DMVPN on Dual Stack Hub Site

Hi,
I have a Dual Stacked DMVPN Hub site, VPN for ether IPv4 oder IPv6 is working properly, but not both at the same time.
If the IPv4 Peers connect first, then the IPv6 Peers are unable to form an IPsec security association and the other way around. Crypto ISAKMP Phase1 is build correctly.
A "show crypto ipsec sa" on the Hub shows only sa's for the kind of Peers that connected first. A "show crypto ipsec sa" on the Spoke that is unable to form an security association with the Hub shows an security association, but with no proposals and raising send error counters:
Spoke (IPv4) SA
interface: Tunnel1
    Crypto map tag: My-Profile-v4-head-1, local addr 2.2.2.1
   protected vrf: (none)
   local  ident (addr/mask/prot/port): (2.2.2.1/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0)
   current_peer 1.1.1.1 port 500
     PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 23255, #recv errors 0
     local crypto endpt.: 2.2.2.1, remote crypto endpt.: 1.1.1.1
     plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb (none)
     current outbound spi: 0x0(0)
     PFS (Y/N): N, DH group: none
     inbound esp sas:
     inbound ah sas:
     inbound pcp sas:
     outbound esp sas:
     outbound ah sas:
     outbound pcp sas:
   protected vrf: (none)
I'm running IOS Version 15.3(2)T, is there some kind of known bug and/or a workaround for this?
Interface Configuration
interface GigabitEthernet0
description ** Outside **
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
ipv6 address 2001:1:1:1::1/64
Crypto Configuration
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
crypto isakmp key cisco address 0.0.0.0 no-xauth
crypto isakmp key cisco address ipv6 ::/0 no-xauth
crypto isakmp keepalive 10 periodic
crypto ipsec transform-set My-Set esp-aes 256 esp-sha512-hmac
mode tunnel
crypto ipsec profile My-Profile-v4
description ** IPsec Profile fuer IPv4 Peers **
set transform-set My-Set
set pfs group2
crypto ipsec profile My-Profile-v6
description ** IPsec Profile fuer IPv6 Peers **
set transform-set My-Set
set pfs group2
Tunnel Configuration
interface Tunnel1
description ** DMVPN Intranet IPv4 **
bandwidth 1000
ip vrf forwarding VPN
ip address 10.0.10.1 255.255.255.0
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 65351
no ip split-horizon eigrp 65351
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 360
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
shutdown
keepalive 10 3
tunnel source GigabitEthernet0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile My-Profile-v4 shared
interface Tunnel2
description ** DMVPN Intranet IPv6 **
bandwidth 1000
ip vrf forwarding VPN
ip address 10.0.12.1 255.255.255.0
ip mtu 1416
no ip next-hop-self eigrp 65351
no ip split-horizon eigrp 65351
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp holdtime 360
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0
tunnel mode gre multipoint ipv6
tunnel key 2
tunnel protection ipsec profile My-Profile-v6 shared
Regards,
Thomas

Hello Marcin,
it is working now :-)
First I was running a dual stacked spoke as well, but now I am using one IPv4 and one IPv6 only spoke. The ipsec profiles are "shared", because besides the two shown tunnels I have one more IPv4 and IPv6 Tunnel for Extranetuse. The Spoke sites use "shared" as well, because they build a backup VPN Tunnel to a second Hub router.
I have removed the "keepalive 10 3" from my Tunnel interfaces and rebooted the routers and everything is working now.
Here are my final configurations:
Crypto
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
crypto isakmp key cisco address 0.0.0.0         no-xauth
crypto isakmp key cisco address ipv6 ::/0 no-xauth
crypto isakmp keepalive 10 periodic
crypto ipsec transform-set My-Set esp-aes 256 esp-sha512-hmac
mode tunnel
crypto ipsec profile My-Profile-v4
description ** IPsec Profile fuer IPv4 Peers **
set transform-set My-Set
set pfs group2
crypto ipsec profile My-Profile-v6
description ** IPsec Profile fuer IPv6 Peers **
set transform-set My-Set
set pfs group2
Tunnel Hub Dual Stacked
interface Tunnel1
description ** DMVPN Intranet IPv4 **
bandwidth 1000
ip vrf forwarding VPN
ip address 10.0.10.1 255.255.255.0
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 65351
no ip split-horizon eigrp 65351
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 360
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
tunnel source GigabitEthernet0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile My-Profile-v4 shared
interface Tunnel2
description ** DMVPN Intranet IPv6 **
bandwidth 1000
ip vrf forwarding VPN
ip address 10.0.12.1 255.255.255.0
ip mtu 1416
no ip next-hop-self eigrp 65351
no ip split-horizon eigrp 65351
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp holdtime 360
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
tunnel source GigabitEthernet0
tunnel mode gre multipoint ipv6
tunnel key 2
tunnel protection ipsec profile My-Profile-v6 shared
end
Tunnel Spoke IPv4
interface Tunnel1
description ** DMVPN Intranet IPv4 **
ip vrf forwarding VPN
ip address 10.0.10.2 255.255.255.0
no ip redirects
ip mtu 1416
ip pim sparse-mode
ip nhrp map 10.0.10.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 1
ip nhrp holdtime 360
ip nhrp nhs 10.0.10.1
ip nhrp shortcut
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile My-Profile-v4 shared
end
Tunnel Spoke IPv6
interface Tunnel1
description ** DMVPN Intranet IPv6 **
ip vrf forwarding VPN
ip address 10.0.12.2 255.255.255.0
no ip redirects
ip mtu 1416
ip pim sparse-mode
ip nhrp map 10.0.12.1 2001:1:1:1::1
ip nhrp map multicast 2001:1:1:1::1
ip nhrp network-id 2
ip nhrp holdtime 360
ip nhrp nhs 10.0.12.1
ip nhrp shortcut
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0
tunnel mode gre multipoint ipv6
tunnel key 2
tunnel protection ipsec profile My-Profile-v6 shared
end
Thanks again
Thomas

Similar Messages

  • Mapping error in PI 7.4 dual stack

    Dear Experts,
        Recently we upgraded our system from PI 7.1 to PI 7.4 dual stack.
    Scenerio is ECC->PI->SOAP(Webservice) synchronous
    Issue in detail:
         We are creating a invoice in ECC system through PI its updating in third party site using SOAP webservice and will get a reference number from that site and then updating in ECC as in synchronous way.
    Invoice data's are reached PI sucessfully from ECC but it not updating in the site and getting below mapping error after upgarded to PI 7.4.
    Your points will be highly appreciable.
    Kindly help to sort out this issue.
    Best Regards,
    Monikandan

    Hi Monikandan,
    It seems you are trying the sign the payload in your java mapping. So, looking at the attached error, there could be 2 possibilities:
    1) Either there is no certificate with alias: *_PRD
    2) This certificate is stored in some "System" type keystore view which is not accessible from you mapping code. Try to move your certificate to some "User" keystore view.
    Thanks & regards,
    Piyush

  • How-To: Comparing DMVPN Single & Dual Tier Architectures - IPSec VPN & mGRE Termination

    Greetings to everyone,
    I'd like to share a recent article we published that covers the differences between Single and Dual Tier DMVPN deployments. The article aims to help engineers understand the differences at the IPSec VPN level and its termination on the HUB router.
    Those interested can following the link below to read up on this hot topic:
    Firewall.cx - Comparing DMVPN Single & Dual Tier Architectures - IPSec VPN & mGRE Termination
    Topics Covered (Diagram included for every scenario):
    - Single Tier Headend, How IPSec Tunnel mode terminate on Hub
    - Single Tier Headend, How mGRE Tunnels terminate on Hub
    - Dual Tier Headend, How IPSec Tunnel mode terminate on Frontend Router
    - Dual Tier Headend, How mGRE Tunnels terminate on Hub
    - Links to similar articles that will surely interest
    Feedback is always welcome.
    Thanks,
    Chris.

    You might be running a bug, try to check the Cisco Bug Toolkit for a bug (Or Cisco TAC).
    Also try to capture the debug as the why the VPN is failing. Since EIGRP packets flow continuously the tunnel should not go down.
    Regards
    Farrukh

  • Dual stack on tunnel interface

    Is it possible to run dual stack IP schemes over an ipsec-protected tunnel interface on IOS? I am able to assign the IPv6 addresses like a normal interface on both ends however when i try to ping across the tunnel with IPv6 there is no response. Here is an example of my config:
    R1
    interface Tunnel0
     description Tunnel to R2
     ip address 172.30.1.237 255.255.255.252
     ip mtu 1400
     ip nat inside
     ip virtual-reassembly
     load-interval 30
     ipv6 address FE80::172:30:1:1 link-local
     ipv6 address 2001:1::172:30:1:1/126
     keepalive 5 4
     tunnel source GigabitEthernet0/1
     tunnel mode ipsec ipv4
     tunnel destination 1.2.3.4
     tunnel protection ipsec profile protect-gre
    R2
    interface Tunnel0
     description Tunnel to R1
     ip address 172.30.1.238 255.255.255.252
     ip mtu 1400
     ip nat inside
     ip virtual-reassembly
     load-interval 30
     ipv6 address 2001:1::172:30:1:2/126
     ipv6 address FE80::172:30:1:2 link-local
     keepalive 5 4
     tunnel source FastEthernet0/1
     tunnel destination 1.2.3.5
     tunnel mode ipsec ipv4
     tunnel protection ipsec profile protect-gre
    The only solution i can clearly see is running a separate tunnel, which i would like to avoid. Any assistance is greatly appreciated!

    Hello,
    In my System preferences the IPv6 settings are set to "automatic", my DSL router (Cisco 787) supports IPv6. When visiting sites like www.sixxs.net and www.apnic.org (which are reachable by both IPv6 and IPv4), some pages are reached by IPv6 and some by IP4. Even the same page may load in IPv6 first, but a second time via IPv4. This behaviour has changed since my upgrade to Leopard, under Tiger the behaviour was much more stable.
    Gerard

  • Problem running apache dual stack IPv4 and IPv6

    Hello!
    I am running a single Lion-Server with one public IPv4 address. Because my Provider is able to support IPv6 now, I ordered a public IPv6 address for my server. (To learn IPv6)
    I setup IPv6 address and setup the firewall with ip6fw - everything works fine, I can connect to ssh and afp via IPv4 or IPv6 but when I try to connect to my wiki over IPv6 I get the certificate question (unknown certificate ... blah) click continue and the certificate is loeded againe - I end up in an infinte loop of certificate questions.
    The part of the firewall config looks like this:
    20515 allow tcp from any to any 443
    20516 allow tcp from any to any 8443
    20517 allow tcp from any to any 1640
    I looked into apache config:
    /etc/apache2/sites/virtual_host_global.conf has this entries:
    Listen  *:443
    NameVirtualHost *:443
    Listen  *:80
    NameVirtualHost *:80
    I have only one domain and only one single virtual host as defined in /etc/apache2/sites/0000_any_443_.conf:
    ## Default Virtual Host Configuration
    <VirtualHost *:443>
            ServerAdmin [email protected]
            DocumentRoot "/Library/Server/Web/Data/Sites/Default"
            DirectoryIndex index.html index.php /wiki/ default.html
            CustomLog "/var/log/apache2/access_log" combinedvhost
            ErrorLog "/var/log/apache2/error_log"
            <IfModule mod_ssl.c>
                    SSLEngine On
                    SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"
                    SSLProxyEngine On
                    SSLProtocol -ALL +SSLv3 +TLSv1
                    SSLCertificateFile "/etc/certificates/www.ABCDE.de.1A00F8DFC2738F25D26E3248A4C8F687D7EA7F32.cert.p em"
                    SSLCertificateKeyFile "/etc/certificates/www.ABCDE.de.1A00F8DFC2738F25D26E3248A4C8F687D7EA7F32.key.pe m"
                    SSLCertificateChainFile "/etc/certificates/www.ABCDE.de.1A00F8DFC2738F25D26E3248A4C8F687D7EA7F32.chain. pem"
                    SSLProxyProtocol -ALL +SSLv3 +TLSv1
            </IfModule>
            <Directory "/Library/Server/Web/Data/Sites/Default">
                    Options All +MultiViews -ExecCGI -Indexes
                    AllowOverride None
                    <IfModule mod_dav.c>
                            DAV Off
                    </IfModule>
            </Directory>
    </VirtualHost>
    I have not modified the apache config by hand until now - but this was an upgrade from Snow Leopard Server. At the moment I am a littel scared to upgrade to Mountain Lion server because this server runs mail and calender services for my company.
    I tried to setup "Listen" entry with dedicated IP-addresses, one for IPv4 and one for IPv6 but this only leads to the same problem - IPv4 works, IPv6 ends in an infinte loop.
    I found somewhere that I had to duplicate virtual hosts setup for IPv4 and IPv6 but afaik "Server.app" will overwrite it, right?
    Every hint is welcome, bye
    Christoph
    P.S. Sorry just saw that I posted to ML-Server discussions not Lion-Server, but maybe someone can tell me that I can upgrade without scare.
    Message was edited by: Christoph Ewering1

    Hello!
    Did some more testing and found that FireFox works with the loopback-address.
    https://[::1]/
    So, the address above works with FireFox after accepting the certificate - Safari loops in the dialog accepting the certificate.
    Then I tried the link-local-address but it looks like apache does not listen to that address at all
    Then I tried the global-address and got to:
    Safari looping in the certificate dialog
    FireFox brings an alert „sec_err_bad_database"
    BTW this tests were made on the server that runs the apache. So no firewall between the browser and the server.
    No one using Mac OS X server in a dual stack enviroment?
    Bye,
    eweri

  • Error in phase import Homogeneous system copy from a BI 7.3 dual stack ABAPJAVA

    Hi
    I'm doing a Homogeneous system copy from a BI 7.3 dual stack ABAP+JAVA system with an Oracle DB (11g version, 11.2.0.3.0 patch level) with AIX ibm OS.
    Before starting export I've executed in the source system the report SMIGR_CREATE_DDL, as described in sap note 888210, and I generated *.SQL files.
    After, during the import in the target system I get the following error message:
    vi /expdb2/tmpDB0/sapinst_instdir/NW730/ORA/ORA/COPY/ORA/SYSTEM/STD/AS/import_monitor.log
    INFO: 2014-03-08 00:21:57 com.sap.inst.migmon.LoadTask run_report
    Monitor jobs: running 0, waiting 1, completed 60, failed 5, total 66  finish processing of package SAP0000
    You can see below the detail of the 5 packages in error:
    SAPAPPL0_1_5
    DbSlExecute: rc = 99
      (SQL error 2216)
      error message returned by DbSl:
    ORA-02216: tablespace name expected
    (DB) INFO: disconnected from DB
    /usr/sap/DB2/SYS/exe/uc/rs6000_64/R3load: job finished with 1 error(s)
    /usr/sap/DB2/SYS/exe/uc/rs6000_64/R3load: END OF LOG: 20140307141347
    SAPZPSA
    DbSlExecute: rc = 99
      (SQL error 2216)
      error message returned by DbSl:
    ORA-02216: tablespace name expected
    (DB) INFO: disconnected from DB
    SAPDODS
    DbSlExecute: rc = 99
      (SQL error 922)
      error message returned by DbSl:
    ORA-00922: missing or invalid option
    (DB) INFO: disconnected from DB
    SAPDFACT
    DbSl Trace: Error 1741 in exec_immediate() from oci_execute_stmt(), orpc=0
    DbSl Trace: ORA-01741 occurred when executing SQL stmt (parse error offset=8126464)
    (DB) ERROR: DDL statement failed
    (  ALTER TABLE "/BI0/F0TCT_C01"    ADD PARTITION "/BI0/F0TCT_C010000001131" VALUES LESS THAN ( 0000001131  )    TABLESPACE "" )
    DbSlExecute: rc = 99
      (SQL error 1741)
      error message returned by DbSl:
    ORA-01741: illegal zero-length identifier
    (DB) INFO: disconnected from DB
    SAPZOSO
    DbSl Trace: Error 922 in exec_immediate() from oci_execute_stmt(), orpc=0
    DbSl Trace: ORA-00922 occurred when executing SQL stmt (parse error offset=242024448)
    (DB) ERROR: DDL statement failed
    (CREATE TABLE "/BIC/B0000989000"    ("REQUEST" VARCHAR2 (000090)      DEFAULT ' ' NOT NULL,    "DATAPAKID" VARCHAR2 (000018)      DEFAULT '000000' NOT NULL,    "PART
    NO" NUMBER (000010)      DEFAULT 0 NOT NULL,    "RECORD" NUMBER (000010)      DEFAULT 0 NOT NULL,    "PLANT" VARCHAR2 (000012)      DEFAULT ' ' NOT NULL,    "MATERIA
    L" VARCHAR2 (000054)      DEFAULT ' ' NOT NULL,    "RPA_CURUOM" VARCHAR2 (000015)      DEFAULT ' ' NOT NULL,    "RPA_MVF" NUMBER (000017, 000002)      DEFAULT 0 NOT N
    ULL,    "PRICE_UNIT" NUMBER (000017, 000003)      DEFAULT 0 NOT NULL,    "RPA_QTYUOM" VARCHAR2 (000009)      DEFAULT ' ' NOT NULL,    "RT_SSMFGR" VARCHAR2 (000024)
        DEFAULT '00000000' NOT NULL,    "BASE_UOM" VARCHAR2 (000009)      DEFAULT ' ' NOT NULL,    "FRE_PLNPUR" VARCHAR2 (000036)      DEFAULT ' ' NOT NULL,    "FRE_MINS
    TK" NUMBER (000017, 000003)      DEFAULT 0 NOT NULL,    "FRE_SERLEV" NUMBER (000017, 000003)      DEFAULT 0 NOT NULL,    "FRE_SELCLS" VARCHAR2 (000003)      DEFAULT '
    0' NOT NULL,    "FRE_REPLST" VARCHAR2 (000006)      DEFAULT ' ' NOT NULL,    "ABCKEY" VARCHAR2 (000003)      DEFAULT ' ' NOT NULL,    "RECORDMODE" VARCHAR2 (000003)
        DEFAULT ' ' NOT NULL,    "RT_SERVLEV" VARCHAR2 (000003)      DEFAULT ' ' NOT NULL,    "RT_SUPS" VARCHAR2 (000003)      DEFAULT ' ' NOT NULL,    "VAL_TYPE" VARCH
    AR2 (000030)      DEFAULT ' ' NOT NULL,    "PUR_GROUP" VARCHAR2 (000009)      DEFAULT ' ' NOT NULL,    "RT_VPNEU" NUMBER (000017, 000002)      DEFAULT 0 NOT NULL,
    "CURRENCY" VARCHAR2 (000015)      DEFAULT ' ' NOT NULL,    "RT_VRKPE" NUMBER (000017, 000003)      DEFAULT 0 NOT NULL,    "DISMM" VARCHAR2 (000006)      DEFAULT ' '
    NOT NULL,    "SALES_UNIT" VARCHAR2 (000009)      DEFAULT ' ' NOT NULL,    "RT_VP_BT" NUMBER (000017, 000002)      DEFAULT 0 NOT NULL,    "RT_VPE_BT" NUMBER (000017,
    000003)      DEFAULT 0 NOT NULL,    "RT_VP_NT" NUMBER (000017, 000002)      DEFAULT 0 NOT NULL,    "RT_VPE_NT" NUMBER (000017, 000003)      DEFAULT 0 NOT NULL,    "R
    T_VWAERBT" VARCHAR2 (000015)      DEFAULT ' ' NOT NULL,    "RT_VWAERNT" VARCHAR2 (000015)      DEFAULT ' ' NOT NULL,    "RT_VPMEIBT" VARCHAR2 (000009)      DEFAULT '
    ' NOT NULL,    "RT_VPMEINT" VARCHAR2 (000009)      DEFAULT ' ' NOT NULL,    "LOC_CURRCY" VARCHAR2 (000015)      DEFAULT ' ' NOT NULL,    "UNIT" VARCHAR2 (000009)
      DEFAULT ' ' NOT NULL,    "CM_MCATDIV" VARCHAR2 (000054)      DEFAULT ' ' NOT NULL,    "CM_CDT1" VARCHAR2 (000054)      DEFAULT ' ' NOT NULL,    "CM_CDT2" VARCHAR2
    (000054)      DEFAULT ' ' NOT NULL,    "CM_CDT3" VARCHAR2 (000054)      DEFAULT ' ' NOT NULL,    "CM_CDT4" VARCHAR2 (000054)      DEFAULT ' ' NOT NULL,    "CM_HIEID"
    VARCHAR2 (000006)      DEFAULT ' ' NOT NULL,    "CPSTLC" NUMBER (000017, 000002)      DEFAULT 0 NOT NULL,    "CPSVLC" NUMBER (000017, 000002)      DEFAULT 0 NOT NULL
    ,    "STOCK_VAL" NUMBER (000017, 000002)      DEFAULT 0 NOT NULL,    "STOCK_QTY" NUMBER (000017, 000003)      DEFAULT 0 NOT NULL,    "RT_SEASON" VARCHAR2 (000012)
      DEFAULT ' ' NOT NULL,    "RT_SEASYR" VARCHAR2 (000012)      DEFAULT '0000' NOT NULL,    "CALDAY" VARCHAR2 (000024)      DEFAULT '00000000' NOT NULL,    "CALWEEK"
    VARCHAR2 (000018)      DEFAULT '000000' NOT NULL,    "RF_BNDID" VARCHAR2 (000012)      DEFAULT ' ' NOT NULL,    "/BIC/ZCATTR3" VARCHAR2 (000006)      DEFAULT ' ' NOT
    NULL,    "/BIC/ZCSTYLE" VARCHAR2 (000006)      DEFAULT ' ' NOT NULL,    "/BIC/ZCIMAGE" VARCHAR2 (000006)      DEFAULT ' ' NOT NULL,    "/BIC/ZCBRNDTYP" VARCHAR2 (000
    003)      DEFAULT ' ' NOT NULL,    "/BIC/ZCGROUPE" VARCHAR2 (000054)      DEFAULT ' ' NOT NULL)    PCTFREE 10    PCTUSED 00    INITRANS 001    TABLESPACE    STORAGE (
    INITIAL    0000000016 K            NEXT        0000001024 K            MINEXTENTS  0000000001            MAXEXTENTS  2147483645            PCTINCREASE 0000
        FREELISTS  001            FREELIST GROUPS 01)      PARTITION BY RANGE ("PARTNO")      (      PARTITION "/BIC/B00009890000000000002" VALUES LESS THAN      (00000
    00002)      NOCOMPRESS      ) )
    DbSlExecute: rc = 99
      (SQL error 922)
      error message returned by DbSl:
    ORA-00922: missing or invalid option
    (DB) INFO: disconnected from DB

    hello,
    Before anything update DB shared lib, R3load, R3ldctl and R3szchk in the target system. Also Check in source system if you have any tables o index missing in db02 transaction, If this system wa upgraded from a previous release please check TAORA and IAORA tables in source system and check all the tablespaces named in those tables are created in the target system.
    let me know how it goes.
    Regards,
    Michael

  • Dual Stack NW 7.0 installation with R/3 Backend as UME

    I have a quick question guys. I am about to install a dual stack NW system with ADS(SQL server database on windows) and will use a R/3 Enterprise running on unix as the UME datasource. Now this R/3 enterprise backend already acts as bakend for Portal system and uses sap logon tickets and as such already has the user SAPJSF.   Now when i actually perform the NW 7.0 installation and enter a master password during the course, would this override the SAPJSF user in R/3 backend system at all.
    What are the general problems that are caused with using an existing ABAP only system as the UME for your Java stack(Dual stack actually) systems. Can you advise.
    Regards
    Kalyan

    Hi,
    Now when i actually perform the NW 7.0 installation and enter a master password during the course,
    would this override the SAPJSF user in R/3 backend system at all.
    NO....Not at all..
    SAPJSF user is used for the communication between ABAP  and JAVA stacks. SAPJSF user is an independent user of each independent ABAP stack.
    ABAP data/user-store is the place where the users, roles and authorizations of an ABAP System are stored.
    And with the same concept, the UME is the same mechanism for users, roles, permissions of an JAVA system.
    After installation of your new NW ABAP+JAVA Stack, you will have to specify the SAPJSF user of ur old R/3 ABAP system which you want to use as User Data Store for ur Newly installed Java System's UME.
    In ABAP System section u will have to provide all details of ur SAP R/3 application server, which ur portal is already using as User Data Store.
    What are the general problems that are caused with using an existing ABAP only system
    as the UME for your Java stack(Dual stack actually) systems. Can you advise.
    It depends on the usage of your new application server.
    Regards
    Bhavik G. Shroff

  • Question about the number of ERS instances in a dual-stack MCS environment

    Hello to the group.
    I have a simple question for those running a NetWeaver 7.0 (i.e. 2004s) dual stack (ABAP/JAVA) setup in an MCS environment. On each individual node, do you have two separate ERS processes running on the node (as seen in Task Manager) that is opposite to the system running the ASCS/SCS instances? If so, do you have a set of profiles for each of these ERS processes (I am guessing that is true)?
    Thanks in advance for your help.
    J. Haynes

    Has anyone found a good description of the process that runs after one node fails over to another one? help.sap.com mentions that the ASCS will restart and run the command enstatus.cmd but I cannot find what is supposed to happen after that. Is the ERS service itself stopped?
    Thanks
    J. Haynes

  • EHP4 Dual stack

    hi guys,
    we plan to upgrade Enterprise Dual stack(ABAP+JAVA) System to EHP4 system.
    In EHP4 upgrade document it says, No dual stack supported for EHP4 installation..was that mean
    only for Installation or upgrade too.
    Seperate SID is required for EHP4 system after upgrade? Please confirm.
    thanks

    hi jaichan,
    yes, you are right ..For new installation of SAP ERP to EHP4 level, you cannot install dual stack system..i have read in sap note 855534..please find below the extract from this note:
    As of SAP Business Suite 7, you can no longer install Dual Stack Application Systems (ABAP+Java).
    If you want to use both SAP Business Suite ABAP and Java Components in your system landscape, you have to proceed as follows:
    1. Install a separate ABAP-based SAP Business Suite system.
    2. Install the required Java components in a separate Java-based SAP system.
    3. Configure the connection of the Java-based SAP system to the ABAP-based SAP Business Suite back-end system.
    The SAP Business Suite 7 comprises: EHP4 for SAP ERP 6.0, SAP CRM 7.0, SAP SCM 7.0, SAP PLM 7.0, SAP SRM 7.0
    As of now you will find the latest recommendations at a central place in SDN:
    https://www.sdn.sap.com/irj/sdn/landscapedesign -> Distribution Models
    You will also find information about the deployment of SAP NetWeaver usage types and the SAP Business Suite there.
    but you can upgrade your previously installed SAP ERP dual stack system without having seperate SID's thing...
    We have upgraded around 50 of our systems without any problem
    thanks sunny

  • PI 7.1(dual stack) and PI 7.31(Single stack) -

    Friends,
    I have a proxy to proxy scenario - Proxy --> PI --> Proxy
    We have two servers PI 7.1(dual stack) and PI 7.31(Single stack)
    i did the development in ESR and my ESR is pointing to PI 7.1, when i execute the scenario i receive one error message "receiver could not be determined", i ensured that all my input is correct, still i get the same error message.
    the expectation is my scenario should point to PI 7.31, Can some one help me where and what settings i need to make in-order to make it work.
    Please Note: All my data is correct and i read some scn forums wherein they asked to refresh the cache , i have refreshed the cache also still the problem persists.
    Thanks in advance!

    Iñaki Vila
    Communication component in ID is the same as sender side.
    could you share your sender configuration?
    Did you mean Tcode - SXMB_ADM and under that Sender/Receiver configuration
    Krupa Rao Atluri
    In ID steps are correctly defined.
    I spoke to my colleague he hinted that at RUN TIME we want to point to PI7.31, he mentioned config change needed in SXMB_ADM
    any further inputs from any one could be useful.

  • Parameterized mapping in PI 7.31 Dual Stack

    Hi All,
    I am working on PI 7.31 Dual Stack. I am getting the below exception in parameterized mapping:
    com.sap.aii.utilxi.misc.api.BaseRuntimeException; com.sap.aii.mapping.api.UndefinedParameterException: The input-parameter TestVal does not exist.
    I could test in MM test tab but facing the issue in runtime. Please suggest me where I am going wrong.
    Thanks,
    Madhurima

    Hi Madhurima,
    Have you checked if your PI version and patch level is being affected with this note  1933139 - Errors during execution of operation mapping with message mapping parameters names different from the operation mapping parameter names?
    Regards.

  • Issue while creating Component Based Message Alerting in PI 7.31 Dual Stack

    Hi,
    We tried to implement Component Based Message Alerting following the steps mentioned in the below blog.
    http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/03/25/michals-pi-tips-component-based-message-alerting
    Ours is PI 7.31 dual stack. However, after setting up the job with my own user id, I am getting the below error inside the log of Jobs tab:
    javax.jms.JMSSecurityException: You do not have permissions: action alertingVP.queue and instance:name alertingVP.queue
    action consumer
    instance jms/queue/xi/monitoring/alert/ALERT-TO-MAIL
    Please let us know what permission is required to set up the job.
    Thanks,
    Rahul

    Hi, 
    Now I am able to receive alert in my mailbox. But it's coming with improper content.
    I have set up the job at an interval of every 2 minutes in NWA, and in case if only 1 message fails in IE, in ideal case, I should receive only 1 message details in alert.
    However, in every 2 minutes, I am receiving junk data and the number is increasing for the particular scenario for which the alert has been created. Also the Error Category mentioned is showing improper.
    But in table SXMSALERTCONTENT I am able to view only the newly added failed entry.
    An erroneous alert email content is pasted below:
    63 messages failed for "Test_XXX" on "af.s0i.saps0i"
    Root cause: -1
    To navigate to the failed messages in the local message monitor use this link
    The first 1 messages of that data collection:
    "AdapterNamespace": "http://sap.com/xi/XI/System",
    "AdapterType": "File",
    "Channel": "FileSender_XXX",
    "ChannelParty": "",
    "ChannelService": "XXXXX",
    "Component": "af.s0i.saps0i",
    "ErrCat": "",
    "ErrCode": "",
    "ErrLabel": "-1",
    "ErrText": "Configured source directory '\\Outbound\\XXX\\CREMAS' does not exist",
    "FromParty": "",
    "FromService": "XXX",
    "Interface": "Z_CREMAS_SUSMM.CREMAS03",
    "Namespace": "urn:sap-com:document:sap:idoc:messages",
    "RuleId": "3a64dd6e1b1d3e58aff62ea70c97cb80",
    "Timestamp": "2013-02-01T09:43:23Z",
    "ToParty": "",
    "ToService": ""
    The failed message however do not relate to the 'source directory does not exist' issue. Please help.
    Thanks,
    Rahul

  • How to restart Java Engine in ABAP+JAVA dual stack installation ?

    Dear Experts
    if i use stopsap r3 in this dual stack installation - it stops both ABAP & JAVA Web Application Servers.
    I want to restart only JAVA Weba pplication server.
    How do it ?
    Thaks in Advance !
    Rgds

    But theoritically  they are 2 indpeendent installations like
    AS ABAP
    AS JAVA
    ..Do you aggree ?? really am not good on basics!!
    During the installation also -  if select AS ABAP & AS JAVA  - it will become dual installation
    and it does not show
    any dependency while installing that AS JAVA  requires AS ABAP.[Installation Component Selection and Dependency Screen shot|http://i303.photobucket.com/albums/nn153/S0002919350/SAP%20Issues/Oracle_Patches.jpg]
    Installation Component Selection and Dependency Screen shot
    Is it because if AS ABAP is down - AS JAVA UME is 001 client - and Java authentication fails ?
    Can we de attatch from ABAP UME for my requirement like - running JAVA WAS alone w/o ABAP.
    Regards
    PR
    Regards
    Edited by: P.R. SRINIVAS on Jun 16, 2008 4:15 PM

  • PI 7.31 Dual Stack SSL configuration

    HI Gurus,
    I have a quick query, I am configuring SSL on my PI 7.31 systems.
    I have checked all the standard guides and forums but I have one doubt.
    Q1 - Is it necessary to configure SSL both in ABAP and JAVA side ?
    Q2 - If I just configure SSL in STRUSTSSO2 in ABAP , will it be more than enough ?
    Q3 - In what cases do we need to configure SSL in JAVA side ? And does configuring SSL in JAVA mandatory require sapcryptolib files ?
    Please share your views.
    Cheers, SG

    I want to understand is it necessary to configure SSL in both ABAP and JAVA in case of dual stack PI ?
    >>> Please refer to Huseyin's comments in the below thread..
    PI 7.3 Dual Stack SSL configuration
    In what cases do we use JAVA SSL in Dual stack system ?
    >>> AFAIK - when you use http_aae adapter/soap with https then you should configure the SSL on java stack.

  • PI 7.31 Dual Stack Using BPM/BRM and ccBPM

    Hello,
    My client has decided to use SAP PI 7.31, because we have many ccBPM solutions, being used a long time, the idea is install the Dual Stack solution and keep using the ccBPM, at least for while.
    But for the new integration solutions, we would like to use the AEX(Local AEX-Based) and connect to BPM and BRM, and maybe migrate the old solutions when possible.
    Is it possible, use the both solutions( AEX/BPM/BRM and ccBPM) ? In this case, we will have all the benefits and great perfomance
    when using the AEX/BPM/BRM(Local AEX-Based) solution, that we have in the single stack ?
    Best regards,
    Dylon.

    Hi, vishal jain.
    Thank you! Checking your link, we will probably choose the third case:
    If PI is installed as dual-stack, then PO, PI and BPM/BRM, will have to be installed with different SIDs.  PI on one SID and BPM/BRM on a different SID.
    But the question remains... in this case is possible to use ccBPM and BPM/BRM, ok ?
    And when using the BPM/BRPM, how is the performance and benefits ?
    Are the same when using single stack solution ?
    Best regards!

Maybe you are looking for

  • The best way to connect wireless and wired for a WRT160N.

    It took me about 4 hours to find out how to connect wireless and wired to a network using model WRT160N.  Here is what I have done.  First install the CD when it says there is not connection connect your PC, Modem and router Andy any wireless are wir

  • Attachments not viewable in conversation view in Outlook 2010

    We have an installation of Outlook 2010 on XP Pro SP3, and when the inbox is set to view by conversation and there are messages that contain attachments within a conversation, I will open the message that contains the attachment, but there will be no

  • Outlook 2013 won't sync thru iCloud -- workaround

    On a Windows 8 PC, Outlook 2013 will not sync calendar and contacts with i devices thru iCloud.  Until Apple and/or Microsoft address the compatibility issue, there is a reasonable workaround.  Use Outlook 2013 only for mail.  For calendar  and conta

  • Menu button not available

    I cannot get to the menu button on my samsung galaxy 2 10.1 tablet. There is not a menu on the botton of the screen as many keep referring to either. Am I correct that customizing the app is just going to not be possible? Am about ready to give up an

  • Haven't lost song files, but have lost playlists and want to restore!

    I store my songs (2300 in total) on a NAS drive. Two days ago, it was necessary for me to detach the NAS drive from my system. When it was re-attached, for some reason it came to life with a name that was a modified version of its prior name. Consequ