cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SNC SAPRouter connections from Partner Solution manager to Customer's ERP system

Go to solution
Former Member

on ‎08-27-2012 6:41 PM

0 Kudos

Hello Experts,

We are looking for an immediate way to setup RFC connection to our

customer's systems for VAR scenario.

We have SNC SAPRouter and they too have SNC SAPRouter.

We can connect from their ERP system to our Solution Manager. However while

connecting from our Solution Manager to Customer's ERP system using RFC

via SAPRouters at both ends, we are getting the following error in

SM59 connection test -

ERROR: CPIC program connection ended (read

error) rc = 223

I am using SAPRouter string in RFC (Type 3) in our Solution manager as -

Target host =   /H/<our_saprouter_local_IP>/H/<customer_saprouter_publicIP>/H/<customer_ERPsystem_local_IP>/S/sapdp00

System Nr: 00

Our dev_rout looks okay whereas their dev_rout shows the

following -

==========================

******* NI-ROUTER LOOP ********

NiIRead: hdl 8 recv would block (errno=EAGAIN)

NiIRead: hdl 8

received incomplete data

(rcd=1376,pnd=175,pac=1,MESG_IO,0ms)

NiIRead: hdl

8 received data (rcd=175,pac=1,MESG_IO)

->>

SncProcessInput(snc_hdl=00000000002B5380, ibuf=0000000008C200F8,

ilen=1551,

&obuf=00000000065AFBB8,

&olen=00000000065AFBB0,

&backbuf=00000000065AFB08,

&backlen=00000000065AFB00)

<<-

SncProcessInput()==SAP_O_K

return values = "(no data) in=1551, back=1690,

out=0"

NiIWrite: hdl 8 sent data (wrt=1690,pac=1,MESG_IO)

Wed Aug 22

23:53:30 2012

NiIRead: hdl 8 received data

(rcd=118,pac=1,MESG_IO)

->> SncProcessInput(snc_hdl=00000000002B5380,

ibuf=000000000031AED8,

ilen=118,

&obuf=00000000065AFBB8,

&olen=00000000065AFBB0,

&backbuf=00000000065AFB08,

&backlen=00000000065AFB00)

*** ERROR

=> SncPEstablishContext(): SNCERR_AUTH_MISMATCH -- wrong peer! expecting =

"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

but peer is =

"p:CN=<ourSAPRouter_hostname>, OU=<0000nnnnnn>, OU=SAProuter,

O=SAP, C=DE"

<<-

ERROR: SncProcessInput()==SNCERR_AUTH_MISMATCH

*** ERROR => NiSncIProcIn:

SncProcessInput failed (rc=-

41;00000000002B5380;118) [nisnc.c

998]

NiSelISelectInt: 1 handles selected (1 buffered)

DATA from C8/7

(portal.butlersupply.com) received

*** ERROR => NiBufReceive C8/7

'portal.butlersupply.com' failed (rc=-

17) [nirout.cpp

2102]

NiBufISendErr: send ni-error rc -104 to hdl 8

NiIWrite: hdl 8 sent

data (wrt=226,pac=1,MESG_IO)

NiRCloseConn: closing C8/7

NiICloseHandle:

shutdown and close hdl 8 / sock 344

<<-

SncSessionDone()==SAP_O_K

NiICloseHandle: shutdown and close hdl 7 / sock

304

******* NI-ROUTER LOOP ********

Wed Aug 22 23:53:35

2012

NiSelISelectInt: 0 handles selected (0 buffered)

******* NI-ROUTER LOOP ********

I can understand that it is just allowing SAPSERV2 and not our Solution

Manager through our SAPRouter. On network end, everything is allowed,

it is just the saprouter that is causing issues. I even tried putting * * * for P, KP and KT entries in SAPRouttab.

If someone can help on enabling RFC connections using SNC SAPRouters

it would be helpful. You can also share how you connect to Customer's system

for VAR scenarios?

Regards,

Nick

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-29-2012 10:04 PM
0 Kudos

i would suggest the following -

KT "p:CN=<saprouter1>, OU=................."  <external solman> *

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

#========================

KP "p:CN=<saprouter1>, OU=................." <external Solman> *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

These entries should solve your purpose I believe.

Regards,

Sai

Show replies
Show replies
Former Member
‎12-13-2012 12:40 PM
0 Kudos

Hello Sai,

We are also in a similar situation here (VAR-Customer) scenario.

Would you kindly elaborate more on the KT & KP lines you were suggesting to be added to the saprouttab files on both sides? We have the same topography as in the image below.

According to your response here we created the following KT & KP lines but if you can varify them for us it will be great.

1- In VAR saprouttab file we need to add these lines:

KP"p:CN=R1_Host, OU=VAR_0000nnnnnn, OU=SAProuter, O=SAP, C=DE" R2 public IP *

KP"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

#=================================================================

KT"p:CN=R1_Host, OU=VAR_0000nnnnnn, OU=SAProuter, O=SAP, C=DE" R2 public IP *

KT"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

2- In Customer saprouttab file we need to add these lines:

KP"p:CN=R2_Host, OU=CUST_0000nnnnnn, OU=SAProuter, O=SAP, C=DE" R1 public IP *

KP"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

#=================================================================

KT"p:CN=R2_Host, OU=CUST_0000nnnnnn, OU=SAProuter, O=SAP, C=DE" R1public IP *

KT"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

Thanks & Regards

Mutasem

Former Member
‎03-04-2013 11:08 AM
0 Kudos

Hello Mutasem,

Did that work out?

I'm getting:

*** ERROR => SncPEstablishContext() failed for target='p:CN=sapbi.cons.local, OU=0001299488, OU=SAProuter, O=SAP, C=DE' [sncxxall.c 3379]

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [sncxxall.c 3345]

      GSS-API(maj): A token had an invalid signature

      GSS-API(min): The name is wrong

    Unable to establish the security context

    target="p:CN=sapbi.cons.local, OU=0001299488, OU=SAProuter, O=SAP, C=DE"

<<- SncProcessInput()==SNCERR_GSSAPI

*** ERROR => NiSncIProcIn: SncProcessInput failed (sncrc=-4;00000000024DA6B0;2071) [nisnc.c      1010]

Answers (2)

Answers (2)

Former Member
‎12-09-2012 6:01 PM
0 Kudos

Dear Nick;

We are facing the same issue you were facing, and it will be great if you can assist us as well.

we as partner, and our customers have SAPRouter setup with public IPs on both sides and we need to know how to use that to set up the RFC connection between out Solman and the ERP systems in our cusotmers landscape

Best Regards

~Amal Aloun

Show replies
Show replies
Former Member
‎04-14-2013 8:27 AM
0 Kudos

Dear Amal Aloun

Could you able to resolve this issue?

We are also facing same issue. i.e RFC connection from VAR Solution Manager to Customer ERP Manager is not working. We are getting error as "Error when opening an RFC connection (CPIC-CALL: 'ThSAPOCMINIT' : cmRc=17 thRc=2".

RFC from Customer system to Our Solution Manager is working fine.

Can you please send me

-  the RFC's Target host Entry format in Solution Manager

-  saproutertab entry in Customer's saprouter

Thanks & Regards

Lakshmi

Former Member
‎04-14-2013 9:02 AM
0 Kudos

Why is it that everyone insists on continuing old threads instead of opening new ones? In this case, the original thread has probably nothing to do with the most recently reported issue.

While I'm at it, instead of having troublesome SNC configurations going over the public Internet, just configure VPN tunnels between you and your customers and be done with it.

Lakshmi: it's most likely a network issue, contact the network admin of your customer.

Former Member
‎08-27-2012 7:39 PM
0 Kudos

Nick,

Have you added your Solution Manager host as an inbound connection to the customers saprouttab file?

Regards,

Josh Fisher

Show replies
Show replies
Former Member
‎08-27-2012 7:47 PM
0 Kudos

Josh,

Thanks for replying.

AS I mentioned, we have tried allowing everything coming from the Solution Manager to Customer's system and vice versa on SNC SAPRouters at both ends.

P * * *

KP * * *

KT * * *

Regards,

Nick

Former Member
‎08-27-2012 7:54 PM
0 Kudos

Nick,

A wildcard won't suffice according to the following documentation -

http://help.sap.com/saphelp_nwmobile71/helpdata/en/65/8d09ab5c7e46028f633bb01a09b380/content.htm

It states specifically, "A wildcard entry (*) for <dest-host> or <dest-serv> is not practical because the SNC partner name refers to a distinct partner."

Have you tried entering the KT/KP line with

p:CN=<ourSAPRouter_hostname>, OU=<0000nnnnnn>, OU=SAProuter,

O=SAP, C=DE" Your-SNC-IP

and

"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" Your-SNC-IP

Regards,

Josh Fisher


Ask a Question