on 01-04-2016 5:30 PM
Dear,
We installed the new sap webdispatcher and generation of certificate was also finished.
After the installation a /sec folder was generated on usr/sap/sys/sid/sec, we tried to install the certificate here, but failed, so we created a new folder /sec in usr/sap/sys/sec and the certificate generated successfully, But still the secure folder is pointing to usr/sap/sys/sid/sec and gives certificate error.please advice.
SNC_LIB and secure lib is defined in environment variables as usr/sap/sys/sec
Profile as follows:
SAPSYSTEMNAME = WDA
SAPGLOBALHOST = AWQ-WEBDISP1
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_CT_RUN)
DIR_PROFILE = $(DIR_INSTALL)\profile
_PF = $(DIR_PROFILE)\WDA_W00_AWQ-WEBDISP1
SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%
#-----------------------------------------------------------------------
# Back-end system configuration
#-----------------------------------------------------------------------
wdisp/system_0 = SID=JPR, MSHOST=sbdc.hilan.com, MSPORT=8100
wdisp/system_1 = SID=PRD, MSHOST=sabc.hilan.com, MSPORT=8100
#-----------------------------------------------------------------------
# Configuration of maximum number of concurrent connections
#-----------------------------------------------------------------------
icm/max_conn = 2000
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
icm/server_port_0 = PROT=HTTPS,PORT=443
icm/server_port_1 = PROT=HTTP,PORT=8005
#-----------------------------------------------------------------------
# SAP Web Dispatcher Administration
#-----------------------------------------------------------------------
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile)
#-----------------------------------------------------------------------
# Start webdispatcher
#-----------------------------------------------------------------------
_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Restart_Program_00 = local $(_WD) pf=$(_PF)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
#-----------------------------------------------------------------------
icm/HTTP/redirect_0 = PREFIX=/, FROMPORT=http, FOR=sapprtlclus, TO=/irj/portal, PROT=http, HOST=sapprtlclus
Dear,
I removed the /sec folder from /user/sap/sys/sec and created .pse file in /usr/sap/sys/sid/sec and imported again and my problem is solved.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Philip,
Change below parameter in your instance profile and restart the webdispatcher.
Current Parameter:
#-----------------------------------------------------------------------
_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Restart_Program_00 = local $(_WD) pf=$(_PF)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
#-----------------------------------------------------------------------
Parameter after change
#-----------------------------------------------------------------------
_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Restart_Program_00 = local $(_WD) pf=$(_PF)
SETENV_01 = SECUDIR=<<Put the sec folder location where the PSE exist>>>
#-----------------------------------------------------------------------
Regards,
Anil Bhandary
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Prathish,
Please enable the trace level by using the following parameter in webdispatcher.
1. Logoff from OS user and login again on OS.
2. Set the parameter in instance profile icm/log_level = 1
3. Restart Webdispatcher.
Check the dev_webdisp file for the entry of SEC folder and SECUDIR parameter and share the required logs on Thread.
Regards,
Anil
Dear Anil,
Log as follows:
[Thr 1104] Mon Jan 04 22:23:02 2016
[Thr 1104] started security log to file ./dev_icm_sec
[Thr 1104] SAP Web Dispatcher running on: AWQ-WEBDISP1.awqaf.gov.kw
[Thr 1104] MtxInit: 30001 0 2
[Thr 1104] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&AWQ-WEBDISP1.awqaf.gov.kw&292&) [icxxman.c 1966]
[Thr 1104] IcmInit: listening to admin port: 65000
[Thr 1104] MPI: dynamic quotas disabled.
[Thr 1104] MPI init: pipes=4000 buffers=2718 reserved=815 quota=10%
[Thr 1104] CCMS: SemInMgt: Semaphore Management initialized by AlAttachShm_Ext.
[Thr 1104] CCMS: SemInit: Semaphore 38 initialized by AlAttachShm_Ext.
[Thr 1104] IcrIAddSingleSystem: Added backend system: SID=JPR, MSHOST=sapprtlclus.awqaf.gov.kw, MSPORT=8100
[Thr 1104] IcrIAddSingleSystem: Added backend system: SID=PRD, MSHOST=sapprdcluster.awqaf.gov.kw, MSPORT=8100
[Thr 1104] *** ERROR => ERROR Parameter icm/HTTP/redirect_0 defined multiple times. [icxxcheckcon 2697]
[Thr 1104] *** ERROR => ERROR Parameter icm/server_port_0 defined multiple times. [icxxcheckcon 2697]
[Thr 1104] *** ERROR => ERROR Parameter icm/server_port_1 defined multiple times. [icxxcheckcon 2697]
[Thr 1104] IcrCoreInitSessionTable: Session table initialized
[Thr 2136] Adding HttpRedirectHandler: PREFIX=/,TO=/irj/portal,HOST=sapweb.awqaf.gov.kw
[Thr 2136] HttpISubHandlerAdd: Added handler HttpRedirectHandler(0000000007357CA0), slot=0, flags=4098) for /, active: 1, table 0000000007357A70
[Thr 2136] Adding HttpAdminHandler: PREFIX=/sap/wdisp/admin,DOCROOT=F:\usr\sap\WDA\W00\data\icmandir,AUTHFILE=F:\usr\sap\WDA\SYS\global\security\data\icmauth.txt
[Thr 2136] HttpExtractArchive: files from archive F:\usr\sap\WDA\SYS\exe\uc\NTAMD64/wdispadmin.SAR in directory F:/usr/sap/WDA/W00/data/icmandir are up to date
[Thr 2136] HttpISubHandlerAdd: Added handler HttpAdminHandler(00000000073A85E0), slot=1, flags=45061) for /sap/wdisp/admin, active: 1, table 0000000007357A70
[Thr 2136] Adding HttpModHandler: PREFIX=/
[Thr 2136] CsiInit(): Initializing the Content Scan Interface
[Thr 2136] PC with Windows NT (mt,unicode,SAP_CHAR/size_t/void* = 16/64/64)
[Thr 2136] CsiInit(): CSA_LIB = "F:\usr\sap\WDA\SYS\exe\uc\NTAMD64\sapcsa.dll"
[Thr 2136] HttpISubHandlerAdd: Added handler HttpModHandler(00000000073403B0), slot=2, flags=12293) for /, active: 1, table 0000000007357A70
[Thr 2136] Adding HttpAuthHandler: PREFIX=/,FILTER=SAP
[Thr 2136] HttpISubHandlerAdd: Added handler HttpAuthHandler(00000000073404B0), slot=3, flags=12293) for /, active: 1, table 0000000007357A70
[Thr 2136] HttpISubHandlerAdd: Added handler HttpWebDispHandler(00000000073405B0), slot=4, flags=1060869) for /, active: 1, table 0000000007357A70
[Thr 2136] WebSocketPlugInInit: WebSocket Plugin initialized
[Thr 2136] IcmAddHiddenService: Hidden service WEBSOCKETS started
[Thr 2136] =================================================
[Thr 2136] = SSL Initialization platform tag=(ntamd64-msc18)
[Thr 2136] Mon Jan 04 22:23:02 2016
[Thr 2136] = (745_REL,Oct 12 2015,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)
[Thr 2136] DIR_INSTANCE="F:\usr\sap\WDA\W00"
[Thr 2136] DIR_LIBRARY="F:\usr\sap\WDA\SYS\exe\uc\NTAMD64"
[Thr 2136] ssl/ssl_lib="F:\usr\sap\WDA\SYS\exe\uc\NTAMD64\sapcrypto.dll"
[Thr 2136] profile param "ssl/ssl_lib" = "F:\usr\sap\WDA\SYS\exe\uc\NTAMD64\sapcrypto.dll"
[Thr 2136] resulting Filename = "F:\usr\sap\WDA\SYS\exe\uc\NTAMD64\sapcrypto.dll"
[Thr 2136] = disabled FIPS 140-2 crypto kernel
[Thr 2136] = found CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.41 pl40 (Aug 18 2015) MT-safe
[Thr 2136] = current UserID: AWQAF\SAPServiceWDA
[Thr 2136] = found SECUDIR environment variable
[Thr 2136] = using SECUDIR=F:\usr\sap\WDA\W00\sec
[Thr 2136] ssl/ciphersuites="HIGH:MEDIUM:+e3DES:!aNULL"
[Thr 2136] ssl/client_ciphersuites="HIGH:MEDIUM:+e3DES:!aNULL"
[Thr 2136] = Success -- SapCryptoLib SSL ready!
[Thr 2136] =================================================
[Thr 2136]
[Thr 2136] Started service HOST=sapweb.awqaf.gov.kw,PORT=443,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=60,VCLIENT=1
[Thr 2136] SSL settings: verify_client: 1, cache_size: -1, cache_lifetime: -1, credfile: SAPSSLS.pse, ciphers: default
[Thr 2136] IcmAddHiddenService: Hidden service WEBSOCKET started
[Thr 2136] Started service HOST=sapweb.awqaf.gov.kw,PORT=80,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
[Thr 1104] IcmCreateWorkerThreads: created worker thread 0
[Thr 1104] IcmCreateWorkerThreads: created worker thread 1
[Thr 1104] IcmCreateWorkerThreads: created worker thread 2
[Thr 1104] IcmCreateWorkerThreads: created worker thread 3
[Thr 1104] IcmCreateWorkerThreads: created worker thread 4
[Thr 1104] IcmCreateWorkerThreads: created worker thread 5
[Thr 1104] IcmCreateWorkerThreads: created worker thread 6
[Thr 1104] IcmCreateWorkerThreads: created worker thread 7
[Thr 1104] IcmCreateWorkerThreads: created worker thread 8
[Thr 1104] IcmCreateWorkerThreads: created worker thread 9
[Thr 2660] IcmWatchDogThread: watchdog started
Dear Prathish,
Still I can see in the log SECUDIR is not directed to location which you have set in Environment variable.
1. goto command prompt and run command SET and share the output of the same.
Also try below steps:
1. login to WDAADM user
2. goto command prompt and run command SET SECUDIR= F:\usr\sap\WDA\sec
3. Then the webdispatcher without logining off the instance.
4. If problem still exists, then again share us the dev_webdisp logs.
Note: Also I can see the environment screenshot which you have shared does not have any SAP environment available in that, can you tell us reason why ??
Basically user wdaadm should have environment variables of kernel location and many more.
Regards,
Anil
Hello Prathish,
Your Web Dispatcher instance profile is overwriting the value of the SECUDIR env. variable.
Check the "SETENV_01" parameter.
Either remove the parameter and set the variable at Windows level (as shown at the screenshots you have posted) or remove the variable from Windows level and adjust the parameter.
Regards,
Isaías
Hello,
The SECUDIR is pointing to "DRIVE:\usr\sap\<SID>\<INSTANCE>\sec" (DRIVE:\usr\sap\WDA\W00\sec).
Try putting the PSE files there and restart the Web Dispatcher.
Cheers!
Isaías
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Prathish,
Changing the folder or copying the PSE files will have the same results.
You do not need to import the certificates again, after copying the PSE files to the correct folder.
In addition, you could even move the PSE files, instead of copying them.
Maybe you can first copy them and confirm that the issue is solved.
Then, you can delete them from the "usr/sap/sys/sec" folder (so no confusion occurs in the future).
Regards,
Isaías
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.