cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAProuter on Windows Server stops randomly

Go to solution
Former Member

on ‎02-13-2012 8:01 AM

0 Kudos

Hi All,

We had installed SAProuter on Windows Server 2008 R2 Enterprise.

But SAProuter stops randomly. I checked dev_rout file for SAProuter ==> No error log.

In saprouter.trc file I found some error logs as :

ERROR => NiSncIInitHdlSecurity: SncSessionInitiatorAK failed (sncrc=-4;000000000249EB70) [nisnc.c 1124]

clear snc-extensions for hdl 17

->> SncSessionDone(&snc_hdl=0000000002377108)

snc_hdl=000000000249EB70

<<- SncSessionDone()==SAP_O_K

NiSncICloseHdl: hdl 17closed

NiICloseHandle: called for hdl 17 while waiting for connection

NiICloseHandle: shutdown and close hdl 17/sock 316

NiBufIClose: clear extension for hdl 17

<<- SncAclKeyToName()==SAP_O_K

'aclkey ' (addr=000000000202C374, len=86) full hexdump

0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...

0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D

0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1

0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu

0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa

0x00050 70736572 7632 pserv2

out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

ERROR => NiSncHandleForAddr C9/-1, 194.39.131.34 (rc=-17) [nirout.cpp 3272]

ERROR => NiRClientHandle: NiRExRouteCon for C9/-1 'HOSTNAME.FQDN' failed (rc=-17) [nirout.cpp 2650]

NiBufISendErr: send ni-error rc -104 to hdl 9

NiIWrite: hdl 9 sent data (wrt=247,pac=1,MESG_IO)

NiRCloseConn: closing C9/-1

NiBufISelRemove: remove hdl 9 from set0

SiSelNRemove: removed sock 300

NiSelIRemove: removed hdl 9

NiICloseHandle: shutdown and close hdl 9/sock 300

NiBufIClose: clear extension for hdl 9

Where as in Windows event log I got following error log:

The description for Event ID 1 from source SAProuter cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Error: 0

wrong startup parameter

The specified resource type cannot be found in the image file

Where and what is the issue I am not getting. Plz. help.

Thanks and Regards,

Ishan

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

rupali_karbhari3
Active Contributor
‎02-14-2012 10:27 AM
0 Kudos

Hi Ishan,

It seems , your router file path misses syntax:

D:\usr\sap\saprouter\saprouter.exe -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K "p:<DNAME>"

Pls re-register router service again and check if it starts correctly

Regards,

Show replies
Show replies
Former Member
‎02-17-2012 7:28 AM
0 Kudos

Hi Rupali,

Yes, The command is missing " .

I am trying to modify that service.

I will share the results after modifying the service.

Thanks and Regards,

Ishan

Former Member
‎02-20-2012 9:35 AM
0 Kudos

Hi Rupali,

Thanks for your help.

You were true. The syntax was incorrect.

1. I deleted old service

2. Created service again with proper syntax.

3. Now no need to run command manually.

Thanks for answering.

Closing this thread.

Thanks to others for replying.

Regards,

Ishan

Answers (1)

Answers (1)

rupali_karbhari3
Active Contributor
‎02-13-2012 9:38 AM
0 Kudos

Hi Ishan,

SAPRouter mentioned below is SNC enabled, can you please check Certificate validity of your saprouter?

"sapgenpse get_my_name -n validity"

Also perform below additional checks:

- if Router service is not running under SystemAccount and check if startup type is set as Automatic.

- Verify with your network team if there were any network changes going on

Regards

Show replies
Show replies
Former Member
‎02-14-2012 5:09 AM
0 Kudos

Hi Rupali,

Thanks for replying.

Yes, our SAProuter is SNC enabled.

As you said I cross-checked my configuration.

D:\usr\sap\saprouter>sapgenpse get_my_name -n validity

SSO for USER "sncadm"

with PSE file "D:\usr\sap\saprouter\local.pse"

Validity - NotBefore: Tue Nov 08 12:41:04 2011 (111108071104Z)

NotAfter: Thu Nov 08 12:41:04 2012 (121108071104Z)

and SAProuter service is running under startup type Automatic. And assigned to sncadm user.

Whenever I tried to start SAProuter service manually I am getting error as

Windows could not start SAProuter service on local Computer.

Error 1067: The process terminated unexpectedly.

I am starting my router manually via cmd with command

saprouter -r -K "p: <OUR DISTINGUISHED NAME> "

While I can see, in services for SAProuter path to execute is

D:\usr\sap\saprouter\saprouter.exe service -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K p: <OUR DISTINGUISHED NAME>"

Plz let me know any further information is needed.

Thanks & Regards,

Ishan.

Former Member
‎02-14-2012 9:07 AM
0 Kudos

Ishan,

Additionally you'll have to do the following steps to make

SAPCRYPTOLIB credentials available to a process that runs as an NT service

Run the command:

sapgenpse seclogin -p <path>\<psefile> -O <SNC_admin>

Note:

The account of the service user should always be entered in full

<domainname>\<username>

Check if the certificate has been imported correctly

Run the command:

sapgenpse get_my_name -v -n Issuer

The name of the Issuer should be:

CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

Check if the environment variables SNC_LIB and SECUDIR has been set under the user account SAProuter is running under

Run the command: sapgenpse

Check if your Distinguished Name and the validity date is correct

Run the command: sapgenpse get_my_name

Former Member
‎02-17-2012 8:30 AM
0 Kudos

Hi Prateek_y,

Thanks for ur reply.

Actually after installing router I checked all things you asked me to check. Still again I crosschecked and the results are as follows:

sapgenpse seclogin -p D:\usr\sap\saprouter\local.pse -O sncadm

Result:

running seclogin with USER="sncadm"

creating credentials for user "XXXXX\sncadm"...

Please enter PIN:

Adjusting credentials and PSE ACLs to include "XXXXX\sncadm"...

Oh, you supplied your own name explicitly ... ok.

D:\usr\sap\saprouter\cred_v2 ... ok.

D:\usr\sap\saprouter\local.pse ... ok.

D:\usr\sap\saprouter\local.pse ... ok.

Added SSO-credentials for PSE "D:\usr\sap\saprouter\local.pse"

"CN=xxxxx, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE"

sapgenpse get_my_name -v -n Issuer

Result:

Opening PSE "D:\usr\sap\saprouter\local.pse"...

PSE (v2) open ok.

Retrieving my certificate... ok.

Getting requested information... ok.

SSO for USER "sncadm"

with PSE file "D:\usr\sap\saprouter\local.pse"

Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

sapgenpse

Result:

Using SNC_LIB definition from environment to load SAPCRYPTOLIB

SNC_LIB="D:\usr\sap\saprouter\sapcrypto.dll"

Platform: Microsoft Win64 (XP-64/W2K3) AMD64/x86_64/x64 (ntamd64)

Versions: SAPGENPSE = 1.5.24 pl21 (Apr 2 2011)

SAPCRYPTOLIB = 5.5.5.C pl32 (Apr 2 2011) MT-safe

Environment variable $SECUDIR is defined:

"D:\usr\sap\saprouter"

DLL search path defined by environment variable

PATH=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System

32\WindowsPowerShell\v1.0\

sapgenpse get_my_name

Result:

with PSE file "D:\usr\sap\saprouter\local.pse"

Subject : CN=xxxxx, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE

Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

Serialno: 42:BA:ED:CB:CA:63:10:28:10:63:02:2D:15

KeyInfo : RSA, 1024-bit

Validity - NotBefore: Tue Nov 08 12:41:04 2011 (111108071104Z)

NotAfter: Thu Nov 08 12:41:04 2012 (121108071104Z)

Is everything OK? Or need further modifications?

Thanks

Ishan

Ask a Question