on 05-06-2014 10:09 AM
Hello Guru's
I hope someone can help me figure out what is wrong with my configuration.
Here's the thing, I have been trying to test RFC connection of SAPOSS via SM59 but it gives me error
DEV_LG
RSTR0006: Display Developer Traces
trc file: "dev_lg", trc level: 1, release: "701"
[Thr 8180] Tue May 06 15:37:10 2014
[Thr 8180] *** ERROR => NiBufIProcMsg: hdl 0 received rc=-93 (NIEROUT_INTERN) from peer [
[Thr 8180] *** ERROR => MsINiWrite: NiBufSend (rc=NIEROUT_INTERN) [msxxi.c 2480]
[Thr 8180] *** ERROR => MsIAttachEx: MsINiWrite (rc=NIEROUT_INTERN) [msxxi.c 734]
[Thr 8180] *** ERROR => LgIAttach: MsAttach (rc=NIEROUT_INTERN) [lgxx.c 3980]
[Thr 8180] *** ERROR => LgApplSrvInfo: LgIAttach(rc=LGEMSLAYER) [lgxx.c 1272]
[Thr 8180]
*****************************************************************************
*
[Thr 8180] * LOCATION SAProuter 40.4 on 'spwdfvml0575'
[Thr 8180] * ERROR spwdfvml0575: route permission denied (122.3.236.196 to
* oss001, sapmsO01)
[Thr 8180] *
* TIME Tue May 6 09:35:43 2014
[Thr 8180] * RELEASE 720
[Thr 8180] * COMPONENT NI (network interface)
[Thr 8180] * VERSION 40
[Thr 8180] * RC -93
[Thr 8180] * COUNTER 1294
[Thr 8180] *
[Thr 8180] *****************************************************************************
DEV_ROUT
---------------------------------------------------
trc file: "dev_rout", trc level: 1, release: "710"
---------------------------------------------------
Tue May 06 15:43:10 2014
SAP Network Interface Router, Version 39.3 (SP4)
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -S
command line arg 3: 3299
command line arg 4: -K
command line arg 5: p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "F:\usr\sap\saprouter\sapcrypto.dll".
File "F:\usr\sap\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 5032, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
####### i have deleted a lot of space here #######
Tue May 06 15:43:57 2014
*** ERROR => NiBufIProcMsg: hdl 23 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
Tue May 06 15:49:29 2014
*** ERROR => NiBufIProcMsg: hdl 16 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
Tue May 06 15:49:50 2014
*** ERROR => NiBufIProcMsg: hdl 17 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
Tue May 06 15:49:51 2014
*** ERROR => NiBufIProcMsg: hdl 18 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
Tue May 06 15:50:48 2014
*** ERROR => NiBufIProcMsg: hdl 19 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
Tue May 06 16:20:35 2014
*** ERROR => NiBufIProcMsg: hdl 20 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
Tue May 06 16:41:35 2014
*** ERROR => NiBufIProcMsg: hdl 21 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
*** ERROR => NiBufIProcMsg: hdl 38 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
Tue May 06 16:41:36 2014
*** ERROR => NiBufIProcMsg: hdl 22 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
*** ERROR => NiBufIProcMsg: hdl 23 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2123]
SAPROUTTAB
#SNC connection to & from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 * #SAPSERV2
#SNC connection to local system
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.XXX * #SERVER_IP_ADDRESS
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 122.3.236.XXX * #SAPROUTER_IP_ADDRESS
#Access from the local network to SAP
P 192.168.1.XXX 194.39.131.34 *
P 194.39.131.34 192.168.1.XXX *
P 192.168.1.XXX 194.39.131.34 *
P 194.39.131.34 192.168.1.XXX *
P 192.168.1.XXX 194.39.131.34 *
P 194.39.131.34 192.168.1.XXX *
P 192.168.1.XXX 194.39.131.34 *
P 194.39.131.34 192.168.1.XXX *
P 122.3.236.196 194.39.131.34 *
P 194.39.131.34 122.3.236.196 *
P 192.168.1.21 222.127.32.180 *
P 222.127.32.180 192.168.1.21 *
P * * *
#Deny all other connections
D * * *
Additional Info
Please help me!!!
Hi Maix,
[Thr 8180] * LOCATION SAProuter 40.4 on 'spwdfvml0575'
[Thr 8180] * ERROR spwdfvml0575: route permission denied (122.3.236.196 to
* oss001, sapmsO01)
Affected entry is
P 122.3.236.196 194.39.131.34 *
Please open port 3299 on your SAProuter public IP in Firewall. Post this check the RFC connection.
Hope this helps.
Regards,
Deepak Kori
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have you registered your saprouter ip into market place?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maix,
***LOG Q0I=> NiIRead: P=194.39.131.34:3299; L=0.0.0.0:1598: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 5082]
The log shows this issue relates with your network you may try at your Firewall end.It could be the reason for the issue.
Please refer SAP Note 413330 - Network timeouts
Regards,
Gaurav
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Guru's please check my DEV_ROUT file
---------------------------------------------------
trc file: "dev_rout", trc level: 2, release: "720"
---------------------------------------------------
Wed May 14 09:03:49 2014
NiIHSBufInit: initialize hostname buffer (IPv4)
NiHLInit: alloc host buf (200 entries)
NiSrvLInit: alloc serv bufs (200 entries)
NiIInit: allocated nitab (811 at 00000000023ADFF0)
NiIInit: host/serv bufs already initialized
SAP Network Interface Router, Version 40.4
Compiled Apr 1 2014 23:53:33
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -V
command line arg 3: 2
command line arg 4: -K
command line arg 5: p:CN=SAPRouter, OU=0000875061, OU=SAProuter,O=SAP, C=DE
service : 3299
routtab : ./saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
logfile : no logging active
portrange : no portrange active
local address : default address
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
GetUserName()="SysAdmin" NetWkstaUser="SysAdmin"
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "F:\usr\sap\saprouter\sapcrypto.dll".
DlLoadLib success: LoadLibrary("F:\usr\sap\saprouter\sapcrypto.dll"), hdl 0, addr 0000000010000000
using "F:\usr\sap\saprouter\sapcrypto.dll"
File "F:\usr\sap\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
SECUDIR="F:\usr\sap\saprouter" (from $SECUDIR)
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SAPCRYPTOLIB
Product Version = SAPCRYPTOLIB 5.5.5C pl30 (Jul 23 2010) MT-safe
<<- SncInit()==SAP_O_K
sec_avail = "true"
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=SAPRouter, OU=0000875061, OU=SAProuter,O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiMyHostName: hostname = 'eton-sapsolm1'
main: pid = 5824, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiICreateHandle: hdl 1 state NI_INITIAL_LIS
NiIInitSocket: set default settings for new hdl 1/sock 716 (I4; ST)
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 1 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 1 FALSE
NiIListen: state of hdl 1 NI_LISTEN
reading routtab: './saprouttab'
contents of routtab ('./saprouttab', 16 entries):
KT*,* p:CN=SAPRouter, OU=SAProuter, O 194.39.131.34/32 * *
KP*,* p:CN=SAPRouter, OU=SAProuter, O 192.168.1.21/32 * *
KP*,* p:CN=SAPRouter, OU=SAProuter, O 122.3.236.196/32 * *
P*,* 192.168.1.21/32 194.39.131.34/32 * *
P*,* 194.39.131.34/32 192.168.1.21/32 * *
P*,* 192.168.1.22/32 194.39.131.34/32 * *
P*,* 194.39.131.34/32 192.168.1.22/32 * *
P*,* 192.168.1.23/32 194.39.131.34/32 * *
P*,* 194.39.131.34/32 192.168.1.23/32 * *
P*,* 192.168.1.24/32 194.39.131.34/32 * *
P*,* 194.39.131.34/32 192.168.1.24/32 * *
P*,* 122.3.236.196/32 194.39.131.34/32 * *
P*,* 194.39.131.34/32 122.3.236.196/32 * *
P*,* 192.168.1.21/32 222.127.32.180/32 * *
P*,* 222.127.32.180/32 192.168.1.21/32 * *
P*,* 0:0:0:0:0:0:0:0/0 0:0:0:0:0:0:0:0/0 * *
******* NI-ROUTER LOOP ********
Wed May 14 09:03:59 2014
NiSelISelectInt: 1 handles selected (0 buffered)
CONNECT request received (hdl 1)
NiICreateHandle: hdl 9 state NI_INITIAL_CON
NiIInitSocket: set default settings for hdl 9/sock 704 (I4; ST)
NiIBlockMode: set blockmode for hdl 9 FALSE
NiIAccept: state of hdl 9 NI_ACCEPTED
NiIAccept: hdl 1 accepted hdl 9 from 122.3.236.196:1597
NiIAccept: hdl 9 took local address 192.168.1.21:3299
NiHLGetHostName: got address 122.3.236.196 from operating system
NiIGetHostName: addr 122.3.236.196 = hostname '122.3.236.196.pldt.net'
NiISetSockOpt: set option SOL_SOCKET-SO_KEEPALIVE of hdl 9 to TRUE
NiRConnHandle: C9/-1 has hdl 9
RTPENDLIST::addPendingCon: Added C9/-1 to list CONNECTED, STAT CONNECTED/-
RTPENDLIST::addPendingCon: total 1 pending CONNECTED connections
******* NI-ROUTER LOOP ********
NiIRead: hdl 9 received data (rcd=87,pac=1,MESG_IO)
NiSelISelectInt: 1 handles selected (1 buffered)
DATA from C9/-1 (122.3.236.196.pldt.net) received
NiRClientHandle: route received
executing NiRExRouteCon
NiRRouteRepl: copying input to route and replacing name
C9/-1 has NI-layer-version 38
NiBufIRouteToTable result from total 3 entries:
hostname /service
122.3.236.196 /
194.39.131.34 /sapdp99 < next
oss001 /sapmsOSS
NiSrvLGetServNo: got service name 'sapdp99' from operating system
NiIGetServNo: servicename 'sapdp99' = port 3299
NiSncGetPeer: hdl 9 not SNC enabled
NiLocalCheck: address 194.39.131.34 is not local
Setting outgoing SNC name to 'p:CN=SAPRouter, OU=SAProuter, O=SAP, C=DE'
route [ 0,1 hops, 122.3.236.196 to 194.39.131.34, 3299 ]
matches [ P255,255 122.3.236.196/32 194.39.131.34/32 * ]
NiICreateHandle: hdl 17 state NI_INITIAL_CON
NiIInitSocket: set default settings for new hdl 17/sock 692 (I4; ST)
NiIBlockMode: set blockmode for hdl 17 FALSE
NiIConnectSocket: connection of hdl 17 to 194.39.131.34:3299 in progress (timeout=0)
NiIConnect: hdl 17 took local address 0.0.0.0:1598
NiIConnect: state of hdl 17 NI_CONN_WAIT
NiSncIInitHdlSecurity for hdl 17
<<- SncSessionInit()==SAP_O_K
out: &snc_hdl = 00000000023E7400
<<- SncSetQOP()==SAP_O_K
in: qop values = "min=8 (default), max=8 (default), use=8 (default)"
resulting = "min=3 (old:3), max=3 (old:3), use=3 (old:3)"
<<- SncSessionInitiatorAK()==SAP_O_K
'target_acl_key' (addr=000000000202C394, len=87) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00453043 310b3009 06035504 06130244 .E0C1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 12301006 03550403 13095341 ter1.0.. .U....SA
0x00050 50526f75 746572 PRouter
parses to = "p:CN=SAPRouter, OU=SAProuter, O=SAP, C=DE"
->> SncProcessOutput(snc_hdl=00000000023E7400, ibuf=0000000000000000, ilen=0,
&idone=000000000202C290, &obuf=000000000202C260, &oused=000000000202C250)
<<- SncProcessOutput()==SAP_O_K
return values = "(no data) in=0 of 0, out=1517"
NiBufISendMsg: send opCode 70 to hdl 17 (dataLen=1517)
NiICheckPendConnection: connection of hdl 17 to 194.39.131.34:3299 still in progress (0)
NiICheckPendConnection: connection of hdl 17 to 194.39.131.34:3299 still in progress (0)
handshake for hdl 17 = 1
RTPENDLIST::addPendingCon: Added C9/17 to list ROUTED, STAT ROUTE_RECV/FREE
RTPENDLIST::addPendingCon: total 2 pending ROUTED connections
NiISetSockOpt: set option SOL_SOCKET-SO_KEEPALIVE of hdl 17 to TRUE
S9/17 has hdl 17
forward route to nirouter
NiICheckPendConnection: connection of hdl 17 to 194.39.131.34:3299 still in progress (0)
NiBufIAddToUserQueue: added buffer 000000000244CA70 to out-queue (hdl 17, 1 packets, heap 1898)
NiBufIAddToUserQueue: out-queue for hdl 17 down to 0 packets
stat of pair C9/17 is ROUTED
******* NI-ROUTER LOOP ********
NiICheckPendConnection: connection of hdl 17 to 194.39.131.34:3299 established
NiICheckPendConnection: state of hdl 17 NI_CONNECTED
NiIWrite: hdl 17 sent data (wrt=1723,pac=1,MESG_IO)
NiIRead: hdl 17 recv would block (errno=EAGAIN)
NiIRead: read for hdl 17 timed out (0ms)
NiSrvLGetServName: found port number 3299 in cache
NiIGetServName: port 3299 = servicename 'sapdp99'
***LOG Q0I=> NiIRead: P=194.39.131.34:3299; L=0.0.0.0:1598: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 5082]
*** ERROR => NiIRead: SiRecv failed for hdl 17/sock 692
(SI_ECONN_BROKEN/10054; I4; ST; P=194.39.131.34:3299; L=0.0.0.0:1598) [nixxi.cpp 5082]
NiSelISelectInt: 1 handles selected (1 buffered)
DATA from S9/17 (194.39.131.34) received
NiBufISendErr: send ni-error rc -95 to hdl 9
NiIWrite: hdl 9 sent data (wrt=302,pac=1,MESG_IO)
NiRCloseConn: closing S9/17
NiICloseHandle: shutdown and close hdl 17/sock 692
<<- SncSessionDone()==SAP_O_K
NiBufIClose: freed out-queue (hdl 17, heap 0)
NiICloseHandle: shutdown and close hdl 9/sock 704
******* NI-ROUTER LOOP ********
Wed May 14 09:04:04 2014
NiSelISelectInt: 0 handles selected (0 buffered)
******* NI-ROUTER LOOP ********
thank you in advance!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have you checked the hostfile entries ?
check for
sapdp99 3299/tcp
//venkat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maix,
Please check it once again you are Routtab.
Thanks
Nag.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nag Raj
Below is my SAPROUTTAB
SAPROUTTAB
#SNC connection to & from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 * #SAPSERV2
#SNC connection to local system
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.XXX * #SERVER_IP_ADDRESS
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 122.3.236.XXX * #SAPROUTER_IP_ADDRESS
#Access from the local network to SAP
P 192.168.1.XXX 194.39.131.34 *
P 194.39.131.34 192.168.1.XXX *
P 192.168.1.XXX 194.39.131.34 *
P 194.39.131.34 192.168.1.XXX *
P 192.168.1.XXX 194.39.131.34 *
P 194.39.131.34 192.168.1.XXX *
P 192.168.1.XXX 194.39.131.34 *
P 194.39.131.34 192.168.1.XXX *
P 122.3.236.196 194.39.131.34 *
P 194.39.131.34 122.3.236.196 *
P 192.168.1.21 222.127.32.180 *
P 222.127.32.180 192.168.1.21 *
P * * *
#Deny all other connections
D * * *
Do you see anything wrong with it?
Hi Maix,
Share the result for the following command netstat -a | grep 3299 from your router end.Also perform deletion of RFC SAPOSS in Tx SM59, then configure the RFC in OSS1 transaction again. Test the RFC connection and share the messages with us.
Second try to remove D * * * and test once again.
#Deny all other connections
D * * *
Regards,
Gaurav
Hi Maix
Could you refer the SAP Notes for Error
" [Thr 8180] * LOCATION SAProuter 40.4 on 'spwdfvml0575'
[Thr 8180] * ERROR spwdfvml0575: route permission denied (122.3.236.196 to
* oss001, sapmsO01) "
24177 - OSS1: Message S1452: Connection to Message Server
96655 - Steps to take if you cannot logon to OSS or SAP system
30289 - SAProuter documentation
Regards
SS
Hi Maix Serrano,
Kindly try to change the saprouttab to the following:-
# SNC-connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
# SNC-connection from SAP to local R/3 System for Support
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.XXX *
# SNC-connection from SAP to local R/3 System for saptelnet,
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.XXX 23
# Access from the local network to SAPNet - R/3 Frontend (OSS)
P 192.168.1.XXX 194.39.131.34 *
p * * *
To check if firewall mistake or other?
BR
Said Shepl
Hi Maix,
I think Like this...
# SNC connection to SAP
KT "p:CN=sapserv1, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
# SNC-connection from SAP to local R/3-System for Suport
KP "p:CN=sapserv1, OU=SAProuter, O=SAP, C=DE" 192.168. . . 3299
# SNC-connection from SAP to local R/3-System for PCANYwhere
# KP "p:CN=sapserv1, OU=SAProuter, O=SAP, C=DE" <Server> 5631
# SNC-connection from SAP to local R/3-System for saptelnet
# KP "p:CN=sapserv1, OU=SAProuter, O=SAP, C=DE" <Server> 23
# Access from your local Network to SAP R/3 Frontend (OSS)
P * 194.*.*.* 3299
# All other connections will be denied
D * * *
Thanks
Nag.
Can you telnet port 3299 from your SAP system to your SAPROUTER?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.