on 10-02-2015 11:32 AM
Hello Gurus,
We are facing issues while connecting to SAP systems.
Gateway , dispatcher and message server ports are configured in services file.
Network team says all ports are open.
I am able to telnet Dispatcher and Message server ports, but gateway ports are giving connection refused error..
Network team says if there is connection refused error , then that means that the server is rejecting the connection , and it is not an issue with ports.
If it is an issue with port, it will give timeout error. Hence in this case, they are saying it is not a network issue
Can you please throw some light on this issue?
Is there any other place where I need to check or any other ways which will help me troubleshoot the issue.
Thanks,
Sowmya
Hi All,
I need few more clarification.
I am able to connect to the system after connecting to customer network. I can see gateway connections open in smgw - i can see some active sessions in gateway with status connected. Does that mean that gateway port is opened?
My colleague from some other company is unable to access the systems. Issue is a bit more complicated here. He is able to access few SAP systems and few systems are not accesible.
And for those SAP systems , the only difference i can see is Gateway ports are giving connection refused if I do a telnet of it. and the local network team checked my colleague's settings . everything is fine... I want to trace all the ports which he is trying to , I was thinking about niping test , but it even times out in my laptop when I test it , though i am able to login into the system.
Is there any other detail testing mechanism ? I tried tracert also . it is giving time out even for a system which I am able to connect to . Can I rely on these tools?
Is there any other way to test?
Thanks
Sowmya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Isaias,
Thanks for your reply. telnet for dispatcher port is working fine . Yeah as you said , it will not use gateway port. But I could not see any other differences when I compare the ports of two SAP systems , One system which I am able to connect and the other one which I am not able to connect.
KR,
Sowmya
Hi Sowmya:
As Isaias mentioned Telnet/niping are the tools that you can check to test basic connectivity checks. niping should work from your laptop atleast if connectivity is fine from your end.
I would suggest once you perform the connectivity test using niping, go ahead and advise your colllegue to do the same and provide you the results.
Following link provides simple example where you can start niping -s on the server side. Client request can sent from your machine and then later on your colleagues machine. Check and compare the results.
But in this case they would need to open one more port at the firewall, as "niping -s" is starting a niping server.
Niping will use the port "3298" by default, when started as a server.
I would say that this is not actually "required".
You can test from the client computers only, using:
niping -c -H <hostname/IP of SAP server> -S <SAP port to test> -O
-> the last character is the uppercase letter "o", not the number zero
For example, to test the Dispatcher port of an SAP instance number 15:
niping -c -H <hostname> -S 3215 -O
Regards,
Isaías
Thanks all for your inputs. I will check and feedback 🙂
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Sowyma,
Simple way for you to prove it is by running your telnet commands on the server where the SAP system is running. Not from another server but on the server that you are trying to connect to. That proves beyond any shadow of a doubt that the services are running and listening on the defined ports.
eg: taking instance number 14 as an example.
telnet localhost sapdp14
telnet localhost sapms<SID>
telnet localhost sapgw14
You can run a 'grep' on the /etc/services file for each of the above and then perform a 'netstat -an | grep <your port number from services file>
eg: netstat -an | grep 3314
You would get an output that should show the IP addresses on which this port is being listened upon with a "LISTEN" in the output.
Hope this helps you a bit in your adventure.
KR,
Amerjit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Just to add in 2 cents (as I used to admin a Cisco ASA and dealt with other firewalls) a firewall is a 'stateful' device it has to log all connections coming into it and what it is being translated/routed to (aka the destination).
Your network team should be able to show you the logs/trace on the device to prove or disprove how it is handling the traffic.
Also on another note firewalls are also not just set to use layer 3 or 4 they can interfere as far as layer 7, and I have seen issues with SIP protocols and timeout issues due to firewalls mis-handling the traffic and causing VoIP phone outages.
Was trying to keep the information in the same threads for everyone's benefit in knowing; pulling up the logs or syslog for a firewall is even easier than setting traces in systems.
Now if the network team has purposely gone in and disabled logging or changed some log related settings it can make things difficult; however if you have a network team that disabled logging on a company firewall, it might be worth asking if you want to work there.
Hi Sowmya,
Have you checked that the system number of the gateway is correct?,,, Go to SMGW -> Parameters and check the instance "gateway service", if you have an standalone gateway check that is running.
Regards, Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Juan,
gateway process is up and running and I can see gateway sessions with status connected in smgw as well.
Can you let me know if connection refused error in telnet is a port issue or an authentication issue from the server side?
Our network team says that the port is open , and if port is not open , the error will be time out and not connection refused.
Thanks,
Sowmya
Hello,
Access the SAP server itself, at operating system level, and perform the same telnet command (to the Gateway port).
It will work.
Then, go to your workstation and try a telnet to the Dispatcher and to the Gateway.
The telnet to the Dispatcher will work (which means that your workstation can reach the server through the network).
The telnet to the Gateway will fail.
This should be proof enough .
Regards,
Isaías
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.