cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP OSS RFC errors

Go to solution
Former Member

on ‎10-16-2012 3:59 PM

0 Kudos

Hi,

we have installed a new SNC saprouter . We have testes the connection from SAP to our system and working fine but rfc SAPOSS is not working:

Connection Error

Error when opening an RFC connection (CPIC-CALL: 'ThSAPOCMINIT' : cmRc=17 thRc=2

ERROR: SAP gateway connection failed. Is SAP gateway started?

LOCATION: SAP-Server america_00 on host madrid_03 (wp 1)

COMPONENT: CPIC

COUNTER: 50

MODULE:

LINE:

RETURN CODE: 236

SUBRC: 0

RELEASE: 720

TIME: Tue Oct 16 15:02:14 2012

VERSION:

Target host info :  /H/193.123.14.23/S/3299/H/194.149.131.34

And this is the info from the dev_rout log:

Tue Oct 16 16:02:35 2012

***LOG Q0I=> NiPConnect2: connect (10060: WSAETIMEDOUT: Connection timed out) [nixxi.cpp 2833]

*** ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 220

    (SI_ECONN_REFUSE/10060; I4; ST; 194.149.131.34:3301) [nixxi.cpp    2833]

*** ERROR => NiBufReceive S1/2 '194.149.131.34' failed (rc=-10) [nirout.cpp   2110]

System info:

     - SAProuter : 193.123.14.23

     - System:     193.123.1.32

this is the saprouttab file:


####################################################
# 1. Header SAPROUTERtab      #
# SAPRouter: dniwp1f, IP:193.123.14.23            #
####################################################
# 194.39.131.34  194.39.131.34 SAP-OSS-Connection
####################################################
# 2. Entry for SAP-Certificate                     #
####################################################
# SNC-connection from and to SAP
KT "p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE" 194.39.131.34  *
KP "p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE" 193.123.14.23 3299

KT "p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3300
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3301
 
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 193.123.14.23 * 


# Access from  SAPRouter to SAPNet (OSS)
P 194.39.131.34 193.123.14.23 3299
P 193.123.14.23 194.39.131.34  3299


#####################################################
# 4. Connectivity to the SAP-Systems                #
#####################################################

P 193.123.14.23 193.123.14.23 3299

P 193.123.14.23 193.123.14.23 3299

P * * 55500
P * * 5631
P * * 3389
P * * 5601
P * * 1503
P * * 5601
P * * 22
P * * 23
P * * 2323
P * * 22222
P * * 80
P * * 443
P * * 50000
p * * 8093
P * * 3600
P * * 8000
P * * 8081
P * * 55700
P * * 55300
P * * 55400
P * * 55200
P * * 59300
P * * 59500
P * * 55500
P * * 53000
P * * 53500
P * * 53200
P * * 50000
P * * 51000
P * * 52000
P * * 8080

Do you have any idea why is not working?

Tahnks a lot and best regards, Saper

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member829550
Active Participant
‎10-17-2012 11:14 AM
0 Kudos

hi,

Very recently i encounter a similar problem. I followed the steps as below and it worked for me.

1. Problem with SAPOSS connection.

sol.  Delete your existing SAPOSS connection and create a new one. This can be done with SDCCN tcode. Follow this link:

http://scn.sap.com/community/netweaver-administrator/blog/2012/04/27/oss1-rfc-connections-saposs-sap...

After creating new SAPOSS, make your settings on that newly created SAPOSS.

2. Check your connection to SAPSERV2

sol. 

niping -c -O -S 3299 -H SAPSERV2 IP Address


niping -c -H Host String (/H/youripaddress/H/sapserv2ipaddress

Connection with SNC

Sample saprouttab

# SNC connection to and from SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SAPSERV2IP *

# SNC connection to local system for R/3-Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YOURIP 32xx

# Access from local network to SAP

P * SAPSERV2IP 3299

# deny all other connections

D * * *


Saprouter start parameter

saprouter -r -V 2 -K "p:CN=distinguishedname, OU=0000xxxxxx, OU=SAProuter, O=SAP, C =DE"

If there is any firewall installed, check whether your firewall is redirecting your SAP Connections with your network team.

Also, follow these notes for your router settings.

33135,  812386,  35010, 137342, 31515

br,

mb

Show replies
Show replies
Former Member
‎10-17-2012 5:55 PM
0 Kudos

Hi,

It´s seems to be a problem with the user who start the windows service.

I´ve changed it to sidadm user and now I´ve this error when I start the saprouter from cmd:

mmand line arg 5: CN=suej1, OU=0000013487854, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
      PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
SncInit(): Trying environment variable SNC_LIB as a
      gssapi library name: "D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel".
*** ERROR => DlLoadLib()==DLENOACCESS - LoadLibrary("D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel")
  Error 126 = "The specified module could not be found." [dlnt.c       255]
*** ERROR => SncPDLInit()==SNCERR_INIT, Adapter #1 (D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel) not loaded [sncxxdl.c  640]
<<- SncInit()==SNCERR_INIT
         sec_avail = "false"
*** ERROR => NiSncInit: SncInit failed (rc=-1) [nisnc.c      647]
*** ERROR => main: NiSncInit failed (rc=-17) [nirout.cpp   1227]

*****************************************************************************
*
*  ERROR       SNC processing failed:
*              SncInit
*
*  TIME        Wed Oct 17 18:24:42 2012
*  RELEASE     700
*  COMPONENT   NI (network interface)
*  VERSION     38
*  RC          -17
*  MODULE      nisnc.c
*  LINE        646
*  DETAIL      NiSncInit: sncrc=-1
*  COUNTER     4
*
*****************************************************************************

<<- ERROR: SncDone()==SNCERR_INIT_FIRST

Any idea?

Beacuse I´ve files:

sapcrypto.dll

sapcrypto.lst

sncgss32.dll

located in that folder .

SECUDIR = d:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel\sec

Any idea ?

thanks thanks thanks a lot

former_member829550
Active Participant
‎10-17-2012 8:16 PM
0 Kudos

hi,

from the following::

SncInit(): Trying environment variable SNC_LIB as a

      gssapi library name: "D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel".

*** ERROR => DlLoadLib()==DLENOACCESS - LoadLibrary("D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel")

  Error 126 = "The specified module could not be found." [dlnt.c       255]

*** ERROR => SncPDLInit()==SNCERR_INIT, Adapter #1 (D:\SAPCryptolib\SAP Cryptographic Library Microsoft Win32 for x86IA32\ntintel) not loaded [sncxxdl.c  640]

It looks like that control is not reading your cryptolib file.

Maintain these settings and try once.

Under User Variables:::

SECU_DIR = <Drive>:\usr\sap\saprouter

SNC_LIB = <Drive>:\usr\sap\saprouter\sncgss32.dll     (rename your sapcryptolib.dll to sncgss32.dll)

Under System Variables:::

Path:::: <Drive>:/usr/sap/saprouter/sncgss32.dll;<Drive>:/usr/sap/saprouter/saprouter.exe

On the other hand, I still have a doubt about the user for starting the router service. This is because I started my router service with local system user and not with <sid>adm [which is totally against SAP router documentation] but still it works fine in my case.

try to start the router with command.

saprouter -r -V 2 -K "distinguished name"

try to increase the trace level to 3 to get more detailed error report in dev_rout file. (Post the file incase if you still get the error)

br,

mb

Former Member
‎10-17-2012 11:02 PM
0 Kudos

Hi ,

I can´t change the variable SECU_DIR because the sapcryptolib and SNC_LIB because they are used for another applications.

I tryed to use the local system user but I had this error:

ed Oct 17 23:58:34 2012

*** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1439]

      GSS-API(maj): No credentials were supplied

      GSS-API(min): No credentials found for this name (not logged on) (USER=SYSTEM)

    Could't acquire INITIATING credentials for

Any idea?

Thanks a lot and best regards, sapera

Former Member
‎10-18-2012 2:50 PM
0 Kudos

Hi ,

If  we have two different users.We can set this.

Regards

Sid

Former Member
‎10-18-2012 5:35 PM
0 Kudos

Hi,

Any idea about how to resolve the error?

Thanks a lot, sapera

Former Member
‎10-18-2012 6:50 PM
0 Kudos

Hi Sapera,

What you can do is the Reinstall the saprouter with different user and you can set the two env variables for that user 1.SECUDIR  and 2 .SNC_LIB it will not cause conflict.Let me know your results unless you dont fix the environment variable issue you canot procees further.

SID

Former Member
‎10-22-2012 8:47 PM
0 Kudos

Hi,

Now, I´ve a different error:

NiIRead: hdl 2 received data (rcd=81,pac=1,MESG_IO)
NiSelISelectInt: 1 handles selected (1 buffered)

DATA from C2/-1 (193.149.133.168) received
NiRClientHandle: route received
executing NiRExRouteCon
NiRRouteRepl: copying input to route and replacing name
C2/-1 has NI-layer-version 40
NiBufIRouteToTable result from total 3 entries:
hostname            /service                      
193.149.133.168     /                             
194.39.131.34       /3299                          < next
oss001              /sapgw01                      

NiIGetServNo: servicename '3299' = port 0C.E3/3299
NiSncGetPeer: hdl 2 not SNC enabled
NiLocalCheck: address 194.39.131.34 is not local
Setting outgoing SNC name to 'p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE'
route   [ 0,1 hops, 193.149.133.168 to 194.39.131.34, 3299 ]
matches [  P255,255  0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 194.39.131.34 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 3299 ]
NiICreateHandle: hdl 1 state NI_INITIAL
NiIInitSocket: set default settings for new hdl 1 / sock 1880 (I4; ST)
NiIBlockMode: set blockmode for hdl 1 FALSE
NiIConnectSocket: connection of hdl 1 to 194.39.131.34:3299 in progress (timeout=0)
NiIConnect: hdl 1 took local address 0.0.0.0:4657
NiIConnect: state of hdl 1 NI_CONN_WAIT
NiSncIInitHdlSecurity for hdl 1
<<- SncSessionInit()==SAP_O_K
    out: &snc_hdl = 002AD860
<<- SncSetQOP()==SAP_O_K
     in: qop values = "min=8 (default), max=8 (default), use=8 (default)"
          resulting = "min=2 (old:2), max=3 (old:3), use=3 (old:3)"
<<- SncSessionInitiatorAK()==SAP_O_K
  'target_acl_key' (addr=00D2F46C, len=91) full hexdump
  0x00000  00030401 00080606 2b240301 25010000  ........ +$..%...
  0x00010  00493047 310b3009 06035504 06130244  .I0G1.0. ..U....D
  0x00020  45310c30 0a060355 040a1303 53415031  E1.0...U ....SAP1
  0x00030  12301006 0355040b 13095341 50726f75  .0...U.. ..SAProu
  0x00040  74657231 16301406 03550403 130d3139  ter1.0.. .U....19
  0x00050  342e3339 2e313331 2e3334             4.39.131 .34    
         parses to      = "p:CN=194.39.131.34, OU=SAProuter, O=SAP, C=DE"
->> SncProcessOutput(snc_hdl=002AD860, ibuf=00000000, ilen=0,
          &idone=00D2C8E7, &obuf=00D2C8D8, &oused=00D2C8DC)
<<- SncProcessOutput()==SAP_O_K
         return values = "(no data) in=0 of 0, out=1527"
NiBufISendMsg: send opCode 70 to hdl 1 (dataLen=1527)
NiICheckPendConnection: connection of hdl 1 to 194.39.131.34:3299 still in progress (0)
NiICheckPendConnection: connection of hdl 1 to 194.39.131.34:3299 still in progress (0)
NiBufISetHS: ready-queue could not be freed (hdl 1)
handshake for hdl 1 = 1
RTPENDLIST::addPendingCon: Added C2/1 to list ROUTED, STAT ROUTE_RECV/FREE
RTPENDLIST::addPendingCon: total 2 pending ROUTED connections
NiISetSockOpt: set option SOL_SOCKET-SO_KEEPALIVE of hdl 1 TRUE
S2/1 has hdl 1
forward route to nirouter
NiICheckPendConnection: connection of hdl 1 to 194.39.131.34:3299 still in progress (0)
NiBufIAddToUserQueue: added buffer 0024FAC0 to out-queue (hdl 1, 1 packets, heap 1894)
NiBufIAddToUserQueue: out-queue for hdl 1 down to 0 packets
stat of pair C2/1 is ROUTED

******* NI-ROUTER LOOP ********
Mon Oct 22 21:39:09 2012
NiSelISelectInt: 0 handles selected (0 buffered)
RTPENDLIST::timeoutPend: timeout of client C2/1 (ID 4, STAT ROUTED)
NiBufISendErr: send ni-error rc -5 to hdl 2
NiIWrite: hdl 2 sent data (wrt=236,pac=1,MESG_IO)
NiRCloseConn: closing C2/1
NiICloseHandle: shutdown and close hdl 2 / sock 1876
NiICloseHandle: called for hdl 1 while waiting for connection
NiICloseHandle: shutdown and close hdl 1 / sock 1880
<<- SncSessionDone()==SAP_O_K
NiBufIClose: called while buffer filled -w
NiBufIClose: freed out-queue (hdl 1, heap 0)

Any idea ?

Tahnks a lot and best regards, Sapera

Answers (2)

Answers (2)

Former Member
‎10-16-2012 6:56 PM
0 Kudos

Hi,

Did your Public IP is registered on SAP side.Provide IP to SAP for them to registered

Regards

Sid

Show replies
Show replies
Former Member
‎10-16-2012 7:35 PM
0 Kudos

Hello

I guess the

1. settings in OSS1 tcode needs you to put SAprouter info with IP and need to select router at SAP

2. When both these info are proper check  system data on SMP has all router mentioned for the particular system in question

3. the RFC SAPOSS has user used OSS_RFC ,the password for this user in important ,this is standard password which you can get from SAP notes

Success!!

Ganesh.

Former Member
‎10-16-2012 5:28 PM
0 Kudos

SAPOSS RFC is auto updated bia transaction oss1 parameter settings. can you please attached oss1 parameter setting screenshot?

Regards

Gajanand Gupta

Show replies
Show replies
Ask a Question