on 10-16-2012 3:59 PM
Hi,
we have installed a new SNC saprouter . We have testes the connection from SAP to our system and working fine but rfc SAPOSS is not working:
Connection Error
Error when opening an RFC connection (CPIC-CALL: 'ThSAPOCMINIT' : cmRc=17 thRc=2
ERROR: SAP gateway connection failed. Is SAP gateway started?
LOCATION: SAP-Server america_00 on host madrid_03 (wp 1)
COMPONENT: CPIC
COUNTER: 50
MODULE:
LINE:
RETURN CODE: 236
SUBRC: 0
RELEASE: 720
TIME: Tue Oct 16 15:02:14 2012
VERSION:
Target host info : /H/193.123.14.23/S/3299/H/194.149.131.34
And this is the info from the dev_rout log:
Tue Oct 16 16:02:35 2012
***LOG Q0I=> NiPConnect2: connect (10060: WSAETIMEDOUT: Connection timed out) [nixxi.cpp 2833]
*** ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 220
(SI_ECONN_REFUSE/10060; I4; ST; 194.149.131.34:3301) [nixxi.cpp 2833]
*** ERROR => NiBufReceive S1/2 '194.149.131.34' failed (rc=-10) [nirout.cpp 2110]
System info:
- SAProuter : 193.123.14.23
- System: 193.123.1.32
this is the saprouttab file:
####################################################
# 1. Header SAPROUTERtab #
# SAPRouter: dniwp1f, IP:193.123.14.23 #
####################################################
# 194.39.131.34 194.39.131.34 SAP-OSS-Connection
####################################################
# 2. Entry for SAP-Certificate #
####################################################
# SNC-connection from and to SAP
KT "p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE" 193.123.14.23 3299
KT "p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3300
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3301
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 193.123.14.23 *
# Access from SAPRouter to SAPNet (OSS)
P 194.39.131.34 193.123.14.23 3299
P 193.123.14.23 194.39.131.34 3299
#####################################################
# 4. Connectivity to the SAP-Systems #
#####################################################
P 193.123.14.23 193.123.14.23 3299
P 193.123.14.23 193.123.14.23 3299
P * * 55500
P * * 5631
P * * 3389
P * * 5601
P * * 1503
P * * 5601
P * * 22
P * * 23
P * * 2323
P * * 22222
P * * 80
P * * 443
P * * 50000
p * * 8093
P * * 3600
P * * 8000
P * * 8081
P * * 55700
P * * 55300
P * * 55400
P * * 55200
P * * 59300
P * * 59500
P * * 55500
P * * 53000
P * * 53500
P * * 53200
P * * 50000
P * * 51000
P * * 52000
P * * 8080
Do you have any idea why is not working?
Tahnks a lot and best regards, Saper
hi,
Very recently i encounter a similar problem. I followed the steps as below and it worked for me.
1. Problem with SAPOSS connection.
sol. Delete your existing SAPOSS connection and create a new one. This can be done with SDCCN tcode. Follow this link:
After creating new SAPOSS, make your settings on that newly created SAPOSS.
2. Check your connection to SAPSERV2
sol.
niping -c -O -S 3299 -H SAPSERV2 IP Address
niping -c -H Host String (/H/youripaddress/H/sapserv2ipaddress
Connection with SNC
Sample saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SAPSERV2IP *
# SNC connection to local system for R/3-Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YOURIP 32xx
# Access from local network to SAP
P * SAPSERV2IP 3299
# deny all other connections
D * * *
Saprouter start parameter
saprouter -r -V 2 -K "p:CN=distinguishedname, OU=0000xxxxxx, OU=SAProuter, O=SAP, C =DE"
If there is any firewall installed, check whether your firewall is redirecting your SAP Connections with your network team.
Also, follow these notes for your router settings.
33135, 812386, 35010, 137342, 31515
br,
mb
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
It´s seems to be a problem with the user who start the windows service.
I´ve changed it to sidadm user and now I´ve this error when I start the saprouter from cmd:
mmand line arg 5: CN=suej1, OU=0000013487854, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel".
*** ERROR => DlLoadLib()==DLENOACCESS - LoadLibrary("D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel")
Error 126 = "The specified module could not be found." [dlnt.c 255]
*** ERROR => SncPDLInit()==SNCERR_INIT, Adapter #1 (D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel) not loaded [sncxxdl.c 640]
<<- SncInit()==SNCERR_INIT
sec_avail = "false"
*** ERROR => NiSncInit: SncInit failed (rc=-1) [nisnc.c 647]
*** ERROR => main: NiSncInit failed (rc=-17) [nirout.cpp 1227]
*****************************************************************************
*
* ERROR SNC processing failed:
* SncInit
*
* TIME Wed Oct 17 18:24:42 2012
* RELEASE 700
* COMPONENT NI (network interface)
* VERSION 38
* RC -17
* MODULE nisnc.c
* LINE 646
* DETAIL NiSncInit: sncrc=-1
* COUNTER 4
*
*****************************************************************************
<<- ERROR: SncDone()==SNCERR_INIT_FIRST
Any idea?
Beacuse I´ve files:
sapcrypto.dll
sapcrypto.lst
sncgss32.dll
located in that folder .
SECUDIR = d:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel\sec
Any idea ?
thanks thanks thanks a lot
hi,
from the following::
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel".
*** ERROR => DlLoadLib()==DLENOACCESS - LoadLibrary("D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel")
Error 126 = "The specified module could not be found." [dlnt.c 255]
*** ERROR => SncPDLInit()==SNCERR_INIT, Adapter #1 (D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel) not loaded [sncxxdl.c 640]
It looks like that control is not reading your cryptolib file.
Maintain these settings and try once.
Under User Variables:::
SECU_DIR = <Drive>:\usr\sap\saprouter
SNC_LIB = <Drive>:\usr\sap\saprouter\sncgss32.dll (rename your sapcryptolib.dll to sncgss32.dll)
Under System Variables:::
Path:::: <Drive>:/usr/sap/saprouter/sncgss32.dll;<Drive>:/usr/sap/saprouter/saprouter.exe
On the other hand, I still have a doubt about the user for starting the router service. This is because I started my router service with local system user and not with <sid>adm [which is totally against SAP router documentation] but still it works fine in my case.
try to start the router with command.
saprouter -r -V 2 -K "distinguished name"
try to increase the trace level to 3 to get more detailed error report in dev_rout file. (Post the file incase if you still get the error)
br,
mb
Hi ,
I can´t change the variable SECU_DIR because the sapcryptolib and SNC_LIB because they are used for another applications.
I tryed to use the local system user but I had this error:
ed Oct 17 23:58:34 2012
*** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1439]
GSS-API(maj): No credentials were supplied
GSS-API(min): No credentials found for this name (not logged on) (USER=SYSTEM)
Could't acquire INITIATING credentials for
Any idea?
Thanks a lot and best regards, sapera
Hi,
Now, I´ve a different error:
NiIRead: hdl 2 received data (rcd=81,pac=1,MESG_IO)
NiSelISelectInt: 1 handles selected (1 buffered)
DATA from C2/-1 (193.149.133.168) received
NiRClientHandle: route received
executing NiRExRouteCon
NiRRouteRepl: copying input to route and replacing name
C2/-1 has NI-layer-version 40
NiBufIRouteToTable result from total 3 entries:
hostname /service
193.149.133.168 /
194.39.131.34 /3299 < next
oss001 /sapgw01
NiIGetServNo: servicename '3299' = port 0C.E3/3299
NiSncGetPeer: hdl 2 not SNC enabled
NiLocalCheck: address 194.39.131.34 is not local
Setting outgoing SNC name to 'p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE'
route [ 0,1 hops, 193.149.133.168 to 194.39.131.34, 3299 ]
matches [ P255,255 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 194.39.131.34 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 3299 ]
NiICreateHandle: hdl 1 state NI_INITIAL
NiIInitSocket: set default settings for new hdl 1 / sock 1880 (I4; ST)
NiIBlockMode: set blockmode for hdl 1 FALSE
NiIConnectSocket: connection of hdl 1 to 194.39.131.34:3299 in progress (timeout=0)
NiIConnect: hdl 1 took local address 0.0.0.0:4657
NiIConnect: state of hdl 1 NI_CONN_WAIT
NiSncIInitHdlSecurity for hdl 1
<<- SncSessionInit()==SAP_O_K
out: &snc_hdl = 002AD860
<<- SncSetQOP()==SAP_O_K
in: qop values = "min=8 (default), max=8 (default), use=8 (default)"
resulting = "min=2 (old:2), max=3 (old:3), use=3 (old:3)"
<<- SncSessionInitiatorAK()==SAP_O_K
'target_acl_key' (addr=00D2F46C, len=91) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00493047 310b3009 06035504 06130244 .I0G1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 16301406 03550403 130d3139 ter1.0.. .U....19
0x00050 342e3339 2e313331 2e3334 4.39.131 .34
parses to = "p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE"
->> SncProcessOutput(snc_hdl=002AD860, ibuf=00000000, ilen=0,
&idone=00D2C8E7, &obuf=00D2C8D8, &oused=00D2C8DC)
<<- SncProcessOutput()==SAP_O_K
return values = "(no data) in=0 of 0, out=1527"
NiBufISendMsg: send opCode 70 to hdl 1 (dataLen=1527)
NiICheckPendConnection: connection of hdl 1 to 194.39.131.34:3299 still in progress (0)
NiICheckPendConnection: connection of hdl 1 to 194.39.131.34:3299 still in progress (0)
NiBufISetHS: ready-queue could not be freed (hdl 1)
handshake for hdl 1 = 1
RTPENDLIST::addPendingCon: Added C2/1 to list ROUTED, STAT ROUTE_RECV/FREE
RTPENDLIST::addPendingCon: total 2 pending ROUTED connections
NiISetSockOpt: set option SOL_SOCKET-SO_KEEPALIVE of hdl 1 TRUE
S2/1 has hdl 1
forward route to nirouter
NiICheckPendConnection: connection of hdl 1 to 194.39.131.34:3299 still in progress (0)
NiBufIAddToUserQueue: added buffer 0024FAC0 to out-queue (hdl 1, 1 packets, heap 1894)
NiBufIAddToUserQueue: out-queue for hdl 1 down to 0 packets
stat of pair C2/1 is ROUTED
******* NI-ROUTER LOOP ********
Mon Oct 22 21:39:09 2012
NiSelISelectInt: 0 handles selected (0 buffered)
RTPENDLIST::timeoutPend: timeout of client C2/1 (ID 4, STAT ROUTED)
NiBufISendErr: send ni-error rc -5 to hdl 2
NiIWrite: hdl 2 sent data (wrt=236,pac=1,MESG_IO)
NiRCloseConn: closing C2/1
NiICloseHandle: shutdown and close hdl 2 / sock 1876
NiICloseHandle: called for hdl 1 while waiting for connection
NiICloseHandle: shutdown and close hdl 1 / sock 1880
<<- SncSessionDone()==SAP_O_K
NiBufIClose: called while buffer filled -w
NiBufIClose: freed out-queue (hdl 1, heap 0)
Any idea ?
Tahnks a lot and best regards, Sapera
Hi,
Did your Public IP is registered on SAP side.Provide IP to SAP for them to registered
Regards
Sid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello
I guess the
1. settings in OSS1 tcode needs you to put SAprouter info with IP and need to select router at SAP
2. When both these info are proper check system data on SMP has all router mentioned for the particular system in question
3. the RFC SAPOSS has user used OSS_RFC ,the password for this user in important ,this is standard password which you can get from SAP notes
Success!!
Ganesh.
SAPOSS RFC is auto updated bia transaction oss1 parameter settings. can you please attached oss1 parameter setting screenshot?
Regards
Gajanand Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.