on 09-08-2016 1:30 PM
Hi guys,
I re-newed SAProuter SNC Certificate and now have problem with SAPRouter connection. Under transaction SM59 Test connection to SAPOSS is failing.
Saprouter.log content:
Thu Sep 08 17:52:16 2016 CONNECT FROM C12/- host 192.168.XX.XX/24570
Thu Sep 08 17:52:16 2016 CONNECT TO S12/-1 host 194.39.131.34/3299 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)
Thu Sep 08 17:52:16 2016 CONNECT ERR S12/-1 NIESNC_FAILURE
Thu Sep 08 17:52:16 2016 DISCONNECT C12/-1 host 192.168.XX.XX/24570 (192.168.XX.XX)
dev_rout content:
<<- SncProcessOutput()==SNCERR_GSSAPI
*** ERROR => NiSncIInitHdlSecurity: SncProcessOutput failed (sncrc=-4;000000000232F1B0) [nisnc.c 1195]
*** ERROR => NiSncHandleForAddr C10/-1, 194.39.131.34 (rc=-17) [nirout.cpp 4101]
*** ERROR => NiRClientHandle: NiRExRouteCon for C10/-1 '192.168.88.21' failed (rc=-17) [nirout.cpp 3468]
*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE' [D:/depot/b 3638]
*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [D:/depot/bas/74 3604]
GSS-API(maj): No credentials were supplied
Unable to establish the security context
target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
I did all steps described in manual for generating new SNC certificate and credential file is on place. Environment variables SECUDIR and SNC_LIB set appropoately.
Hi Sanzhar,
could you please share the output of following commands.
sapgenpse get_my_name –v –n Issuer
sapgenspe get_my_name
Regards
Sunil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
1) SSO for USER "Administrator"
with PSE file "C:\usr\saprouter\secudir\local.pse"
Subject : CN=XXXrouter, OU=0001174436, OU=SAProuter, O=SAP, C=DE
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
Serialno : 19:B5:B8:35:D5:AF:67:15:10:01:D2:CD
KeyInfo : RSA, 2048-bit
Validity - NotBefore: Wed Sep 7 10:30:21 2016 (160907043021Z)
NotAfter : Thu Sep 7 10:30:21 2017 (170907043021Z)
KeyUsage : digitalSignature nonRepudiation keyEncipherment dataEncipherment
ExtKeyUsage: none
2)
SSO for USER "Administrator"
with PSE file "C:\usr\saprouter\secudir\local.pse"
Subject : CN=XXXrouter, OU=0001174436, OU=SAProuter, O=SAP, C=DE
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
Serialno : 19:B5:B8:35:D5:AF:67:15:10:01:D2:CD
KeyInfo : RSA, 2048-bit
Validity - NotBefore: Wed Sep 7 10:30:21 2016 (160907043021Z)
NotAfter : Thu Sep 7 10:30:21 2017 (170907043021Z)
KeyUsage : digitalSignature nonRepudiation keyEncipherment dataEncipherment
ExtKeyUsage: none
So I also think that problem with sapcryptolib and I need to download latest version. I requested from SAP permission to download latest sapcrypolib and have not yet received response.
Directory of C:\usr\saprouter
09.09.2016 10:44 <DIR> .
09.09.2016 10:44 <DIR> ..
08.09.2016 15:55 <DIR> backup
07.09.2016 11:26 1 002 certreq1
09.09.2016 09:13 34 162 dev_rout
27.01.2016 00:07 1 546 752 niping.exe
07.09.2016 11:58 <DIR> nt-x86_64
27.01.2016 00:20 317 patches.mf
16.01.2013 23:26 780 336 sapevents.dll
27.01.2016 00:07 1 680 896 saprouter.exe
09.09.2016 09:13 17 573 saprouter.log
07.09.2016 15:09 6 845 saprouter.log_c_20160907_130819-20160907_150943
07.09.2016 16:23 3 090 saprouttab
07.09.2016 15:19 <DIR> secudir
07.09.2016 11:29 2 714 srcert
10 File(s) 4 073 687 bytes
5 Dir(s) 9 086 808 064 bytes free
Hi,
Copy the 'local.pse' in directory 'C:\usr\saprouter\nt-x86_64\' and change the SNC_LIB environment variable to
SNC_LIB = C:\usr\saprouter\nt-x86_64\sapcrypto.dll
you may restart the system and check. if still face issue please share the fresh log of dev_rout and also share the output of following.
sapgenpse get_my_name –v –n Issuer
sapgenspe get_my_name
Regards
Sunil
I did and the same result(
Output of
sapgenpse get_my_name –v –n Issuer
sapgenspe get_my_name
Subject : CN=***router, OU=0001540657, OU=SAProuter, O=SAP, C=DE
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
Serialno : ED:38:CB:D4:97:59:84:B8:10:01:D5:E7
KeyInfo : RSA, 2048-bit
Validity - NotBefore: Sun Sep 18 18:09:12 2016 (160918120912Z)
NotAfter : Mon Sep 18 18:09:12 2017 (170918120912Z)
KeyUsage : digitalSignature nonRepudiation keyEncipherment dataEncipherment
ExtKeyUsage : none
SubjectAltName : none
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.