on 02-25-2013 4:27 PM
Hi all,
I had installed a new saprouter in a VM in DMZ connected to SOLMAN.
I can connect to sap via SM59 but my DEV_rout reply error, can anybody help with this issue?
I can´t find any problem in network.
---------------------------------------------------
trc file: "dev_rout", trc level: 1, release: "720"
---------------------------------------------------
Fri Feb 22 11:55:54 2013
SAP Network Interface Router, Version 40.4
command line arg 0: C:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -W
command line arg 3: 60000
command line arg 4: -R
command line arg 5: C:\usr\sap\saprouter\saprouttab
command line arg 6: -K
command line arg 7: p:CN=routerglintt, OU=0000772612, OU=SAProuter, O=SAP, C=DE
command line arg 8: -G
command line arg 9: c:\usr\sap\saprouter\router.log
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
GetUserName()="gestor_sap" NetWkstaUser="gestor_sap"
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "C:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll".
File "C:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
SECUDIR="C:\usr\sap\saprouter\" (from $SECUDIR)
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SAPCRYPTOLIB
Product Version = SAPCRYPTOLIB 5.5.5C pl34 (Mar 1 2012) MT,[aesni],NB
main: pid = 2508, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: 'C:\usr\sap\saprouter\saprouttab'
Fri Feb 22 11:56:31 2013
NiHLGetHostName: to get 10.250.46.23 succeeded in 12006ms (tl=2000ms)
Fri Feb 22 12:08:20 2013
*** ERROR => NiBufIProcMsg: hdl 43 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2146]
Fri Feb 22 12:08:44 2013
*** ERROR => NiBufIProcMsg: hdl 37 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2146]
Fri Feb 22 12:16:51 2013
*** ERROR => NiBufIProcMsg: hdl 32 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2146]
Fri Feb 22 12:23:17 2013
*** ERROR => NiBufIProcMsg: hdl 61 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2146]
Fri Feb 22 12:42:37 2013
*** ERROR => NiBufIProcMsg: hdl 54 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2146]
Fri Feb 22 15:55:00 2013
*** ERROR => NiBufIProcMsg: hdl 68 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp 2146]
Sat Feb 23 08:33:41 2013
NiHLGetHostName: to get 62.28.13.77 failed in 16496ms (tl=2000ms)
Sat Feb 23 12:56:34 2013
NiHLGetHostName: to get 10.250.46.23 succeeded in 12016ms (tl=2000ms)
Sat Feb 23 22:56:36 2013
*** ERROR => NiBufIProcMsg: hdl 174 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp 2146]
Sun Feb 24 13:56:33 2013
NiHLGetHostName: to get 10.250.46.23 succeeded in 12014ms (tl=2000ms)
Mon Feb 25 08:33:53 2013
NiHLGetHostName: to get 62.28.13.77 failed in 16495ms (tl=2000ms)
Mon Feb 25 11:56:32 2013
*** ERROR => NiBufIProcMsg: hdl 97 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp 2146]
Mon Feb 25 14:30:09 2013
NiHLGetHostName: to get 10.250.46.23 succeeded in 12003ms (tl=2000ms)
Mon Feb 25 14:30:14 2013
***LOG Q0I=> NiIRead: P=195.23.81.210:3299; L=192.168.5.17:49949: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 5087]
*** ERROR => NiIRead: SiRecv failed for hdl 110/sock 392
(SI_ECONN_BROKEN/10054; I4; ST; P=195.23.81.210:3299; L=192.168.5.17:49949) [nixxi.cpp 5087]
Thanks,
Hi Francisco,
add the following line in the saprouttab file, this line must be the first line in the file:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
the file continue with:
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3299KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3299KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3200KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3200
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server with saprouter> 3299KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
P <IP server 1> 194.39.131.34 *
P <IP server 2> 194.39.131.34 *
Please check your routtab, I hope this solve your problem,
Thanks,
Venkat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Venkat,
Thanks for the reply but I have those entries, can you please let me know if i miss something?
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 147.204.2.5 *
#KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 01
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 02
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 03
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 04
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 99
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 3389
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
P * * *
S * * *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 147.204.2.5 *
#KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.32.129 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.32.129 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.108.145 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 62.28.13.77 3299
P * 194.39.131.34 *
P * * *
P 62.28.13.77 * 3299
KP "p:CN=saprouter.aufp, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=saprouter.aufp, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE" 195.23.81.210 3299
KP "p:CN=hostname, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=hostname, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" 195.23.81.210 3299
KP "p:CN=sap_router.aufp, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=saprouter.aufp, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE" 195.23.37.217 3299
KP "p:CN=hostname, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=hostname, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" 195.23.37.217 3299
I restarted the saprouter and when I go to transaction code OSS1 and execute a sapnet logon test, finish with the next error;
Spwdfvml0575:Route permission denied(195.23.37.217 to 147.204.100.100, sapdp01)
Location SAProuter 40.4 on ‘spwdfvml0575’
Thanks,
Hi,
From OSS1 it does not required to test and always it will give error.we can ignore.
For routtab please make changes as per your ip address:
# SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
# SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your router ip> 3389
# SNC-connection from SAP to local R/3-System for NetMeeting
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your router ip> 1503
# SNC-connection from SAP to local R/3-System for saptelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your router ip> 23
# Access from the local Network to SAPNet - R/3 Frontend (OSS)
P * 194.39.131.34 3299
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your router ip> 3389
# SNC-connection from and to SAP R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.20.20.31 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.20.20.30 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.20.20.37 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.20.20.38 *
# deny all other connections
D * * *
after that please restart your router and give me error logs
Thanks,
Venkat
User | Count |
---|---|
92 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.