on 02-14-2014 6:27 AM
Hi,
I am trying to get Work Manager 6.0 run on SMP 2.3.3. I created an Agentry application and referred to the deployment zip file (which was created as per instructions in the installation guide). After restarting the application and SMP server, I get this log message under C:\SAP\MobilePlatform\Servers\UnwiredServer\logs\com.sap.myApplication
18:26:32 02/14/2014: [System Connections] not found - please use editor to publish application then restart the server.
18:26:32 02/14/2014: Exception: 18:26:32 02/14/2014 : 25 (General), Unknown Exception ([System Connections] section not found in Agentry.ini file (Publish from editor to correct), ), agent\ChickamingAgent.cpp#2423:ChickamingAgent::startup
After the restart several files including the WM Application files vanished from C:\SAP\MobilePlatform\Servers\UnwiredServer\Repository\Agentry\default\com.sap.myApplication\Application\Production. The Agentry.ini file also changed. I had hardcoded the passwords for the certificate, they reverted to encrypted ones.
Here are my questions.
1) How to overcome this error message and get the status of the application to change from "RUNNING_WITHOUT_METADATA" to "RUNNING"
2) What is the purpose of another Agentry.ini file and other executables in C:\SAP\MobilePlatform\Servers\AgentryServer
My understanding is that if a developer has to make code changes, we have to install an Agentry Dev sever separately, test the code changes before deploying the files into SMP.
3) If I have to open the WM application in Editor, how do I do this. Do I install the Agentry Dev server ?
4) Can I have both Work Manager and Inventory Manager running on the same SMP sever? I believe the answer is No.
Thanks,
Murali.
Tags edited by: Michael Appleby
1) Stop the SMP Server before you bring update the files.
2) The SMP Server uses that location to launch the agentry Server. I applies the configuration files from <mobileplatform>\Servers\UnwiredServer\Repository\Agenry\default\<app name>
3) You can point the editor to the Agentry.ini at the config file folder in question 2
4) SMP 2.3 Yes, SMP 3 currently no, will be changed in a later release.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Steve,
I was am able to get my WM application running in SMP. I also tried to install the standalone Agentry Dev server. I made sure the PFX file is in the Agentry server directory and I have also installed the
root certificate in the "Trusted Root Certification". I am able connect using WPF client and it works well.
But when I try to launch ATE to connect to this server, it throws and error "Connect to server 'myhostname.domain', certificate is for 'myhostname.domain', so it is not valid Communications error (14)". In the server log I can see this message "Exception: 159 (SSL Socket Error), SSL Socket Error (error:2006F067:BIO routines:BIO_read:connect error, ), ..\Socket\openSSLsockets.cpp#893:OpenSSLstreamSocket::SSLStreamSocket::checkSSLerror"
Is there something we have to do for ATE ?
Thanks,
Murali.
Yes. I have put this in Agentry.ini for the sections [Web Server Front End], [Server Administration] and [ANGEL Front End]
authenticationCertificateStore=dsa.pfx
authenticationCertificateStorePassword=syclo123
authenticationCertificateStorePasswordEncoded=false
I have also placed dsa.pfx in the agentry server directory.
If authenticationCertificateStorePassword or authenticationCertificateStorePasswordEncoded were not set properly, I would get an error message "SSL error: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure" the moment I start the server and WPF client would not be able to connect. But in my case, WPF is connecting but not ATE. I am wondering if something else needs to be done for ATE to work.
Thanks
Murali.
Hi Murali,
We are facing similar issues, getting the error
Connect to Server 'servername', certificate is for 'servername', so it is not valid
Communications error (14)
I'm interested in your steps to get to this point. We have the following:
1) Extract SAPWorkMgr600Deploymentx64.zip to WM600.
2) Create Self-Signed Certificate AgentryServer.pfx by using Open SSL command as follows
2.1) Download and extact OpenSSL to D:\OpenSSL
Note: During this operation Input value of common name is important. During this operation we have tried different inputs for common name FQDN or hostname, but neither are working.
3) Copy AgentryServer.pfx from OpenSSL output to WM600 folder
4) Execute configuration tool SAPWorkMgr600ConfigTool.exe to WM600 folder
5) Confirm connection to ERP by running connectTest.bat in WM600 folder
6) Enter password for authentication certificate and service user by using encryptPW.bat tool as follows
encryptPW Agentry.ini "Server Administration" authenticationCertificateStorePassword <password>
encryptPW Agentry.ini "ANGEL Front End" authenticationCertificateStorePassword <password>
encryptPW Agentry.ini "Web Server Front End" authenticationCertificateStorePassword <password>
7) Installation the Certificate as follows:
😎 Define the Agentry Application (com.sap.mobile.app.wrkmngr) in SAP Control Center
9) Deploy the WM600
Note:
After startup you can see that the application does not display correctly, it is missing the Node information.
On reviewing task manager you can see that the application is actually running
10) Copy and rename D:\OpenSSL\bin\server-cert.pem to AgentryTrustedCertificates.sst, place this in your ATE folder.
11) Logon using ATE on the server.... and here we get
Connect to Server 'servername', certificate is for 'servername', so it is not valid
Communications error (14)
Thanks and regards
Gaurav Relia
Gaurav,
Looks fine. I didn't do the 10th steps and was looking for some help on that.
As per my understanding - You can rename the server-cert.pem to AgentryTrustedCertificates.sst and drop it in the root directory of the client (Overwriting) . The .sst file is an additional location where the client checks for Trusted Root Certificate Authorities. Hence, if you have installed it in the OS level, it is not required to do this step.
Hi Murali,
For simplicity and to avoid any problems I'd recommend following what the guide says word for word. This product is hard enough to get working as it is:
In the guide: SAP-WM-6.0-Installation.pdf
Document Version 1.3 - November 20, 2013
3.1.1 Installing the SAP Work Manager Application
Procedure Point 2
Copy the SSL Authentication certificate obtained or created previously to the base directory into
which the SAP Work Manager application was extracted. Be sure the file is named AgentryServer.pfx
This may not be an issue, but I'm so skeptical after having so many problems I personally wouldn't take the risk.
I hope this helps.
Chris O'Haire
Hi Steve,
I even tried installing Win32 client and tried to connect. It gives the same message.
"Connect to server 'myhostname.domain', certificate is for 'myhostname.domain', so it is not valid Communications error (14)". In the server log I can see this message "Exception: 159 (SSL Socket Error), SSL Socket Error (error:2006F067:BIO routines:BIO_read:connect error, ), ..\Socket\openSSLsockets.cpp#893:OpenSSLstreamSocket::SSLStreamSocket::checkSSLerror"
Thanks,
Murali
Murali,
That error is indicating that the hostname you entered on the client for the server address to connect to the Agentry server does not match the name in the certificate that is installed on the Agentry server in the .pfx file.
Depending on your network DNS setup for name resolution you may or may not have the correct information in the certificate.
For me, due to name resolution issues I find myself just using my ip address in the certificate. Then when connecting from the client I just need to enter the ip address and my client will connect. I am moving around networks alot so the hotname doesn't really help me and unfortunatley our internal network won't DNS resolve to an external DNS host so I can use a "static" host name and just update the IP address based on where I am at the time.
Double check your certificate and make sure you are connecting with the same name. So if the certificate was generated with a FQDN (fully qualified domain name) you also need to specify the full name on the client even in just entering the host name will route the traffic properly.
Good Luck!
--Bill
Thanks Bill. In fact, I tried providing FQDN in ATE while connecting to the server. It still gave the same error.
I tried to do the steps again with IP address as mentioned. Below are my steps.
I used OpenSSL and issues these commands to generate a pfx file with password syclo123
openssl req -x509 -days 365 -newkey rsa:1024 -keyout server-key.pem -out server-cert.pem
openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out AgentryServer.pfx
This time I provided the IP address of my PC (for Common Name) while generating the certificate.
I made a copy of server-cert.pem and renamed it to AgentryServer.cer and by double clicking it, I installed it in Trusted Root Certificate Authorities. I dropped the AgentryServer.pfx file in the Agentry Server directory.
I am able to verify the installed certificate. I can see the IP address in all the places marked below.
I have updated all the sections in Agentry.ini to reflect below
authenticationCertificateStore=AgentryServer.pfx
authenticationCertificateStorePassword=syclo123
authenticationCertificateStorePasswordEncoded=false
Started the server and opened the ATE. It had picked up the server.
and then it throws this error. I even tried to use the "Other.." button to key in the IP address. Still didn't work.
Thanks,
Murali
Hi Murli
We have managed to bring the Work Manager Application up and running using the default certificate but still no luck with the manual certifcate created through openssl.
Steps followed were:
1. Extract SAPWorkMgr600Deploymentx64.zip and rename folder name as WM600. Folder location D:\ZIP File\WM600
2. Copy the AgentryServer.pfx and Agentry.ini from D:\MobilePlatform\Servers\AgentryServer(location where mobile platform is installed) to D:\ZIP File\WM600.
3. Execute configuration tool SAPWorkMgr600ConfigTool.exe to WM600 folder.
4. Confirm connection to ERP by running connectTest.bat in WM600 folder
5. Zip the contents within WM600 to WM600.zip
6.Define and deploy WM600.zip in control center
7. The status of the work manager application in control center should be running "runnning".
8. Connect from Agentry Test environment(using the "AgentryTrustedCertificates.sst" certifacte that comes with its installtion) and the connect to work manager application is successful.
Note:The problem still persists with the manually created certificate.
I am getting the same error you are with manual certificate created using hostname/FQDN/IP as CN in the certificate. I am pondering on below points:
1.Tried placing the manually created certificate "AgentryServer.pfx" under D:\MobilePlatform\Servers\AgentryServer and chaning the password for certificate in Agentery.ini under the same location.
2. Deployed using manually created certificate and ended up with certificate error when connecting using ATE.
I wonder if openssl instructions to create self signed certificate are missing something and the certificate that it generates differs from the default certificate.
Any assistance is appreciated.
Thanks and Regards
Gaurav Relia
Hi Murali,
Make sure that the common name you provide while creating the certificate and Server name you provide in ATE or any other client is exactly the same(eg. If server hostname is testdev then common name has to be the same i.e testdev).
Let me know if it works for you.
Regards,
Abhishek Wajge
Hi Abhishek
I could n't get it working even after using the same name and as already mentioned get the same error as Murli is getting.
The only way could make it working is by using default certificate shipped by SMP 2.3 install as mentioned in my earlier post.
Did it work for you with the self signed certificate created using openssl? It's not working for us.
Thanks and Regards
Gaurav Relia
Murali,
Since you generated the certificate using the IP address of the Agentry server when you enter the connection information in the ATE you also need to use that same IP address or you will get the error in your screenshot. Try connecting again using the IP address instead of the FQDN and it should go through.
You will need to use the Other setting on the please select sever dialog so you can set the name to the IP address.
--Bill
I was given the impression from Murali's post that he has tried most options:
"I tried providing FQDN in ATE while connecting to the server. It still gave the same error.
I tried to do the steps again with IP address as mentioned."
If you read further up he also states that the details exactly match, yet the certificate is not working.
"Connect to server 'myhostname.domain', certificate is for 'myhostname.domain', so it is not valid Communications error (14)"
We have had an OSS call with SAP stating this exact error for a week now, they are struggling to reply to us, but I'll keep you updated Murali.
Please also keep us updated if you come to a resolution.
Regards,
Chris
Neha,
I can't tell for sure but it looks like you are specifying just the hostname csajdsyclo when connecting to the server. The certificate looks to be issued to a fully qualified domain name (guessing based on the length of the blackout). You need to specify the server exactly as it is in the certificate. So even if just specifying the hostname will route to the server you need to put in the server name to match the certificate exactly.
--Bill
Hi Bill
Thank you so much , you are a saviour,
It really helped and the issue is solved. My WPF client is working fine and it properly downloaded the SO's.
I used the complete fully qualified domain name (Myhostname:Domain Name) in the server and it solved the issue.
Thanks a lot
Regards
Neha Mahanty
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.