cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Business One 9.2 web access external URL

Go to solution
fcpeomaior
Participant

on ‎11-21-2015 2:52 PM

0 Kudos

Hi,

We are just testing SAP 9.2 with web browser access and it's great!

We need to test SBO via web browser outside our company but we have this error: after we redirect SBO server internal IP in our router, we can't access SBO externally via browser, since it always redirects to the internal SBO ip address.

We tried also to configure the external IP address in "External Address Mapping" in SLD but it does not work also:

Does anybody knows how to redirect it?

Thanks

mdias

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member277419
Explorer
‎02-07-2016 1:45 PM

I have resolve the problem editing location tag in SLD-Config that you can found in C:\Program Files (x86)\SAP\SAP Business One BAS GateKeeper\tomcat\conf

Show replies
Show replies
fcpeomaior
Participant
‎02-07-2016 10:37 PM
0 Kudos

Hello Claudio,

Can you provide more details on how you have solved this issue?

Thanks,

mdias

fcpeomaior
Participant
‎02-09-2016 10:58 PM
0 Kudos

Hello Claudio,

I tested only by changing the SLD-config.XML file in the folder you mentioned (C:\Program Files (x86)\SAP\SAP Business One BAS GateKeeper\tomcat\conf), and changed the hostname by the external IP address and it worked!

Thanks!

mdias

former_member278863
Explorer
‎07-08-2016 1:45 PM
0 Kudos

Hello Everyone,

This is not a valid approach to solve such issues, please dont use this workaround.

This address has to be internal always in SLD-config.XML.

Thanks.

BR,
Parvesh Chopra

BattleshipCobra
Contributor
‎07-08-2016 4:40 PM
0 Kudos

Hey Parvesh Chopra,

I think we are all in the dark.  SAP has not provided sufficient documentation to install the browser access gateway and certificate so we are just trying what we can.

Please provide clear step by step instructions on how you install the BAG and how you create an SSL certificate.

We would all love to know the best way to do it but we don't have any other options.

Thank you,

Mike

EunSeok_Bang
Product and Topic Expert
Product and Topic Expert
‎07-12-2016 8:22 AM
0 Kudos

Hi Taylor

Recently, How-to-guide was published in the PartnerEdge portal.

SAP PartnerEdge

Regards

EunSeok

Answers (8)

Answers (8)

Former Member
‎12-21-2015 1:19 PM

Hello,

we had the same problem and had solved it.

We give the Server an public WWW IP Adress, a DNS and a SSL.

We uninstall Gatekeeper and SBO Service Manager (Licence Service + System Landscape).

Created a SSL for the Machine with the External Name. Install the SSL on the Machine.

Reinstall the SBO Service Manager (Licence Service + System Landscape) using this SSL.

Check you can access SLD from outside of your network with the SSL and the external name.

Reinstall the Gatekeeper with the the external name. When gatekeeper ask for name of SLD use the external one.

We used 9.2 preview version PL 0.

HTH

Martina

Show replies
Show replies
Former Member
‎12-30-2015 3:14 PM
0 Kudos

Wasn't successfull for me. Can you explain in detail?

patrice_vigier
Participant
‎09-07-2016 7:54 AM
0 Kudos

Hello everybody

,

I have followed the procedure for external web access, but I have an error :

Do you have an idea how to resolve it?

Show replies
Show replies
fcpeomaior
Participant
‎09-13-2016 6:18 PM
0 Kudos

Hi everybody,

With new version 92PL04, it seems SAP has done it correctly...

I just tested with the following config:

- installed SAP 9.2 PL04 normally, without any custom config for b1i (self certificate, localonly=true, etc)

- added these 2 entries in "External Address Mapping" under SLD config, with external IP address:

- added ports 8100 and 30000-30010 to firewall

And it worked fine!

Manuel Dias

patrice_vigier
Participant
‎09-13-2016 7:24 PM
0 Kudos

This configuration did not work on 92PL03?

I tried your suggestion on 92PL03, I do not have an error anymore but a Timeout. The firewall is fine it let data go. (I'm on Hana, I use 40000 )

First I use URL https://MyExternalIP:8100/dispatcher/ Then the returned/timedout URL is https://MyExternalIP:40000/ControlCenter/saml2/idp/sso

is it normal?

fcpeomaior
Participant
‎09-14-2016 11:52 AM
0 Kudos

My colleagues tested this on version PL03 and had some errors, so I presume it did not work.

Former Member
‎06-22-2016 9:16 AM
0 Kudos

Sap Business One  Browser Access guidelines:

https://service.sap.com/~sapidb/012002523100007702962016E/HTG_B1_92_BrwsAcs.zip

If you are using HANA then use port 4000 other wise use port 30010 for MS-SQL

Full documentation

Message was edited by: Peter Hartwich; made URL sustainable

Show replies
Show replies
BattleshipCobra
Contributor
‎04-01-2016 9:20 AM
0 Kudos

I am unable to access my SLD externally.  Does anyone have any suggestions?  Could someone give me an example of the external address for their SLD and their external address for their browser access service?

Should both the external SLD and Browser Access Service be on the same port?

Any thorough guides out there?  I'm really having a hard time.  Thanks!

Show replies
Show replies
EunSeok_Bang
Product and Topic Expert
Product and Topic Expert
‎04-01-2016 10:28 AM
0 Kudos

Hi Taylor

If you use external address when you install the services, no need to register an external address mapping.

but when you use internal address or hostname while you install, you need to map external address (external URL or public IP) for these services in the External address mapping tab in SLD.

we can use a different port and domain name for an external URL than an internal URL too.

Here are some examples for external address mapping.

1) when star SSL is deployed to *.oec.com,

Browser access services: https://erp01.oec.com:8100/dispatcher

System landscape directory: https://hana.oec.com:40000/ControlCenter

Analytic platform: https://hana.oec.com:40000/Enablement

2) when a single SSL is deployed to sapb1.oec.com,

Browser access services: https://sapb1.oec.com:443

System landscape directory: https://sapb1.oec.com:444

Analytic platform: https://sapb1.oec.com:445

3) when using self-signed certificate,

Browser access services: https://52.91.200.11.8:8100/dispatcher

System landscape directory: https://54.85.217.210:40000/ControlCenter

Analytic platform: https://54.85.217.210:40000/enablement

After registration, you need to restart SAP Business One Browser Access Server Gatekeeper service in Browser access server too,

Regards

Eunseok

BattleshipCobra
Contributor
‎04-04-2016 7:01 PM
0 Kudos

OK, this is excellent information, thank you.

For now I'm doing self-signed.

When you say the external address for browser access is https://sapb1.oec.com:443 are you translating that in your port forwarding to go to 8100?  IE, is your port forwarding entry from 443 --> 8100?

Then in your SLD setup you have the external address set to: https://sapb1.oec.com:443 and then the internal will be https://<machine>:8100/dispatcher?

So the Broswer Access Gateway doesn't actually switch you from 443 --> 8100?  You need to set this up in your forwarding?  I seem to be getting no information and I don't even see any program listening on 443 from the outside.

But right now I'm forwarding external-ip:443 --> internal-machine:443 assuming the Browser Access will switch it over.

Am I wrong about this?

My plan is to forward port 8100 from the outside and port 30010 from the outside then map it to the same ports as internal just with the external IP.

Also, when I'm modifying the external address I noticed you sometimes use /ControlCenter and /dispatcher and sometimes you leave it just with the port.  Do you translate it somehow internally to forward from 443 --> :8100/dispatcher?  How should I understand this?


Thanks again for your help!  I'm still struggling to really get a grasp of how to set this up.

Mike

BattleshipCobra
Contributor
‎04-04-2016 7:10 PM
0 Kudos

Also, another question.  Why is it that you use port 8100 directly for the browser access but you use 40000 for the SLD.

Internally browser access defaults to 8100 and the SLD to 30010.

Why the difference for SLD?

JoergAldinger
Active Contributor
‎05-30-2016 11:23 PM
0 Kudos

Mike,

Port 40000 is the default for SAP B1 on HANA, port 30010 is the default for SQL.

Regards,

Joerg.

Former Member
‎02-11-2016 8:29 AM
0 Kudos

Hi Former Member,

     I've followed your solution. But I'm having a problem. Please see image.

Regards,

Show replies
Show replies
former_member277419
Explorer
‎02-11-2016 9:15 AM
0 Kudos

I think that if you have this error, the dns name that you have set on SLD-Config.xml isn't traslate corret from your internal DNS server.

For example if you set sld.corporate.com into the file, and a public DNS traslate this name with your pubic IP, your internal DNS server must translate sld.corporate.com with the private IP of your SLD Server.

fcpeomaior
Participant
‎02-11-2016 10:00 AM
0 Kudos

Hello Bryan,

We had an identical problem when we tried to use in our internal network: then we tested in google virtual machines and it works fine.

I believe the problem is related to what Claudio Maddalozzo says: you must be able to access the external IP address within your internal network, otherwise you will get this type of errors.

Regards,

Manuel Dias

Former Member
‎02-12-2016 5:44 AM
0 Kudos

Hi Former Member and ,

     I'm able to access our public IP in our internal network. But still having the error. I'm using only IP not a DNS.

Example Public IP: http://124.105.99.99:8100/dispatcher

This IP: 124.105.99.99 is already in the SLD-config.XML

Regards,

former_member277419
Explorer
‎02-12-2016 7:41 AM
0 Kudos

I Bryan,

I think that the correct way to use B1 Web Access from private and public network is to set SLD service with a DNS name, not with a IP address.

On private network the DNS name will be translate with the private IP and on public network will be translate with public IP.

Former Member
‎02-15-2016 1:48 AM
0 Kudos

Hi ,

     I've already changed it to DNS but still having the error. Also, I've changed Browser Access Service External URL to DNS.

Regards,

Former Member
‎03-17-2016 7:07 PM
0 Kudos

Saludos, has logrado sulucionar el problema?

Can you solve the problem?

hendraprakasa
Participant
‎06-02-2016 5:10 AM
0 Kudos

Hi,

I'm also facing the issue, when to mapping web browser access to external IP.

What I've changed :

1. on SLD External address ID, I've put up my external IP

2. I changed tomcat configuration & change to external IP

     C:\Program Files (x86)\SAP\SAP Business One BAS GateKeeper\tomcat\conf

3. I've restared SLD & gatekeeper, but when try it still error 500

is there any step I'm missing ?

Regards,

Hendra

hendraprakasa
Participant
‎06-02-2016 7:08 AM
0 Kudos

I've reinstalled Gatekeeper,

and setup IP Public on SLD webdispatcher,

now from my ip public can see the web browser login,

but after login, it still redirect local IP hostname.

I changed the tomcat configuration

C:\Program Files\SAP\SAP Business One BAS GateKeeper\tomcat\conf

and restart the gatekeeper, but now, i see this error message.

I used only self signed certificate.

Help how to solve this ?

BattleshipCobra
Contributor
‎06-02-2016 6:49 PM
0 Kudos

Hey Hendra, do your setup using the internal address.  Something like http://srv-sap02.forgestik.loc:8100/dispatcher and map your external ports for both the SLD and the Browser Access Service to the same ports.  We used https://vpn-client.forgestik.com:8100/dispatcher for example.  SLD would be externally mapped to https://vpn-client.forgestik.com:30010/ControlCenter.

THEN, the trick is to go to: C:\Program Files (x86)\SAP\SAP Business One BAS GateKeeper\tomcat\conf\SLD-config.xml

There is an XML tag called <location> which you need to map to the external address.  In our case what worked was <location>https://vpn-client.forgestik.com:30010</location>

This is all with a self-signed cert.  I have not had a chance to make a real certificate yet.  There is documentation how to do it and a new guide from SAP to deploy the BAG but again, I have not had a chance to dig into it yet.

Thanks!

Mike

hendraprakasa
Participant
‎06-03-2016 3:17 AM
0 Kudos

Hi Mike,

do your setup using the internal address.  Something like http://srv-sap02.forgestik.loc:8100/dispatcher

where to setup this ? on SLD - external address ??

and map your external ports for both the SLD and the Browser Access Service to the same ports.  We used https://vpn-client.forgestik.com:8100/dispatcher for example.

where to setup this ? on mikrotik ?

Thanks & Regards,

Hendra

BattleshipCobra
Contributor
‎06-03-2016 5:29 PM
0 Kudos

For your first question, RE: 8100/dispatcher you set it up when you setup the browser access gateway.  I should have said "srv-sap02" which is the machine name but it came out with the full address of http://srv-sap02.forgestik.loc:8100/dispatcher.  This includes the domain ".forgestik.loc" and the browser access specifics of ":8100/dispatcher" and I believe you just need to enter the machine name int he setup wizard.

For the second question you do the port forwarding in your router.  So you want to make a port forwarding rule to map your outside IP on port 8100 and 30010 to the same ports on your browser access server (where it's installed).  This is what's known as a 1:1 port mapping.

You would be able to access internally with http://srv-sap02.forgestik.loc:8100/dispatcher in my example but to see it from outside you need the port forwarding (obviously your exact machine name will differ).

The other part of the setup is in the SLD.  Go to your license service in Server Tools on your SAP server and login using the B1SiteUser and you will see tabs for external port mapping.  Then don't forget to update the XML file I mentioned in the previous post.

Mike

Former Member
‎06-06-2016 5:04 PM
0 Kudos

hello Bryan
Have you solved this problem.???
If yes than please share
Because I am facing same problem..

hendraprakasa
Participant
‎06-07-2016 3:03 AM
0 Kudos

Yes, Finnaly I can configure to the external address

- uninstall gate keeper

- install gate keeper input external address

- open sld, external adress mapping, for SLD & browser access, change to external IP address

     SLD : https://externalip:30010/ControlCenter

     Browser acc : https://externalip:8100/dispatcher

- open sld.config in C:\Program Files\SAP\SAP Business One BAS GateKeeper\tomcat\conf

     change the IP to external IP address

- restart gate keeper

- open browser access https://externalip:8100/dispatcher

- and VOILA!

Regards,

Hendra

Former Member
‎06-07-2016 10:11 AM
0 Kudos

Nice

garijulio_einsfeldt
Explorer
‎02-08-2016 12:31 PM
0 Kudos

Let me contribute.

I have in mind that he opened the tomcat configuration file:

<installation dir>\Tomcat\webapps\B1iXcellerator\xcellerator.cfg

And change the parameters:

xcl.webdav=full

xcl.http.localOnly=false

Also have had to deal with firewall and proxy configuration if these components are part of you connection landscape.

Regards!

Show replies
Show replies
EunSeok_Bang
Product and Topic Expert
Product and Topic Expert
‎12-14-2015 3:23 PM
0 Kudos

Hi,

In additin to the BA service, you need to map SLD service to the external address. it's because it interacts with the BA service as an IDP(identity provider).

Regards

Eunseok

Show replies
Show replies
Former Member
‎12-18-2015 10:46 AM
0 Kudos

Hello Manuel,

have you solved this problem?

Regards

Ronny

fcpeomaior
Participant
‎12-18-2015 11:03 AM
0 Kudos

Hello Ronny,

No, I am waiting for 9.2 rampup version because I believe this is either a bug or SAP has any other solution to support this type of installations,

Since 9.2 rampup version is already available, we will try to install it and check it.

Regards,

mdias

former_member203816
Active Contributor
‎11-22-2015 6:08 AM
0 Kudos

HI,

I think SAP B1 Web browser initially works only within a network.

You can't access outside of the network.

Thanks,

Tushar

Show replies
Show replies
fcpeomaior
Participant
‎11-23-2015 12:14 PM
0 Kudos

Hi Tushar,

I believe the web access is to provide SBO access to anywhere, as long the connection is secure, which is the case.

Currently I can access SBO outside my company network with a browser, if I add the SLD address name to my hosts file in Windows. However this is not an easy step to perform in a Windows OS, and there must be an easy way to accomplish this...

Thanks,

Manuel Dias

chinghianguyen
Explorer
‎11-26-2015 9:31 PM
0 Kudos

Hi Manuel,

You can put the [sap92demo] as a computer into your computer's host file. It will working.

Regards,

Nghia

Ask a Question