cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAPRouter connection problem NIESNC_FAILURE

Go to solution
Former Member

on ‎09-08-2016 1:30 PM

0 Kudos

Hi guys,

I re-newed SAProuter SNC Certificate and now have problem with SAPRouter connection. Under transaction SM59 Test connection to SAPOSS is failing.

Saprouter.log content:

Thu Sep 08 17:52:16 2016 CONNECT FROM C12/- host 192.168.XX.XX/24570

Thu Sep 08 17:52:16 2016 CONNECT TO   S12/-1 host 194.39.131.34/3299 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)

Thu Sep 08 17:52:16 2016 CONNECT ERR  S12/-1 NIESNC_FAILURE

Thu Sep 08 17:52:16 2016 DISCONNECT   C12/-1 host 192.168.XX.XX/24570 (192.168.XX.XX)

dev_rout content:

<<- SncProcessOutput()==SNCERR_GSSAPI

*** ERROR => NiSncIInitHdlSecurity: SncProcessOutput failed (sncrc=-4;000000000232F1B0) [nisnc.c      1195]

*** ERROR => NiSncHandleForAddr C10/-1, 194.39.131.34 (rc=-17) [nirout.cpp   4101]

*** ERROR => NiRClientHandle: NiRExRouteCon for C10/-1 '192.168.88.21' failed (rc=-17) [nirout.cpp   3468]

*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE' [D:/depot/b 3638]

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [D:/depot/bas/74 3604]

      GSS-API(maj): No credentials were supplied

    Unable to establish the security context

    target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

I did all steps described in manual for generating new SNC certificate and credential file is on place. Environment variables SECUDIR and SNC_LIB set appropoately.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-08-2016 1:48 PM
0 Kudos

Hi Sanzhar,

could you please share the output of following commands.

sapgenpse get_my_name –v –n Issuer

sapgenspe get_my_name

Regards

Sunil

Show replies
Show replies
Former Member
‎09-08-2016 1:54 PM
0 Kudos

1) SSO for USER "Administrator"

  with PSE file "C:\usr\saprouter\secudir\local.pse"

Subject    : CN=XXXrouter, OU=0001174436, OU=SAProuter, O=SAP, C=DE

Issuer     : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE

Serialno   : 19:B5:B8:35:D5:AF:67:15:10:01:D2:CD

KeyInfo    : RSA, 2048-bit

Validity  -  NotBefore:   Wed Sep  7 10:30:21 2016 (160907043021Z)

             NotAfter :   Thu Sep  7 10:30:21 2017 (170907043021Z)

KeyUsage   : digitalSignature nonRepudiation keyEncipherment dataEncipherment

ExtKeyUsage: none

2)

SSO for USER "Administrator"

  with PSE file "C:\usr\saprouter\secudir\local.pse"

Subject    : CN=XXXrouter, OU=0001174436, OU=SAProuter, O=SAP, C=DE

Issuer     : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE

Serialno   : 19:B5:B8:35:D5:AF:67:15:10:01:D2:CD

KeyInfo    : RSA, 2048-bit

Validity  -  NotBefore:   Wed Sep  7 10:30:21 2016 (160907043021Z)

             NotAfter :   Thu Sep  7 10:30:21 2017 (170907043021Z)

KeyUsage   : digitalSignature nonRepudiation keyEncipherment dataEncipherment

ExtKeyUsage: none

Former Member
‎09-08-2016 2:12 PM
0 Kudos

Hi,

could you please check after running the following command.

sapgenpse seclogin –p local.pse

Regards

Sunil

Former Member
‎09-09-2016 4:19 AM
0 Kudos

Same problem

Former Member
‎09-09-2016 5:31 AM
0 Kudos

Hi, please share the path of file 'local.pse' being located in your sap router.

regards

sunil

Former Member
‎09-09-2016 5:50 AM
0 Kudos

C:\usr\saprouter\secudir\local.pse

Former Member
‎09-09-2016 6:09 AM
0 Kudos

Hi,

hope you are using the leatest version of saprouter binaries. please also share the dir command output of /usr/sap/saprouter

regards

sunil

Former Member
‎09-09-2016 6:19 AM
0 Kudos

So I also think that problem with sapcryptolib and I need to download latest version. I requested from SAP permission to download latest sapcrypolib and have not yet received response.

Directory of C:\usr\saprouter

09.09.2016  10:44    <DIR>          .
09.09.2016  10:44    <DIR>          ..
08.09.2016  15:55    <DIR>          backup
07.09.2016  11:26             1 002 certreq1
09.09.2016  09:13            34 162 dev_rout
27.01.2016  00:07         1 546 752 niping.exe
07.09.2016  11:58    <DIR>          nt-x86_64
27.01.2016  00:20               317 patches.mf
16.01.2013  23:26           780 336 sapevents.dll
27.01.2016  00:07         1 680 896 saprouter.exe
09.09.2016  09:13            17 573 saprouter.log
07.09.2016  15:09             6 845 saprouter.log_c_20160907_130819-20160907_150943
07.09.2016  16:23             3 090 saprouttab
07.09.2016  15:19    <DIR>          secudir
07.09.2016  11:29             2 714 srcert
              10 File(s)      4 073 687 bytes
               5 Dir(s)   9 086 808 064 bytes free

Former Member
‎09-09-2016 9:15 AM
0 Kudos

Hi,

seems good. please update the 'sapcryptolib' and share if you still face the same issue.

regards

sunil

Former Member
‎09-18-2016 12:35 PM
0 Kudos

Hi Sunil, I updated sapcryptolib and again the same problem(

Any other suggestions?

Former Member
‎09-18-2016 4:08 PM
0 Kudos

Hi,

Copy the 'local.pse' in directory 'C:\usr\saprouter\nt-x86_64\' and change the SNC_LIB environment variable to

SNC_LIB = C:\usr\saprouter\nt-x86_64\sapcrypto.dll

you may restart the system and check. if still face issue please share the fresh log of dev_rout and also share the output of following.

sapgenpse get_my_name –v –n Issuer

sapgenspe get_my_name

Regards

Sunil

Former Member
‎09-18-2016 4:29 PM
0 Kudos

I did and the same result(

Output of

sapgenpse get_my_name –v –n Issuer

sapgenspe get_my_name

Subject               :   CN=***router, OU=0001540657, OU=SAProuter, O=SAP, C=DE

Issuer                :   CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE

Serialno              :   ED:38:CB:D4:97:59:84:B8:10:01:D5:E7

KeyInfo               :   RSA, 2048-bit

Validity  -  NotBefore:   Sun Sep 18 18:09:12 2016 (160918120912Z)

             NotAfter :   Mon Sep 18 18:09:12 2017 (170918120912Z)

KeyUsage              :   digitalSignature nonRepudiation keyEncipherment dataEncipherment

ExtKeyUsage           :   none

SubjectAltName        :   none

Former Member
‎09-18-2016 5:39 PM
0 Kudos

Sunil thanks for your response! I resolved issue. Issue is that SAP re-registered our SAPRouter and changed Distinguished name  "CN=***router, OU=0001540657, OU=SAProuter, O=SAP, C=DE". So I needed just to update value of ImagePath of SAPRouter service in REGEDIT. And it worked perfectly!

Answers (0)

Ask a Question