on 08-27-2012 6:41 PM
Hello Experts,
We are looking for an immediate way to setup RFC connection to our
customer's systems for VAR scenario.
We have SNC SAPRouter and they too have SNC SAPRouter.
We can connect from their ERP system to our Solution Manager. However while
connecting from our Solution Manager to Customer's ERP system using RFC
via SAPRouters at both ends, we are getting the following error in
SM59 connection test -
ERROR: CPIC program connection ended (read
error) rc = 223
I am using SAPRouter string in RFC (Type 3) in our Solution manager as -
Target host = /H/<our_saprouter_local_IP>/H/<customer_saprouter_publicIP>/H/<customer_ERPsystem_local_IP>/S/sapdp00
System Nr: 00
Our dev_rout looks okay whereas their dev_rout shows the
following -
==========================
******* NI-ROUTER LOOP ********
NiIRead: hdl 8 recv would block (errno=EAGAIN)
NiIRead: hdl 8
received incomplete data
(rcd=1376,pnd=175,pac=1,MESG_IO,0ms)
NiIRead: hdl
8 received data (rcd=175,pac=1,MESG_IO)
->>
SncProcessInput(snc_hdl=00000000002B5380, ibuf=0000000008C200F8,
ilen=1551,
&obuf=00000000065AFBB8,
&olen=00000000065AFBB0,
&backbuf=00000000065AFB08,
&backlen=00000000065AFB00)
<<-
SncProcessInput()==SAP_O_K
return values = "(no data) in=1551, back=1690,
out=0"
NiIWrite: hdl 8 sent data (wrt=1690,pac=1,MESG_IO)
Wed Aug 22
23:53:30 2012
NiIRead: hdl 8 received data
(rcd=118,pac=1,MESG_IO)
->> SncProcessInput(snc_hdl=00000000002B5380,
ibuf=000000000031AED8,
ilen=118,
&obuf=00000000065AFBB8,
&olen=00000000065AFBB0,
&backbuf=00000000065AFB08,
&backlen=00000000065AFB00)
*** ERROR
=> SncPEstablishContext(): SNCERR_AUTH_MISMATCH -- wrong peer! expecting =
"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
but peer is =
"p:CN=<ourSAPRouter_hostname>, OU=<0000nnnnnn>, OU=SAProuter,
O=SAP, C=DE"
<<-
ERROR: SncProcessInput()==SNCERR_AUTH_MISMATCH
*** ERROR => NiSncIProcIn:
SncProcessInput failed (rc=-
41;00000000002B5380;118) [nisnc.c
998]
NiSelISelectInt: 1 handles selected (1 buffered)
DATA from C8/7
(portal.butlersupply.com) received
*** ERROR => NiBufReceive C8/7
'portal.butlersupply.com' failed (rc=-
17) [nirout.cpp
2102]
NiBufISendErr: send ni-error rc -104 to hdl 8
NiIWrite: hdl 8 sent
data (wrt=226,pac=1,MESG_IO)
NiRCloseConn: closing C8/7
NiICloseHandle:
shutdown and close hdl 8 / sock 344
<<-
SncSessionDone()==SAP_O_K
NiICloseHandle: shutdown and close hdl 7 / sock
304
******* NI-ROUTER LOOP ********
Wed Aug 22 23:53:35
2012
NiSelISelectInt: 0 handles selected (0 buffered)
******* NI-ROUTER LOOP ********
I can understand that it is just allowing SAPSERV2 and not our Solution
Manager through our SAPRouter. On network end, everything is allowed,
it is just the saprouter that is causing issues. I even tried putting * * * for P, KP and KT entries in SAPRouttab.
If someone can help on enabling RFC connections using SNC SAPRouters
it would be helpful. You can also share how you connect to Customer's system
for VAR scenarios?
Regards,
Nick
i would suggest the following -
KT "p:CN=<saprouter1>, OU=................." <external solman> *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
#========================
KP "p:CN=<saprouter1>, OU=................." <external Solman> *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
These entries should solve your purpose I believe.
Regards,
Sai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Sai,
We are also in a similar situation here (VAR-Customer) scenario.
Would you kindly elaborate more on the KT & KP lines you were suggesting to be added to the saprouttab files on both sides? We have the same topography as in the image below.
According to your response here we created the following KT & KP lines but if you can varify them for us it will be great.
1- In VAR saprouttab file we need to add these lines:
KP"p:CN=R1_Host, OU=VAR_0000nnnnnn, OU=SAProuter, O=SAP, C=DE" R2 public IP *
KP"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
#=================================================================
KT"p:CN=R1_Host, OU=VAR_0000nnnnnn, OU=SAProuter, O=SAP, C=DE" R2 public IP *
KT"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
2- In Customer saprouttab file we need to add these lines:
KP"p:CN=R2_Host, OU=CUST_0000nnnnnn, OU=SAProuter, O=SAP, C=DE" R1 public IP *
KP"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
#=================================================================
KT"p:CN=R2_Host, OU=CUST_0000nnnnnn, OU=SAProuter, O=SAP, C=DE" R1public IP *
KT"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
Thanks & Regards
Mutasem
Hello Mutasem,
Did that work out?
I'm getting:
*** ERROR => SncPEstablishContext() failed for target='p:CN=sapbi.cons.local, OU=0001299488, OU=SAProuter, O=SAP, C=DE' [sncxxall.c 3379]
*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3345]
GSS-API(maj): A token had an invalid signature
GSS-API(min): The name is wrong
Unable to establish the security context
target="p:CN=sapbi.cons.local, OU=0001299488, OU=SAProuter, O=SAP, C=DE"
<<- SncProcessInput()==SNCERR_GSSAPI
*** ERROR => NiSncIProcIn: SncProcessInput failed (sncrc=-4;00000000024DA6B0;2071) [nisnc.c 1010]
Dear Nick;
We are facing the same issue you were facing, and it will be great if you can assist us as well.
we as partner, and our customers have SAPRouter setup with public IPs on both sides and we need to know how to use that to set up the RFC connection between out Solman and the ERP systems in our cusotmers landscape
Best Regards
~Amal Aloun
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Amal Aloun
Could you able to resolve this issue?
We are also facing same issue. i.e RFC connection from VAR Solution Manager to Customer ERP Manager is not working. We are getting error as "Error when opening an RFC connection (CPIC-CALL: 'ThSAPOCMINIT' : cmRc=17 thRc=2".
RFC from Customer system to Our Solution Manager is working fine.
Can you please send me
- the RFC's Target host Entry format in Solution Manager
- saproutertab entry in Customer's saprouter
Thanks & Regards
Lakshmi
Why is it that everyone insists on continuing old threads instead of opening new ones? In this case, the original thread has probably nothing to do with the most recently reported issue.
While I'm at it, instead of having troublesome SNC configurations going over the public Internet, just configure VPN tunnels between you and your customers and be done with it.
Lakshmi: it's most likely a network issue, contact the network admin of your customer.
Nick,
Have you added your Solution Manager host as an inbound connection to the customers saprouttab file?
Regards,
Josh Fisher
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nick,
A wildcard won't suffice according to the following documentation -
http://help.sap.com/saphelp_nwmobile71/helpdata/en/65/8d09ab5c7e46028f633bb01a09b380/content.htm
It states specifically, "A wildcard entry (*) for <dest-host> or <dest-serv> is not practical because the SNC partner name refers to a distinct partner."
Have you tried entering the KT/KP line with
p:CN=<ourSAPRouter_hostname>, OU=<0000nnnnnn>, OU=SAProuter,
O=SAP, C=DE" Your-SNC-IP
and
"p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" Your-SNC-IP
Regards,
Josh Fisher
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.