on 03-15-2011 2:46 PM
Dear all,
We do have a problem to start SAPOSS RFC from all SAP systems.
We do have an issue related to our saprouter.
Our environnement :
1. S00 is our SAP Solution Manager system (as example)
2. atd-saprouter is the server where the saprouter runs
3. We are using sapserv2 194.39.131.34
4. We have configured a SNC connection.
1. From atd-saprouter to S00 (Solman), the connection works
telnet ...
2. From S00 (Solman) to atd-saprouter, the connection works.
3. SAP can login to our S00. We have opened an R/3 connection in S00 and SAP is able to logued on to S00.
4. We have re-installed the sap certificate with sapgenpse. It works.
Info :
1. To start the saprouter, we are using the following command :
./saprouter -r -G sap-rtt.toto.ch.log -S 3299 -K "p:CN=sap-att.toto.ch, OU=0002273377, OU=SAProuter, O=SAP, C=DE"
2. Content of sap-rtt.toto.ch.log
Tue Mar 15 14:00:31 2011 INIT LOGFILE
Tue Mar 15 14:00:31 2011 READ ROUTTAB ./saprouttab o.k.
Tue Mar 15 14:00:52 2011 CONNECT FROM C1/- host 10.120.140.245/45161 (slv0745v)
Tue Mar 15 14:00:52 2011 CONNECT TO S1/2 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)
Tue Mar 15 14:00:52 2011 DISCONNECT S1/2 host 194.39.131.34/3299 (194.39.131.34)
Tue Mar 15 14:22:06 2011 CONNECT FROM C1/- host 10.120.140.246/39760 (totoslt0807v)
Tue Mar 15 14:22:06 2011 CONNECT TO S1/2 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)
Tue Mar 15 14:22:06 2011 DISCONNECT S1/2 host 194.39.131.34/3299 (194.39.131.34)
3. Here you have the saprroutab content :
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
P * * *
4. dev_rout content file
-
trc file: "dev_rout", trc level: 1, release: "700"
-
Tue Mar 15 14:00:31 2011
SAP Network Interface Router, Version 38.10
command line arg 0: ./saprouter
command line arg 1: -r
command line arg 2: -G
command line arg 3: sap-rtt.toto.ch.log
command line arg 4: -S
command line arg 5: 3299
command line arg 6: -K
command line arg 7: p:CN=sap-rtt.toto.ch, OU=0002273377, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 8/64/64)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "/usr/sap/saprouter/linux-x86_64-glibc2.3/libsapcrypto.so".
File "/usr/sap/saprouter/linux-x86_64-glibc2.3/libsapcrypto.so" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 32312, ppid = 24529, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
Tue Mar 15 14:00:52 2011
***LOG Q0I=> NiPConnect2: connect (111: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 7
(SI_ECONN_REFUSE/111; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
Tue Mar 15 14:22:06 2011
***LOG Q0I=> NiPConnect2: connect (111: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 7
(SI_ECONN_REFUSE/111; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
4. Result of the following command
./niping -c -H /H/194.39.131.34/H/194.39.131.34
***LOG Q0I=> NiPConnect2: connect (111: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 0 / sock 3
(SI_ECONN_REFUSE/111; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
ERROR => NiTClientLoop: NiHandle (rc=-10) [nixxtst.cpp 2861]
ERROR partner '194.39.131.34:3299' not reached
TIME Tue Mar 15 14:38:00 2011
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -10
MODULE nixxi.cpp
LINE 2823
DETAIL NiPConnect2
SYSTEM CALL connect
ERRNO 111
ERRNO TEXT Connection refused
COUNTER 1
Any suggestions are welcome.
Best regards
SAP NetWeaverAdmin
***LOG Q0I=> NiPConnect2: connect (111: Connection refused) http://nixxi.cpp 2823
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 7
(SI_ECONN_REFUSE/111; I4; ST; 194.39.131.34:3299)
ERROR partner '194.39.131.34:3299' not reached
ERRNO TEXT Connection refused
Either your SAPRouter is not properly registered with SAP or you have a problem with your firewall..
Also, what type of SAPRouter connection are you using (VPN, SCN, ISDN)?
Regards
Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Juan,
Thanks for your input.
1. We are using SNC as SAPRouter connection.
2. We have re-generated the saprouter certificate this afternoon and re-install it, without any problem.
3. What do you exactly mean by "your SAPRouter is not properly registered with SAP ...".
If SAP can logued on to our SAP landcape, through our saprouter, is it not the proof that our
saprouter is correctly registered with them ?
Best regards
SAP NetWeaverAdmin
Edited by: SAP NetWeaverAdmin on Mar 15, 2011 4:38 PM
Then its most likely an issue with your firewall blocking the port 32XX.
Also SAPOSS RFC is generated by info in transaction OSS1, can you post the details there from one of your SAP systems that is failing to connect?
Also, if your SAPRouter is sitting on DMZ you need to make sure that the rules are amended to allow access
Regards
Juan
Dear Juan,
Please note :
1. From our S00 system, SM59, RFC SAPOSS :
Test connection result :
Logon Connection Error
Error Details Error when opening an RFC connection
Error Details ERROR: partner '194.39.131.34:sapdp99' not reached
Error Details LOCATION: SAProuter 38.10 on 'toto0777p'
Error Details DETAIL: NiPConnect2
Error Details CALL: connect
Error Details COMPONENT: NI (network interface)
Error Details COUNTER: 9
Error Details ERROR NUMBER: 111
Error Details ERROR TEXT: Connection refused
Error Details MODULE: nixxi.cpp
Error Details LINE: 2823
Error Details RETURN CODE: -92
Error Details SUBRC: 0
Error Details RELEASE: 700
Error Details TIME: Tue Mar 15 16:01:49 2011
Error Details VERSION: 38
2. RFC detail
/H/xxx.xxxx.xxx/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
SAPNetWeaverAdmin
Let me give you one last suggestion,
Security wise your saprouttab is completely open
3. Here you have the saprroutab content :
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
P * * *
You should create one entry per system rather than * *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <System_IP> 32XX
Access from your local Network to SAP R/3 Frontend (OSS)
P * 194.39.131.34 3299
All other connections will be denied
D * * *
This info is available at service.sap.com/saprouter
Regards
Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.