SAP Router start issue
Hello All
We are facing the following issue while starting the SAP router. The router just hangs with the following statement in the command prompt.
trcfile dev_rout
no logging active
upon providing trace level 3 and looking into the dev_route file, the following information is found.
Please help in suggesting possible resolution.
trc file: "dev_rout", trc level: 3, release: "742"
Thu Apr 23 19:06:49 2015
NiIHSBufInit: initialize hostname buffer (IPv4)
NiHLInit: alloc host buf (200 entries)
NiSrvLInit: alloc serv bufs (200 entries)
NiIInit: allocated nitab (811 at 00000000041A2610)
NiIInit: host/serv bufs already initialized
SAP Network Interface Router, Version 40.4
Compiled Mar 30 2015 18:27:50
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -V
command line arg 3: 3
command line arg 4: -K
command line arg 5: p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE
service : 3299
routtab : ./saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
tracefile limit : 0 byte
tracefile maxcnt : 0
socket buffer size : 32768
logfile : no logging active
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=000000000213F148)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
GetUserName()="um1adm" NetWkstaUser="um1adm"
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll".
DlLoadLib success: LoadLibrary("E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"), hdl 0, count 1, addr 0000000010000000
using "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): failed GetProcAddress("sapsnc_init_adapter") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
with error 127 = "The specified procedure could not be found."
DlLoadFunc(): successful GetProcAddress("gss_acquire_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
Thu Apr 23 19:06:49 2015
DlLoadFunc(): successful GetProcAddress("gss_init_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_accept_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_process_context_token") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_delete_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_context_time") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_get_mic") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_verify_mic") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_wrap") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_unwrap") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_display_status") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_indicate_mechs") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_compare_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_display_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_import_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_buffer") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_oid_set") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_cred_by_mech") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_wrap_size_limit") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_export_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_import_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_names_for_mech") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_mechs_for_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_canonicalize_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_export_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
File "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
DlLoadFunc(): successful GetProcAddress("sapcr_get_version") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("sapcr_get_secudir") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
SECUDIR="E:\usr\sap\saprouter" (from $SECUDIR)
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.1) to SAPCRYPTOLIB 5.x
Product Version = SAPCRYPTOLIB 5.5.5C pl38 (Oct 7 2014) MT,AESNI,NB
<<- SncPDLInit()==SAP_O_K
<<- SncInit()==SAP_O_K
sec_avail = "true"
->> SncSetMyName(snc_hdl=0000000000000000, myname="p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE")
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
Thu Apr 23 19:06:49 2015
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiSetParamEx: set NIP_SOCK_BUFFER_SIZE 32768
NiMyHostName: hostname = 'USCINSAPSVR10'
main: pid = 13232, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiSelICreateSet: new set0
SiSelNInit: allocate 172528 bytes for FI (811)
NiSelIInit: size of set0 is 811
NiICreateHandle: hdl 1 state NI_INITIAL_LIS
NiIInitSocket: set default settings for new hdl 1/sock 508 (I4; ST)
Windows Version 6.1, Build 7601
Running on Windows Vista
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 1 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 1 FALSE
NiIListen: state of hdl 1 NI_LISTEN
SiSelNSet: sock 508 added to set pos 0
NiSelIAddMsg: added hdl 1 to set0
SiSelNSet: set events of sock 508 to: rp-
reading routtab: './saprouttab'
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0000000003E5FF60, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34/32 (0/0)
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0000000003E5FF60, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
addrinfo of 'USCINSAPSVR09':
0: 192.168.120.19:0 Thu Apr 23 19:06:49 2015
'USCINSAPSVR09' <unknown socket type 0> (0-2-0-0-16)
1: 192.168.120.19:0 <unknown socket type 0> (0-2-0-0-16)
NiHLGetNodeAddr: got hostname 'USCINSAPSVR09' from operating system
NiIGetNodeAddr: hostname 'USCINSAPSVR09' = addr 192.168.120.19
NiIGetServNo: servicename '3200' = port 3200
NiStrToAddrMask: '192.168.*.*' -> 192.168.0.0/16 (0/1)
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34/32 (0/0)
contents of routtab ('./saprouttab', 3 entries):
KT*,*<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=00000000042354D4, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 194.39.131.34/32 * *
KP*,*<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=000000000423599C, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
Thu Apr 23 19:06:49 2015
p:CN=sapserv2, OU=SAProuter, O= 192.168.120.19/32 3200 p
P*,* 192.168.0.0/16 194.39.131.34/32 * *
******* NI-ROUTER LOOP ********
SiSelNSelect: start select (timeout=-1)
** Trace file opened at 20150417 112112 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =CONNECTION_PING
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_DSMOP_RFC_WATCHER==========CP (Transaction: )
er: SOLMAN_BTC (Client: 100)
stination: SAP-OSS (Handle: 1, DtConId: 00000000000000000000000000000000, DtConCnt: 0, ConvId: ,)
P RootContextId: 74D4356C5F6B1ED4B6E3593B0548B699, ConnectionId: 74D4356C5F6B1ED4B6E35960B5B7D699, ConnectionCnt: 1
P TransactionId: 5B15E5E476B3F1738EAD74D4356C5F6B
** Trace file opened at 20150417 112113 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =SAP-OSS
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_SM_DATA_SENDER_RFC=========CP (Transaction: )
er: SOLMAN_BTC (Client: 100)
stination: SAP-OSS (Handle: 2, DtConId: 00000000000000000000000000000000, DtConCnt: 0, ConvId: ,)
P RootContextId: 74D4356C5F6B1ED4B6E3593B0548B699, ConnectionId: 74D4356C5F6B1ED4B6E35960B5B7D699, ConnectionCnt: 1
P TransactionId: 5B15E5E476B3F1738EAD74D4356C5F6B
** Trace file opened at 20150417 112113 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =SAP-OSS
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_SM_DATA_SENDER_RFC=========CP (Transaction: )
Similar Messages
-
Hi All,
I have installed SAP Router before but this time when I installed and tried to start SAP Router its not getting started, and also not giving any error log file in SAP Router directory.
Please check the below command and correct me if I am wrong.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\sap_admin>cd \
C:\>cd SAPRTR
C:\SAPRTR>saprouter -r -S 3299 -K "p:CN=<MyRouterHOSTNAME>, OU=<Cust_NUM>, OU=SAProuter,
O=SAP, C=DE"
SAP Network Interface Router, Version 38.10
Compiled Oct 7 2009 03:08:09
start router : saprouter -r
stop router : saprouter -s
soft shutdown: saprouter -p
router info : saprouter -l (-L)
new routtab : saprouter -n
toggle trace : saprouter -t
cancel route : saprouter -c id
dump buffers : saprouter -d
flush " : saprouter -f
hide errInfo : saprouter -z
start router with third-party library: saprouter -a library
additional options
-R routtab : name of route-permission-file (default ./saprouttab)
-G logfile : name of log file (default no logging)
-T tracefile : name of trace file (default dev_rout)
-V tracelev : trace level to run with (default 1)
-H hostname : of running SAProuter (default localhost)
-S service : service-name / number (default 3299)
-P infopass : password for info requests
-C clients : maximum no of clients (default 800)
-Y servers : maximum no of servers to start (default 1)
-K [myname] : activate SNC; if given, use 'myname' as own sec-id
-A initstring: initialization options for third-party library
-D : switch DNS reverse lookup off
-E : append log- and trace-files to existing
-J filesize : maximum log file size in byte (default off)
-6 : IPv6 enabled
-Z : hide connect error information for clients
expert options
-B quelength : max. no. of queued packets per client (default 1)
-Q queuesize : max. total size for all queues (default 20000000 bytes)
-W waittime : timeout for blocking net-calls (default 5000 millisec)
-M min.max : portrange for outgoing connects, like -M 1.1023
-I address : address for outgoing connects, like -I 155.56.76.6
this is a sample routtab : -----------------------------------------
D host1 host2 serviceX
D host3
P * * serviceX
P 155.56.. 155.56
P 155.57.1011xxxx.*
P host4 host5 * xxx
P host6 localhost 3299
P host7 host8 telnet
S host9
P0,* host10
KP sncname1 * *
KS * host11 *
KD "sncname "abc" * *
KT sncname3 host11 *
deny routes from host1 to host2 serviceX
deny all routes from host3
permit routes from anywhere to any host using serviceX
permit all routes from/to addresses matching 155.56
permit ... with 3rd byte matching 1011xxxx
permit routes from host4 to host5 if password xxx supplied
permit information requests from host6
permit native-protocol-routes to non-SAP-server telnet
permit ... excluding native-protocol-routes (SAP-servers only)
permit ... if number of preceding/succeeding hops (SAProuters) <= 0/*
permit SNC-connection with partnerid = 'sncname1' to any host
permit all SAP-SAP SNC-connections to host11
deny all SNC-connections with partnerid = 'sncname "abc'
open connects to host11 with SNC enabled and partnerid = 'sncname3'
first match [host/sncname host service] is used
permission is denied if no entry matches
service wildcard (*) does not apply to native-protocol-routes
C:\SAPRTR>
Rg
RameshHello my friend
It could be certificate didn't import properly or routtab content is not correct. Here's your checklist:
Creating the certificate request
1) As user <snc_adm> set the environment variables SNC_LIB and SECUDIR
2) Change to the alias SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant u201CDistinguished Nameu201D.
3) Generate the certificate Request with the command:
sapgenpse get_pse -v -r certreq -p local.pse u201C<Distinguished Name>u201D
You will be asked twice for a PIN here. Please choose a PIN and document it, you have to enter it identically both times. Then you will have to enter the same PIN every time you want to use this PSE.
4) Display the output file "certreq" and with copy&paste (including the BEGIN and END statement) insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
5) In response you will receive the certificate signed by the CA in the Service Marketplace. Copy&paste the text to a new local file named "srcert", which must be created in the same directory as the sapgenpse executable.
6) With this in turn you can install the certificate in your saprouter by calling:
sapgenpse import_own_cert -c srcert -p local.pse
7) Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user_for_saprouter>, the credentials are created for the logged in user account).
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
Note: The account of the service user should always be entered in full <domainname>\<username>
8) This will create a file called "cred_v2" in the same directory as "local.pse"
9) Check if the certificate has been imported successfully with the following command:
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
10) If this is not the case, delete the files "cred_v2"and "local.pse" and start over at Item 3.
Additional actions necessary before you can start SAProuter
1. Check if the environment of the user running SAProuter contains the environment variable SNC_LIB and SECUDIR
2. Start the SAProuter with the following command line (to start the SAProuter as a Windows service, please follow the steps described in SAP note 525751):
saprouter -r -S <port> -K "p:<Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
3. The corresponding file "saprouttab" should look like:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
SNC-connection from SAP to telnet in your network
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P * 194.39.131.34 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your IP> <port>
Regards,
Effan
DON'T KNOW WHY THE FORMAT MESSED UP, PLEASE USE QUOTE ORIGINAL IN REPLY MODE TO READ THE CORRECT FORMAT CONTENT. SORRY! -
SAP Router configuration on Linux platform (error in start script)
Hello gurus,
I´m trying to setup the saprouter on Fedora v14 (32 bits).
I did all the configure with root user. The problem is when I run the script that starts the saprouter service, it show me the following error:
[root@saprouter sap]# pwd
/usr/sap/saprouter
[root@saprouter saprouter]# saprouter_start
/usr/sap/saprouter/saprouter_start: line 12: syntax error near unexpected token `|'
'usr/sap/saprouter/saprouter_start: line 12: ` | tee -a $LOGFILE &
The content of this script, has the following sintaxes:
# Start saprouter
# You can automatically start SAProuter when you start the system. In UNIX for example, you would change file /etc/rc.
# saprouter CN=saprouter, OU=0001214237, OU=SAProuter, O=SAP, C=DE sapserv2
SRDIR=/usr/sap/saprouter
LOGFILE="usr/sap/saprouter/saprouter_log"
if [ -f $SRDIR/saprouter ] ; then
echo "Starting SAP Router" | tee -a $LOGFILE
$SRDIR/saprouter -r -R $SRDIR/saprouttab -G $LOGFILE -W 60000 -K "p:CN=saprouter, OU=0001214237, OU=SAProuter, O=SAP, C=DE"
| tee -a $LOGFILE &
fi
The strange of this is I already did this type of configuration on Linux with the same scripts... but in red hat enterprise linux x86_64 and in there it works perfectly!
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4f/992ce8446d11d189700000e8322d00/frameset.htm
Can you help me please in way to solve this problem...?!
Best regards,
João Dimas - PortugalHello Clebio,
First al all, please don´t forget to read my previous message.
I´m writing again because I made other tests that I would like to show you...!
1- In my previous message I mentioned an error when I ran directly the command # saprouter -r... and as you recomend, I typed the "ldd saprouter", the output of this show that libstdc+.so.5: was not found! I already solve this issue, I installed the compat-libstdc+ with # yum install compat-libstdc++. So... now when I run that "ldd saprouter" the result is:
[root@saprouter saprouter]# ldd saprouter
linux-gate.so.1 => (0x003a9000)
libdl.so.2 => /lib/libdl.so.2 (0x00911000)
librt.so.1 => /lib/librt.so.1 (0x00918000)
libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x00110000)
libm.so.6 => /lib/libm.so.6 (0x00923000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00966000)
libpthread.so.0 => /lib/libpthread.so.0 (0x008f4000)
libc.so.6 => /lib/libc.so.6 (0x00768000)
/lib/ld-linux.so.2 (0x00747000)
It seems that is solved! Is not it?
2- After that correction, I ran again the # saprouter -r but now it show me the following error:
[root@saprouter saprouter]# saprouter -r
trcfile dev_rout
no logging active
*** ERROR => invalid lines in './saprouttab', see 'dev_rout' [nirout.cpp 8006]
... next, what I did was, I opened the dev_rout:
trc file: "dev_rout", trc level: 1, release: "700"
Thu Aug 11 13:10:49 2011
SAP Network Interface Router, Version 38.10
command line arg 0: saprouter
command line arg 1: -r
main: pid = 9808, ppid = 2038, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
*** ERROR => SNC field without SNC active, skip line 2 [nirout.cpp 7775]
*** ERROR => SNC field without SNC active, skip line 3 [nirout.cpp 7775]
*** ERROR => SNC field without SNC active, skip line 8 [nirout.cpp 7775]
... and I also checked my saprouttab in there I see...:
1. vim saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KT "p:CN=saprouter, OU=000121987, OU=SAProuter, O=SAP, C=DE" 81.193.132.663 3299
# SNC connection to local system for R/3-Support
# R/3 Server: 192.168.34.178
# R/3 Instance: 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.34.178 3200
# Access from the local Network to SAP
P * 194.39.131.34 3299
# Deny all other connections
#D * * *
What´s the problem!??! I don´t get it!! My God... I don´t understand, all the entries in saprouttab seems well to me! Can you verify this please?! It´s correct, isn´t it?
Can you help me!?
Thank you
João Dimas - Portugal -
Hello
I have installed solution manager 7.0 and then sap router is also configured on the same box.
1. To generate a certificate request,
sapgenpse get_pse -v -r D:\usr\sap\saprouter\certreq -p D:\usr\sap\saprouter\local.pse "CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE"
2. Then you have to request the certificate from
http://service.sap.com/tcs -> Download Area -> SAProuter Certificate
3. Create a file D:\usr\sap\saprouter\srcert and copy the requested
certificate into this file. :
sapgenpse import_own_cert -c D:\usr\sap\saprouter\srcert -p
D:\usr\sap\saprouter\local.pse
4. To generate credentials for the user that's running the SAProuter
service:
sapgenpse seclogin -p D:\usr\sap\saprouter\local.pse -O sapadmin
(this will create the file "cred_v2")
5. Check the configuration:
sapgenpse get_my_name -v -n Issuer
(Result: "CN=SAProuter CA, OU=SAProuter,
O=SAP, C=DE")
6. Create SAProuter service on Windows :
ntscmgr install SAProuter -b D:\usr\sap\saprouter\saprouter.exe -p
"service -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K "CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE"
7. Edit the Windows Registry key :
MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAProuter\ImagePath
8. Start the SAProuter service -- success
9. Enter the parameters in OSS1 -> Technical Settings -->
hostname : sbsapmgrapp01
IP: 10.1.0.112
instance : 00
SAP host name : sapserv2
IP: 194.39.131.34
instance:99
10. saprouttab
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.0.112 3200
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P 10.1.0.112 194.39.131.34 3299
deny all other connections
D * * *
when I check the sap-oss connection i am getting internal error. Any help would be appreciate..
Thanks
seshuHi Rahu
Thanks for your response. Here is my saprouttab entry's
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local Solman System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.0.112 3200
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P 10.1.0.112 194.39.131.34 3299
P 10...* 194.39.131.34 *
Here is my dev_rout file..
trc file: "dev_rout", trc level: 1, release: "700"
Thu Oct 16 02:08:22 2008
SAP Network Interface Router, Version 38.10
command line arg 0: D:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -R
command line arg 3: D:\usr\sap\saprouter\saprouttab
command line arg 4: -W
command line arg 5: 60000
command line arg 6: -K
command line arg 7: p:CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\saprouter\sapcrypto.dll".
File "D:\usr\sap\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 1684, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
Thu Oct 16 09:14:17 2008
***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 256
(SI_ECONN_REFUSE/10061; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
Thu Oct 16 09:14:20 2008
***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 256
(SI_ECONN_REFUSE/10061; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
Kindly suggest the changes in my saprottab file..
Thanks
seshu
Issue resloved..
Edited by: Seshagiri Rao Myneni on Oct 16, 2008 7:31 PM -
Setting up SAP Router for SNC ... error...
Hi,
My SAP Router is installed on a server that is Linux based. (IP address is 10.11.0.24)
I'm not sure if is saprouttab or saprouter itself having issue.
I started the saprouter via this command: saprouter -r -G routerlog -W 60000 -S 3299 -K "p:CN=XXXXXXXX, OU=ZZZZZZZZZZ, OU=SAProuter, O=SAP, C=DE"
saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
# SNC connection to local system for R/3-Support for support
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3201
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.23 3200
# Access from local network to SAPNet (OSS)
P 10.11.0.* 169.145.197.110 3299
P * 10.11.0.* * *
# deny all other connections
D * * *
Troubleshooting steps taken:
Running niping -s on SAP Router Server & niping.exe -c -H 10.11.0.24 is successful, self-test is okay but... when running both niping -s & saprouter -r on SAP Router Server is giving me the following error:
C:\test>niping.exe -c -S 3299 -H 10.11.0.24
Wed Feb 05 14:51:29 2014
connect to server o.k.
Wed Feb 05 14:51:30 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp 2146]
*** ERROR => NiTClientLoop: NiTReadLoop (rc=-93) [nixxtst.cpp 2590]
* LOCATION SAProuter 40.4 on 'XXXXXXXX'
* ERROR internal error
* TIME Wed Feb 5 14:51:29 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -93
* MODULE nirout.cpp
* LINE 2698
* DETAIL NiRClientHandle: route expected
* COUNTER 2
C:\Users\tohcy\Desktop\test>niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.24
Wed Feb 05 15:01:00 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2146]
*** ERROR => NiBufIConnect: route connect for non-buffered hdl 1 failed (rc=-94;/H/10.11.0.24/H/10.11.0.24); pong not received [nibuf.cpp 4801]
*** ERROR => NiTClientLoop: NiHandle (rc=-94) [nixxtst.cpp 2590]
* LOCATION SAProuter 40.4 on 'XXXXXXXX'
* ERROR XXXXXXXX: route permission denied (YYY to 10.11.0.24, 3299)
* TIME Wed Feb 5 15:00:59 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -94
* COUNTER 7Hi Deepak,
I've changed to the P * * *
I run the command: niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.23
Can I check if this command is correct?
Router is 10.11.0.24 trying to reach sap server 10.11.0.23.
Error:
Thu Feb 06 09:20:17 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp 2146]
NiBufIConnect: route connect of non-buffered hdl 1 to '/H/10.11.0.24/H/10.11.0.23' timeout
*** ERROR => NiTClientLoop: NiHandle (rc=-5) [nixxtst.cpp 2590]
* ERROR timeout occured
* TIME Thu Feb 06 09:20:17 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -5
* MODULE nibuf.cpp
* LINE 4795
* DETAIL NiBufIConnect: route connect '/H/10.11.0.24/H/10.11.0.23'
* timeout
* COUNTER 1
routerlog:
Thu Feb 6 09:27:21 2014 CONNECT FROM C19/- host 10.11.0.181/50107
Thu Feb 6 09:27:21 2014 CONNECT TO S19/12 host 10.11.0.23/3299
Thu Feb 6 09:28:21 2014 CONNECT ERR S19/12 could not establish connection within 60s
Thu Feb 6 09:28:21 2014 DISCONNECT S19/12 host 10.11.0.23/3299
10.11.0.181 is my computer current IP address.
Any other clues/hint? -
How to install and configure SAP Router
Dear SAP Expert !
I want to install SAP Router but i dont know the SAP router package is allocated on DVD ? what is the DVD number ?
If you already configure SAP router please let me know how to configure ?Hello Thao
what is th exact issue that are u facing.
The account must be the administartor of the machine where u are installing SAPROUTER.Make sure you are following the correct steps as follows:
Downloading necessary software components from SAP Service Marketplace
1. Login to the SAP Service Marketplace with the Service Marketplace at using
the USERID/PASSWORD which was assigned for your installation.
2. Change the alias to www.service.sap.com/tcs to downloaded the SAP
cryptographic software. Select the correct SAPcrptographic software
depending on your saprouter operating system as shown below.
3. You must have the sapcar.exe in order to extract the SAP cryptographic
software file.
4. With the command of u201Csapcar -xvf xxxxxxx.saru201D, /ntintel directory would be
created and the following files would be extracted.
(Example C:/saprouter/ntintel)
( when the Microsoft Windows NT Intel version is downloaded)
C:/saprouter/ntintel/sapcrypto.dll
C:/saprouter/ntintel/sapgenpse.exe
C:/saprouter/ticket
Issue of Electronic Certificate
5. It is necessary to define the environment variable for u201CSECUDIRu201D and
u201CSNC_LIBu201D under system account.
Window NT environment variable setup :
Right-clicked the icon of you computer
Property -> details -> environment variable
SECUDIR = < Directory name >
Example. Variable name : SECUDIR
Variable value
: C:/saprouter/SNC_LIB = < Directory name >
Example. Variable name : SNC_LIB
Variable value : C:/saprouter/ntintel/sapcrypto.dll
UNIX
<path_to_libsecude>/<name_of_sapcrypto_library>
Windows
NT,
<drive>:/<path_to_libsecude>/<name_of_sapcrypto_library>
Windows
2000
6. Check if the environment of the user running saprouter contains the
environment variable SNC_LIB.
UNIX
Printenv
Windows NT
System environment Variable
7. You may now apply for a SAProuter certificate from the SAP Trust Center
Service of SAP service marketplace
http://service.sap.com/tcs
> SAP Trust Center Service in Detail
> SAProuter Certificates
SAProuter Certificate "Apply Now"
Click the button.
8. Please take note of your "Distinguished Name"
Please refer to the example above
-SAPRouter Name
: JPL50020586
-Distinguished Name
CN=JPL50020586, OU=0000036946, OU=SAProuter, O=SAP, C=DE
Then, clicked the "Continue" button.
9. Execute the following command in the /saprouter/ntintel
directory in order to generate your certificate to be exchanged with SAP.
sapgenpse get_pse -v -r certreq -p local.pse "Distinguished Name"
Example
sapgenpse get_pse u2013v -r certreq -p local.pse "CN=JPL50020586, OU=0000036946,
OU=SAProuter, O=SAP, C=DE"
Enter the PIN number. (you may enter any PIN Number you wish.)
Please enter PIN :
Please re-enter PIN :
<- you must use the same PIN Number as the above.
10. The "certreq" file is created in the /saprouter/ntintel directory.
11. Use a notepad to open the "certreq" file and copy the displayed information
(From the -BEGIN .to the END -)
12.You now have to paste the above copy content into the space provided
shown below. After you have pasted the text, click the u201CRequest certificateu201D
button to submit your request.
13. Once you click on the u201CRequest Certificateu201D a new screen will be displaying
your certificate issued by SAP CA (Certification Authority).
14. Using a notepad to copy the content (From u2013Beingu2026 to -END) and save it
as u201Csrcertu201D into /saprouter/ntintel/srcert.
Note :
- Please rename srcert.txt into srcert without any extension.
15. You then need to import this certificate into SAProuter using the following
command.
Please run on /saprouter/ntintel directory.
sapgenpse import_own_cert -c srcert -p local.pse
Please enter PIN : (same as point 9)
16. Execute the following command in the /saprouter/ntintel directory.
sapgenpse seclogin -p local.pse
Please enter PIN : (same as point 9)
This will create a file "cred_v2" in the same directory.
17. Please check whether the certificate has been imported correctly.
Execute this command in /saprouter/ntintel directory.
sapgenpse get_my_name -v -n Issuer
The result should be "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE".
18. When the above results are not obtained , please delete local.pse and
cred_v2 and work again from steps 9. Please seek the assistance from your
local SAP helpdesk or create an OSS message via component XX-SER-NET-
OSS, if you are not able to obtain the above-mentioned result after you have
repeated the above steps.
Route permission table (saprouttab)
19. The corresponding file ./saprouttab should contain at least the following
entries.
Example : by SNC connection, when connecting to sapserv2
(194.39.131.34) the following entries need to be indicated by saprouttab.,
SNC-connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
SNC-connection from SAP to local R/3-System for pcANYWHERE, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631
SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
deny all other connections
D * * *
Start the SAProuter with the following command.
Saprouter -r -S <port> -K
"p: <Your Distingiushed Name>"
-K tells the saprouter to start with loading the SNC library.
Example: saprouter -r -S 3299 u2013K "p:CN=JPL50020586, OU=0000036946,
OU=SAProuter, O=SAP, C=DE"
Additional Note
-You may refer to SAP note: 30289 in the SAP service marketplace for detail
information with regards to SAProuter
http://www.service.sap.com/note -
Pre requisites for installing SAP Router
Hi Friends,
As i am going through the implementation phase, I have to install sap router which i am new at. Also i am doing it because i have to connect Maintenance Optimizer to Sap service Market place for which Router would be essentially required.
I have some questions to put forth.
1. what are the pre requisites for SAP Router
2. Do we require Public IP and what would be the use of this ip
3. how to configure the SAP Router
4. Can i install the SAP router on the same host on which we have Solution manager, is it advisable. or we should go for a seperate host.
Regards
AayushInstalling the sapcrypto library and starting the SAProuter
Contents
u2022 Downloading necessary software components from SAP Service Marketplace
u2022 Creating the certificate request
u2022 Additional actions necessary before you can start saprouter
This section describes the necessary steps to download and install the sapcrypto library for use with saprouter. The saprouter must be started with the options described later in this section.
The license for the sapcrypto library covers saprouter connections between saprouters at SAP and the first saprouter on customer sites and backend connections within the customer`s network. For all other purposes the library CANNOT be used!
Downloading necessary software components from SAP Service Marketplace
1. Login to the SAP Service Marketplace with the Service Marketplace USERID which is assigned to your installation.
2. Change to the alias SAPROUTER-SNCADD. Before you can download the software components two preconditions must be met.
a. You must have been allowed to download the software. This authorization is added as soon as SAP has received a positive statement from the "Bundesausfuhramt". This procedure is necessary since the software falls under EU regulations.
b. For more information on how to obtain authorization if download is not possible see note 397175.
c. You must accept that you must follow the regulations imposed by the EU on the use and distribution of the cryptographic software components downloaded from the SAP Service Marketplace.
3. The acceptance of the terms and conditions is logged with your USERID and stored for reporting purposes to the "Bundesausfuhramt".
4. Accepting with the button on the web-based form takes you to the folder where you can download the Software components.
These are packed into a single CAR file sapcrypto.car
5. Copy the file to the direcory where the saprouter executable is located
6. You can get the file car.exe/sapcar.exe, which is necessary to unpack the archive from any Installation Kernel CD.
Executing the command car -xvf SAPCRYPTO.CAR will unpack the following files:
[lib]sapcrypto.[dll|so|sl]
sapgenpse[.exe]
ticket
Creating the certificate request
1. As user <snc>adm set the environment variables
SECUDIR = <directory_of_saprouter>
2. Change to the Shortlink SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant "Distinguished Name"
3. Generate the certificate Request with the command
sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
4. Alternatively use the two commands:
sapgenpse get_pse -v -noreq -p local.pse "<Your Distinguished Name>"
sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
5. Display the output file "certreq" and with copy&paste insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name
6. In response you will receive the certificate signed by the CA in the Service Marketplace, cut&paste the text to a local file named srcert
7. With this in turn you can install the certificate in your saprouter by calling
sapgenpse import_own_cert -c srcert -p local.pse
8. now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account)
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
9. This will create a file called cred_v2 in the same directory.
For increased security please check that the file can only be accessed by the user running the SAProuter.
Do not allow any other access (not even from the same group)!
On UNIX this will mean permissions being set to 600 or even 400!
On NT check that the permissions are granted only to the user the service is running as!
1. Check if the certificate has been imported correctly
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
2. If this is not the case, delete the files cred_v2, local.pse and start over at Item 4. If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands
4.,7.,8. and 10.
Additional actions necessary before you can start saprouter
1. The environment variable SNC_LIB needs to be set for the user account SAProuter is running under.
SNC_LIB has the form
UNIX <path_to_libsecude>/<name_of_sapcrypto_library>
Windows NT, Windows 2000 <drive>:\<path_to_libsecude>\<name_of_sapcrypto_library>
2. Check if the environment of the user running saprouter contains the environment variable SNC_LIB
UNIX printenv
Windows NT System environment variable
3. start the saprouter with the following command line:
saprouter -r -S <port> -K "p:<Your Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
the corresponding file ./saprouttab should contain at least the following entries
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
repeat this for the servers and port_numbers you will need to allow,
please make sure that all explicit ports are inserted in front of a
generic entry '*' for port_number
outbound connections to <sapservX> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
permission entries to check if connection is allowed at all
P <IP address of a local host> <IP address of sapserv2>
all other connections will be denied
D * * *
Example
For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
deny all other connections
D * * *
Lalit Kumar -
Hi Gurus;
I want to re-generate my SAp certificate .
Please elloaborate the process to follow.
Thanks and regards
Tushar PathakDear,
This is the procedure that I got from SDN, last December when have to renew my certificate, I got the success by following these steps, you can also try.
Here were my steps to get it sucessfully working:
1. Logon to host with username and password of SAP router service credentials
2. Stop the Saprouter service
3. Make a backup of the folder E:\usr\sap\saprouter
3a. This can be deleted after a successful upgrade
4. Delete this 4 files in E:\usr\sap\saprouter
4a. certreq
4b. cred_V2
4c. localpse
4d. srcert
5. Generate the certificate request using the following command
5a. E:\usr\sap\saprouter>sapgenpse get_pse u2013v u2013r certreq u2013p local.pse "CN=sapslm01.oii.dom, OU=0000810973, OU=SAProuter, O=SAP, C=DE"
5b. Enter a PIN of 1234
6. Copy the contents of certreq to the clipboard
7. Go to http://www.service.sap.com/saprouter-sncadd
8. Paste the contents of the clipboard into the form
9. This will generate a new certificate, copy its contents into a file called srcert
9a. You will have to create srcert
10. Then import the certificated using the following command
10a. E:\usr\sap\saprouter>sapgenpse import_own_cert u2013c srcert u2013p local.pse
10b. Enter the PIN of 1234
11. The setup the logon using the following command
11a. E:\usr\sap\saprouter>sapgenpse seclogin u2013p local.pse
11b. This will create a file called cred_V2
12. Check if the certificate has been loaded correctly by using the following command
12a. E:\usr\sap\saprouter>sapgenpse get_my_name u2013v u2013n Issuer
13. Start the Saprouter service -
Reg : SAP Router Configuration
Dear Friends,
How to configure the SAP router? If anybody have configuration details pls help me.
Our System is ECC 6.0
OS - 2003 Server
DB : MS SQL Server
Then How to Communicate to SAP.
Regards
kesavHi,
> How to configure the SAP router? If anybody have configuration details pls help me.
1) Download the latest SAP Router files (saprouter.car, nipping, cryptographic library) from SAP Service Market Place --- Patches.
2)Create a user called sncadm as a member of Administrator. Log off administrator and login as sncadm. Create the following environment variables for this user.
SECUDIR = c:\usr\sap\saprouter
SNC_LIB = c:\usr\sap\saprouter\sapcrypto.dll
3) Create folder c:\usr\sap\saprouter and copy the downloaded files into that folder. Extract all the compressed files. Now typically this folder will have the following files.
Sapcrypto.dll
Sapgenpse.exe
Ticket
Ntscmgr.exe
Nipping.exe
Saprouter.exe
(other required files can be copied from kernel directory of other SAP Systems)
4) Go to http://service.sap.com/saprouter-sncadd. Click on u201CApply Nowu201D
You will get information like this (on first screen):
Click on Continue. Now we have to create the request for SAProuter which is to be given as input in the next screen u201CRequest Certificate for SAProuteru201D.
5)Open a command prompt and execute the following commands.
Cd \usr\sap\saprouter
sapgenpse get_pse u2013r sap-router.p10 u2013p sap-router.pse u201CCN=SAP-ROUTER, OU=0000733879, OU=SAProuter, O=SAP, C=DEu201D
You will be asked for a PIN: input any (but do not forget!!!!!) No Password is given in this installation.
This command will create the file sap-router.p10 and sap-router.pse.
Open the file sap-router.p10 with notepad, copy & paste this certificate request to the text area of the u201CRequest Certificate for SAProuteru201D page.
Click on Request Certificate
In response you will get certificate signed by CA.
Copy & paste the text into a text file including the header & footer (saprt.txt is the file created here)
6)Now install the certificate as follows
Sapgenpse import_own_cert u2013c saprt.txt u2013p sap-router.pse
7)Now create credentials for saprouter
Sapgenpse seclogin u2013p sap-router.pse u2013O sncadm
This will create a file called cred_v2 in c:\usr\sap\saprouter
8)Now Check whether certificate has been imported correctly or not
Sapgenpse get_my_name u2013v u2013n Issuer
The name of issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE. If the name is not correct, then delete the file cred_v2 and start all over again from Step u2013 4.
9)Now create a file u201Csaprouttabu201D in the folder c:\usr\sap\saprouter and make the following entries in that.
SNC connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
Access from your local Network to SAPNet - R/3 Frontend
P 172.16.. 194.39.131.34 3299
P 172.17.. 194.39.131.34 3299
P 172.18.. 194.39.131.34 3299
P 172.19.. 194.39.131.34 3299
D * * *
Save the file and close
10) Make the following changes in the hosts file and services file (under windows\system32\drivers\etc folder ) SAP-ROUTER system
hosts file:
172.18.9.8 SAP-ROUTER
194.39.131.34 sapserv2
services file:
sapdp99 3299/tcp
sapgw99 3399/tcp
sapmsO01 3601/tcp
11) Now check the entry in the services files for all servers and all front-end PCs under %winnt%/system32/drivers/etc/ there should have:
sapdp99 3299/tcp
sapmsO01 3601/tcp
12) Now start the sap router using the command (from the saprouter directory)
Saprouter u2013r u2013V 3 u2013K u201Cp:CN=SAP-ROUTER,OU=0000733879,OU=SAProuter,O=SAP,C=DEu201D
13)Connection to SAP can tested using the command
lgtst u2013H /H/172.18.9.8//H/194.39.131.34/S/sapdp99/H/oss001/S/sapmsO01 u2013S x u2013W 30000
Note : The file lgtst.exe can be copied from other SAP systemu2019s kernel directory.
The output should look like these:
Using trcfile: dev_lg
List of reachable application servers
u2026.
u2026..
u2026u2026.
u2026u2026u2026.
If the lgtst command does not display the list of reachable application servers, then the connection to SAP could not be established. Troubleshoot the error and rectify.
For more info see the following sapnote
note 30289 : SAProuter documentation
note 525751: Installation of the SNC-SAPRouter as NT Service
note 46902 : Security aspects in remote access
note 48243 : Integrating SAProuter into a firewall
note 33135 : Guidelines for OSS1 (Version for SAPSERV3).
note 35010 : Service connections: Composite note (overview) -
SAP ROUTER getting restart every week
Hi Friends ,
In My Organization our employees are facing problem with SAP CONNECTION , every one week SAP ROUTER is getting restart , for 2, 3 minits ,
In that time we are unable to connect our servers.When i check for Router status its showing running only.
We asked our network team for any network problem, they replied no problems from network side.
I want to know the reason for this problem and is there any job scheduled for restart the server ,where we need to check.
Please help me for this issue.Hi Please find the log file in sm21..from last one month.in this file every Thursday morning at 10:02AM sap is disconnecting for all users.not only production ,Quality server and Development servers also happening same.
At the same time My SAP router time stamp also showing same time.
Please let me suggest where is the issue .
System Log: Local Analysis of SAPSRV01 1
From date/time............. 01.07.2014 / 18:00:00
To date/time...............
User.......................
Transaction code...........
Terminal...................
Task / Number..............
Problem class..............
Further restrictions.......
Sorted ? ................ SOFI
Pages with single entries 00000150
With statistics............
System Log: Local Analysis of SAPSRV01 2
Date : 03.07.2014
Time
Type
Nr
Clt
User
TCode
Priority
Grp
N
Text
8:51:10
DIA
2
500
P3
R4
7
Delete session 001 after error 061
9:32:11
DIA
3
500
P4
R4
7
Delete session 001 after error 061
9:34:21
DIA
3
500
P4
R4
7
Delete session 001 after error 061
9:40:25
DIA
3
500
MESPROSOFT2
SM50
R0
J
Work process with PID 3700 is terminated manually
9:40:26
DIA
0
500
L2
ZSBOM
Q0
2
Stop Workproc 0, PID 3700
9:40:26
RD
Q0
I
Operating system call recv failed (error no. 10054)
9:40:43
WRK
0
Q0
Q
Start Workproc 0, Pid 7160
9:40:44
DIA
0
500
L2
R4
7
Delete session 001 after error 023
9:40:54
DIA
0
0
A1
0
Initialization complete
9:40:54
DIA
0
0
A1
4
> in program , line ??? , event
9:56:25
DIA
2
500
P3
R4
7
Delete session 001 after error 061
10:01:46
DP
Q0
I
Operating system call recv failed (error no. 10054)
10:01:46
DP
Q0
4
Connection to user 16611 (MESPROSOFT2 ), terminal 40 (Admin-PC ) lost
10:01:46
DP
Q0
I
Operating system call recv failed (error no. 10054)
10:01:46
DP
Q0
I
Operating system call recv failed (error no. 10054)
10:01:46
DP
Q0
I
Operating system call recv failed (error no. 10054)
10:01:46
DP
Q0
I
Operating system call recv failed (error no. 10054)
10:01:46
DP
Q0
I
Operating system call recv failed (error no. 10054)
10:01:46
DP
Q0
I
Operating system call recv failed (error no. 10054)
10:01:46
DP
Q0
I
Operating system call recv failed (error no. 10054)
10:01:46
DP
Q0
4
Connection to user 16535 (P1 ), terminal 43 (TRMSRV ) lost
10:01:46
DP
Q0
4
Connection to user 16620 (P2 ), terminal 28 (PUR-TC-VG ) lost
10:01:46
DP
Q0
4
Connection to user 16624 (L7 ), terminal 32 (PPC-HP-PE ) lost
10:01:46
DP
Q0
4
Connection to user 16634 (L6 ), terminal 47 (PUR-HP-JJ ) lost
10:01:46
DP
Q0
4
Connection to user 16643 (F3 ), terminal 48 (ACC-HP-BK ) lost
10:01:46
DP
Q0
4
Connection to user 16651 (P3 ), terminal 45 (PUR-HP-NT ) lost
10:01:46
DP
Q0
4
Connection to user 16662 (M1 ), terminal 49 (ppc-hp-kr ) lost
10:12:20
DIA
2
500
L7
R4
7
Delete session 001 after error 061
10:12:20
DIA
1
500
L7
R4
7
Delete session 002 after error 061
10:17:12
DIA
3
500
P2
R4
7
Delete session 001 after error 061
10:26:07
DIA
3
500
E3
R4
7
Delete session 001 after error 061
10:56:26
DIA
3
500
P3
R4
7
Delete session 001 after error 061
10:58:39
DIA
2
500
P1
R4
7
Delete session 001 after error 061
10:58:39
DIA
0
500
P1
R4
7
Delete session 003 after error 061
10:58:39
DIA
5
500
P1
ME29N
R4
7
Delete session 002 after error 061
11:00:56
DIA
7
500
P1
R4
7
Delete session 001 after error 061
11:47:23
DIA
2
500
P3
R4
7
Delete session 001 after error 061
13:32:22
DIA
1
500
P3
MB51
Q0
2
Stop Workproc 1, PID 6856
13:32:22
RD
Q0
I
Operating system call recv failed (error no. 10054)
13:32:23
WRK
0
Q0
Q
Start Workproc 1, Pid 6448
13:37:14
DIA
2
500
Q1
R4
7
Delete session 001 after error 061
13:45:54
DIA
2
500
P3
R4
7
Delete session 001 after error 061
13:55:14
DIA
2
500
P2
ME11
R4
7
Delete session 001 after error 061
13:55:14
DIA
1
500
P2
ME2L
R4
7
Delete session 002 after error 061
14:40:07
DIA
2
500
P2
R4
7
Delete session 001 after error 061
15:03:37
DIA
2
500
P4
R4
7
Delete session 001 after error 061
15:49:47
DIA
2
500
T2
R4
7
Delete session 001 after error 061
15:56:43
DIA
2
500
E2
R4
7
Delete session 001 after error 061
System Log: Local Analysis of SAPSRV01 3
Date : 04.07.2014
Time
Type
Nr
Clt
User
TCode
Priority
Grp
N
Text
9:31:11
DIA
2
500
P3
R4
7
Delete session 001 after error 061
10:10:21
DIA
3
500
T2
R4
7
Delete session 001 after error 061
10:26:31
DIA
2
500
P2
ME21N
R4
7
Delete session 001 after error 061
10:26:31
DIA
2
500
P2
ME2L
R4
7
Delete session 002 after error 061
10:44:18
DIA
2
500
T2
R4
7
Delete session 001 after error 061
10:53:09
DIA
2
500
P2
R4
7
Delete session 001 after error 061
11:10:13
DIA
2
500
P3
R4
7
Delete session 001 after error 061
11:20:02
DIA
4
500
T4
R4
7
Delete session 001 after error 061
12:05:59
DIA
2
500
T2
R4
7
Delete session 001 after error 061
12:08:55
DIA
2
500
P4
R4
7
Delete session 001 after error 061
12:21:06
DIA
3
500
T4
R4
7
Delete session 001 after error 061
12:47:19
DIA
0
500
P4
ME2L
Q0
2
Stop Workproc 0, PID 7160
12:47:19
RD
Q0
I
Operating system call recv failed (error no. 10054)
12:47:20
WRK
0
Q0
Q
Start Workproc 0, Pid 5996
12:47:33
DIA
0
500
P4
MMBE
A1
0
Initialization complete
13:38:42
DIA
2
500
S3
R4
7
Delete session 001 after error 061
13:40:33
DIA
0
500
L5
COOIS
Q0
2
Stop Workproc 0, PID 5996
13:40:33
RD
Q0
I
Operating system call recv failed (error no. 10054)
13:40:34
WRK
0
Q0
Q
Start Workproc 0, Pid 1928
13:40:40
DIA
0
500
L5
COOIS
A1
0
Initialization complete
14:03:43
DIA
3
500
T4
R4
7
Delete session 001 after error 061
14:11:42
DIA
1
500
L4
COOIS
Q0
2
Stop Workproc 1, PID 6448
14:11:42
RD
Q0
I
Operating system call recv failed (error no. 10054)
14:11:43
WRK
0
Q0
Q
Start Workproc 1, Pid 6276
14:20:56
WRK
0
Q0
Q
Start Workproc 1, Pid 2684
14:23:02
DIA
4
500
T4
J1IEX
GE
O
Lock entry deleted manually: Transaction J1IEX
14:23:02
DIA
4
500
T4
J1IEX
GE
O
Lock entry deleted manually: J_1IEXCDTL E
14:23:02
DIA
4
500
T4
J1IEX
GE
O
Lock entry deleted manually: J_1IEXCHDR E
14:33:17
DIA
4
500
T4
J1IEX
GE
O
Lock entry deleted manually: Transaction J1IEX
14:33:17
DIA
4
500
T4
J1IEX
GE
O
Lock entry deleted manually: J_1IEXCDTL E
14:33:17
DIA
4
500
T4
J1IEX
GE
O
Lock entry deleted manually: J_1IEXCHDR E
14:41:47
DIA
4
500
M4
R4
7
Delete session 001 after error 061
14:41:47
DIA
4
500
M4
R4
7
Delete session 002 after error 061
14:46:22
DIA
2
500
MESPROSOFT2
SM50
R0
J
Work process with PID 1928 is terminated manually
14:46:22
DIA
0
500
L4
KKAO
Q0
2
Stop Workproc 0, PID 1928
14:46:22
RD
Q0
I
Operating system call recv failed (error no. 10054)
14:46:36
WRK
0
Q0
Q
Start Workproc 0, Pid 7040
14:46:38
DIA
4
500
P4
R4
7
Delete session 001 after error 061
14:46:38
DIA
0
500
L4
R4
7
Delete session 001 after error 023
14:46:47
DIA
0
500
MESPROSOFT2
SM04
A1
0
Initialization complete
14:52:39
DIA
1
500
L2
KKAO
ED
X
BP_START_DATE_EDITOR: Invalid start date found. Reason:
14:52:39
DIA
1
500
L2
KKAO
ED
T
> Start date/time is not complete
15:20:14
DIA
2
500
P3
R4
7
Delete session 001 after error 061
15:32:47
DIA
3
500
P2
R4
7
Delete session 001 after error 061
15:32:47
DIA
2
500
P2
R4
7
Delete session 002 after error 061
15:45:51
DIA
2
500
T2
R4
7
Delete session 001 after error 061
15:52:56
DIA
5
500
P2
R4
7
Delete session 001 after error 061
15:52:56
DIA
4
500
P2
R4
7
Delete session 002 after error 061
16:44:24
DIA
2
500
P4
R4
7
Delete session 001 after error 061
17:32:13
DIA
1
500
P1
R4
7
Delete session 001 after error 061
17:32:13
DIA
3
500
P1
R4
7
Delete session 002 after error 061
17:36:25
DIA
0
500
M3
ZPO_MONITOR
Q0
2
Stop Workproc 0, PID 7040
17:36:25
RD
Q0
I
Operating system call recv failed (error no. 10054)
17:36:26
WRK
0
Q0
Q
Start Workproc 0, Pid 7064
17:41:15
DIA
2
500
P2
R4
7
Delete session 001 after error 061
17:56:59
DP
Q0
4
Connection to user 18385 (M3 ), terminal 42 (TRMSRV ) lost
17:56:59
DP
Q0
G
Request (type DIA) cannot be processed
18:08:48
DIA
6
500
P3
ME2L
R4
7
Delete session 001 after error 061
18:16:01
DIA
3
500
P4
R4
7
Delete session 001 after error 061
18:32:03
DIA
3
500
MESPROSOFT
SM50
R0
J
Work process with PID 7064 is terminated manually
18:32:03
DIA
0
500
M3
Q0
2
Stop Workproc 0, PID 7064
18:32:19
WRK
0
Q0
Q
Start Workproc 0, Pid 5936
18:32:20
DIA
0
500
M3
R4
7
Delete session 001 after error 047
18:32:20
DP
Q0
G
Request (type DIA) cannot be processed
18:32:40
DIA
0
0
SAPSYS
A1
0
Initialization complete
18:55:03
DIA
2
500
MESPROSOFT2
R4
7
Delete session 002 after error 061
System Log: Local Analysis of SAPSRV01 4
Date : 05.07.2014
Time
Type
Nr
Clt
User
TCode
Priority
Grp
N
Text
3:19:12
DP
Q0
4
Connection to user 18697 (L2 ), terminal 40 (PPC-HP-SP ) lost
8:24:51
DIA
1
500
T4
R4
7
Delete session 001 after error 061
9:01:13
DIA
2
500
P3
R4
7
Delete session 001 after error 061
9:02:42
DIA
2
500 -
Changing SAP Router to different System
HI Experts,
SAP Router is installed in our Develpoment system can it be possible for us to install this on the solution manager System. Is this advisable to change the SAP router to a different machine. If so How is that possible?
Regards,
Vamshi.Hi,
Please use the following step.
Installation Steps
1.1 Downloading necessary software components from SAP Service Marketplace:
1. SAProuter
Use the latest SAProuter version (37.x), which can be downloaded from
SAP Service Marketplace under the following link.
http://service.sap.com/swdc
 Download
 Support Packages and Patches
 Entry by Application Group
 Additional Components
 SAPROUTER
 SAPROUTER 6.40
SAPROUTER 6.40
From the available list of SAProuters, select the SAProuter for your OS platform.
2. SNC Libraries (SAPcryptolib) download:
http://service.sap.com/swdc
 Download
 SAP Cryptographic Software
Select the SAPcrytoLib libraries compatible with your Operating System.
Note: Please also download the SAPCAR.exe file from the above location to extract the SAProuter archive files.
3. Create a folder in /usr/sap with the name as: saprouter.
4. Extract both the files i.e. SAProuter.SAR and Cryptolib.CAR files into saprouter folder using the command:
SAPCAR -xvf SAProuterxxx.SAR
SAPCAR -xvf CRYPTOLIBxxx.CAR
1.2 Creating the certificate request
1. As user <snc>adm set the environment variables:
SECUDIR = /usr/sap/saprouter
SNC_LIB = /usr/sap/saprouter/libsapcrypto.so
2. Go to the Trust Center Service - Download Area and get the "Distinguished Name" for your SAProuter from the list of SAProuters registered for your installation.
3. Generate the certificate Request with the command:
./sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
P.S: We can also get the distinguished name from SAP itself when we register for the remote service connection.
4. Display the output file "certreq" using the command:
cat certreq
and with copy & paste insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
1.3 Importing the certificate request
1. With this in turn you can install the certificate in your saprouter by calling
./sapgenpse import_own_cert -c srcert -p local.pse
1.4 Setting secured login to SAProuter
1. Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account)
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
2. This will create a file called cred_v2 in the same directory.
3. Check if the certificate has been imported correctly
./sapgenpse get_my_name -v -n Issuer
4. If this is not the case, delete the files cred_v2, local.pse and start over at Item 3 of 4.2 . If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands 3 of 4.2, 4.3, and 4.4.
1.5 Additional actions necessary before you can start saprouter
1. Logon to the system as <sid>adm, here sa1adm.
2. The environment variables SECUDIR, SNC_LIB and USER needs to be set for the user account SAProuter is running under using the commands:
setenv SECUDIR <path_to_libsecude>
i.e. setenv SECUDIR /usr/sap/saprouter
setenv SNC_LIB <path_to_libsecude>/<name_of_sapcrypto_library>
i.e. setenv SNC_LIB /usr/sap/saprouter/libsapcrypto.so
setenv USER sa1adm
3. Check if the environment of the user running saprouter contains the environment variable SECUDIR, SNC_LIB and USER using : printenv
4. Start the saprouter with the following command line:
#./saprouter -r -S <port> -K "p:<Your Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
Eg. ./saprouter -r -S 3299 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
./saprouter -r -V 2 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
./saprouter -r -R /usr/sap/saprouter/saprouttab -G log.txt -V 2 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
5. The corresponding file ./saprouttab should contain at least the following entries
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
repeat this for the servers and port_numbers you will need to allow,
please make sure that all explicit ports are inserted in front of a
generic entry '*' for port_number
outbound connections to <sapservX> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
permission entries to check if connection is allowed at all
P <IP address of a local host> <IP address of sapserv2>
all other connections will be denied
D * * *
6. Example: For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
deny all other connections
D * * *
Thanks,
Harshal -
SAP router service is not running.
Hi Everyone.,
Today I have tried to renew the certificate in windows system every thing went well till the end but after importing newly generated certificate sap router service failed to start. Below is the error message when i try to start the service.
D:\usr\sap\SOL\SYS\exe\uc\NTI386>saprouter -r -S 3299 -K "p:CN=SOLMGR, OU=000086
1986, OU=SAPRouter, O=SAP, C=DE"
trcfile dev_rout
no logging active
DEV_rout
trc file: "dev_rout", trc level: 1, release: "700"
Sat Dec 04 09:30:26 2010
SAP Network Interface Router, Version 38.0
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -S
command line arg 3: 3299
command line arg 4: -K
command line arg 5: p:CN=SOLMGR, OU=0000861986, OU=SAPRouter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\SOL\SYS\exe\uc\NTI386\sapcrypto.dll".
File "D:\usr\sap\SOL\SYS\exe\uc\NTI386\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 7560, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
When i tried to start the service manually then service is starting fine but when i tried to check OSS-001 connection in SM59 it says routtab permission failed rc-94.
Please suggest if any one ever faced this issue.
REgards,
VinodHi Sunil,
I have cross checked the orutab file. Please see below routab file and sugegst me incase if you find mistakes.
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to your system SOL with SAPGUI
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 88.85.224.92 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" solmgr 3200
SNC-connection from SAP to your system SOL with WTS
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 88.85.224.92 3389
SNC-connection from SAP to your system ECC DEV with SAPGUI
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.128.2.239 3200
SNC-connection from SAP to local R/3-System for PCANYwhere
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631
SNC-connection from SAP to local R/3-System for saptelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from your local Network to SAP R/3 Frontend (OSS)
P * 194.39.131.34 3299
deny all other connections
D * * *
Also today i recieved a mail saying that client has chnaged the IP address of the saolution manager recently. Do they need to re register the IP with sap again. But i am able to telnet sapserv2 server IP using 3299 port and also able to ping the server. Please suggest.
Regards,
Vinod -
SAP Router Getting Stopped.
Hi Guys,
We have been facing issue with our SAP Router version 710
Our Router is on Linux( RHEL 5 )host.
It gets stopped randomly and we have to manually start it again.
Please advise how to proceed.
Regards
AbhishekHi,
I tried with -n option it only starts the router with new routtab
Our routtab is fine.
Our issue is that the Router process on linux host is getting stopped automatically.
We use the below command to start the router
nohup /usr/sap/Saprouter/saprouter -r -G tracefile_4 -W 60000 -K "p:CN=SOLXXXXX, OU=000111111, OU=SAProuter, O=SAP, C=DE" &
Regards
Abhishek
Edited by: abhishek sharma on Oct 19, 2011 6:15 PM -
SAP router error on windows server 2008 64bit
Hi All,
I am installing sap router on windows 2008 server 64 bit.
While trying to generate certificate request it showing below error.
E:\usr\sap\saprouter\nt-x86_64>sapgenpse get_pse -v -r certreq -p local.pse "CN=
solman, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "C:\Users\soladm\sec\local.pse".
Please enter PIN:
Please reenter PIN:
Supplied distinguished name: "CN=solman, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=
DE"
Creating PSE with format v2 (default)
get_pse: Can't create PSE.
ERROR in af_create: (4352/0x1100) could not flush : "SW-PSE"
ERROR in create_PSE: (4352/0x1100) could not flush : "SW-PSE"
ERROR in modified_PSEFile: (4352/0x1100) could not flush : "SW-PSE"
ERROR in flush_PSEFile: (1283/0x0503) Can't write file : "C:\Users\soladm\sec\lo
cal.pse"
ERROR in aux_OctetString2file: (1283/0x0503) Can't write file : "C:\Users\soladm
\sec\local.pse"
I couldn't find the cryptography software specifically for windows 2008 server 64 bit ? So I downloaded the software for windows server 64 bit platform.
Do any one have idea on this...
Please reply..
Regards
VinayHi,
Yes, there is no specific cryptography software for windows server 2008 and whatever u have chosen is correct.
Fom the following error message I could see where the issue arises.
Can't write file : "C:\Users\soladm\sec\local.pse"
I think you have not set the following ENV variable for the SAPRouter admin user (in your case soladm) and hence the sapgenpse tries to import the certificate in the SOLADM user's document folder.
Set the following variables for the user SOLADM and then try to import the certificate as mentioned in the [link|http://service.sap.com/saprouter-sncdoc].
SECUDIR = E:\usr\sap\saprouter
SNC_LIB = E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll
Hope this resolves ur issue.
Regards,
Varadharajan M -
Error while importing SAP Router renew Certificate
Hi Gurus,
My sap router certificate got expired and got mail from SAP to renew, so I decided to renew it and followed link http://wiki.sdn.sap.com/wiki/display/Basis/HowtorenewtheSAPRouterlicense to renew saprouter certificate. All the steps were executed fine But I got below error while importing certificate from srcert file.
C:\saprouter>sapgenpse import_own_cert -c srcert -p local.pse
Please enter PIN:
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your
public key found
Please advise me to solve this issue.
Thanks,
VenkatHi Deepak,
thanks for your reply.
yes i have entered correct Pin and in the first step i have moved local.pse and cred_v2, certreq, srcert files to C:/saprouter/backup folder
After executing import command it has given error first time so i copied local.pse file to C:\saprouter folder and executed but same error result.
please help me to solve it.
Thanks,
Venkat
Maybe you are looking for
-
Report on Stock Vs VAlue on one particular date,
Dear All, Is ther any Table or Functional Module Or BAPI ,if I pass the material /Plant/St.location and any date,which will give the output of Stock and Value?
-
Hi everyone, I'm back again. I had previous thread where I asked for information on what to do about Deactivating/Reinstalling CS6. I Deactivated the program before removing it from my laptop, as I promised. http://forums.adobe.com/message/5293794
-
Hello I have a unique requirement where when a mapping error comes, an alert needs to be triggered and that message should be sent to R/3. How can we achieve it? We have a status table in R/3 which will capture all error messages. So, this alert ne
-
Is there a way I can create a folder for storage and put on desktop?
Is there a way I can create a folder for storage and put on desktop?
-
Videos are not transfering.
I have tried taking everything off manual in my settings but none of my videos are transfering to my ipod! It says that my ipod has finished updating but when I look at the video section on my ipod nothing shows up. I know they are configured correct