on 02-13-2012 8:01 AM
Hi All,
We had installed SAProuter on Windows Server 2008 R2 Enterprise.
But SAProuter stops randomly. I checked dev_rout file for SAProuter ==> No error log.
In saprouter.trc file I found some error logs as :
ERROR => NiSncIInitHdlSecurity: SncSessionInitiatorAK failed (sncrc=-4;000000000249EB70) [nisnc.c 1124]
clear snc-extensions for hdl 17
->> SncSessionDone(&snc_hdl=0000000002377108)
snc_hdl=000000000249EB70
<<- SncSessionDone()==SAP_O_K
NiSncICloseHdl: hdl 17closed
NiICloseHandle: called for hdl 17 while waiting for connection
NiICloseHandle: shutdown and close hdl 17/sock 316
NiBufIClose: clear extension for hdl 17
<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=000000000202C374, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
ERROR => NiSncHandleForAddr C9/-1, 194.39.131.34 (rc=-17) [nirout.cpp 3272]
ERROR => NiRClientHandle: NiRExRouteCon for C9/-1 'HOSTNAME.FQDN' failed (rc=-17) [nirout.cpp 2650]
NiBufISendErr: send ni-error rc -104 to hdl 9
NiIWrite: hdl 9 sent data (wrt=247,pac=1,MESG_IO)
NiRCloseConn: closing C9/-1
NiBufISelRemove: remove hdl 9 from set0
SiSelNRemove: removed sock 300
NiSelIRemove: removed hdl 9
NiICloseHandle: shutdown and close hdl 9/sock 300
NiBufIClose: clear extension for hdl 9
Where as in Windows event log I got following error log:
The description for Event ID 1 from source SAProuter cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Error: 0
wrong startup parameter
The specified resource type cannot be found in the image file
Where and what is the issue I am not getting. Plz. help.
Thanks and Regards,
Ishan
Hi Ishan,
It seems , your router file path misses syntax:
D:\usr\sap\saprouter\saprouter.exe -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K "p:<DNAME>"
Pls re-register router service again and check if it starts correctly
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ishan,
SAPRouter mentioned below is SNC enabled, can you please check Certificate validity of your saprouter?
"sapgenpse get_my_name -n validity"
Also perform below additional checks:
- if Router service is not running under SystemAccount and check if startup type is set as Automatic.
- Verify with your network team if there were any network changes going on
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rupali,
Thanks for replying.
Yes, our SAProuter is SNC enabled.
As you said I cross-checked my configuration.
D:\usr\sap\saprouter>sapgenpse get_my_name -n validity
SSO for USER "sncadm"
with PSE file "D:\usr\sap\saprouter\local.pse"
Validity - NotBefore: Tue Nov 08 12:41:04 2011 (111108071104Z)
NotAfter: Thu Nov 08 12:41:04 2012 (121108071104Z)
and SAProuter service is running under startup type Automatic. And assigned to sncadm user.
Whenever I tried to start SAProuter service manually I am getting error as
Windows could not start SAProuter service on local Computer.
Error 1067: The process terminated unexpectedly.
I am starting my router manually via cmd with command
saprouter -r -K "p: <OUR DISTINGUISHED NAME> "
While I can see, in services for SAProuter path to execute is
D:\usr\sap\saprouter\saprouter.exe service -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K p: <OUR DISTINGUISHED NAME>"
Plz let me know any further information is needed.
Thanks & Regards,
Ishan.
Ishan,
Additionally you'll have to do the following steps to make
SAPCRYPTOLIB credentials available to a process that runs as an NT service
Run the command:
sapgenpse seclogin -p <path>\<psefile> -O <SNC_admin>
Note:
The account of the service user should always be entered in full
<domainname>\<username>
Check if the certificate has been imported correctly
Run the command:
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
Check if the environment variables SNC_LIB and SECUDIR has been set under the user account SAProuter is running under
Run the command: sapgenpse
Check if your Distinguished Name and the validity date is correct
Run the command: sapgenpse get_my_name
Hi Prateek_y,
Thanks for ur reply.
Actually after installing router I checked all things you asked me to check. Still again I crosschecked and the results are as follows:
sapgenpse seclogin -p D:\usr\sap\saprouter\local.pse -O sncadm
Result:
running seclogin with USER="sncadm"
creating credentials for user "XXXXX\sncadm"...
Please enter PIN:
Adjusting credentials and PSE ACLs to include "XXXXX\sncadm"...
Oh, you supplied your own name explicitly ... ok.
D:\usr\sap\saprouter\cred_v2 ... ok.
D:\usr\sap\saprouter\local.pse ... ok.
D:\usr\sap\saprouter\local.pse ... ok.
Added SSO-credentials for PSE "D:\usr\sap\saprouter\local.pse"
"CN=xxxxx, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE"
sapgenpse get_my_name -v -n Issuer
Result:
Opening PSE "D:\usr\sap\saprouter\local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "sncadm"
with PSE file "D:\usr\sap\saprouter\local.pse"
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
sapgenpse
Result:
Using SNC_LIB definition from environment to load SAPCRYPTOLIB
SNC_LIB="D:\usr\sap\saprouter\sapcrypto.dll"
Platform: Microsoft Win64 (XP-64/W2K3) AMD64/x86_64/x64 (ntamd64)
Versions: SAPGENPSE = 1.5.24 pl21 (Apr 2 2011)
SAPCRYPTOLIB = 5.5.5.C pl32 (Apr 2 2011) MT-safe
Environment variable $SECUDIR is defined:
"D:\usr\sap\saprouter"
DLL search path defined by environment variable
PATH=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System
32\WindowsPowerShell\v1.0\
sapgenpse get_my_name
Result:
with PSE file "D:\usr\sap\saprouter\local.pse"
Subject : CN=xxxxx, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
Serialno: 42:BA:ED:CB:CA:63:10:28:10:63:02:2D:15
KeyInfo : RSA, 1024-bit
Validity - NotBefore: Tue Nov 08 12:41:04 2011 (111108071104Z)
NotAfter: Thu Nov 08 12:41:04 2012 (121108071104Z)
Is everything OK? Or need further modifications?
Thanks
Ishan
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.