on 11-21-2015 2:52 PM
Hi,
We are just testing SAP 9.2 with web browser access and it's great!
We need to test SBO via web browser outside our company but we have this error: after we redirect SBO server internal IP in our router, we can't access SBO externally via browser, since it always redirects to the internal SBO ip address.
We tried also to configure the external IP address in "External Address Mapping" in SLD but it does not work also:
Does anybody knows how to redirect it?
Thanks
mdias
I have resolve the problem editing location tag in SLD-Config that you can found in C:\Program Files (x86)\SAP\SAP Business One BAS GateKeeper\tomcat\conf
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Parvesh Chopra,
I think we are all in the dark. SAP has not provided sufficient documentation to install the browser access gateway and certificate so we are just trying what we can.
Please provide clear step by step instructions on how you install the BAG and how you create an SSL certificate.
We would all love to know the best way to do it but we don't have any other options.
Thank you,
Mike
Hi Taylor
Recently, How-to-guide was published in the PartnerEdge portal.
Regards
EunSeok
Hello,
we had the same problem and had solved it.
We give the Server an public WWW IP Adress, a DNS and a SSL.
We uninstall Gatekeeper and SBO Service Manager (Licence Service + System Landscape).
Created a SSL for the Machine with the External Name. Install the SSL on the Machine.
Reinstall the SBO Service Manager (Licence Service + System Landscape) using this SSL.
Check you can access SLD from outside of your network with the SSL and the external name.
Reinstall the Gatekeeper with the the external name. When gatekeeper ask for name of SLD use the external one.
We used 9.2 preview version PL 0.
HTH
Martina
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi everybody,
With new version 92PL04, it seems SAP has done it correctly...
I just tested with the following config:
- installed SAP 9.2 PL04 normally, without any custom config for b1i (self certificate, localonly=true, etc)
- added these 2 entries in "External Address Mapping" under SLD config, with external IP address:
- added ports 8100 and 30000-30010 to firewall
And it worked fine!
Manuel Dias
This configuration did not work on 92PL03?
I tried your suggestion on 92PL03, I do not have an error anymore but a Timeout. The firewall is fine it let data go. (I'm on Hana, I use 40000 )
First I use URL https://MyExternalIP:8100/dispatcher/ Then the returned/timedout URL is https://MyExternalIP:40000/ControlCenter/saml2/idp/sso
is it normal?
Sap Business One Browser Access guidelines:
https://service.sap.com/~sapidb/012002523100007702962016E/HTG_B1_92_BrwsAcs.zip
If you are using HANA then use port 4000 other wise use port 30010 for MS-SQL
Message was edited by: Peter Hartwich; made URL sustainable
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am unable to access my SLD externally. Does anyone have any suggestions? Could someone give me an example of the external address for their SLD and their external address for their browser access service?
Should both the external SLD and Browser Access Service be on the same port?
Any thorough guides out there? I'm really having a hard time. Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Taylor
If you use external address when you install the services, no need to register an external address mapping.
but when you use internal address or hostname while you install, you need to map external address (external URL or public IP) for these services in the External address mapping tab in SLD.
we can use a different port and domain name for an external URL than an internal URL too.
Here are some examples for external address mapping.
1) when star SSL is deployed to *.oec.com,
Browser access services: https://erp01.oec.com:8100/dispatcher
System landscape directory: https://hana.oec.com:40000/ControlCenter
Analytic platform: https://hana.oec.com:40000/Enablement
2) when a single SSL is deployed to sapb1.oec.com,
Browser access services: https://sapb1.oec.com:443
System landscape directory: https://sapb1.oec.com:444
Analytic platform: https://sapb1.oec.com:445
3) when using self-signed certificate,
Browser access services: https://52.91.200.11.8:8100/dispatcher
System landscape directory: https://54.85.217.210:40000/ControlCenter
Analytic platform: https://54.85.217.210:40000/enablement
After registration, you need to restart SAP Business One Browser Access Server Gatekeeper service in Browser access server too,
Regards
Eunseok
OK, this is excellent information, thank you.
For now I'm doing self-signed.
When you say the external address for browser access is https://sapb1.oec.com:443 are you translating that in your port forwarding to go to 8100? IE, is your port forwarding entry from 443 --> 8100?
Then in your SLD setup you have the external address set to: https://sapb1.oec.com:443 and then the internal will be https://<machine>:8100/dispatcher?
So the Broswer Access Gateway doesn't actually switch you from 443 --> 8100? You need to set this up in your forwarding? I seem to be getting no information and I don't even see any program listening on 443 from the outside.
But right now I'm forwarding external-ip:443 --> internal-machine:443 assuming the Browser Access will switch it over.
Am I wrong about this?
My plan is to forward port 8100 from the outside and port 30010 from the outside then map it to the same ports as internal just with the external IP.
Also, when I'm modifying the external address I noticed you sometimes use /ControlCenter and /dispatcher and sometimes you leave it just with the port. Do you translate it somehow internally to forward from 443 --> :8100/dispatcher? How should I understand this?
Thanks again for your help! I'm still struggling to really get a grasp of how to set this up.
Mike
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think that if you have this error, the dns name that you have set on SLD-Config.xml isn't traslate corret from your internal DNS server.
For example if you set sld.corporate.com into the file, and a public DNS traslate this name with your pubic IP, your internal DNS server must translate sld.corporate.com with the private IP of your SLD Server.
Hello Bryan,
We had an identical problem when we tried to use in our internal network: then we tested in google virtual machines and it works fine.
I believe the problem is related to what Claudio Maddalozzo says: you must be able to access the external IP address within your internal network, otherwise you will get this type of errors.
Regards,
Manuel Dias
Hi Former Member and ,
I'm able to access our public IP in our internal network. But still having the error. I'm using only IP not a DNS.
Example Public IP: http://124.105.99.99:8100/dispatcher
This IP: 124.105.99.99 is already in the SLD-config.XML
Regards,
Hi,
I'm also facing the issue, when to mapping web browser access to external IP.
What I've changed :
1. on SLD External address ID, I've put up my external IP
2. I changed tomcat configuration & change to external IP
C:\Program Files (x86)\SAP\SAP Business One BAS GateKeeper\tomcat\conf
3. I've restared SLD & gatekeeper, but when try it still error 500
is there any step I'm missing ?
Regards,
Hendra
I've reinstalled Gatekeeper,
and setup IP Public on SLD webdispatcher,
now from my ip public can see the web browser login,
but after login, it still redirect local IP hostname.
I changed the tomcat configuration
C:\Program Files\SAP\SAP Business One BAS GateKeeper\tomcat\conf
and restart the gatekeeper, but now, i see this error message.
I used only self signed certificate.
Help how to solve this ?
Hey Hendra, do your setup using the internal address. Something like http://srv-sap02.forgestik.loc:8100/dispatcher and map your external ports for both the SLD and the Browser Access Service to the same ports. We used https://vpn-client.forgestik.com:8100/dispatcher for example. SLD would be externally mapped to https://vpn-client.forgestik.com:30010/ControlCenter.
THEN, the trick is to go to: C:\Program Files (x86)\SAP\SAP Business One BAS GateKeeper\tomcat\conf\SLD-config.xml
There is an XML tag called <location> which you need to map to the external address. In our case what worked was <location>https://vpn-client.forgestik.com:30010</location>
This is all with a self-signed cert. I have not had a chance to make a real certificate yet. There is documentation how to do it and a new guide from SAP to deploy the BAG but again, I have not had a chance to dig into it yet.
Thanks!
Mike
Hi Mike,
do your setup using the internal address. Something like http://srv-sap02.forgestik.loc:8100/dispatcher
where to setup this ? on SLD - external address ??
and map your external ports for both the SLD and the Browser Access Service to the same ports. We used https://vpn-client.forgestik.com:8100/dispatcher for example.
where to setup this ? on mikrotik ?
Thanks & Regards,
Hendra
For your first question, RE: 8100/dispatcher you set it up when you setup the browser access gateway. I should have said "srv-sap02" which is the machine name but it came out with the full address of http://srv-sap02.forgestik.loc:8100/dispatcher. This includes the domain ".forgestik.loc" and the browser access specifics of ":8100/dispatcher" and I believe you just need to enter the machine name int he setup wizard.
For the second question you do the port forwarding in your router. So you want to make a port forwarding rule to map your outside IP on port 8100 and 30010 to the same ports on your browser access server (where it's installed). This is what's known as a 1:1 port mapping.
You would be able to access internally with http://srv-sap02.forgestik.loc:8100/dispatcher in my example but to see it from outside you need the port forwarding (obviously your exact machine name will differ).
The other part of the setup is in the SLD. Go to your license service in Server Tools on your SAP server and login using the B1SiteUser and you will see tabs for external port mapping. Then don't forget to update the XML file I mentioned in the previous post.
Mike
Yes, Finnaly I can configure to the external address
- uninstall gate keeper
- install gate keeper input external address
- open sld, external adress mapping, for SLD & browser access, change to external IP address
SLD : https://externalip:30010/ControlCenter
Browser acc : https://externalip:8100/dispatcher
- open sld.config in C:\Program Files\SAP\SAP Business One BAS GateKeeper\tomcat\conf
change the IP to external IP address
- restart gate keeper
- open browser access https://externalip:8100/dispatcher
- and VOILA!
Regards,
Hendra
Let me contribute.
I have in mind that he opened the tomcat configuration file:
<installation dir>\Tomcat\webapps\B1iXcellerator\xcellerator.cfg
And change the parameters:
xcl.webdav=full
xcl.http.localOnly=false
Also have had to deal with firewall and proxy configuration if these components are part of you connection landscape.
Regards!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
In additin to the BA service, you need to map SLD service to the external address. it's because it interacts with the BA service as an IDP(identity provider).
Regards
Eunseok
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI,
I think SAP B1 Web browser initially works only within a network.
You can't access outside of the network.
Thanks,
Tushar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tushar,
I believe the web access is to provide SBO access to anywhere, as long the connection is secure, which is the case.
Currently I can access SBO outside my company network with a browser, if I add the SLD address name to my hosts file in Windows. However this is not an easy step to perform in a Windows OS, and there must be an easy way to accomplish this...
Thanks,
Manuel Dias
User | Count |
---|---|
108 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.