cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setup Work Manager on SMP2.3

Go to solution
Murali_Shanmu
Active Contributor

on ‎02-14-2014 6:27 AM

0 Kudos

Hi,

I am trying to get Work Manager 6.0 run on SMP 2.3.3. I created an Agentry application and referred to the deployment zip file (which was created as per instructions in the installation guide).  After restarting the application and SMP server, I get this log message under C:\SAP\MobilePlatform\Servers\UnwiredServer\logs\com.sap.myApplication

18:26:32 02/14/2014: [System Connections] not found - please use editor to publish application then restart the server.

18:26:32 02/14/2014: Exception: 18:26:32 02/14/2014 : 25 (General), Unknown Exception ([System Connections] section not found in Agentry.ini file (Publish from editor to correct), ), agent\ChickamingAgent.cpp#2423:ChickamingAgent::startup

After the restart several files including the WM Application files vanished from C:\SAP\MobilePlatform\Servers\UnwiredServer\Repository\Agentry\default\com.sap.myApplication\Application\Production. The Agentry.ini file also changed. I had hardcoded the passwords for the certificate, they reverted to encrypted ones.

Here are my questions.

1) How to overcome this error message and get the status of the application to change from "RUNNING_WITHOUT_METADATA" to "RUNNING"

2) What is the purpose of another Agentry.ini file and other executables in C:\SAP\MobilePlatform\Servers\AgentryServer

My understanding is that if a developer has to make code changes, we have to install an Agentry Dev sever separately, test the code changes before deploying the files into SMP.

3) If I have to open the WM application in Editor, how do I do this. Do I install the Agentry Dev server ?

4) Can I have both Work Manager and Inventory Manager running on the same SMP sever? I believe the answer is No.

Thanks,

Murali.

Tags edited by: Michael Appleby

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-14-2014 1:43 PM
0 Kudos

1) Stop the SMP Server before you bring update the files.

2) The SMP Server uses that location to launch the agentry Server.  I applies the configuration files from <mobileplatform>\Servers\UnwiredServer\Repository\Agenry\default\<app name>

3) You can point the editor to the Agentry.ini at the config file folder in question 2

4) SMP 2.3 Yes, SMP 3 currently no, will be changed in a later release.

Show replies
Show replies
Murali_Shanmu
Active Contributor
‎02-16-2014 10:57 PM
0 Kudos

Thanks Steve, I will try to stop the server and update the files.

Murali_Shanmu
Active Contributor
‎02-17-2014 7:43 AM
0 Kudos

Steve,

I was am able to get my WM application running in SMP. I also tried to install the standalone Agentry Dev server. I made sure the PFX file is in the Agentry server directory and I have also installed the

root certificate in the "Trusted Root Certification". I am able connect using WPF client and it works well.

But when I try to launch ATE to connect to this server, it throws and error "Connect to server 'myhostname.domain', certificate is for 'myhostname.domain', so it is not valid Communications error (14)". In the server log I can see this message "Exception: 159 (SSL Socket Error), SSL Socket Error (error:2006F067:BIO routines:BIO_read:connect error, ), ..\Socket\openSSLsockets.cpp#893:OpenSSLstreamSocket::SSLStreamSocket::checkSSLerror"

Is there something we have to do for ATE ?

Thanks,

Murali.

Former Member
‎02-17-2014 1:33 PM
0 Kudos

When you added the new certificate the server did you type in the password into the line: authenticationCertificateStorePassword and change authenticationCertificateStorePasswordEncoded to false?

Murali_Shanmu
Active Contributor
‎02-17-2014 8:22 PM
0 Kudos

Yes. I have put this in Agentry.ini for the sections [Web Server Front End], [Server Administration] and [ANGEL Front End]

authenticationCertificateStore=dsa.pfx

authenticationCertificateStorePassword=syclo123

authenticationCertificateStorePasswordEncoded=false

I have also placed dsa.pfx in the agentry server directory.

If authenticationCertificateStorePassword or authenticationCertificateStorePasswordEncoded were not set properly, I would get an error message "SSL error: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure" the moment I start the server and WPF client would not be able to connect. But in my case, WPF is connecting but not ATE. I am wondering if something else needs to be done for ATE to work.

Thanks

Murali.

Former Member
‎02-18-2014 4:05 AM
0 Kudos

Hi Murali,

We are facing similar issues, getting the error

Connect to Server 'servername', certificate is for 'servername', so it is not valid

Communications error (14)

I'm interested in your steps to get to this point.  We have the following:

1) Extract SAPWorkMgr600Deploymentx64.zip to WM600.         

2) Create Self-Signed Certificate AgentryServer.pfx by using Open SSL command as follows

2.1) Download and extact OpenSSL to D:\OpenSSL

  • 2.2) openssl req -config ../openssl.cnf -x509 -days 3650 -newkey rsa:2048 -keyout server-key.pem -out server-cert.pem

Note: During this operation Input value of common name is important.  During this operation we have tried different inputs for common name FQDN or hostname, but neither are working.

  • 2.3) openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out AgentryServer.pfx

3) Copy AgentryServer.pfx from OpenSSL output to WM600 folder

4) Execute configuration tool SAPWorkMgr600ConfigTool.exe to WM600 folder

5) Confirm connection to ERP by running connectTest.bat in WM600 folder

6) Enter password for authentication certificate and service user by using encryptPW.bat tool as follows

encryptPW Agentry.ini "Server Administration" authenticationCertificateStorePassword <password>

encryptPW Agentry.ini "ANGEL Front End" authenticationCertificateStorePassword <password>

encryptPW Agentry.ini "Web Server Front End" authenticationCertificateStorePassword <password>

7) Installation the Certificate as follows:

  • 7.1) Run MMC
  • 7.2) Add/Remove Snap-in
  • 7.3) Select Certificate
  • 7.4) Select Computer Account
  • 7.5) Select Local Computer
  • 7.6) Select OK
  • 7.7) Navigate to Certificates (Local Computer) --> Trusted Root Certification Authorities --> Certificates
  • 7.8) copy and rename server-cert.pem (output from OpenSSL) to AgentryCA.cer
  • 7.9) Right click in mmc window and select the AgentryCA.cer to install.

😎 Define the Agentry Application (com.sap.mobile.app.wrkmngr) in SAP Control Center

9) Deploy the WM600

  • 9.1) Stop the SMP 2.3 instance, this will stop the service “SAP Mobile Server”
  • 9.2) Stop the remaining services “SAP Mobile Platform CacheDB”
  • 9.3) Copy the content of the WM600 folder over the existing D:\MobilePlatform\Servers\UnwiredServer\Repository\Agentry\default\com.sap.mobile.app.wrkmngr
  • 9.4) Start the service “SAP Mobile Server”, this also starts “SAP Mobile Platform CacheDB”

Note:

After startup you can see that the application does not display correctly, it is missing the Node information.

On reviewing task manager you can see that the application is actually running

10) Copy and rename D:\OpenSSL\bin\server-cert.pem to AgentryTrustedCertificates.sst, place this in your ATE folder.

11) Logon using ATE on the server.... and here we get

Connect to Server 'servername', certificate is for 'servername', so it is not valid

Communications error (14)


Thanks and regards

Gaurav Relia

Murali_Shanmu
Active Contributor
‎02-18-2014 4:32 AM
0 Kudos

Gaurav,

Looks fine. I didn't do the 10th steps and was looking for some help on that.

As per my understanding - You can rename the server-cert.pem to AgentryTrustedCertificates.sst and drop it in the root directory of the client (Overwriting) . The .sst file is an additional location where the client checks for Trusted Root Certificate Authorities. Hence, if you have installed it in the OS level, it is not required to do this step.

Former Member
‎02-18-2014 4:47 AM
0 Kudos

Hi Murali,

For simplicity and to avoid any problems I'd recommend following what the guide says word for word.  This product is hard enough to get working as it is:

In the guide: SAP-WM-6.0-Installation.pdf

Document Version 1.3 - November 20, 2013

3.1.1 Installing the SAP Work Manager Application

Procedure Point 2

Copy the SSL Authentication certificate obtained or created previously to the base directory into

which the SAP Work Manager application was extracted. Be sure the file is named AgentryServer.pfx

This may not be an issue, but I'm so skeptical after having so many problems I personally wouldn't take the risk.

I hope this helps.


Chris O'Haire

Murali_Shanmu
Active Contributor
‎02-18-2014 5:09 AM
0 Kudos

Are you on SMP 2.3.3.1 ?

Former Member
‎02-18-2014 5:16 AM
0 Kudos

SMP 2.3 SP03, build 2.3.3.13

Note: Gaurav and I work together.

Murali_Shanmu
Active Contributor
‎02-19-2014 8:52 PM
0 Kudos

Hi Steve,

I even tried installing Win32 client and tried to connect. It gives the same message.

"Connect to server 'myhostname.domain', certificate is for 'myhostname.domain', so it is not valid Communications error (14)". In the server log I can see this message "Exception: 159 (SSL Socket Error), SSL Socket Error (error:2006F067:BIO routines:BIO_read:connect error, ), ..\Socket\openSSLsockets.cpp#893:OpenSSLstreamSocket::SSLStreamSocket::checkSSLerror"

Thanks,

Murali

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎02-19-2014 9:52 PM
0 Kudos

Murali,

That error is indicating that the hostname you entered on the client for the server address to connect to the Agentry server does not match the name in the certificate that is installed on the Agentry server in the .pfx file.

Depending on your network DNS setup for name resolution you may or may not have the correct information in the certificate.

For me, due to name resolution issues I find myself just using my ip address in the certificate.  Then when connecting from the client I just need to enter the ip address and my client will connect.  I am moving around networks alot so the hotname doesn't really help me and unfortunatley our internal network won't DNS resolve to an external DNS host so I can use a "static" host name and just update the IP address based on where I am at the time.

Double check your certificate and make sure you are connecting with the same name.  So if the certificate was generated with a FQDN (fully qualified domain name) you also need to specify the full name on the client even in just entering the host name will route the traffic properly.

Good Luck!

--Bill

Murali_Shanmu
Active Contributor
‎02-19-2014 10:45 PM
0 Kudos

Thanks Bill. In fact, I tried providing FQDN in ATE while connecting to the server. It still gave the same error.

I tried to do the steps again with IP address as mentioned. Below are my steps.

I used OpenSSL and issues these commands to generate a pfx file with password syclo123

openssl req -x509 -days 365 -newkey rsa:1024 -keyout server-key.pem -out server-cert.pem

openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out AgentryServer.pfx

This time I provided the IP address of my PC (for Common Name) while generating the certificate.

I made a copy of server-cert.pem and renamed it to AgentryServer.cer and by double clicking it, I installed it in Trusted Root Certificate Authorities. I dropped the AgentryServer.pfx file in the Agentry Server directory.

I am able to verify the installed certificate. I can see the IP address in all the places marked below.

I have updated all the sections in Agentry.ini to reflect below

authenticationCertificateStore=AgentryServer.pfx

authenticationCertificateStorePassword=syclo123

authenticationCertificateStorePasswordEncoded=false

Started the server and opened the ATE. It had picked up the server.

and then it throws this error. I even tried to use the "Other.." button to key in the IP address. Still didn't work.

Thanks,

Murali

Former Member
‎02-20-2014 6:04 AM
0 Kudos

Hi Murli

We have managed to bring the Work Manager Application up and running using the default certificate but still no luck with the manual certifcate created through openssl.

Steps followed were:

1. Extract SAPWorkMgr600Deploymentx64.zip and rename folder name as WM600. Folder location D:\ZIP File\WM600

2. Copy the AgentryServer.pfx and Agentry.ini from D:\MobilePlatform\Servers\AgentryServer(location where mobile platform is installed) to D:\ZIP File\WM600.

3. Execute configuration tool SAPWorkMgr600ConfigTool.exe to WM600 folder.

4. Confirm connection to ERP by running connectTest.bat in WM600 folder

5. Zip the contents within WM600 to WM600.zip

6.Define and deploy WM600.zip in control center

7. The status of the work manager application in control center should be running "runnning".

8. Connect from Agentry Test environment(using the  "AgentryTrustedCertificates.sst" certifacte that comes with its installtion) and the connect to work manager application is successful.

Note:The problem still persists with the manually created certificate.

I am getting the same error you are with manual certificate created using hostname/FQDN/IP as CN in the certificate. I am pondering on below points:

1.Tried placing the manually created certificate "AgentryServer.pfx" under D:\MobilePlatform\Servers\AgentryServer and chaning the password for certificate in Agentery.ini under the same location.

2. Deployed using manually created certificate and ended up with certificate error when connecting using ATE.

I wonder if openssl instructions to create  self signed certificate are missing something and the certificate that it generates  differs from the default certificate.

Any assistance is appreciated.

Thanks and Regards

Gaurav Relia

Former Member
‎02-20-2014 10:23 AM
0 Kudos

Hi Murali,

Make sure that the common name you provide while creating the certificate and Server name you provide in ATE or any other client is exactly the same(eg. If server hostname is testdev then common name has to be the same i.e testdev).

Let me know if it works for you.

Regards,

Abhishek Wajge

Former Member
‎02-20-2014 11:56 PM
0 Kudos

Hi Abhishek

I could n't get it working even after using the same name and as already mentioned get the same error as Murli is getting.

The only way could make it working is by using default certificate shipped by SMP 2.3 install as mentioned in my earlier post.

Did it work for you with the self signed certificate created using openssl? It's not working for us.

Thanks and Regards

Gaurav Relia

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎02-21-2014 3:04 PM
0 Kudos

Murali,

Since you generated the certificate using the IP address of the Agentry server when you enter the connection information in the ATE you also need to use that same IP address or you will get the error in your screenshot.  Try connecting again using the IP address instead of the FQDN and it should go through.

You will need to use the Other setting on the please select sever dialog so you can set the name to the IP address.

--Bill

Former Member
‎02-23-2014 10:24 PM
0 Kudos

I was given the impression from Murali's post that he has tried most options:

"I tried providing FQDN in ATE while connecting to the server. It still gave the same error.

I tried to do the steps again with IP address as mentioned."

If you read further up he also states that the details exactly match, yet the certificate is not working.

"Connect to server 'myhostname.domain', certificate is for 'myhostname.domain', so it is not valid Communications error (14)"

We have had an OSS call with SAP stating this exact error for a week now, they are struggling to reply to us, but I'll keep you updated Murali.

Please also keep us updated if you come to a resolution.


Regards,

Chris

neha_mahanty
Active Participant
‎03-12-2014 10:31 AM
0 Kudos

Hi Chris,

I am facing the same issue while working with WPF client 6.1.3 with SAP Service Manager 4.0

After we installed the certificate we are getting error PFA

Can you please guide how we can solve this issue.

Thanks and Regards

Neha Mahanty

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎03-12-2014 4:34 PM
0 Kudos

Neha,

I can't tell for sure but it looks like you are specifying just the hostname csajdsyclo when connecting to the server.  The certificate looks to be issued to a fully qualified domain name (guessing based on the length of the blackout).  You need to specify the server exactly as it is in the certificate.  So even if just specifying the hostname will route to the server you need to put in the server name to match the certificate exactly.

--Bill

Former Member
‎03-13-2014 5:54 AM
0 Kudos

Hi Neha,

Did you copy .SST file in WPF client installation directory?

If not, You need to delete an existing .SST file and add one which you have created.

Regards,

Abhishek Wajge

neha_mahanty
Active Participant
‎03-13-2014 7:55 AM
0 Kudos

Hi Bill

Thank you so much , you are a saviour,

It really helped and the issue is solved. My WPF client is working fine and it properly downloaded the SO's.

I used the complete fully qualified domain name (Myhostname:Domain Name) in the server and it solved the issue.

Thanks a lot

Regards

Neha Mahanty

agentry_src
Active Contributor
‎03-13-2014 11:25 AM
0 Kudos

Hi Neha,

Please close this thread by assigning Correct Answer to the post which solved the problem and Helpful Answer to those which were.

Thanks, Mike (Moderator)

SAP Customer Experience Group - CEG

neha_mahanty
Active Participant
‎03-13-2014 11:59 AM
0 Kudos

Hi Michael,

I cannot see the option to mark the correct answer or helpful answer  . May be because I did not raised the query .

All I can see is the option to Like. hence I liked Bill 's Post.

Thanks

Neha

agentry_src
Active Contributor
‎03-13-2014 12:03 PM
0 Kudos

Hi Neha,

Sorry, I did not see that this was someone else's thread.  You are correct that you will not see the option.  Only the Moderators and the OP (Original Poster) have that function exposed.

Thanks, Mike

SAP Customer Experience Group - CEG

neha_mahanty
Active Participant
‎03-13-2014 12:05 PM
0 Kudos

No Problem

Answers (0)

Ask a Question