on 02-15-2014 3:14 AM
Beside niping is there any other ways to test a SNC SAP Router configuration is working?
Hi Toh
Kindly refer the SAP Notes & Link
1628296 - SAProuter installation process
Installing the SAProuter - SAProuter - SAP Library
Regards
Sriram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
After the configuration you can test your SAP Router connection in the following ways:
- Star SAPRouter with the opion -G for generate logs and analise this logs. Detais in http://help.sap.com/saphelp_47x200/helpdata/en/4f/992ed3446d11d189700000e8322d00/frameset.htm
- In any ABAP system configure tx. OSS1. This transaction generate in SM59 SAPOSS RFC connection. You can test the connection
- Create a OSS message for any system, open the system in marketplace, put the credencials in secure area and ask to SAP forn test this conccection
- You can use the niping command, details can find where http://help.sap.com/saphelp_nw04/helpdata/en/4f/992dd7446d11d189700000e8322d00/content.htm
Best regards
Joao Vagarinho
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Corinna,
Niping is a tool to perform self test whether SAProuter is working or not.
Other alternatives are
1) Raise and OSS to SAP and request them to check connection from SAP OSS to your sap system
=> This will ensure SAP can login to your systems
2) You can test connection to SAP system using SAProuter string in SAPlogon pad.
=> This will ensure users can login to SAP systems via internet mode.
Hope this helps.
Regards,
Deepak Kori
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi Corinna,
You can check via OSS1 --> Logon To SAPNet (click on it)
If you get Select A Group window. Its mean it is working fine and SAP AG can access your system.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Corinna
Kindly refer the SAP Note
1814643 - Route permission denied error message from SAProuter
1178546 - No service connection: "route permission denied"
1895350 - Secure configuration of SAProuter
Regards
H Corinna
1. Transaction Code OSS1 check the SAP system logon? and also refer the SAP Note
2. Kindly follow the point 1 mention by Deepak
Regards
Hi SS,
I've follow the point as mentioned by everyone here. Using tcode OSS1 and SM59.
In SM59, I've an entry for SAPOSS and when I use the test connection, is successful but in OSS1, it is giving me error for permission denied.
So I'm not sure where else had I gone wrong.
I tried to follow the guide you gave me by restricting instead of using P * * * but it is giving me the same error.
Hi
So I'm not sure where else had I gone wrong.
I tried to follow the guide you gave me by restricting instead of using P * * * but it is giving me the same error.
Kindly follow the SAP Note 33135 - Guidelines for OSS1
Regards
SS
hi Corinna,
Please follow the instruction from below link.
Hopes, It gives you complete idea regarding SAP Route Table.
Regards,
Hi Jamil,
I've simplified the saprouttab to:
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx.xxx 3200
P * * *
P xxx.xxx.xxx.* 169.145.197.110 3299
but still the same error.
hi Corina,
did you restart the saprouter after made change? please have a look at below sap help.
Saprouter - Route permission denied
Do this try...
the below line should be on top in saprouttab and try again after restart the saprouter.
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
Regards,
dear,
Please make a copy of current saprouttab and put following text and retry.
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx.xxx 3200
P xxx.xxx.*.* 194.39.131.34 3299
P * * *
share the log.
Note....
Please enter your local SAPRouter information in the "SAPRouter" fields. Now save the settings.
sapserv1 (194.117.106.129) connection via Internet VPN
sapserv2 (194.39.131.34) connection via Internet SNC
sapserv3 (147.204.2.5) for customers with connection to Germany
sapserv4 (204.79.199.2) for customers in America
sapserv5 (194.39.138.2) for customers with connection to Japan
sapserv6 (194.39.139.16) for customers in Australia and New Zealand
sapserv7 (194.39.134.35) for customers in Asia
sapserv9 (169.145.197.110) for Singapore (SNC)
check: Note 40024
Regards,
Do you mean to add or edit the current saprouttab?
What do you mean by enter in the SAPRouter fields?
In the notes 40024, http://service.sap.com/sap/support/notes/40024 is talking about transfering files to SAP via ftp. What should I transfer to them?
Hi Jamil,
I've change saprouttab to what you had mentioned:
saprouttab:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx.rrr 3200
P 10.11.*.* 194.39.131.34 3299
P * * *
saprouter_log:
Wed Feb 19 10:11:00 2014 INIT LOGFILE
Wed Feb 19 10:11:00 2014 READ ROUTTAB ./saprouttab o.k.
Wed Feb 19 10:11:08 2014 CONNECT FROM C9/- host xxx.xxx.xxx.yy/4055
Wed Feb 19 10:11:08 2014 CONNECT TO S9/17 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)
Wed Feb 19 10:11:09 2014 ESTABLISHED S9/17 (-/SNC)
Wed Feb 19 10:11:10 2014 DISCONNECT C9/17 host xxx.xxx.xxx.yy/4055 (xxx.xxx.xxx.yy)
Wed Feb 19 10:11:15 2014 CONNECT FROM C18/- host xxx.xxx.xxx.zzz/50656
Wed Feb 19 10:11:15 2014 CONNECT TO S18/10 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)
Wed Feb 19 10:11:16 2014 CONNECT ERR S18/10 NIEROUT_PERM_DENIED on 'SAProuter 40.4 on 'spwdfvml0575''
Wed Feb 19 10:11:16 2014 DISCONNECT S18/10 host 194.39.131.34/3299 (194.39.131.34)
dev_rout:
---------------------------------------------------
trc file: "dev_rout", trc level: 1, release: "720"
---------------------------------------------------
Wed Feb 19 10:11:00 2014
SAP Network Interface Router, Version 40.4
command line arg 0: ./saprouter
command line arg 1: -r
command line arg 2: -G
command line arg 3: routerlog
command line arg 4: -W
command line arg 5: 60000
command line arg 6: -S
command line arg 7: 3299
command line arg 8: -K
command line arg 9: p:CN=XXX, OU=XXX, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 8/64/64)
UserId="xxx" (1001), envvar USER="xxx"
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "/usr/sap/saprouter/lib/libsapcrypto.so".
"dev_rout" 33L, 1424C 1,0-1 Top
hi Corinna,
SncInit(): Initializing Secure Network Communication (SNC) AMD/Intel x86_64 with Linux
Please download this SAP Cryptographic Library Linux for X86_64 (AMD64) from service.sap.com and replace in saprouter\crypto\
Issue is , for 64bit sapcrypto is required for 64bit saprouter and right now, SAProuter initialization fails because 64bit saprouter binary can not load the 32bit libsapcrypto.so.
Regards,
Hi Jamil,
I redo the SAP Router and it is still not working. I'm still having the same error of "permission denied".
dev_rout
---------------------------------------------------
trc file: "dev_rout", trc level: 1, release: "720"
---------------------------------------------------
Thu Feb 20 14:17:33 2014
SAP Network Interface Router, Version 40.4
command line arg 0: ./saprouter
command line arg 1: -r
command line arg 2: -G
command line arg 3: routerlog
command line arg 4: -W
command line arg 5: 60000
command line arg 6: -S
command line arg 7: 3299
command line arg 8: -K
command line arg 9: p:CN=xxxxxx, OU=xxxxxxx, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 8/64/64)
"dev_rout" 33L, 1424C 1,0-1 Top
SAProuter log
Thu Feb 20 14:17:33 2014 INIT LOGFILE
Thu Feb 20 14:17:33 2014 READ ROUTTAB ./saprouttab o.k.
Thu Feb 20 14:17:49 2014 CONNECT FROM C9/- host xxx.xxx.xxx.yy/3032
Thu Feb 20 14:17:49 2014 CONNECT TO S9/17 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)
Thu Feb 20 14:17:50 2014 ESTABLISHED S9/17 (-/SNC)
Thu Feb 20 14:17:51 2014 DISCONNECT C9/17 host xxx.xxx.xxx.yy/3032 (xxx.xxx.xxx.yy)
Thu Feb 20 14:17:57 2014 CONNECT FROM C18/- host xxx.xxx.xxx.zz/55529
Thu Feb 20 14:17:57 2014 CONNECT TO S18/10 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)
Thu Feb 20 14:17:58 2014 CONNECT ERR S18/10 NIEROUT_PERM_DENIED on 'SAProuter 40.4 on 'spwdfvml0575''
Thu Feb 20 14:17:58 2014 DISCONNECT S18/10 host 194.39.131.34/3299 (194.39.131.34)
hi,
now you are facing this issue due to incorrect entry in saprouttab.
please add following entry in host file and try after restart the saprouter.
194.39.131.34 sapserv2
Please confirm mentioned things of this SAP note 1178684
Regards,
majamil1@gmail.com(add it and come online)
Hi,
In this thread, SAProuter and Telnet 3299 with error it mention to add hostname but I'm not too sure what is the domain
Exemple:
192.168.1.10 hostname
192.168.1.10 hostname.domain
The domain is referring to the Windows domain or ?
According to some sites, they mention to add 2 lines but others said to add 4 lines. I've added 4, any issue?
export SECUDIR=/usr/sap/saprouter/
export SNC_LIB=/usr/sap/saprouter/lib/libsapcrypto.so
export LD_LIBRARY_PATH=/usr/sap/saprouter/lib
export LIBPATH=/usr/sap/saprouter/lib
In this thread, SAProuter and Telnet 3299 with error it mention to add hostname but I'm not too sure what is the domain
If your computer is the part of domain then you just add the IP and hostname only.
According to some sites, they mention to add 2 lines but others said to add 4 lines. I've added 4, any issue?
usually, we set only 2 variables (SNC_LIB, SECUDIR ).
while you can check with 2 and 4 respectively because these are the variables.
Regards,
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.