB entries are valid:

  1. inbound connections MUST use SNC

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>

  1. repeat this for the servers and port_numbers you will need to allow,

  2. please make sure that all explicit ports are inserted in front of a

  3. generic entry '*' for port_number

  1. outbound connections to <sapservX> will use SNC

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>

  1. permission entries to check if connection is allowed at all

P <IP address of a local host> <IP address of sapserv2>

  1. all other connections will be denied

D * * *

hope above comments will help you to start Router successfully

Regards,

Rupali B

Show replies
Show replies
Former Member
‎05-04-2010 4:09 PM
0 Kudos

Hi,

i have deleted the saprouter directory , uncar the saprouter and crypto file using SIDADM

i set the env variables

solmgr:soladm 4% printenv

HOME=/home/soladm

PATH=/oracle/SOL/102_64/bin:/usr/jdk/j2sdk1.4.2_17/bin:/home/soladm:/usr/sap/SOL/SYS/exe/run:/bin:/usr/bin:/usr/ucb:/etc:.:/usr/ccs/bin

LOGNAME=soladm

HZ=

TERM=dtterm

SHELL=/bin/csh

MAIL=/var/mail/soladm

LANG=en_US.ISO8859-1

LC_CTYPE=en_US.ISO8859-1

LC_NUMERIC=en_US.ISO8859-1

LC_TIME=en_US.ISO8859-1

LC_COLLATE=en_US.ISO8859-1

LC_MONETARY=en_US.ISO8859-1

LC_MESSAGES=C

TZ=Asia/Riyadh

PWD=/home/soladm

USER=soladm

SAPSYSTEMNAME=SOL

DIR_LIBRARY=/usr/sap/SOL/SYS/exe/run

LD_LIBRARY_PATH=/usr/sap/SOL/SYS/exe/run:/oracle/client/10x_64/instantclient

JAVA_HOME=/usr/jdk/j2sdk1.4.2_17

THREAD=NOPS

dbms_type=ORA

dbs_ora_tnsname=SOL

dbs_ora_schema=SAPSR3

ORACLE_SID=SOL

DB_SID=SOL

ORACLE_BASE=/oracle

TNS_ADMIN=/usr/sap/SOL/SYS/profile/oracle

ORACLE_HOME=/oracle/SOL/102_64

NLS_LANG=AMERICAN_AMERICA.UTF8

SAPDATA_HOME=/oracle/SOL

SECUDIR=/usr/sap/saprouter=

SNC_LIB=/usr/sap/saprouter/libsapcrypto.so=

-

when i execute the command sapgenpse it am getting the following error,

solmgr:soladm 5% sapgenpse get_pse -v -r certreq -p local.pse "CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE"

Got absolute PSE path "/usr/sap/saprouter=/local.pse".

Please enter PIN: ****

Please reenter PIN: ****

Supplied distinguished name: "CN=solmgr, OU=xxxxxxxx, OU=SAProuter, O=SAP, C=DE"

Creating PSE with format v2 (default)

No License ticket file found (trying /usr/sap/saprouter=/ticket):

No License ticket file found (trying /usr/local/secude/etc/ticket):

get_pse: Can't create PSE.

ERROR in af_create: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):

No License ticket file found (trying /usr/local/secude/etc/ticket):

"

ERROR in ??: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):

No License ticket file found (trying /usr/local/secude/etc/ticket):

-

pls advise..

Regards,

Irfan

former_member227283
Active Contributor
‎05-04-2010 5:12 PM
0 Kudos

Hi IRfan,

ERROR in ??: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):
No License ticket file found (trying /usr/local/secude/etc/ticket):

When you extract Cryptography library in SAProuter folder , at that time some additional folder get created , in that addtional folder you will get ticket file , copy that ticket file from there and paste it to /usr/sap/sarpouter

Once above task is done carry on with your activity.

Thanks

Anil

Former Member
‎05-05-2010 8:04 AM
0 Kudos

Hi,

1) i have uncar saprouter and sapcrypto files using SIDADM user, and able to get the below files.

x niping

x saprouter

x Changelog.txt

x LEGAL.TXT

x LICENSE.TXT

x Ver555.pl29

x WHICH.TXT

x sunx86-5.10-32

x sunx86-5.10-32/sapgenpse

x sunx86-5.10-32/libsapcrypto.so

x sunx86-5.10-32/sapcrypto.lst

x sunx86-5.10-64

x sunx86-5.10-64/sapgenpse

x sunx86-5.10-64/libsapcrypto.so

x sunx86-5.10-64/sapcrypto.lst

x sunx86.txt

x ticket

2) Found the below three files under sunx86-5.10-64 direcoty, i copied these three files to /usr/sap/saprouter and also to /sapmnt/SOL/exe

libsapcrypto.so sapcrypto.lst sapgenpse

3) i copied ticket file to /home/sidadm/sec/ directory.

and also to /sapmnt/SOL/exe using root user

4) Environment Variables, using SIDADM

-

setenv SECUDIR=/usr/sap/saprouter

setenv SNC_LIB=/usr/sap/saprouter/libsapcrypto.so

after that using SIDADM i executed the command

sapgenpse get_pse -v -r certreq -p local.pse "CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE"

yet i get the same error

solmgr:soladm 14% sapgenpse get_pse -v -r certreq -p local.pse "CN=solmgr, OU=0000845376, OU=SAProuter, O=SAP, C=DE"

Got absolute PSE path "/usr/sap/saprouter=/local.pse".

Please enter PIN: ******

Please reenter PIN: ******

Supplied distinguished name: "CN=solmgr, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE"

Creating PSE with format v2 (default)

No License ticket file found (trying /usr/sap/saprouter=/ticket):

No License ticket file found (trying /usr/local/secude/etc/ticket):

get_pse: Can't create PSE.

ERROR in af_create: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):

No License ticket file found (trying /usr/local/secude/etc/ticket):

"

ERROR in ??: (18946/0x4a02) Ticket error : "No License ticket file found (trying /usr/sap/saprouter=/ticket):

No License ticket file found (trying /usr/local/secude/etc/ticket):

-

please advise.

Regards,

Irfan

former_member227283
Active Contributor
‎05-05-2010 8:33 AM
0 Kudos

Hi Irfan,

Why there is an equal sign 

/usr/sap/saprouter=/ticket

check while set the enviroment varible you have given the equal sign, give us the output of following command in forum

for running the following command login with SIDADM user on OS

first command

echo $SECUDIR

second command

cd /usr/sap/saprouter

ls -ltr

paste the output of above command in forum.

Thanks

Anil

Former Member
‎05-05-2010 9:19 AM
0 Kudos

Hi Anil

i am able to generate the certificates successfully,

you have rightly pointed , Env Varibales were not been set properly.

now i am trying to start the router with the below command, and i am getting the following error.

solmgr:soladm 31% saprouter -r -K "p:CN=solmgr, OU=0000xxxxx, OU=SAProuter, O=SAP, C=DE"

trcfile dev_rout

no logging active

      • ERROR => invalid lines in './saprouttab', see 'dev_rout' [nirout.cpp 7998]

-

Please advise.

Regards,

Irfan

kishore_soma
Active Participant
‎05-05-2010 9:34 AM
0 Kudos

hi,

Can you give thje saprouttab file paste it here, so that we can check for saprouttab entries.

The above mesage is for saprouttab entries.

Regards,

Kishore Soma

former_member227283
Active Contributor
‎05-05-2010 9:56 AM
0 Kudos

Hi Irfan,

*** ERROR => invalid lines in './saprouttab', see 'dev_rout' http://nirout.cpp 7998

You are getting above error because you have set the below parameter in SAPROUTTAB.

P  * * *

Set properly the parameter SAPROUTTAB . It will resolve your problem.

Thanks

Anil

Former Member
‎05-05-2010 11:31 AM
0 Kudos

Thank you very much

its working fine,

i am starting it as manula by putting the command,

how do i make it automatic or script

Regards,

Irfan

former_member227283
Active Contributor
‎05-05-2010 12:19 PM
0 Kudos

Hi Irfan,

As per your previous reply , you are using following command to start SAP router

saprouter -r -K "p:CN=solmgr, OU=0000xxxxx, OU=SAProuter, O=SAP, C=DE"

If you have to put your saprouter start command in baground , then use the following command

saprouter -r -K "p:CN=solmgr, OU=0000xxxxx, OU=SAProuter, O=SAP, C=DE" &

just use & to your end of sap router start command as shown above

Thanks

Anil

Edited by: Anil Bhandary on May 5, 2010 1:19 PM

Former Member
‎05-05-2010 12:33 PM
0 Kudos

Thank you very much

Answers (3)

Answers (3)

Former Member
‎05-04-2010 8:25 AM
0 Kudos

  • Do not copy and paste.

Read the "Rules of Engagement"

Edited by: Juan Reyes on May 4, 2010 10:05 AM

Show replies
Show replies
former_member126060
Employee
Employee
‎05-03-2010 5:44 PM
0 Kudos

Hi Irfan,

verify that the two necessary environment variables have been defined:

SECUDIR = <directory_of_saprouter>

SNC_LIB = <path_to_libsecude>/<name_of_sapcrypto_library>

Regards

Niraj

Show replies
Show replies
Former Member
‎05-04-2010 8:42 AM
0 Kudos

Hi Niraj,

i have uncar the saprouter and sapcrypto files using SIDADM user,

is that ok or should i configure sap router using root user.

please clarify i need to reconfigure it..

Former Member
‎05-04-2010 9:12 AM
0 Kudos

Hi,

If you have your certificates and routtab file intact (previously configure), you don't need to configure it again...

You can try to starting saprouter with <sid>adm user.

Otherwise reconfigure it using <sid>adm user.

Make sure that you have configure environment variable for user <sid>adm as suggested by Niraj Kumar Soni.

SECUDIR = <directory_of_saprouter>

SNC_LIB = <path_to_libsecude>/<name_of_sapcrypto_library>

Regards.

Rajesh Narkhede

nirmal_konchada
Active Contributor
‎05-03-2010 4:58 PM
0 Kudos

Hello ,

Kindly check whether u have set the variable SNC_LIB under the environment of the user used to configure saprouter.

This will surely solve your problem.

Regards,

Nirmal.K

Show replies
Show replies
Ask a Question