on 10-03-2014 8:38 AM
Hello Everyone:
When i try to logon to SAPNet, i got the error [ sapserv9:route permission denied ( my public ip to oss001 sapdp01 ) ].
I try to use the command to test connection on sap router.
saprouter -r -K "CN =saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE"
show the error
Error SNC processing failed:SncSetMyNameU
Time Fri Oct 03 10:19:15 2014
Release 720
Component NI (network interface)
Version 40
RC -17
Module nisnc.c
Line 576
Detail NisncInit: sncrc=-35
Please help me, Thank all.
Hi Lance,
# SNC connection to and from SAP
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *
# Access from local network to SAP
P <your_lserver_local_IP> 169.145.197.110 3299
3. Do a test connection for RFC SAPOSS (sm59). If reports error logon credential should have an user oss_rfc. edit and re-enter the pwd: cpic
4. Also you have missed a letter "p" on the start command.
saprouter -r -K "CN =saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE"
it should be --> saprouter -r -K "p:CN =saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE"
Try the above and share your results. (if possible share ur routtab file to help you better)
Cheers!!
Mahendra varman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All:
My routertab,as below [ saprouter server→public ip:114.30.44.35 private ip:192.168.254.35 ]
# SNC connection to and from SAP
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *
# SNC connection to local system for R/3-Support
# R/3 Server: 192.168.1.1
# R/3 Instance: 00
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.254.35 3200
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 114.30.44.35 3200
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.254.35 3299
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 114.30.44.35 3299
# SNC connection to local WINDOWS system for WTS, if applicable
# Windows server: 192.168.1.2
# Default WTS port: 3389
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" * 3389
# SNC connection to local UNIX system for SAPtelnet, if applicable
# UNIX server: 192.168.1.3
# Default Telnet port: 23
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" * 23
# SNC connection to local Portal system for URL access, if applicable
# Portal server: saprouter.infortrend
# Port number: 50003
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" saprouter.infortrend 50003
# Access from local network to SAP
P * 169.145.197.110 3299
P * 169.145.197.110 3200
P 169.145.197.110 * 3299
P 169.145.197.110 * 3200
P * 192.168.254.35 3200
P * 192.168.254.35 3299
P 192.168.254.35 * 3200
P 192.168.254.35 * 3299
P * 114.30.44.35 3200
P * 114.30.44.35 3299
P 114.30.44.35 * 3200
P 114.30.44.35 * 3299
P 192.168.254.35 169.145.197.110 3299
P 192.168.254.35 169.145.197.110 3200
P 169.145.197.110 192.168.254.35 3200
P 169.145.197.110 192.168.254.35 3299
P 114.30.44.35 192.168.254.35 3200
P 114.30.44.35 192.168.254.35 3299
P 169.145.197.110 114.30.44.35 3200
P 169.145.197.110 114.30.44.35 3299
# deny all other connections
D * * *
Hi Mahendra:
When i add a letter "p" on the start command
saprouter -r -K "p:CN =saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE"
I got it, as below
trcfile dev_rout
no logging active
Warning: wildcard character used in route target
Hi Lance,
You saprouttab seems good, except some unwanted permissions (not a problem though).
When i add a letter "p" on the start command
saprouter -r -K "p:CN =saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE"
I got it, as below
trcfile dev_rout
no logging active
Warning: wildcard character used in route target
The above message shows that your sap router is started normally. It seems you are closing the command prompt once you get this above output.
If you close the command prompt then the saprouter will shut down.
Have you registered your saprouter as service?? if not follow the instructions.
1. open command prompt as administrator. (rightlick cmd and choose run as administrator) and navigate to the install DIR of saprouter (folder where you can find saprouter.exe)
2. type the following command. (make sure the command is entered in single line. copying & pasting the from this post would have a line breaks. Hence copy the below commands to notepad and delete the line breaks before pasting it to command prompt)
sc.exe create SAPRouter binPath= "<path>\saprouter.exe service -r -S 3299 -W 60000 -R <path>\saprouttab -K ^p:CN=saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE^"
3. You would get an output saying service "SAPRouter" created sucessfully.
4. Open "regedit.exe" and edit the string "ImagePath" under following location.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ saprouter
5. Replace ^ with " and click OK. The updated value should look like below
<path>\saprouter.exe service -r -S 3299 -W 60000 -R <path>\saprouttab -K "p:CN =saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE"
6. Now open "services" right click "SAPRouter" and choose properties. click on "Log On" tab and choose "This account".
Type the user ID which you have given rights for the local.pse while configuring saprouter (most likely your current <sid>adm), type password and then click apply.
If you are unsure about the user, then open cmd navigate to path where you can find sapgenpse.exe (most likely <inst_path>\<architecture> folder
ex: D:\usr\sap\saprouter\ntamd_64) and type sapgenpse get_my_name -v -n Issuer
if you get an output CN=saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE then your current user has the right to start saprouter. if not log on
to other possible users and try the above.
7. Now right click on the service and start the service. You can go to transaction sm59 and test the connection for SAPOSS.
It is recommended to set the start up type of SAProuter service as "Automatic".
Cheers!!
Mahendra varman
Hi Mahendra:
I registered the saprouter as service. Then i try oss1 to "logon to SAPNet".
I got a new error,as below
SNC processing failed:
SncSessionInitiatorAK
Location SAProuter 40.4 on `saprouter`
Time Mon Oct 06 17:14:36 2014
Comonent NI(network interface)
Release 720
Version 40
Module nisnc.c
Line 1182
Method NisncIInitHdlSecurity: sncrc=-4:0291FFD8
Return Code -104
Counter 20
Thank you for your help
Hi Lance,
It seems that the user ID which you specified while registering service, is not authorized to start saprouter .
SNC processing failed:
SncSessionInitiatorAK
SncSessionInitiator in the above message points to the user which you have used while configuring saprouter.
i.e When you used the following command sapgenpse seclogin -p <path>\<psefile> -O <SNC_admin>
You would have used <SID>adm or some other user in place of <SNC_admin>
1. Have you given the same user on the step 6 on my previous post?
2. Have you executed the following command sapgenpse get_my_name -v -n Issuer and got output as
CN=saprouter, ou=0000612483,ou=SAProuter,O=SAP,C=DE ?
Regards
Mahendra varman
Hi Lance
Have you do the technical settings in transaction code oss1? kindly follow the settings as described in the SAP Note - 33135 - Guide for OSS1
BR
SS
Hi All:
I modify my "logon account" of "saprouter service". I use the tcode oss1 to test.
Now I can see "select a group", then i choose one option.
Finally, I still get the error,as below
sapserv9: route permission denied (114.30.44.35 to 10.16.0.38, sapdp01)
Location SAProuter 39.3 (SP4) on `sapserv9`
Time Tue Oct 7 13:20:21 2014
Component NI (network interface)
Release 710
Version 39
Return Code -93
Counter 72
Hello Lance
add the following entry in the saprouttab of your SAProuter:
P sapserv2 (your ip to oss) (free port no)
Restart the router and check if it is working .
Thanks
Sami Abdul
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Lance,
what is the full error text, which you get? What is seen for "location" in the error message? If "location" is sapserv9, then probably you need to contact SAP.
Regards,
Alwina
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.