cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connect to message Server via on single SAP Router <= is this possible

behlau_carlos
Contributor

on ‎07-04-2012 4:06 PM

0 Kudos

Hello,

we are building an new VPN gateway.

At the moment routing is not working to our hosting partner, from VPN side.

But we are able to connect via SAP Router to the hosting partner.

The SAP Router is located in our network.

We are able to access directly the application servers.

But when we try to access the servers via message server (LOGON GROUP) we are getting errors:

Trace of SAP LOGON:

sGui::ShowSystemStatusSite: command line=>   /SAP_CODEPAGE=1100  /FULLMENU  /H/sapap00p/M/ners07/S/sapmsCKP/G/PUBLIC /UPDOWNLOAD_CP=2<

CDwsGui::vMsgBox: Message box for thread 3284

CDwsGui::vMsgBox: message box: Lastverteil.Fehler bei Anmeld. 88: Verbindung zum Nachrichtenserver nicht mögl.(rc=9)

Möchten Sie detaillierte Fehlerbeschr.?

Wed Jul 04 16:18:24 2012

CDwsGui::vMsgBox: Message box for thread 3284

CDwsGui::vMsgBox: message box: Zusätzliche Fehlerinformationen:

The SAP Router = sapap00p

The target message server = ners07 (at least there is the message server service running)

The LOGON group name = PUBLIC and the port is 3626

If I understand the problem correct, the cause for this issue is, the message server tries to communicate back to the SAP GUI client.

That is failing.

How can I enable the message server to communicate via SAP Router?

Is it possible to set this setting in the SAP LOGON exclusive, as the network users should not communicate over SAP Router, only the VPN users?

Thank you for your help.

Best regards

Carlos Behlau

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

JPReyes
Active Contributor
‎07-04-2012 4:23 PM
0 Kudos

Assuming you are selecting a valid SAPRouter. You must ensure both port 32XX (where XX is the system number) and 3299 are open in your saprouttab and also try using the IP rather than the host to make sure its not a DNS resolution issue.

To add to that you need to make sure you Firewall is allowing access in those ports

Regards, Juan

Show replies
Show replies
behlau_carlos
Contributor
‎07-04-2012 4:54 PM
0 Kudos

Hi Juan,

thank you for your answer.

SAP instance has number 26.

So the following ports are in the saprouttab:

sapmsCKP = 3626

sapgw00 = 3326

SAPRouter = 3299

P10.100.1.119    *               3226
P       *
10.100.1.119    3226
P10.100.1.119    *               3299
P       *
10.100.1.119    3299
P10.100.1.119    *               3326
P       *
10.100.1.119    3326
P10.100.1.119    *               3626
P       *
10.100.1.119    3626

But this I am getting the connection error when I try to access 10.100.1.119 as target.

/H/sapap00p/H/ners07 / sapmsCKP failed. Please check the trace of the message server.

Best regards

Carlos

JPReyes
Active Contributor
‎07-04-2012 5:00 PM
0 Kudos

I would try using the IP and Ports to discard a problem with the DNS/Service files...

Example /H/<IP_SAPRouter>/H/<IP_Server/S/3226

Regards, Juan

behlau_carlos
Contributor
‎07-04-2012 5:30 PM
0 Kudos

Hi Juan,

I try that, but it keeps failing.

Network::CNetwork: communication plugin 'sapcomni.dll' for R/3 loaded

Wed Jul 04 18:25:19 2012

CDwsGui::ShowSystemStatusSite: command line=>   /SAP_CODEPAGE=1100  /FULLMENU  /H/172.17.48.47/S/3299/M/10.100.1.119/S/sapmsCKP/G/PUBLIC /UPDOWNLOAD_CP=2<

CDwsGui::vMsgBox: Message box for thread 3672

CDwsGui::vMsgBox: message box: Lastverteil.Fehler bei Anmeld. 88: Verbindung zum Nachrichtenserver nicht mögl.(rc=9)

Möchten Sie detaillierte Fehlerbeschr.?

Wed Jul 04 18:25:20 2012

CDwsGui::vMsgBox: Message box for thread 3672

CDwsGui::vMsgBox: message box: Zusätzliche Fehlerinformationen:

Error: The connection to the specified message server

(/H/172.17.48.47/S/3299/H/10.100.1.119 / sapmsCKP) failed. Please check the trace file

of the message server. If a network filter has

been activated (see message server parameters

ms/acl_file_...) please check the configuration

Wed Jul 04 18:25:19 2012

Release 720

Component MS (message handling interface, multithreaded), version 4

rc = -35, module msxxi.c, line 2780

sapmsCKP is read out of my local services file of OS and that is correct = 3626.

Best regards

Carlos

behlau_carlos
Contributor
‎07-04-2012 5:41 PM
0 Kudos

In the saprouter.log it just states:

ed Jul 04 18:32:26 2012 INVAL DATA   C4/- route

Wed Jul 04 18:32:26 2012 DISCONNECT   C4/- host 10.10.26.25/60329 (10.10.26.25)

I am the IP 10.10.26.25.

I can ping to 172.17.48.47 that is the saprouter and I made to port query test (portqry -n 172.17.48.47 -e 3299) => that is working.

But I can not connect to the message server via IP = 10.100.1.119, because that is not working over the VPN.

That is the reason why I want to go over SAP Router.

Because SAP Router can access 10.100.1.119 (pure SAP sever).

The question or what I do not understand, do I need also an SAP Router on the 10.100.1.119 or is SAP Router able to communicate with 10.100.1.119?

Also what I do not understand. Why I am able to access the SAP Server directly (with no SAP Logon Group) - what is there the difference?

Best regards

Carlos

behlau_carlos
Contributor
‎07-04-2012 5:46 PM
0 Kudos

Hi Juan,

can you belief that?

I was editing the saplogon.ini and change the entry for sapmsCKP to its port => 3626.

Now it is working.

Does the message server or the SAP GUI tries to call back port sapmsCKP and somewhere it is not maintained?

Where would the place be?

No the SAPRouter server => check the C:\windows\system32\drivers\etc\services file?

Best regards

Carlos

JPReyes
Active Contributor
‎07-04-2012 6:17 PM
0 Kudos

That's correct, you need to maintain sapms<SID> on each of the services files of the PC's

Regards

Juan

Ask a Question