cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAPOSS/SNOTE failing after SAPROUTER was changed to SNC

Former Member

on ‎04-29-2008 2:34 AM

0 Kudos

Hi,

Recently our saprouter was changed to internet SNC connection and all

the steps in note 567853 was implemented. After the change, RFC

connection from DEV system is failing for "SAPOSS" with

message "sapserv2a: route permission denied (203.49.3.38 to oss001,

sapgw01) / CPI-C error".This is the case with all the systems.

As per the note 567953 giving below the output of the commands :

1. CALL PGM(SAPGENPSE) PARM('get_my_name' '-v' '-n' 'Issuer')

The name of the Issuer should be:

CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

output from system

CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

2. You need the following environment variable settings:

ADDENVVAR ENVVAR('SECUDIR') VALUE('/usr/sap/saprouter')

output from system

ADDENVVAR ENVVAR('SNC_LIB') VALUE('/usr/sap/saprouter/sapcrypto')

3. Saprouter has to be started every time with below command

CALL PGM(SAPROUTER/SAPROUTER) PARM('-r' '-R' 'saprouttab' '-K' 'p:<Your

Distinguished Name>')

output from system

CALL PGM(SAPROUTER/SAPROUTER) PARM('-r' '-V' '2'

'-R' 'saprouttab' '-K'

'p:CN=SAPDEV, OU=0000287918, OU=SAProuter, O=SAP, C=DE')

Giving below the output of saprouttab:

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *

P * 194.39.131.34 3299

Please suggest what else could cause this issue ?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎04-29-2008 7:07 AM
0 Kudos

Hi Volker,

Thanks for the reply. I found one more note 766505 for the same issue what you have specified. This not suggested for code corrections after which the SAPOSS RFC was updated with logon group 'EWA'. After which I am getting a different error "CPI-C error CM_DEALLOCATED_ABEND". In the gateway trace iam getting the below message.

Tue Apr 29 15:58:00 2008

      • ERROR => NiProcMsg: rc=-95 (NIEROUT_CONN_BROKEN) from router [nixxi.c 4667]

      • ERROR => mark comm_entry 3 ( ) as deallocated [gwdp.c 2305]

***LOG Q0R=> GwRemGwRqRead, NiRead ( NiRead-095) [gwdp.c 3226]

The connection fails in SM59 as well as in SNOTE.

Thanks,

Mahesh

Show replies
Show replies
Former Member
‎04-29-2008 7:13 AM
0 Kudos

Hi Mahesh,

then the SAProuter trace (entries of the trace file with option "-G") and the OSS1 setup and the SAPOSS setup is of interest ...

Regards

Volker Gueldenpfennig, consolut international ag

http://www.consolut.de - http://www.4soi.de - http://www.easymarketplace.de

Former Member
‎04-29-2008 6:56 AM
0 Kudos

Hi Mahesh,

first of all, this message is normal, because SAP doesn't allow to access OSS001 ...

The error message does NOT occur because of your saprouttab, but because of the saporouttab at SAP.

The question is:

Does it only happen at OSS1 or does it happen during the Connection test in SM59 for SAPOSS as well ?

My idea would be, that it would work from SNOTE, but shows this error in OSS1 (which is normal since April 2006).

Regards

Volker Gueldenpfennig, consolut international ag

http://www.consolut.de - http://www.4soi.de - http://www.easymarketplace.de

Show replies
Show replies
Ask a Question