cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Saprouter issue 7.20

Former Member

on ‎02-25-2013 4:27 PM

0 Kudos

Hi all,

I had installed a new saprouter in a VM in DMZ connected to SOLMAN.

I can connect to sap via SM59 but my DEV_rout reply error, can anybody help with this issue?

I can´t find any problem in network.


---------------------------------------------------
trc file: "dev_rout", trc level: 1, release: "720"
---------------------------------------------------

Fri Feb 22 11:55:54 2013
SAP Network Interface Router, Version 40.4

command line arg 0: C:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -W
command line arg 3: 60000
command line arg 4: -R
command line arg 5: C:\usr\sap\saprouter\saprouttab
command line arg 6: -K
command line arg 7: p:CN=routerglintt, OU=0000772612, OU=SAProuter, O=SAP, C=DE
command line arg 8: -G
command line arg 9: c:\usr\sap\saprouter\router.log
SncInit(): Initializing Secure Network Communication (SNC)
      PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
      GetUserName()="gestor_sap"  NetWkstaUser="gestor_sap"
SncInit(): Trying environment variable SNC_LIB as a
      gssapi library name: "C:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll".
  File "C:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
  SECUDIR="C:\usr\sap\saprouter\" (from $SECUDIR)
  The internal Adapter for the loaded GSS-API mechanism identifies as:
  Internal SNC-Adapter (Rev 1.0) to SAPCRYPTOLIB
  Product Version = SAPCRYPTOLIB  5.5.5C pl34  (Mar  1 2012) MT,[aesni],NB
main: pid = 2508, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: 'C:\usr\sap\saprouter\saprouttab'

Fri Feb 22 11:56:31 2013
NiHLGetHostName: to get 10.250.46.23 succeeded in 12006ms (tl=2000ms)

Fri Feb 22 12:08:20 2013
*** ERROR => NiBufIProcMsg: hdl 43 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2146]

Fri Feb 22 12:08:44 2013
*** ERROR => NiBufIProcMsg: hdl 37 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2146]

Fri Feb 22 12:16:51 2013
*** ERROR => NiBufIProcMsg: hdl 32 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2146]

Fri Feb 22 12:23:17 2013
*** ERROR => NiBufIProcMsg: hdl 61 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2146]

Fri Feb 22 12:42:37 2013
*** ERROR => NiBufIProcMsg: hdl 54 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2146]

Fri Feb 22 15:55:00 2013
*** ERROR => NiBufIProcMsg: hdl 68 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp    2146]

Sat Feb 23 08:33:41 2013
NiHLGetHostName: to get 62.28.13.77 failed in 16496ms (tl=2000ms)

Sat Feb 23 12:56:34 2013
NiHLGetHostName: to get 10.250.46.23 succeeded in 12016ms (tl=2000ms)

Sat Feb 23 22:56:36 2013
*** ERROR => NiBufIProcMsg: hdl 174 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp    2146]

Sun Feb 24 13:56:33 2013
NiHLGetHostName: to get 10.250.46.23 succeeded in 12014ms (tl=2000ms)

Mon Feb 25 08:33:53 2013
NiHLGetHostName: to get 62.28.13.77 failed in 16495ms (tl=2000ms)

Mon Feb 25 11:56:32 2013
*** ERROR => NiBufIProcMsg: hdl 97 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp    2146]

Mon Feb 25 14:30:09 2013
NiHLGetHostName: to get 10.250.46.23 succeeded in 12003ms (tl=2000ms)

Mon Feb 25 14:30:14 2013
***LOG Q0I=> NiIRead: P=195.23.81.210:3299; L=192.168.5.17:49949: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 5087]
*** ERROR => NiIRead: SiRecv failed for hdl 110/sock 392
    (SI_ECONN_BROKEN/10054; I4; ST; P=195.23.81.210:3299; L=192.168.5.17:49949) [nixxi.cpp    5087]

Thanks,

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎02-25-2013 5:54 PM
0 Kudos

Hi Francisco,

add the following line in the saprouttab file, this line must be the first line in the file:

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

the file continue with:

  1. inbound connections MUST use SNC

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3299KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3299KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3200KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3200

  1. outbound connections to <sapserv2> will use SNC

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server with saprouter> 3299KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299

  1. permission entries to check if connection is allowed at all

P <IP server 1> 194.39.131.34 *

P <IP server 2> 194.39.131.34 *

Please check your routtab, I hope this solve your problem,

Thanks,

Venkat

Show replies
Show replies
Former Member
‎02-26-2013 10:32 AM
0 Kudos

Dear Venkat,

Thanks for the reply but I have those entries, can you please let me know if i miss something?

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 147.204.2.5 *
#KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 01
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 02
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 03
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 04
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 99
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 3389
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34  *

P * * *
S * * *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 147.204.2.5 *
#KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.32.129 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.30.133 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.250.32.129 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.108.145 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 62.28.13.77 3299
P * 194.39.131.34 *
P * * *
P 62.28.13.77 * 3299

KP "p:CN=saprouter.aufp, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=saprouter.aufp, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE" 195.23.81.210 3299

KP "p:CN=hostname, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=hostname, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" 195.23.81.210 3299

KP "p:CN=sap_router.aufp, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=saprouter.aufp, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE" 195.23.37.217 3299

KP "p:CN=hostname, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" 192.168.108.138 3299
KP "p:CN=hostname, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" 195.23.37.217 3299

I restarted the saprouter and when I go to transaction code OSS1 and execute a sapnet logon test, finish with the next error;

Spwdfvml0575:Route permission denied(195.23.37.217 to 147.204.100.100, sapdp01)

Location              SAProuter 40.4 on ‘spwdfvml0575’

Thanks,

Former Member
‎02-27-2013 5:46 PM
0 Kudos

Hi,

From OSS1 it does not required to test and always it will give error.we can ignore.

For routtab please make changes as per your ip address:

# SNC-connection from and to SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

# SNC-connection from SAP to local R/3-System for Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your router ip> 3389

# SNC-connection from SAP to local R/3-System for NetMeeting

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your router ip> 1503

# SNC-connection from SAP to local R/3-System for saptelnet

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your router ip> 23

# Access from the local Network to SAPNet - R/3 Frontend (OSS)

P * 194.39.131.34 3299

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your router ip> 3389

# SNC-connection from and to SAP R/3-System for Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.20.20.31 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.20.20.30 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.20.20.37 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.20.20.38 *

# deny all other connections

D * * *

after that please restart your router and give me error logs

Thanks,

Venkat

former_member189774
Participant
‎03-13-2013 5:03 PM
0 Kudos

This message was moderated.

Ask a Question