on 11-13-2013 5:59 AM
Hi Experts,
I am using Solution Manager 7.1 Version, Recently I installed and Now I configured SAP Router done. I attached SAP Routtab file also. But RFC could not connecting, OSS1 Configuration is fine, AISUSERS also I am maintainted,
# SNC connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
# SNC-connection from SAP to local system for R/3 Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.113 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.173 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.133 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.165 3210
# SNC-connection from SAP to local system for SAPtelnet, if applicable
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.173 23
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.133 23
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.165 23
# SNC-connection from SAP to local system for WTS, if applicable
# Access from local network to SAP
P 192.9.200.* 194.39.131.34 3299
# All other connections will be denied
P * * *
If your answers its correct I will give Correct answers Points.
Thanks & Regards,
Basis Team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
please given the Fully qualified domain names instead of ip adresses in the routtab and try
ex- http://hostname.company.com
Reg,
Nag.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
SAPOSS RFC is auto updated bia transaction oss1 parameter settings. can you please attached oss1 parameter setting screenshot?
Regards
Himanshu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I guess the
1. settings in OSS1 tcode needs you to put SAprouter info with IP and need to select router at SAP
2. When both these info are proper check system data on SMP has all router mentioned for the particular system in question
3. the RFC SAPOSS has user used OSS_RFC ,the password for this user in important ,this is standard password which you can get from SAP notes
Success!!
It shows that your saprouter is out of validity date.
Here are the steps to get it sucessfully working:
1. Logon to host with username and password of SAP router service credentials
2. Stop the Saprouter service
3. Make a backup of the folder E:\usr\sap\saprouter
3a. This can be deleted after a successful upgrade
4. Delete this 4 files in E:\usr\sap\saprouter
4a. certreq
4b. cred_V2
4c. localpse
4d. srcert
5. Generate the certificate request using the following command
5a. E:\usr\sap\saprouter>sapgenpse get_pse –v –r certreq –p local.pse "CN=sapslm01.oii.dom, OU=0000810973, OU=SAProuter, O=SAP, C=DE"
5b. Enter a PIN of 1234
6. Copy the contents of certreq to the clipboard
7. Go to http://www.service.sap.com/saprouter-sncadd
8. Paste the contents of the clipboard into the form
9. This will generate a new certificate, copy its contents into a file called srcert
9a. You will have to create srcert
10. Then import the certificated using the following command
10a. E:\usr\sap\saprouter>sapgenpse import_own_cert –c srcert –p local.pse
10b. Enter the PIN of 1234
11. The setup the logon using the following command
11a. E:\usr\sap\saprouter>sapgenpse seclogin –p local.pse
11b. This will create a file called cred_V2
12. Check if the certificate has been loaded correctly by using the following command
12a. E:\usr\sap\saprouter>sapgenpse get_my_name –v –n Issuer
13. Start the Saprouter service
Hope it works.
Regards,
Himanshu
Hi,
This is the way to check the certs.
sapgenpse get_my_name -n validity
and if you want to renew it you need to follow that and you will have all green.
http://service.sap.com/saprouter-sncdoc
Thanks
Rishi Abrol
Hi,
Please paste your RFC connection error screenshot.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Karthik,
I Mentioned RFC Log, Please check it.
Logon | Connection Error |
Error Details | Error when opening an RFC connection (LB: Hostname or service of the message ser |
Error Details | ERROR: The connection to the specified message server (/H/192.9.200.113/S/sap |
Error Details | LOCATION: SAP-Server TESOL505_SOL_00 on host TESOL505 (wp 5) |
Error Details | COMPONENT: MS (message handling interface, multithreaded) |
Error Details | COUNTER: 1683 |
Error Details | MODULE: msxxi.c |
Error Details | LINE: 2783 |
Error Details | RETURN CODE: -35 |
Error Details | SUBRC: 0 |
Error Details | RELEASE: 720 |
Error Details | TIME: Wed Nov 13 10:20:54 2013 |
Error Details | VERSION: 4 |
1. Problem with SAPOSS connection.
sol. Delete your existing SAPOSS connection and create a new one. This can be done with SDCCN tcode. Follow this link:
After creating new SAPOSS, make your settings on that newly created SAPOSS.
2. Check your connection to SAPSERV2
sol.
niping -c -O -S 3299 -H SAPSERV2 IP Address
niping -c -H Host String (/H/youripaddress/H/sapserv2ipaddress
Connection with SNC
Sample saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SAPSERV2IP *
# SNC connection to local system for R/3-Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YOURIP 32xx
# Access from local network to SAP
P * SAPSERV2IP 3299
# deny all other connections
D * * *
Saprouter start parameter
saprouter -r -V 2 -K "p:CN=distinguishedname, OU=0000xxxxxx, OU=SAProuter, O=SAP, C =DE"
If there is any firewall installed, check whether your firewall is redirecting your SAP Connections with your network team.
Also, follow these notes for your router settings.
33135, 812386, 35010, 137342, 31515
Regards,
Himanshu
Hi,
I attached RFC Error and I delete saposs rfc and remaintained oss1 ddetails, and SMP place also sap data maintained. Port also was opend.
NiLocalCheck: address 194.39.131.34 is not local
Setting outgoing SNC name to 'p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE'
route [ 0,1 hops, 192.9.200.113 to 194.39.131.34, 3299 ]
matches [ P255,255 192.9.200.0/24 194.39.131.34/32 3299 ]
NiICreateHandle: hdl 91 state NI_INITIAL_CON
NiIInitSocket: set default settings for new hdl 91/sock 404 (I4; ST)
NiIBlockMode: set blockmode for hdl 91 FALSE
NiIConnectSocket: connection of hdl 91 to 194.39.131.34:3299 in progress (timeout=0)
NiIConnect: hdl 91 took local address 0.0.0.0:53480
NiIConnect: state of hdl 91 NI_CONN_WAIT
NiSncIInitHdlSecurity for hdl 91
<<- SncSessionInit()==SAP_O_K
out: &snc_hdl = 00000000024B8760
<<- SncSetQOP()==SAP_O_K
in: qop values = "min=8 (default), max=8 (default), use=8 (default)"
resulting = "min=2 (old:2), max=3 (old:3), use=3 (old:3)"
<<- SncSessionInitiatorAK()==SAP_O_K
'target_acl_key' (addr=000000000C9CC9F4, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
parses to = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
->> SncProcessOutput(snc_hdl=00000000024B8760, ibuf=0000000000000000, ilen=0,
&idone=000000000C9CC8F0, &obuf=000000000C9CC8C0, &oused=000000000C9CC8B0)
*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE' [sncxxall.c 3379]
*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3345]
GSS-API(maj): The referenced credentials have expired
GSS-API(min): Validity date of certificate is invalid
Unable to establish the security context
target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
<<- SncProcessOutput()==SNCERR_GSSAPI
*** ERROR => NiSncIInitHdlSecurity: SncProcessOutput failed (sncrc=-4;00000000024B8760) [nisnc.c 1141]
<<- SncSessionDone()==SAP_O_K
NiICloseHandle: called for hdl 91 while waiting for connection
NiICloseHandle: shutdown and close hdl 91/sock 404
*** ERROR => NiSncHandleForAddr C99/-1, 194.39.131.34 (rc=-17) [nirout.cpp 3272]
*** ERROR => NiRClientHandle: NiRExRouteCon for C99/-1 'TESOL505' failed (rc=-17) [nirout.cpp 2650]
NiBufISendErr: send ni-error rc -104 to hdl 99
NiIWrite: hdl 99 sent data (wrt=248,pac=1,MESG_IO)
NiRCloseConn: closing C99/-1
NiICloseHandle: shutdown and close hdl 99/sock 152
******* NI-ROUTER LOOP ********
Wed Nov 13 13:51:39 2013
NiSelISelectInt: 0 handles selected (0 buffered)
******* NI-ROUTER LOOP ********
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.