on 10-12-2013 9:05 PM
Hello All,
I'm trying to configure WebDispatcher SSL,
https-->WD-->http-->WAS
I'm able access admin page via "http://abc.com:8101/sap/admin/public/bodyframe.html"
but if I try via "https://abc.com:4086/sap/bc/bsp/sap/it00/default.htm" it is showing
500 dispatching error. no valid destination server available for '!ALL' rc=4
Error: -26 Version: 7200
Certificate shows: Invalid Certificate,
I tired to generate from "http://service.sap.com/tcs.
imported the certificate "sapgenpse import_own_cert -c import.cer -p SAPSSLS.pse -x abcpin" successfully.
Currently I'm not using any client certificate.
I tried to import to my PC internet explorer, but still it shows the same prompt.
Trace file shows. following error ( back end system is ABAP) and WD and WAS are on different machines.
[Thr 2996] *** ERROR => no valid destination server available for '!J2EE' rc=13 {0002000c} [http_route.c 3360]
[Thr 2996] *** WARNING => redirect failed request to foreign destination '!ALL' [http_route.c 3384]
[Thr 2996] *** WARNING => original destination was '!J2EE' [http_route.c 3387]
[Thr 2996] *** ERROR => no valid destination server available for '!ALL' rc=4 {0002000c} [http_route.c 3360]
[Thr 2996] *** WARNING => redirect failed request to foreign destination '!ALL' [http_route.c 3384]
[Thr 2996] *** WARNING => original destination was '!ALL' [http_route.c 3387]
What could be the error? is it with the certificate only, I tried to generate couple of times but it resulted the same.
can you help to point me to a right direction?
Regards,
George
Hi
Kindly refer the SAP Note 1605138 - No valid destination server available when using J2EE groups
Thanks
Sriram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
You can run "sapwebdisp pf=<profile> -checkconfig" to see if current configuration is correct.
Thanks.
Jim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Is web dispatcher handling the SSL offload?
Another thing i done see any step for the root and the CA sertificate.
sapgenpse maintain_pk -p SAPSSLS.pse -a <root cert>
sapgenpse maintain_pk -p SAPSSLS.pse -a <CA cert>
How does your profile looks. Have you see these note and below blog.
Note 878226 - SAP Web dispatcher support for portal/Web Dynpro for Java:
wdisp/HTTP/jsessionid_tab_support=1
Added to support BSP Applications through proxies:
(see https://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies)
wdisp/add_clientprotocol_header=1
wdisp/handle_webdisp_ap_header=1
For SSL configuration please check this.
For the cert error fo you see the certs in the browser internet option -> content -> certificates.
Thanks
Rishi Abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rishi,
Thanks for your reply,
Yes our webD is handling SSL offload, i.e https will terminate and connect via http to backend
for Generating .pse
I did sapgenpse get_pse to generate sapssls.pse
using "http://service.sap.com/tcs" generated the PKCS #7Certificates .CER file
sapgenpse import_own_cert to import the cert
& sapgenpse seclogin to apply on serive-user
we don't have a client certificate, so i guess "maintain_pk" is it necessary on the server certificate?
regarding the certificates they are certificates in otherpeople tab.
here are my profile parameters.
SAPSYSTEMNAME = WD0
SAPGLOBALHOST = AHPASSP01
SAPSYSTEM = 22
INSTANCE_NAME = W22
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_CT_RUN)
DIR_PROFILE = $(DIR_INSTALL)\profile
_PF = $(DIR_PROFILE)\WD0_W22_AHPASSP01
SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%
#-----------------------------------------------------------------------
# Accesssability of Message Server
#-----------------------------------------------------------------------
rdisp/mshost = pabdpsd02
ms/http_port = 8101
ms/https_port = 8080
#-----------------------------------------------------------------------
# Configuration for medium scenario
#-----------------------------------------------------------------------
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
icm/server_port_0 = PROT=HTTP,HOST=AHPASSP01,PORT=8101
icm/server_port_1 = PROT=HTTPS,HOST=AHPASSP01,PORT=4086
icm/HTTP/admin_0 = PREFIX=/sap/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),PORT=8101
icm/HTTPs/admin_1 = PREFIX=/sap/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),PORT=4086
icm/HTTPS/verify_client = 1
#-----------------------------------------------------------------------
# Start webdispatcher
#-----------------------------------------------------------------------
_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Start_Program_00 = local $(_WD) pf=$(_PF)
#ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
ssl/ssl_lib = E:\usr\sap\WD0\W22\sec\sapcrypto.dll
ssl/server_pse = E:\usr\sap\WD0\W22\sec\SAPSSLS.pse
sec/libsapsecu = $(ssl/ssl_lib)
ssf/ssfapi_lib = $(ssl/ssl_lib)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
wdisp/add_clientprotocol_header = 1
wdisp/handle_webdisp_ap_header = 1
Regards,
George
Hi,
Please read the guide attached in the earlier post..
Please read the doc and adjust the profile.
like: wdisp/ssl_encrypt = 0
and would alos like you to check this.
rdisp/mshost = pabdpsd02
ms/http_port = 8101
ms/https_port = 8080
Thanks
Rishi Abrol
Hi George,
Please check the following notes:
1820449 - Web dispatcher stops forwarding requests to backend servers
1911913 - 500 Dispatching error thru web dispatcher
Regards
Thanks
Adil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.