cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Reg: SAP Router Connection Error

former_member216430
Participant

on ‎11-13-2013 5:59 AM

0 Kudos

Hi Experts,

               I am using Solution Manager 7.1 Version, Recently I installed and Now I configured SAP Router done. I attached SAP Routtab file also. But RFC could not connecting, OSS1 Configuration is fine, AISUSERS also I am maintainted,

# SNC connection to SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299

# SNC-connection from SAP to local system for R/3 Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.113 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.173 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.133 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.165 3210

# SNC-connection from SAP to local system for SAPtelnet, if applicable

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.173 23

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.133 23

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.9.200.165 23

# SNC-connection from SAP to local system for WTS, if applicable

# Access from local network to SAP

P 192.9.200.* 194.39.131.34 3299

# All other connections will be denied

P * * *

If your answers its correct I will give Correct answers Points.

Thanks & Regards,

Basis Team

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎01-15-2015 7:47 AM
0 Kudos

Hi,

Was your issue resolved?

I am getting the same error after renewal of sap router validity. Router is working fine but SAPOSS rfc is not working.

Please find below the screenshot.

Regards,

Rachit

Show replies
Show replies
Former Member
‎11-13-2013 11:10 AM
0 Kudos

Hi,

please given the Fully qualified domain names instead of ip adresses in the routtab and try

ex- http://hostname.company.com

Reg,

Nag.

Show replies
Show replies
former_member183107
Contributor
‎11-13-2013 7:16 AM
0 Kudos

SAPOSS RFC is auto updated bia transaction oss1 parameter settings. can you please attached oss1 parameter setting screenshot?

Regards

Himanshu

Show replies
Show replies
former_member183107
Contributor
‎11-13-2013 7:16 AM
0 Kudos

I guess the

1. settings in OSS1 tcode needs you to put SAprouter info with IP and need to select router at SAP

2. When both these info are proper check  system data on SMP has all router mentioned for the particular system in question

3. the RFC SAPOSS has user used OSS_RFC ,the password for this user in important ,this is standard password which you can get from SAP notes

Success!!

former_member216430
Participant
‎11-13-2013 8:02 AM
0 Kudos

Hi sharma,

                   I am attaching oss1 t-code screen shot, please check it.

         

former_member216430
Participant
‎11-13-2013 8:52 AM
0 Kudos

Hi,

          I check with validity status showing this message pls explain.

former_member183107
Contributor
‎11-13-2013 9:04 AM
0 Kudos

It shows that your saprouter is out of validity date.

Here are the steps to get it sucessfully working:

1.  Logon to host with username and password of SAP router service credentials

2.  Stop the Saprouter service

3.  Make a backup of the folder E:\usr\sap\saprouter

3a.  This can be deleted after a successful upgrade

4.  Delete this 4 files in E:\usr\sap\saprouter

4a.  certreq

4b.  cred_V2

4c.  localpse

4d.  srcert

5. Generate the certificate request using the following command

5a. E:\usr\sap\saprouter>sapgenpse get_pse –v –r certreq –p local.pse "CN=sapslm01.oii.dom, OU=0000810973, OU=SAProuter, O=SAP, C=DE"

5b.  Enter a PIN of 1234

6.  Copy the contents of certreq to the clipboard

7.  Go to http://www.service.sap.com/saprouter-sncadd

8.  Paste the contents of the clipboard into the form

9.  This will generate a new certificate, copy its contents into a file called srcert

9a.  You will have to create srcert

10.  Then import the certificated using the following command

10a.  E:\usr\sap\saprouter>sapgenpse import_own_cert –c srcert –p local.pse

10b.  Enter the PIN of 1234

11.  The setup the logon using the following command

11a.  E:\usr\sap\saprouter>sapgenpse seclogin –p local.pse

11b.  This will create a file called cred_V2

12.  Check if the certificate has been loaded correctly by using the following command

12a.  E:\usr\sap\saprouter>sapgenpse get_my_name –v –n Issuer

13.  Start the Saprouter service

Hope it works.

Regards,

Himanshu

Former Member
‎11-13-2013 9:05 AM
0 Kudos

Hi,

If you see your certs they are not valid.

So please renew the certs.

Thanks

Rishi Abrol

former_member216430
Participant
‎11-13-2013 9:46 AM
0 Kudos

Hi Rishi,

       Any other way is about validity check for SAP Router Certificate.

Former Member
‎11-13-2013 9:54 AM
0 Kudos

Hi,

This is the way to check the certs.

sapgenpse get_my_name -n validity

and if you want to renew it you need to follow that and you will have all green.

http://service.sap.com/saprouter-sncdoc

Thanks

Rishi Abrol

karthikeyan_natarajan4
Active Contributor
‎11-13-2013 6:53 AM
0 Kudos

Hi,

Please paste your RFC connection error screenshot.

Show replies
Show replies
former_member216430
Participant
‎11-13-2013 7:49 AM
0 Kudos

Hi Karthik,

      I Mentioned RFC Log, Please check it.

LogonConnection Error
Error DetailsError when opening an RFC connection (LB: Hostname or service of the message ser
Error DetailsERROR: The connection to the specified message server (/H/192.9.200.113/S/sap
Error DetailsLOCATION: SAP-Server TESOL505_SOL_00 on host TESOL505 (wp 5)
Error DetailsCOMPONENT: MS (message handling interface, multithreaded)
Error DetailsCOUNTER: 1683
Error DetailsMODULE: msxxi.c
Error DetailsLINE: 2783
Error DetailsRETURN CODE: -35
Error DetailsSUBRC: 0
Error DetailsRELEASE: 720
Error DetailsTIME: Wed Nov 13 10:20:54 2013
Error DetailsVERSION: 4
former_member183107
Contributor
‎11-13-2013 8:02 AM
0 Kudos

1. Problem with SAPOSS connection.

sol.  Delete your existing SAPOSS connection and create a new one. This can be done with SDCCN tcode. Follow this link:

http://scn.sap.com/community/netweaver-administrator/blog/2012/04/27/oss1-rfc-connections-saposs-sap...

After creating new SAPOSS, make your settings on that newly created SAPOSS.

2. Check your connection to SAPSERV2

sol.

niping -c -O -S 3299 -H SAPSERV2 IP Address


niping -c -H Host String (/H/youripaddress/H/sapserv2ipaddress

Connection with SNC

Sample saprouttab

# SNC connection to and from SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SAPSERV2IP *

# SNC connection to local system for R/3-Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YOURIP 32xx

# Access from local network to SAP

P * SAPSERV2IP 3299

# deny all other connections

D * * *


Saprouter start parameter

saprouter -r -V 2 -K "p:CN=distinguishedname, OU=0000xxxxxx, OU=SAProuter, O=SAP, C =DE"

If there is any firewall installed, check whether your firewall is redirecting your SAP Connections with your network team.

Also, follow these notes for your router settings.

33135,  812386,  35010, 137342, 31515

Regards,

Himanshu

former_member216430
Participant
‎11-13-2013 8:46 AM
0 Kudos

Hi,

     I attached RFC Error and I delete saposs rfc and remaintained oss1 ddetails, and SMP place also sap data maintained. Port also was opend.

NiLocalCheck: address 194.39.131.34 is not local

Setting outgoing SNC name to 'p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE'

route   [ 0,1 hops, 192.9.200.113 to 194.39.131.34, 3299 ]

matches [  P255,255  192.9.200.0/24 194.39.131.34/32 3299 ]

NiICreateHandle: hdl 91 state NI_INITIAL_CON

NiIInitSocket: set default settings for new hdl 91/sock 404 (I4; ST)

NiIBlockMode: set blockmode for hdl 91 FALSE

NiIConnectSocket: connection of hdl 91 to 194.39.131.34:3299 in progress (timeout=0)

NiIConnect: hdl 91 took local address 0.0.0.0:53480

NiIConnect: state of hdl 91 NI_CONN_WAIT

NiSncIInitHdlSecurity for hdl 91

<<- SncSessionInit()==SAP_O_K

    out: &snc_hdl = 00000000024B8760

<<- SncSetQOP()==SAP_O_K

     in: qop values = "min=8 (default), max=8 (default), use=8 (default)"

          resulting = "min=2 (old:2), max=3 (old:3), use=3 (old:3)"

<<- SncSessionInitiatorAK()==SAP_O_K

  'target_acl_key' (addr=000000000C9CC9F4, len=86) full hexdump

  0x00000  00030401 00080606 2b240301 25010000  ........ +$..%...

  0x00010  00443042 310b3009 06035504 06130244  .D0B1.0. ..U....D

  0x00020  45310c30 0a060355 040a1303 53415031  E1.0...U ....SAP1

  0x00030  12301006 0355040b 13095341 50726f75  .0...U.. ..SAProu

  0x00040  74657231 11300f06 03550403 13087361  ter1.0.. .U....sa

  0x00050  70736572 7632                        pserv2          

         parses to      = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

->> SncProcessOutput(snc_hdl=00000000024B8760, ibuf=0000000000000000, ilen=0,

          &idone=000000000C9CC8F0, &obuf=000000000C9CC8C0, &oused=000000000C9CC8B0)

*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE' [sncxxall.c 3379]

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [sncxxall.c 3345]

      GSS-API(maj): The referenced credentials have expired

      GSS-API(min): Validity date of certificate is invalid

    Unable to establish the security context

    target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

<<- SncProcessOutput()==SNCERR_GSSAPI

*** ERROR => NiSncIInitHdlSecurity: SncProcessOutput failed (sncrc=-4;00000000024B8760) [nisnc.c      1141]

<<- SncSessionDone()==SAP_O_K

NiICloseHandle: called for hdl 91 while waiting for connection

NiICloseHandle: shutdown and close hdl 91/sock 404

*** ERROR => NiSncHandleForAddr C99/-1, 194.39.131.34 (rc=-17) [nirout.cpp   3272]

*** ERROR => NiRClientHandle: NiRExRouteCon for C99/-1 'TESOL505' failed (rc=-17) [nirout.cpp   2650]

NiBufISendErr: send ni-error rc -104 to hdl 99

NiIWrite: hdl 99 sent data (wrt=248,pac=1,MESG_IO)

NiRCloseConn: closing C99/-1

NiICloseHandle: shutdown and close hdl 99/sock 152

******* NI-ROUTER LOOP ********

Wed Nov 13 13:51:39 2013

NiSelISelectInt: 0 handles selected (0 buffered)

******* NI-ROUTER LOOP ********

Former Member
‎11-13-2013 6:22 AM
0 Kudos

Hi,

Please check your router validity.

also Please look below link.

http://scn.sap.com/thread/3439446

Show replies
Show replies
Ask a Question