cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Installing an additional application server behind a firewall

Go to solution
john_studdert
Participant

on ‎09-02-2015 10:32 PM

0 Kudos

We have a requirement to install a NW Java additional application server instance in a different subnet (separated by a firewall) from the central installation of NW Java 7.3 (the central installation is using Windows clustering with 2 nodes, the server that we are installing the AAS on is not part of the cluster). All systems are installed on Windows 2008 R2 with SQL Server 2008 R2.


We've opened the usual ports on the firewall as per the SAP standard ranges (internal message server, public message server, 32xx/39xx, HTTP and HTTPS connections for both message server and application servers, SQL Server port, 445 for SMB etc.), but we're still having issues getting the AAS working. We can install it successfully but it fails to fully start up in the MMC. It looks like a network/firewall issue so we've been investigating the logs but with no luck so far.

We've already installed a similar set up successfully for an ABAP stack (a different application running NW 7.0) at this customer but not for a Java stack. I can of course provide detailed information on the error messages seen but wanted to ask first: has anyone had experience of a similar installation set up, and could point us to unusual/unexpected ports that need to be open or parameter changes that need to be made?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

john_studdert
Participant
‎09-03-2015 6:30 PM
0 Kudos

So in the interim we've managed to isolate the ports that were at issue on the firewall, added them and resolved the problem. In case anyone's interested the missing ports were 5NN20 on the two cluster nodes (this is a cluster manager port). Given that the additional application server in the different subnet is not part of the cluster, I'm not sure why this was needed but it was (on both nodes).

So the main port ranges we needed were 445, 32NN, 33NN, 36NN, 39NN, 48NN, 81NN, 444NN, 5NN01 - 5NN14 amongst others, and then 5NN20 as well.

Show replies
Show replies

Answers (1)

Answers (1)

yakcinar
Active Contributor
‎09-02-2015 10:53 PM
0 Kudos

Hello John,

Please check the document "TCP/IP Ports Used by SAP Applications" for the ports used by SAP servers.

Ther you will see the ports used by "SAP NetWeaver Application Server Java,J AVA EE Server ( internal ports) ".

You should permit some 5NN.. ports for Java instances.

Can't you monitor FW for coming requests from the new application server to central one when you are trying to start seerver?

Ther you could see denied ports also.

Regards,

Yuksel AKCINAR

Show replies
Show replies
john_studdert
Participant
‎09-03-2015 12:46 AM
0 Kudos

Hi Yüksel, thanks for the reply. I'm aware of the TCP/IP ports document - as I say, we've already opened ports for all the typical ports needed. I'll review it once again though to be sure.

We've also tried monitoring the firewall, as well as running network capture on the servers themselves using netsh, but haven't found much of use just yet. I'm happy to provide more detail on the error messages seen, but as I say just wanted to see if anyone had experience with such a scenario before and was aware of any "gotchas" to watch out for. I think it's worth asking that first before digging into such detail.

Former Member
‎09-03-2015 6:36 AM
0 Kudos

You can face many different problems during startup of AS Java instance. Therefore without log files or at least error message it is almost impossible to give any advice in the right direction.

john_studdert
Participant
‎09-03-2015 6:31 PM
0 Kudos

Yes understood, which is why I specified that I can add that detail but first wanted to get general impressions from anyone who may have tried this scenario before.

In fact, even though I've marked the question as answered, I'd still appreciate anyone chiming in with general experiences of this approach in particular from a maintenance/performance perspective.

Ask a Question