on 04-29-2008 2:34 AM
Hi,
Recently our saprouter was changed to internet SNC connection and all
the steps in note 567853 was implemented. After the change, RFC
connection from DEV system is failing for "SAPOSS" with
message "sapserv2a: route permission denied (203.49.3.38 to oss001,
sapgw01) / CPI-C error".This is the case with all the systems.
As per the note 567953 giving below the output of the commands :
1. CALL PGM(SAPGENPSE) PARM('get_my_name' '-v' '-n' 'Issuer')
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
output from system
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
2. You need the following environment variable settings:
ADDENVVAR ENVVAR('SECUDIR') VALUE('/usr/sap/saprouter')
output from system
ADDENVVAR ENVVAR('SNC_LIB') VALUE('/usr/sap/saprouter/sapcrypto')
3. Saprouter has to be started every time with below command
CALL PGM(SAPROUTER/SAPROUTER) PARM('-r' '-R' 'saprouttab' '-K' 'p:<Your
Distinguished Name>')
output from system
CALL PGM(SAPROUTER/SAPROUTER) PARM('-r' '-V' '2'
'-R' 'saprouttab' '-K'
'p:CN=SAPDEV, OU=0000287918, OU=SAProuter, O=SAP, C=DE')
Giving below the output of saprouttab:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
P * 194.39.131.34 3299
Please suggest what else could cause this issue ?
Hi Volker,
Thanks for the reply. I found one more note 766505 for the same issue what you have specified. This not suggested for code corrections after which the SAPOSS RFC was updated with logon group 'EWA'. After which I am getting a different error "CPI-C error CM_DEALLOCATED_ABEND". In the gateway trace iam getting the below message.
Tue Apr 29 15:58:00 2008
ERROR => NiProcMsg: rc=-95 (NIEROUT_CONN_BROKEN) from router [nixxi.c 4667]
ERROR => mark comm_entry 3 ( ) as deallocated [gwdp.c 2305]
***LOG Q0R=> GwRemGwRqRead, NiRead ( NiRead-095) [gwdp.c 3226]
The connection fails in SM59 as well as in SNOTE.
Thanks,
Mahesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mahesh,
then the SAProuter trace (entries of the trace file with option "-G") and the OSS1 setup and the SAPOSS setup is of interest ...
Regards
Volker Gueldenpfennig, consolut international ag
http://www.consolut.de - http://www.4soi.de - http://www.easymarketplace.de
Hi Mahesh,
first of all, this message is normal, because SAP doesn't allow to access OSS001 ...
The error message does NOT occur because of your saprouttab, but because of the saporouttab at SAP.
The question is:
Does it only happen at OSS1 or does it happen during the Connection test in SM59 for SAPOSS as well ?
My idea would be, that it would work from SNOTE, but shows this error in OSS1 (which is normal since April 2006).
Regards
Volker Gueldenpfennig, consolut international ag
http://www.consolut.de - http://www.4soi.de - http://www.easymarketplace.de
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.