SAP Router start issue

Similar Messages

• Unable to Start SAP Router

  Hi All,
  I have installed SAP Router before but this time when I installed and tried to start SAP Router its not getting started, and also not giving any error log file in SAP Router directory.
  Please check the below command and correct me if I am wrong.
  Microsoft Windows XP [Version 5.1.2600]
  (C) Copyright 1985-2001 Microsoft Corp.
  C:\Documents and Settings\sap_admin>cd \
  C:\>cd SAPRTR
  C:\SAPRTR>saprouter -r -S 3299 -K "p:CN=<MyRouterHOSTNAME>, OU=<Cust_NUM>, OU=SAProuter,
  O=SAP, C=DE"
  SAP Network Interface Router, Version 38.10
  Compiled Oct  7 2009 03:08:09
  start router : saprouter -r
  stop router  : saprouter -s
  soft shutdown: saprouter -p
  router info  : saprouter -l (-L)
  new routtab  : saprouter -n
  toggle trace : saprouter -t
  cancel route : saprouter -c id
  dump buffers : saprouter -d
  flush   "    : saprouter -f
  hide errInfo : saprouter -z
  start router with third-party library: saprouter -a library
  additional options
  -R routtab   : name of route-permission-file  (default ./saprouttab)
  -G logfile   : name of log file               (default no logging)
  -T tracefile : name of trace file             (default dev_rout)
  -V tracelev  : trace level to run with        (default 1)
  -H hostname  : of running SAProuter           (default localhost)
  -S service   : service-name / number          (default 3299)
  -P infopass  : password for info requests
  -C clients   : maximum no of clients          (default 800)
  -Y servers   : maximum no of servers to start (default 1)
  -K [myname]  : activate SNC; if given, use 'myname' as own sec-id
  -A initstring: initialization options for third-party library
  -D           : switch DNS reverse lookup off
  -E           : append log- and trace-files to existing
  -J filesize  : maximum log file size in byte  (default off)
  -6           : IPv6 enabled
  -Z           : hide connect error information for clients
  expert options
  -B quelength : max. no. of queued packets per client  (default 1)
  -Q queuesize : max. total size for all queues (default 20000000 bytes)
  -W waittime  : timeout for blocking net-calls (default 5000 millisec)
  -M min.max   : portrange for outgoing connects, like -M 1.1023
  -I address   : address for outgoing connects, like -I 155.56.76.6
  this is a sample routtab : -----------------------------------------
  D     host1                host2     serviceX
  D     host3
  P     *                    *         serviceX
  P     155.56..           155.56
  P     155.57.1011xxxx.*
  P     host4                host5     *          xxx
  P     host6                localhost 3299
  P     host7                host8     telnet
  S     host9
  P0,*  host10
  KP    sncname1             *         *
  KS    *                    host11    *
  KD    "sncname "abc"       *         *
  KT    sncname3             host11    *
  deny routes from host1 to host2 serviceX
  deny all routes from host3
  permit routes from anywhere to any host using serviceX
  permit all routes from/to addresses matching 155.56
  permit ... with 3rd byte matching 1011xxxx
  permit routes from host4 to host5 if password xxx supplied
  permit information requests from host6
  permit native-protocol-routes to non-SAP-server telnet
  permit ... excluding native-protocol-routes (SAP-servers only)
  permit ... if number of preceding/succeeding hops (SAProuters) <= 0/*
  permit SNC-connection with partnerid = 'sncname1' to any host
  permit all SAP-SAP SNC-connections to host11
  deny all SNC-connections  with partnerid = 'sncname "abc'
  open connects to host11 with SNC enabled and partnerid = 'sncname3'
  first match [host/sncname host service] is used
  permission is denied if no entry matches
  service wildcard (*) does not apply to native-protocol-routes
  C:\SAPRTR>
  Rg
  Ramesh

  Hello my friend
  It could be certificate didn't import properly or routtab content is not correct. Here's your checklist:
  Creating the certificate request
  1) As user <snc_adm> set the environment variables SNC_LIB and SECUDIR
  2) Change to the alias SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant u201CDistinguished Nameu201D.
  3) Generate the certificate Request with the command:
  sapgenpse get_pse -v -r certreq -p local.pse u201C<Distinguished Name>u201D
  You will be asked twice for a PIN here. Please choose a PIN and document it, you have to enter it identically both times. Then you will have to enter the same PIN every time you want to use this PSE.
  4) Display the output file "certreq" and with copy&paste (including the BEGIN and END statement) insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
  5) In response you will receive the certificate signed by the CA in the Service Marketplace. Copy&paste the text to a new local file named "srcert", which must be created in the same directory as the sapgenpse executable.
  6) With this in turn you can install the certificate in your saprouter by calling:
  sapgenpse import_own_cert -c srcert -p local.pse
  7) Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user_for_saprouter>, the credentials are created for the logged in user account). 
  sapgenpse seclogin -p local.pse -O <user_for _saprouter>
  Note: The account of the service user should always be entered in full <domainname>\<username>
  8) This will create a file called "cred_v2" in the same directory as "local.pse"
  9) Check if the certificate has been imported successfully with the following command:
  sapgenpse get_my_name -v -n Issuer
  The name of the Issuer should be:
  CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
  10) If this is not the case, delete the files "cred_v2"and "local.pse" and start over at Item 3.
  Additional actions necessary before you can start SAProuter
  1.     Check if the environment of the user running SAProuter contains the environment variable SNC_LIB and SECUDIR
  2.     Start the SAProuter with the following command line (to start the SAProuter as a Windows service, please follow the steps described in SAP note 525751):
                 saprouter -r -S <port> -K "p:<Distingushed Name>"
                 -K tells the saprouter to start with loading the SNC library
  3.     The corresponding file "saprouttab" should look like:
  SNC-connection from and to SAP                               
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *  
  SNC-connection from SAP to local R/3-System for Support      
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *              
  SNC-connection from SAP to telnet in your network            
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 23             
  Access from the local Network to SAPNet - R/3 Frontend (OSS) 
  P * 194.39.131.34 3299                                         
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your IP> <port> 
  Regards,
  Effan
  DON'T KNOW WHY THE FORMAT MESSED UP, PLEASE USE QUOTE ORIGINAL IN REPLY MODE TO READ THE CORRECT FORMAT CONTENT. SORRY!

• SAP Router configuration on Linux platform (error in start script)

  Hello gurus,
  I´m trying to setup the saprouter on Fedora v14 (32 bits).
  I did all the configure with root user. The problem is when I run the script that starts the saprouter service, it show me the following error:
  [root@saprouter sap]# pwd
  /usr/sap/saprouter
  [root@saprouter saprouter]# saprouter_start
  /usr/sap/saprouter/saprouter_start: line 12: syntax error near unexpected token `|'
  'usr/sap/saprouter/saprouter_start: line 12: `        | tee -a $LOGFILE &
  The content of this script, has the following sintaxes:
  # Start saprouter
  # You can automatically start SAProuter when you start the system. In UNIX for example, you would change file /etc/rc.
  # saprouter CN=saprouter, OU=0001214237, OU=SAProuter, O=SAP, C=DE sapserv2
  SRDIR=/usr/sap/saprouter
  LOGFILE="usr/sap/saprouter/saprouter_log"
  if [ -f $SRDIR/saprouter ] ; then
          echo "Starting SAP Router" | tee -a $LOGFILE
  $SRDIR/saprouter -r -R $SRDIR/saprouttab -G $LOGFILE -W 60000 -K "p:CN=saprouter, OU=0001214237, OU=SAProuter, O=SAP, C=DE"
          | tee -a $LOGFILE &
  fi
  The strange of this is I already did this type of configuration on Linux with the same scripts... but in red hat enterprise linux x86_64 and in there it works perfectly!
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4f/992ce8446d11d189700000e8322d00/frameset.htm
  Can you help me please in way to solve this problem...?!
  Best regards,
  João Dimas - Portugal

  Hello Clebio,
  First al all, please don´t forget to read my previous message.
  I´m writing again because I made other tests that I would like to show you...!
  1- In my previous message I mentioned an error when I ran directly the command # saprouter -r... and as you recomend, I typed the "ldd saprouter", the output of this show that libstdc+.so.5: was not found! I already solve this issue, I installed the compat-libstdc+ with # yum install compat-libstdc++. So... now when I run that "ldd saprouter" the result is:
  [root@saprouter saprouter]# ldd saprouter
       linux-gate.so.1 =>  (0x003a9000)
       libdl.so.2 => /lib/libdl.so.2 (0x00911000)
       librt.so.1 => /lib/librt.so.1 (0x00918000)
       libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x00110000)
       libm.so.6 => /lib/libm.so.6 (0x00923000)
       libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00966000)
       libpthread.so.0 => /lib/libpthread.so.0 (0x008f4000)
       libc.so.6 => /lib/libc.so.6 (0x00768000)
       /lib/ld-linux.so.2 (0x00747000)
  It seems that is solved! Is not it?
  2- After that correction, I ran again the # saprouter -r but now it show me the following error:
  [root@saprouter saprouter]# saprouter -r
  trcfile  dev_rout
  no logging active
  *** ERROR => invalid lines in './saprouttab', see 'dev_rout' [nirout.cpp   8006]
  ... next, what I did was, I opened the dev_rout:
  trc file: "dev_rout", trc level: 1, release: "700"
  Thu Aug 11 13:10:49 2011
  SAP Network Interface Router, Version 38.10
  command line arg 0:     saprouter
  command line arg 1:     -r
  main: pid = 9808, ppid = 2038, port = 3299, parent port = 0 (0 = parent is not a saprouter)
  reading routtab: './saprouttab'
  *** ERROR => SNC field without SNC active, skip line 2 [nirout.cpp   7775]
  *** ERROR => SNC field without SNC active, skip line 3 [nirout.cpp   7775]
  *** ERROR => SNC field without SNC active, skip line 8 [nirout.cpp   7775]
  ... and I also checked my saprouttab in there I see...:
  1. vim saprouttab
  # SNC connection to and from SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  KT "p:CN=saprouter, OU=000121987, OU=SAProuter, O=SAP, C=DE" 81.193.132.663 3299
  # SNC connection to local system for R/3-Support
  # R/3 Server: 192.168.34.178
  # R/3 Instance: 00
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.34.178 3200
  # Access from the local Network to SAP
  P * 194.39.131.34 3299
  # Deny all other connections
  #D * * *
  What´s the problem!??! I don´t get it!! My God... I don´t understand, all the entries in saprouttab seems well to me! Can you verify this please?! It´s correct, isn´t it?
  Can you help me!?
  Thank you
  João Dimas - Portugal

• SAP Router internal error

  Hello
  I have installed solution manager 7.0 and then sap router is also configured on the same box.
  1. To generate a certificate request,
  sapgenpse get_pse -v -r D:\usr\sap\saprouter\certreq -p D:\usr\sap\saprouter\local.pse "CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE"
  2. Then you have to request the certificate from
  http://service.sap.com/tcs -> Download Area -> SAProuter Certificate
  3. Create a file D:\usr\sap\saprouter\srcert and copy the requested
  certificate into this file. :
  sapgenpse import_own_cert -c D:\usr\sap\saprouter\srcert -p
  D:\usr\sap\saprouter\local.pse
  4. To generate credentials for the user that's running the SAProuter
  service:
  sapgenpse seclogin -p D:\usr\sap\saprouter\local.pse -O sapadmin
  (this will create the file "cred_v2")
  5. Check the configuration:
  sapgenpse get_my_name -v -n Issuer
  (Result:  "CN=SAProuter CA, OU=SAProuter,
  O=SAP, C=DE")
  6. Create SAProuter service on Windows :
  ntscmgr install SAProuter -b D:\usr\sap\saprouter\saprouter.exe -p
  "service -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K "CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE"
  7. Edit the Windows Registry key :
  MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAProuter\ImagePath
  8. Start the SAProuter service  -- success
  9. Enter the parameters in OSS1 -> Technical Settings -->
  hostname : sbsapmgrapp01
  IP: 10.1.0.112
  instance : 00
  SAP host name : sapserv2
  IP: 194.39.131.34
  instance:99
  10. saprouttab
  SNC-connection from and to SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  SNC-connection from SAP to local R/3-System for Support
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.0.112 3200
  Access from the local Network to SAPNet - R/3 Frontend (OSS)
  P 10.1.0.112 194.39.131.34 3299
  deny all other connections
  D * * *
  when I check the sap-oss connection i am getting internal error. Any help would be appreciate..
  Thanks
  seshu

  Hi Rahu
  Thanks for your response. Here is my saprouttab entry's
  SNC-connection from and to SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  SNC-connection from SAP to local  Solman System for Support
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.0.112 3200
  Access from the local Network to SAPNet - R/3 Frontend (OSS)
  P     10.1.0.112     194.39.131.34     3299
  P     10...*     194.39.131.34     *
  Here is my dev_rout file..
  trc file: "dev_rout", trc level: 1, release: "700"
  Thu Oct 16 02:08:22 2008
  SAP Network Interface Router, Version 38.10
  command line arg 0:     D:\usr\sap\saprouter\saprouter.exe
  command line arg 1:     -r
  command line arg 2:     -R
  command line arg 3:     D:\usr\sap\saprouter\saprouttab
  command line arg 4:     -W
  command line arg 5:     60000
  command line arg 6:     -K
  command line arg 7:     p:CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE
  SncInit(): Initializing Secure Network Communication (SNC)
        PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
  SncInit(): Trying environment variable SNC_LIB as a
        gssapi library name: "D:\usr\sap\saprouter\sapcrypto.dll".
    File "D:\usr\sap\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
    The internal Adapter for the loaded GSS-API mechanism identifies as:
    Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
  main: pid = 1684, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
  reading routtab: 'D:\usr\sap\saprouter\saprouttab'
  Thu Oct 16 09:14:17 2008
  ***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
  ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 256
      (SI_ECONN_REFUSE/10061; I4; ST; 194.39.131.34:3299) [nixxi.cpp    2823]
  Thu Oct 16 09:14:20 2008
  ***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
  ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 256
      (SI_ECONN_REFUSE/10061; I4; ST; 194.39.131.34:3299) [nixxi.cpp    2823]
  Kindly suggest the changes in my saprottab file..
  Thanks
  seshu
  Issue resloved..
  Edited by: Seshagiri Rao Myneni on Oct 16, 2008 7:31 PM

• Setting up SAP Router for SNC ... error...

  Hi,
  My SAP Router is installed on a server that is Linux based. (IP address is 10.11.0.24)
  I'm not sure if is saprouttab or saprouter itself having issue.
  I started the saprouter via this command: saprouter -r -G routerlog -W 60000 -S 3299 -K "p:CN=XXXXXXXX, OU=ZZZZZZZZZZ, OU=SAProuter, O=SAP, C=DE"
  saprouttab
  # SNC connection to and from SAP
  KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *
  KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
  # SNC connection to local system for R/3-Support for support
  KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
  KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3201
  KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.23 3200
  # Access from local network to SAPNet (OSS)
  P 10.11.0.* 169.145.197.110 3299
  P * 10.11.0.* * *
  # deny all other connections
  D * * *
  Troubleshooting steps taken:
  Running niping -s on SAP Router Server & niping.exe -c -H 10.11.0.24 is successful, self-test is okay but... when running both niping -s & saprouter -r on SAP Router Server is giving me the following error:
  C:\test>niping.exe -c -S 3299 -H 10.11.0.24
  Wed Feb 05 14:51:29 2014
  connect to server o.k.
  Wed Feb 05 14:51:30 2014
  *** ERROR => NiBufIProcMsg: hdl 1 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp    2146]
  *** ERROR => NiTClientLoop: NiTReadLoop (rc=-93) [nixxtst.cpp  2590]
  *  LOCATION    SAProuter 40.4 on 'XXXXXXXX'
  *  ERROR       internal error
  *  TIME        Wed Feb  5 14:51:29 2014
  *  RELEASE     720
  *  COMPONENT   NI (network interface)
  *  VERSION     40
  *  RC          -93
  *  MODULE      nirout.cpp
  *  LINE        2698
  *  DETAIL      NiRClientHandle: route expected
  *  COUNTER     2
  C:\Users\tohcy\Desktop\test>niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.24
  Wed Feb 05 15:01:00 2014
  *** ERROR => NiBufIProcMsg: hdl 1 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2146]
  *** ERROR => NiBufIConnect: route connect for non-buffered hdl 1 failed (rc=-94;/H/10.11.0.24/H/10.11.0.24); pong not received [nibuf.cpp    4801]
  *** ERROR => NiTClientLoop: NiHandle (rc=-94) [nixxtst.cpp  2590]
  *  LOCATION    SAProuter 40.4 on 'XXXXXXXX'
  *  ERROR       XXXXXXXX: route permission denied (YYY to 10.11.0.24, 3299)
  *  TIME        Wed Feb  5 15:00:59 2014
  *  RELEASE     720
  *  COMPONENT   NI (network interface)
  *  VERSION     40
  *  RC          -94
  *  COUNTER     7

  Hi Deepak,
  I've changed to the P * * *
  I run the command: niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.23
  Can I check if this command is correct?
  Router is 10.11.0.24 trying to reach sap server 10.11.0.23.
  Error:
  Thu Feb 06 09:20:17 2014
  *** ERROR => NiBufIProcMsg: hdl 1 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp    2146]
  NiBufIConnect: route connect of non-buffered hdl 1 to '/H/10.11.0.24/H/10.11.0.23' timeout
  *** ERROR => NiTClientLoop: NiHandle (rc=-5) [nixxtst.cpp  2590]
  *  ERROR       timeout occured
  *  TIME        Thu Feb 06 09:20:17 2014
  *  RELEASE     720
  *  COMPONENT   NI (network interface)
  *  VERSION     40
  *  RC          -5
  *  MODULE      nibuf.cpp
  *  LINE        4795
  *  DETAIL      NiBufIConnect: route connect '/H/10.11.0.24/H/10.11.0.23'
  *              timeout
  *  COUNTER     1
  routerlog:
  Thu Feb  6 09:27:21 2014 CONNECT FROM C19/- host 10.11.0.181/50107
  Thu Feb  6 09:27:21 2014 CONNECT TO   S19/12 host 10.11.0.23/3299
  Thu Feb  6 09:28:21 2014 CONNECT ERR  S19/12 could not establish connection within 60s
  Thu Feb  6 09:28:21 2014 DISCONNECT   S19/12 host 10.11.0.23/3299
  10.11.0.181 is my computer current IP address.
  Any other clues/hint?

• How to install and configure SAP Router

  Dear SAP Expert !
  I want to install SAP Router but i dont know the SAP router package is allocated on DVD ? what is the DVD number ?
  If you already configure SAP router please let me know how to configure ?

  Hello Thao
  what is th exact issue that are u facing.
  The account must be the administartor of the machine where u are installing SAPROUTER.Make sure you are following the correct steps as follows:
  Downloading necessary software components from SAP Service Marketplace
  1. Login to the SAP Service Marketplace with the Service Marketplace at using
  the USERID/PASSWORD which was assigned for your installation.
  2. Change the alias to www.service.sap.com/tcs to downloaded the SAP
  cryptographic software. Select the correct SAPcrptographic software
  depending on your saprouter operating system as shown below.
  3. You must have the sapcar.exe in order to extract the SAP cryptographic
  software file.
  4. With the command of u201Csapcar -xvf xxxxxxx.saru201D, /ntintel directory would be
  created and the following files would be extracted.
  (Example C:/saprouter/ntintel)
  ( when the Microsoft Windows NT Intel version is downloaded)
  C:/saprouter/ntintel/sapcrypto.dll
  C:/saprouter/ntintel/sapgenpse.exe
  C:/saprouter/ticket
  Issue of Electronic Certificate
  5. It is necessary to define the environment variable for u201CSECUDIRu201D and
  u201CSNC_LIBu201D under system account.
  Window NT environment variable setup :
  Right-clicked the icon of you computer
  Property -> details -> environment variable
  SECUDIR = < Directory name >
  Example. Variable name : SECUDIR
  Variable value
  : C:/saprouter/SNC_LIB = < Directory name >
  Example. Variable name : SNC_LIB
  Variable value : C:/saprouter/ntintel/sapcrypto.dll
  UNIX
  <path_to_libsecude>/<name_of_sapcrypto_library>
  Windows
  NT,
  <drive>:/<path_to_libsecude>/<name_of_sapcrypto_library>
  Windows
  2000
  6. Check if the environment of the user running saprouter contains the
  environment variable SNC_LIB.
  UNIX
  Printenv
  Windows NT
  System environment Variable
  7. You may now apply for a SAProuter certificate from the SAP Trust Center
  Service of SAP service marketplace
  http://service.sap.com/tcs
  > SAP Trust Center Service in Detail
  > SAProuter Certificates
  SAProuter Certificate "Apply Now"
  Click the button.
  8. Please take note of your "Distinguished Name"
  Please refer to the example above
  -SAPRouter Name
  : JPL50020586
  -Distinguished Name
  CN=JPL50020586, OU=0000036946, OU=SAProuter, O=SAP, C=DE
  Then, clicked the "Continue" button.
  9. Execute the following command in the /saprouter/ntintel
  directory in order to generate your certificate to be exchanged with SAP.
  sapgenpse get_pse -v -r certreq -p local.pse "Distinguished Name"
  Example
  sapgenpse get_pse u2013v -r certreq -p local.pse "CN=JPL50020586, OU=0000036946,
  OU=SAProuter, O=SAP, C=DE"
  Enter the PIN number. (you may enter any PIN Number you wish.)
  Please enter PIN :
  Please re-enter PIN :
  <- you must use the same PIN Number as the above.
  10. The "certreq" file is created in the /saprouter/ntintel directory.
  11. Use a notepad to open the "certreq" file and copy the displayed information
  (From the -BEGIN .to the END -)
  12.You now have to paste the above copy content into the space provided
  shown below. After you have pasted the text, click the u201CRequest certificateu201D
  button to submit your request.
  13. Once you click on the u201CRequest Certificateu201D a new screen will be displaying
  your certificate issued by SAP CA (Certification Authority).
  14. Using a notepad to copy the content (From u2013Beingu2026 to -END) and save it
  as u201Csrcertu201D into /saprouter/ntintel/srcert.
  Note :
  - Please rename srcert.txt into srcert without any extension.
  15. You then need to import this certificate into SAProuter using the following
  command.
  Please run on /saprouter/ntintel directory.
  sapgenpse import_own_cert -c srcert -p local.pse
  Please enter PIN : (same as point 9)
  16. Execute the following command in the /saprouter/ntintel directory.
  sapgenpse seclogin -p local.pse
  Please enter PIN : (same as point 9)
  This will create a file "cred_v2" in the same directory.
  17. Please check whether the certificate has been imported correctly.
  Execute this command in /saprouter/ntintel directory.
  sapgenpse get_my_name -v -n Issuer
  The result should be "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE".
  18. When the above results are not obtained , please delete local.pse and
  cred_v2 and work again from steps 9. Please seek the assistance from your
  local SAP helpdesk or create an OSS message via component XX-SER-NET-
  OSS, if you are not able to obtain the above-mentioned result after you have
  repeated the above steps.
  Route permission table (saprouttab)
  19. The corresponding file ./saprouttab should contain at least the following
  entries.
  Example : by SNC connection, when connecting to sapserv2
  (194.39.131.34) the following entries need to be indicated by saprouttab.,
  SNC-connection to SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34
  SNC-connection from SAP to local R/3-System for Support
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
  SNC-connection from SAP to local R/3-System for pcANYWHERE, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631
  SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
  SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
  Access from the local Network to SAPNet - R/3 Frontend (OSS)
  P <IP-addess of a local PC> 194.39.131.34 3299
  deny all other connections
  D * * *
  Start the SAProuter with the following command.
  Saprouter -r -S <port> -K
  "p: <Your Distingiushed Name>"
  -K tells the saprouter to start with loading the SNC library.
  Example: saprouter -r -S 3299 u2013K "p:CN=JPL50020586, OU=0000036946,
  OU=SAProuter, O=SAP, C=DE"
  Additional Note
  -You may refer to SAP note: 30289 in the SAP service marketplace for detail
  information with regards to SAProuter
  http://www.service.sap.com/note

• Pre requisites for installing SAP Router

  Hi Friends,
  As i am going through the implementation phase, I have to install sap router which i am new at. Also i am doing it because i have to connect Maintenance Optimizer to Sap service Market place for which Router would be essentially required.
  I have some questions to put forth.
  1. what are the pre requisites for SAP Router
  2. Do we require Public IP and what would be the use of this ip
  3. how to configure the SAP Router
  4. Can i install the SAP router on the same host on which we have Solution manager, is it advisable. or we should go for a seperate host.
  Regards
  Aayush

  Installing the sapcrypto library and starting the SAProuter
  Contents
  u2022     Downloading necessary software components from SAP Service Marketplace
  u2022     Creating the certificate request
  u2022     Additional actions necessary before you can start saprouter
  This section describes the necessary steps to download and install the sapcrypto library for use with saprouter. The saprouter must be started with the options described later in this section.
  The license for the sapcrypto library covers  saprouter connections between saprouters at SAP and the first saprouter on customer sites and backend connections within the customer`s network. For all other purposes the library CANNOT be used!
  Downloading necessary software components from SAP Service Marketplace
  1.     Login to the SAP Service Marketplace with the Service Marketplace USERID which is assigned to your installation.
  2.     Change to the alias SAPROUTER-SNCADD. Before you can download the software components two preconditions must be met.
       a.     You must have been allowed to download the software. This authorization is added as soon as SAP has received a positive statement from the "Bundesausfuhramt". This procedure is necessary since the software falls under EU regulations.
       b.     For more information on how to obtain authorization if download is not possible see note 397175.
       c.     You must accept that you must follow the regulations imposed by the EU on the use and distribution of the cryptographic software components downloaded from the SAP Service Marketplace.
  3.     The acceptance of the terms and conditions is logged with your USERID and stored for reporting purposes to the "Bundesausfuhramt".
  4.     Accepting with the button on the web-based form takes you to the folder where you can download the Software components.
  These are packed into a single CAR file sapcrypto.car
  5.     Copy the file to the direcory where the saprouter executable is located
  6.     You can get the file car.exe/sapcar.exe, which is necessary to unpack the archive from any Installation Kernel CD.
  Executing the command car -xvf SAPCRYPTO.CAR will unpack the following files:
  [lib]sapcrypto.[dll|so|sl]
  sapgenpse[.exe]
  ticket
  Creating the certificate request
  1.     As user <snc>adm set the environment variables
  SECUDIR = <directory_of_saprouter>
  2.     Change to the Shortlink SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant "Distinguished Name"
  3.     Generate the certificate Request with the command
  sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
  4.     Alternatively use the two commands:
  sapgenpse get_pse -v -noreq -p local.pse "<Your Distinguished Name>"
  sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
  5.     Display the output file "certreq" and with copy&paste insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name
  6.     In response you will receive the certificate signed by the CA in the Service Marketplace, cut&paste the text to a local file named srcert
  7.     With this in turn you can install the certificate in your saprouter by calling
  sapgenpse import_own_cert -c srcert -p local.pse
  8.     now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account)
  sapgenpse seclogin -p local.pse -O <user_for _saprouter>
  9.     This will create a file called cred_v2 in the same directory.
  For increased security please check that the file can only be accessed by the user running the SAProuter.
  Do not allow any other access (not even from the same group)!
  On UNIX this will mean permissions being set to 600 or even 400!
  On NT check that the permissions are granted only to the user the service is running as!
  1.     Check if the certificate has been imported correctly
  sapgenpse get_my_name -v -n Issuer
  The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
  2.     If this is not the case, delete the files cred_v2, local.pse and start over at Item 4.  If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands
  4.,7.,8. and 10.
  Additional actions necessary before you can start saprouter
  1.     The environment variable SNC_LIB needs to be set for the user account SAProuter is running under.
  SNC_LIB has the form
  UNIX      <path_to_libsecude>/<name_of_sapcrypto_library>
  Windows NT, Windows 2000     <drive>:\<path_to_libsecude>\<name_of_sapcrypto_library>
  2.     Check if the environment of the user running saprouter contains the environment variable SNC_LIB
  UNIX     printenv
  Windows NT     System environment variable
  3.     start the saprouter with the following command line:
  saprouter -r -S <port> -K "p:<Your Distingushed Name>"
  -K tells the saprouter to start with loading the SNC library
  the corresponding file ./saprouttab should contain at least the following entries
  inbound connections MUST use SNC
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
  repeat this for the servers and port_numbers you will need to allow,
  please make sure that all explicit ports are inserted in front of a
  generic entry '*' for port_number
  outbound connections to <sapservX> will use SNC
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
  permission entries to check if connection is allowed at all
  P <IP address of a local host> <IP address of sapserv2>
  all other connections will be denied
  D  * * *
  Example
  For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries:
  SNC-connection from and to SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  SNC-connection from SAP to local R/3-System for Support
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
  SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
  SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
  Access from the local Network to SAPNet - R/3 Frontend (OSS)
  P <IP-addess of a local PC> 194.39.131.34 3299
  deny all other connections
  D * * *
  Lalit Kumar

• SAP router certificate

  Hi Gurus;
  I want to re-generate my SAp certificate .
  Please elloaborate the process to follow.
  Thanks and regards
  Tushar Pathak

  Dear,
  This is the procedure that I got from SDN, last December when  have to renew my certificate, I got the success by following these steps, you can also try.
  Here were my steps to get it sucessfully working:
  1. Logon to host with username and password of SAP router service credentials
  2. Stop the Saprouter service
  3. Make a backup of the folder E:\usr\sap\saprouter
  3a. This can be deleted after a successful upgrade
  4. Delete this 4 files in E:\usr\sap\saprouter
  4a. certreq
  4b. cred_V2
  4c. localpse
  4d. srcert
  5. Generate the certificate request using the following command
  5a. E:\usr\sap\saprouter>sapgenpse get_pse u2013v u2013r certreq u2013p local.pse "CN=sapslm01.oii.dom, OU=0000810973, OU=SAProuter, O=SAP, C=DE"
  5b. Enter a PIN of 1234
  6. Copy the contents of certreq to the clipboard
  7. Go to http://www.service.sap.com/saprouter-sncadd
  8. Paste the contents of the clipboard into the form
  9. This will generate a new certificate, copy its contents into a file called srcert
  9a. You will have to create srcert
  10. Then import the certificated using the following command
  10a. E:\usr\sap\saprouter>sapgenpse import_own_cert u2013c srcert u2013p local.pse
  10b. Enter the PIN of 1234
  11. The setup the logon using the following command
  11a. E:\usr\sap\saprouter>sapgenpse seclogin u2013p local.pse
  11b. This will create a file called cred_V2
  12. Check if the certificate has been loaded correctly by using the following command
  12a. E:\usr\sap\saprouter>sapgenpse get_my_name u2013v u2013n Issuer
  13. Start the Saprouter service

• Reg : SAP Router Configuration

  Dear Friends,
  How to configure the SAP router? If anybody have configuration details pls help me.
  Our System is ECC 6.0
  OS - 2003 Server
  DB : MS SQL Server
  Then How to Communicate to SAP.
  Regards
  kesav

  Hi,
  > How to configure the SAP router? If anybody have configuration details pls help me.
  1) Download the latest SAP Router files (saprouter.car, nipping, cryptographic library) from SAP Service Market Place --- Patches.
  2)Create a user called sncadm as a member of Administrator. Log off administrator and login as sncadm. Create the following environment variables for this user.
  SECUDIR = c:\usr\sap\saprouter
  SNC_LIB = c:\usr\sap\saprouter\sapcrypto.dll
  3) Create folder c:\usr\sap\saprouter and copy the downloaded files into that folder. Extract all the compressed files. Now typically this folder will have the following files.
  Sapcrypto.dll
  Sapgenpse.exe
  Ticket
  Ntscmgr.exe
  Nipping.exe
  Saprouter.exe
  (other required files can be copied from kernel directory of other SAP Systems)
  4) Go to http://service.sap.com/saprouter-sncadd. Click on u201CApply Nowu201D
  You will get information like this (on first screen):
  Click on Continue. Now we have to create the request for SAProuter which is to be given as input in the next screen u201CRequest Certificate for SAProuteru201D.
  5)Open a command prompt and execute the following commands.
  Cd \usr\sap\saprouter
  sapgenpse get_pse u2013r sap-router.p10 u2013p sap-router.pse u201CCN=SAP-ROUTER, OU=0000733879, OU=SAProuter, O=SAP, C=DEu201D
  You will be asked for a PIN: input any (but do not forget!!!!!) No Password is given in this installation.
  This command will create the file sap-router.p10 and sap-router.pse.
  Open the file sap-router.p10 with notepad, copy & paste this certificate request to the text area of the u201CRequest Certificate for SAProuteru201D page.
  Click on Request Certificate
  In response you will get certificate signed by CA.
  Copy & paste the text into a text file including the header & footer (saprt.txt is the file created here)
  6)Now install the certificate as follows
  Sapgenpse import_own_cert u2013c saprt.txt u2013p sap-router.pse
  7)Now create credentials for saprouter
  Sapgenpse seclogin u2013p sap-router.pse u2013O sncadm
  This will create a file called cred_v2 in c:\usr\sap\saprouter
  8)Now Check whether certificate has been imported correctly or not
  Sapgenpse get_my_name u2013v u2013n Issuer
  The name of issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE. If the name is not correct, then delete the file cred_v2 and start all over again from Step u2013 4.
  9)Now create a file u201Csaprouttabu201D in the folder c:\usr\sap\saprouter and make the following entries in that.
  SNC connection to SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  Access from your local Network to SAPNet - R/3 Frontend
  P 172.16.. 194.39.131.34 3299
  P 172.17.. 194.39.131.34 3299
  P 172.18.. 194.39.131.34 3299
  P 172.19.. 194.39.131.34 3299
  D * * *
  Save the file and close
  10) Make the following changes in the hosts file and services file (under windows\system32\drivers\etc folder ) SAP-ROUTER system
  hosts file:
  172.18.9.8 SAP-ROUTER
  194.39.131.34 sapserv2
  services file:
  sapdp99 3299/tcp
  sapgw99 3399/tcp
  sapmsO01 3601/tcp
  11) Now check the entry in the services files for all servers and all front-end PCs under %winnt%/system32/drivers/etc/ there should have:
  sapdp99 3299/tcp
  sapmsO01 3601/tcp
  12) Now start the sap router using the command (from the saprouter directory)
  Saprouter u2013r u2013V 3 u2013K u201Cp:CN=SAP-ROUTER,OU=0000733879,OU=SAProuter,O=SAP,C=DEu201D
  13)Connection to SAP can tested using the command
  lgtst u2013H /H/172.18.9.8//H/194.39.131.34/S/sapdp99/H/oss001/S/sapmsO01 u2013S x u2013W 30000
  Note : The file lgtst.exe can be copied from other SAP systemu2019s kernel directory.
  The output should look like these:
  Using trcfile: dev_lg
  List of reachable application servers
  u2026.
  u2026..
  u2026u2026.
  u2026u2026u2026.
  If the lgtst command does not display the list of reachable application servers, then the connection to SAP could not be established. Troubleshoot the error and rectify.
  For more info see the following sapnote
  note 30289 : SAProuter documentation
  note 525751: Installation of the SNC-SAPRouter as NT Service
  note 46902 : Security aspects in remote access
  note 48243 : Integrating SAProuter into a firewall
  note 33135 : Guidelines for OSS1 (Version for SAPSERV3).
  note 35010 : Service connections: Composite note (overview)

• SAP ROUTER getting restart every week

  Hi Friends ,
  In My Organization our employees are facing problem with SAP CONNECTION , every one week SAP ROUTER is getting restart , for 2, 3 minits ,
  In that time we are unable to connect our servers.When i check for Router status its showing running only.
  We asked our network team for any network problem, they replied no problems from network side.
  I want to know the reason  for this problem and is there any job scheduled for restart the server ,where we need to check.
  Please help me for this issue.

  Hi Please find the log file in sm21..from last one month.in this file every Thursday morning at 10:02AM sap is disconnecting for all users.not only production ,Quality server and Development servers also happening same.
  At the same time My SAP router time stamp also showing same time.
  Please let me suggest where is the issue .
  System Log: Local Analysis of SAPSRV01                   1
  From date/time............. 01.07.2014 / 18:00:00
  To date/time...............
  User.......................
  Transaction code...........
  Terminal...................
  Task / Number..............
  Problem class..............
  Further restrictions.......
  Sorted ? ................ SOFI
  Pages with single entries 00000150
  With statistics............
                       System Log: Local Analysis of SAPSRV01 2
  Date : 03.07.2014
  Time
  Type
  Nr
  Clt
  User
  TCode
  Priority
  Grp
  N
  Text
  8:51:10
  DIA
  2
  500
  P3
  R4
  7
  Delete session 001 after error 061
  9:32:11
  DIA
  3
  500
  P4
  R4
  7
  Delete session 001 after error 061
  9:34:21
  DIA
  3
  500
  P4
  R4
  7
  Delete session 001 after error 061
  9:40:25
  DIA
  3
  500
  MESPROSOFT2
  SM50
  R0
  J
  Work process with PID 3700 is terminated manually
  9:40:26
  DIA
  0
  500
  L2
  ZSBOM
  Q0
  2
  Stop Workproc 0, PID 3700
  9:40:26
  RD
  Q0
  I
  Operating system call recv failed (error no. 10054)
  9:40:43
  WRK
  0
  Q0
  Q
  Start Workproc 0, Pid 7160
  9:40:44
  DIA
  0
  500
  L2
  R4
  7
  Delete session 001 after error 023
  9:40:54
  DIA
  0
  0
  A1
  0
  Initialization complete
  9:40:54
  DIA
  0
  0
  A1
  4
  > in program , line ??? , event
  9:56:25
  DIA
  2
  500
  P3
  R4
  7
  Delete session 001 after error 061
  10:01:46
  DP
  Q0
  I
  Operating system call recv failed (error no. 10054)
  10:01:46
  DP
  Q0
  4
  Connection to user 16611 (MESPROSOFT2 ), terminal 40 (Admin-PC ) lost
  10:01:46
  DP
  Q0
  I
  Operating system call recv failed (error no. 10054)
  10:01:46
  DP
  Q0
  I
  Operating system call recv failed (error no. 10054)
  10:01:46
  DP
  Q0
  I
  Operating system call recv failed (error no. 10054)
  10:01:46
  DP
  Q0
  I
  Operating system call recv failed (error no. 10054)
  10:01:46
  DP
  Q0
  I
  Operating system call recv failed (error no. 10054)
  10:01:46
  DP
  Q0
  I
  Operating system call recv failed (error no. 10054)
  10:01:46
  DP
  Q0
  I
  Operating system call recv failed (error no. 10054)
  10:01:46
  DP
  Q0
  4
  Connection to user 16535 (P1 ), terminal 43 (TRMSRV ) lost
  10:01:46
  DP
  Q0
  4
  Connection to user 16620 (P2 ), terminal 28 (PUR-TC-VG ) lost
  10:01:46
  DP
  Q0
  4
  Connection to user 16624 (L7 ), terminal 32 (PPC-HP-PE ) lost
  10:01:46
  DP
  Q0
  4
  Connection to user 16634 (L6 ), terminal 47 (PUR-HP-JJ ) lost
  10:01:46
  DP
  Q0
  4
  Connection to user 16643 (F3 ), terminal 48 (ACC-HP-BK ) lost
  10:01:46
  DP
  Q0
  4
  Connection to user 16651 (P3 ), terminal 45 (PUR-HP-NT ) lost
  10:01:46
  DP
  Q0
  4
  Connection to user 16662 (M1 ), terminal 49 (ppc-hp-kr ) lost
  10:12:20
  DIA
  2
  500
  L7
  R4
  7
  Delete session 001 after error 061
  10:12:20
  DIA
  1
  500
  L7
  R4
  7
  Delete session 002 after error 061
  10:17:12
  DIA
  3
  500
  P2
  R4
  7
  Delete session 001 after error 061
  10:26:07
  DIA
  3
  500
  E3
  R4
  7
  Delete session 001 after error 061
  10:56:26
  DIA
  3
  500
  P3
  R4
  7
  Delete session 001 after error 061
  10:58:39
  DIA
  2
  500
  P1
  R4
  7
  Delete session 001 after error 061
  10:58:39
  DIA
  0
  500
  P1
  R4
  7
  Delete session 003 after error 061
  10:58:39
  DIA
  5
  500
  P1
  ME29N
  R4
  7
  Delete session 002 after error 061
  11:00:56
  DIA
  7
  500
  P1
  R4
  7
  Delete session 001 after error 061
  11:47:23
  DIA
  2
  500
  P3
  R4
  7
  Delete session 001 after error 061
  13:32:22
  DIA
  1
  500
  P3
  MB51
  Q0
  2
  Stop Workproc 1, PID 6856
  13:32:22
  RD
  Q0
  I
  Operating system call recv failed (error no. 10054)
  13:32:23
  WRK
  0
  Q0
  Q
  Start Workproc 1, Pid 6448
  13:37:14
  DIA
  2
  500
  Q1
  R4
  7
  Delete session 001 after error 061
  13:45:54
  DIA
  2
  500
  P3
  R4
  7
  Delete session 001 after error 061
  13:55:14
  DIA
  2
  500
  P2
  ME11
  R4
  7
  Delete session 001 after error 061
  13:55:14
  DIA
  1
  500
  P2
  ME2L
  R4
  7
  Delete session 002 after error 061
  14:40:07
  DIA
  2
  500
  P2
  R4
  7
  Delete session 001 after error 061
  15:03:37
  DIA
  2
  500
  P4
  R4
  7
  Delete session 001 after error 061
  15:49:47
  DIA
  2
  500
  T2
  R4
  7
  Delete session 001 after error 061
  15:56:43
  DIA
  2
  500
  E2
  R4
  7
  Delete session 001 after error 061
                       System Log: Local Analysis of SAPSRV01 3
  Date : 04.07.2014
  Time
  Type
  Nr
  Clt
  User
  TCode
  Priority
  Grp
  N
  Text
  9:31:11
  DIA
  2
  500
  P3
  R4
  7
  Delete session 001 after error 061
  10:10:21
  DIA
  3
  500
  T2
  R4
  7
  Delete session 001 after error 061
  10:26:31
  DIA
  2
  500
  P2
  ME21N
  R4
  7
  Delete session 001 after error 061
  10:26:31
  DIA
  2
  500
  P2
  ME2L
  R4
  7
  Delete session 002 after error 061
  10:44:18
  DIA
  2
  500
  T2
  R4
  7
  Delete session 001 after error 061
  10:53:09
  DIA
  2
  500
  P2
  R4
  7
  Delete session 001 after error 061
  11:10:13
  DIA
  2
  500
  P3
  R4
  7
  Delete session 001 after error 061
  11:20:02
  DIA
  4
  500
  T4
  R4
  7
  Delete session 001 after error 061
  12:05:59
  DIA
  2
  500
  T2
  R4
  7
  Delete session 001 after error 061
  12:08:55
  DIA
  2
  500
  P4
  R4
  7
  Delete session 001 after error 061
  12:21:06
  DIA
  3
  500
  T4
  R4
  7
  Delete session 001 after error 061
  12:47:19
  DIA
  0
  500
  P4
  ME2L
  Q0
  2
  Stop Workproc 0, PID 7160
  12:47:19
  RD
  Q0
  I
  Operating system call recv failed (error no. 10054)
  12:47:20
  WRK
  0
  Q0
  Q
  Start Workproc 0, Pid 5996
  12:47:33
  DIA
  0
  500
  P4
  MMBE
  A1
  0
  Initialization complete
  13:38:42
  DIA
  2
  500
  S3
  R4
  7
  Delete session 001 after error 061
  13:40:33
  DIA
  0
  500
  L5
  COOIS
  Q0
  2
  Stop Workproc 0, PID 5996
  13:40:33
  RD
  Q0
  I
  Operating system call recv failed (error no. 10054)
  13:40:34
  WRK
  0
  Q0
  Q
  Start Workproc 0, Pid 1928
  13:40:40
  DIA
  0
  500
  L5
  COOIS
  A1
  0
  Initialization complete
  14:03:43
  DIA
  3
  500
  T4
  R4
  7
  Delete session 001 after error 061
  14:11:42
  DIA
  1
  500
  L4
  COOIS
  Q0
  2
  Stop Workproc 1, PID 6448
  14:11:42
  RD
  Q0
  I
  Operating system call recv failed (error no. 10054)
  14:11:43
  WRK
  0
  Q0
  Q
  Start Workproc 1, Pid 6276
  14:20:56
  WRK
  0
  Q0
  Q
  Start Workproc 1, Pid 2684
  14:23:02
  DIA
  4
  500
  T4
  J1IEX
  GE
  O
  Lock entry deleted manually: Transaction J1IEX
  14:23:02
  DIA
  4
  500
  T4
  J1IEX
  GE
  O
  Lock entry deleted manually: J_1IEXCDTL E
  14:23:02
  DIA
  4
  500
  T4
  J1IEX
  GE
  O
  Lock entry deleted manually: J_1IEXCHDR E
  14:33:17
  DIA
  4
  500
  T4
  J1IEX
  GE
  O
  Lock entry deleted manually: Transaction J1IEX
  14:33:17
  DIA
  4
  500
  T4
  J1IEX
  GE
  O
  Lock entry deleted manually: J_1IEXCDTL E
  14:33:17
  DIA
  4
  500
  T4
  J1IEX
  GE
  O
  Lock entry deleted manually: J_1IEXCHDR E
  14:41:47
  DIA
  4
  500
  M4
  R4
  7
  Delete session 001 after error 061
  14:41:47
  DIA
  4
  500
  M4
  R4
  7
  Delete session 002 after error 061
  14:46:22
  DIA
  2
  500
  MESPROSOFT2
  SM50
  R0
  J
  Work process with PID 1928 is terminated manually
  14:46:22
  DIA
  0
  500
  L4
  KKAO
  Q0
  2
  Stop Workproc 0, PID 1928
  14:46:22
  RD
  Q0
  I
  Operating system call recv failed (error no. 10054)
  14:46:36
  WRK
  0
  Q0
  Q
  Start Workproc 0, Pid 7040
  14:46:38
  DIA
  4
  500
  P4
  R4
  7
  Delete session 001 after error 061
  14:46:38
  DIA
  0
  500
  L4
  R4
  7
  Delete session 001 after error 023
  14:46:47
  DIA
  0
  500
  MESPROSOFT2
  SM04
  A1
  0
  Initialization complete
  14:52:39
  DIA
  1
  500
  L2
  KKAO
  ED
  X
  BP_START_DATE_EDITOR: Invalid start date found. Reason:
  14:52:39
  DIA
  1
  500
  L2
  KKAO
  ED
  T
  > Start date/time is not complete
  15:20:14
  DIA
  2
  500
  P3
  R4
  7
  Delete session 001 after error 061
  15:32:47
  DIA
  3
  500
  P2
  R4
  7
  Delete session 001 after error 061
  15:32:47
  DIA
  2
  500
  P2
  R4
  7
  Delete session 002 after error 061
  15:45:51
  DIA
  2
  500
  T2
  R4
  7
  Delete session 001 after error 061
  15:52:56
  DIA
  5
  500
  P2
  R4
  7
  Delete session 001 after error 061
  15:52:56
  DIA
  4
  500
  P2
  R4
  7
  Delete session 002 after error 061
  16:44:24
  DIA
  2
  500
  P4
  R4
  7
  Delete session 001 after error 061
  17:32:13
  DIA
  1
  500
  P1
  R4
  7
  Delete session 001 after error 061
  17:32:13
  DIA
  3
  500
  P1
  R4
  7
  Delete session 002 after error 061
  17:36:25
  DIA
  0
  500
  M3
  ZPO_MONITOR
  Q0
  2
  Stop Workproc 0, PID 7040
  17:36:25
  RD
  Q0
  I
  Operating system call recv failed (error no. 10054)
  17:36:26
  WRK
  0
  Q0
  Q
  Start Workproc 0, Pid 7064
  17:41:15
  DIA
  2
  500
  P2
  R4
  7
  Delete session 001 after error 061
  17:56:59
  DP
  Q0
  4
  Connection to user 18385 (M3 ), terminal 42 (TRMSRV ) lost
  17:56:59
  DP
  Q0
  G
  Request (type DIA) cannot be processed
  18:08:48
  DIA
  6
  500
  P3
  ME2L
  R4
  7
  Delete session 001 after error 061
  18:16:01
  DIA
  3
  500
  P4
  R4
  7
  Delete session 001 after error 061
  18:32:03
  DIA
  3
  500
  MESPROSOFT
  SM50
  R0
  J
  Work process with PID 7064 is terminated manually
  18:32:03
  DIA
  0
  500
  M3
  Q0
  2
  Stop Workproc 0, PID 7064
  18:32:19
  WRK
  0
  Q0
  Q
  Start Workproc 0, Pid 5936
  18:32:20
  DIA
  0
  500
  M3
  R4
  7
  Delete session 001 after error 047
  18:32:20
  DP
  Q0
  G
  Request (type DIA) cannot be processed
  18:32:40
  DIA
  0
  0
  SAPSYS
  A1
  0
  Initialization complete
  18:55:03
  DIA
  2
  500
  MESPROSOFT2
  R4
  7
  Delete session 002 after error 061
                       System Log: Local Analysis of SAPSRV01 4
  Date : 05.07.2014
  Time
  Type
  Nr
  Clt
  User
  TCode
  Priority
  Grp
  N
  Text
  3:19:12
  DP
  Q0
  4
  Connection to user 18697 (L2 ), terminal 40 (PPC-HP-SP ) lost
  8:24:51
  DIA
  1
  500
  T4
  R4
  7
  Delete session 001 after error 061
  9:01:13
  DIA
  2
  500
  P3
  R4
  7
  Delete session 001 after error 061
  9:02:42
  DIA
  2
  500

• Changing SAP Router to different System

  HI Experts,
                  SAP Router is installed in our Develpoment system can it be possible for us to install this on the solution manager System. Is this advisable to change the SAP router to a different machine. If so How is that possible?
  Regards,
  Vamshi.

  Hi,
  Please use the following step.
  Installation Steps
  1.1     Downloading necessary software components from SAP Service Marketplace:
  1.     SAProuter
  Use the latest SAProuter version (37.x), which can be downloaded from
  SAP Service Marketplace under the following link.
  http://service.sap.com/swdc
  &#61614;     Download
  &#61614;     Support Packages and Patches
  &#61614;     Entry by Application Group
  &#61614;     Additional Components
  &#61614;     SAPROUTER
  &#61614;     SAPROUTER 6.40
  SAPROUTER 6.40
  From the available list of SAProuters, select the SAProuter for your OS platform.
  2.     SNC Libraries (SAPcryptolib) download:
  http://service.sap.com/swdc
  &#61614;     Download
  &#61614;     SAP Cryptographic Software
  Select the SAPcrytoLib libraries compatible with your Operating System.
  Note: Please also download the SAPCAR.exe file from the above location to extract the SAProuter archive files.
  3.     Create a folder in /usr/sap with the name as: saprouter.
  4.     Extract both the files i.e. SAProuter.SAR and Cryptolib.CAR files into saprouter folder using the command:
  SAPCAR -xvf SAProuterxxx.SAR
  SAPCAR -xvf CRYPTOLIBxxx.CAR
  1.2     Creating the certificate request
  1.     As user <snc>adm set the environment variables:
  SECUDIR = /usr/sap/saprouter
  SNC_LIB = /usr/sap/saprouter/libsapcrypto.so
  2.     Go to the Trust Center Service - Download Area and get the "Distinguished Name" for your SAProuter from the list of SAProuters registered for your installation.
  3.     Generate the certificate Request with the command:
  ./sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
  P.S: We can also get the distinguished name from SAP itself when we register for the remote service connection.
  4.     Display the output file "certreq" using the command:
  cat certreq
  and with copy & paste insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
  1.3     Importing the certificate request
  1.     With this in turn you can install the certificate in your saprouter by calling
  ./sapgenpse import_own_cert -c srcert -p local.pse
  1.4     Setting secured login to SAProuter
  1.     Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account)
  sapgenpse seclogin -p local.pse -O <user_for _saprouter>
  2.     This will create a file called cred_v2 in the same directory.
  3.     Check if the certificate has been imported correctly
  ./sapgenpse get_my_name -v -n Issuer
  4.     If this is not the case, delete the files cred_v2, local.pse and start over at Item 3 of 4.2 .  If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands 3 of 4.2, 4.3, and 4.4.
  1.5     Additional actions necessary before you can start saprouter
  1.     Logon to the system as <sid>adm, here sa1adm.
  2.     The environment variables SECUDIR, SNC_LIB and USER needs to be set for the user account SAProuter is running under using the commands:
  setenv SECUDIR <path_to_libsecude>
  i.e. setenv SECUDIR /usr/sap/saprouter
  setenv SNC_LIB <path_to_libsecude>/<name_of_sapcrypto_library>
  i.e. setenv SNC_LIB /usr/sap/saprouter/libsapcrypto.so
  setenv USER sa1adm
  3.     Check if the environment of the user running saprouter contains the environment variable SECUDIR, SNC_LIB and USER using : printenv
  4.     Start the saprouter with the following command line:
  #./saprouter -r -S <port> -K "p:<Your Distingushed Name>"
  -K tells the saprouter to start with loading the SNC library
  Eg. ./saprouter -r -S 3299 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
  ./saprouter -r -V 2 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
  ./saprouter -r -R /usr/sap/saprouter/saprouttab -G log.txt -V 2 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
  5.     The corresponding file ./saprouttab should contain at least the following entries
  inbound connections MUST use SNC
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
  repeat this for the servers and port_numbers you will need to allow,
  please make sure that all explicit ports are inserted in front of a
  generic entry '*' for port_number
  outbound connections to <sapservX> will use SNC
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
  permission entries to check if connection is allowed at all
  P <IP address of a local host> <IP address of sapserv2>
  all other connections will be denied
  D  * * *
  6.     Example: For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries:
  SNC-connection from and to SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  SNC-connection from SAP to local R/3-System for Support
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
  SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
  SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
  Access from the local Network to SAPNet - R/3 Frontend (OSS)
  P <IP-addess of a local PC> 194.39.131.34 3299
  deny all other connections
  D * * *
  Thanks,
  Harshal

• SAP router service is not running.

  Hi Everyone.,
  Today I have tried to renew the certificate in windows system every thing went well till the end but after importing newly generated certificate sap router service failed to start. Below is the error message when i try to start the service.
  D:\usr\sap\SOL\SYS\exe\uc\NTI386>saprouter -r -S 3299 -K "p:CN=SOLMGR, OU=000086
  1986, OU=SAPRouter, O=SAP, C=DE"
  trcfile  dev_rout
  no logging active
  DEV_rout
  trc file: "dev_rout", trc level: 1, release: "700"
  Sat Dec 04 09:30:26 2010
  SAP Network Interface Router, Version 38.0
  command line arg 0:     saprouter
  command line arg 1:     -r
  command line arg 2:     -S
  command line arg 3:     3299
  command line arg 4:     -K
  command line arg 5:     p:CN=SOLMGR, OU=0000861986, OU=SAPRouter, O=SAP, C=DE
  SncInit(): Initializing Secure Network Communication (SNC)
        PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/32/32)
  SncInit(): Trying environment variable SNC_LIB as a
        gssapi library name: "D:\usr\sap\SOL\SYS\exe\uc\NTI386\sapcrypto.dll".
    File "D:\usr\sap\SOL\SYS\exe\uc\NTI386\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
    The internal Adapter for the loaded GSS-API mechanism identifies as:
    Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
  main: pid = 7560, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
  reading routtab: './saprouttab'
  When i tried to start the service manually then service is starting fine but when i tried to check OSS-001 connection in SM59 it says routtab permission failed rc-94.
  Please suggest if any one ever faced this issue.
  REgards,
  Vinod

  Hi Sunil,
  I have cross checked the orutab file. Please see below routab file and sugegst me incase if you find mistakes.
  SNC connection to and from SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  SNC-connection from SAP to your system SOL with SAPGUI
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 88.85.224.92 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" solmgr 3200
  SNC-connection from SAP to your system SOL with WTS
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 88.85.224.92 3389
  SNC-connection from SAP to your system ECC DEV with SAPGUI
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.128.2.239 3200
  SNC-connection from SAP to local R/3-System for PCANYwhere
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631
  SNC-connection from SAP to local R/3-System for saptelnet
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
  Access from your local Network to SAP R/3 Frontend (OSS)
  P * 194.39.131.34 3299
  deny all other connections
  D * * *
  Also today i recieved a mail saying that client has chnaged the IP address of the saolution manager recently. Do they need to re register the IP with sap again. But i am able to telnet sapserv2 server IP using 3299 port and also able to ping the server. Please suggest.
  Regards,
  Vinod

• SAP Router Getting Stopped.

  Hi Guys,
  We have been facing issue with our SAP Router version 710
  Our Router is on Linux( RHEL 5 )host.
  It gets stopped randomly and we have to manually start it again.
  Please advise how to proceed.
  Regards
  Abhishek

  Hi,
  I tried  with -n option it only starts the router with new routtab
  Our routtab is fine.
  Our issue is that the Router process on linux host is getting stopped automatically.
  We use the below command to start the router
  nohup /usr/sap/Saprouter/saprouter -r -G tracefile_4 -W 60000 -K "p:CN=SOLXXXXX, OU=000111111, OU=SAProuter, O=SAP, C=DE" &
  Regards
  Abhishek
  Edited by: abhishek sharma on Oct 19, 2011 6:15 PM

• SAP router error on windows server 2008 64bit

  Hi All,
  I am installing sap router on windows 2008 server 64 bit.
  While trying to generate certificate request it showing below error.
  E:\usr\sap\saprouter\nt-x86_64>sapgenpse get_pse -v -r certreq -p local.pse "CN=
  solman, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE"
  Got absolute PSE path "C:\Users\soladm\sec\local.pse".
  Please enter PIN:
  Please reenter PIN:
  Supplied distinguished name: "CN=solman, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=
  DE"
  Creating PSE with format v2 (default)
  get_pse: Can't create PSE.
  ERROR in af_create: (4352/0x1100) could not flush : "SW-PSE"
  ERROR in create_PSE: (4352/0x1100) could not flush : "SW-PSE"
  ERROR in modified_PSEFile: (4352/0x1100) could not flush : "SW-PSE"
  ERROR in flush_PSEFile: (1283/0x0503) Can't write file : "C:\Users\soladm\sec\lo
  cal.pse"
  ERROR in aux_OctetString2file: (1283/0x0503) Can't write file : "C:\Users\soladm
  \sec\local.pse"
  I couldn't find the cryptography software specifically for windows 2008 server 64 bit ? So I downloaded the software for windows server 64 bit platform.
  Do any one have idea on this...
  Please reply..
  Regards
  Vinay

  Hi,
  Yes, there is no specific cryptography software for windows server 2008 and whatever u have chosen is correct.
  Fom the following error message I could see where the issue arises.
  Can't write file : "C:\Users\soladm\sec\local.pse"
  I think you have not set the following ENV variable for the SAPRouter admin user (in your case soladm) and hence the sapgenpse tries to import the certificate in the SOLADM user's document folder.
  Set the following variables for the user SOLADM and then try to import the certificate as mentioned in the [link|http://service.sap.com/saprouter-sncdoc].
  SECUDIR = E:\usr\sap\saprouter
  SNC_LIB = E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll
  Hope this resolves ur issue.
  Regards,
  Varadharajan M

• Error while importing SAP Router renew Certificate

  Hi Gurus,
  My sap router certificate got expired and got mail from SAP to renew, so I decided to renew it and followed link http://wiki.sdn.sap.com/wiki/display/Basis/HowtorenewtheSAPRouterlicense to renew saprouter certificate. All the steps were executed fine But I got below error while importing certificate from srcert file.
  C:\saprouter>sapgenpse import_own_cert -c srcert -p local.pse
  Please enter PIN:
  import_own_cert: Installation of certificate failed
  ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your
  public key found
  Please advise me to solve this issue.
  Thanks,
  Venkat

  Hi Deepak,
  thanks for your reply.
  yes i have entered correct Pin and in the first step i have moved local.pse and cred_v2, certreq, srcert files to C:/saprouter/backup folder
  After executing import command it has given error first time so i copied local.pse file to C:\saprouter folder and executed but same error result.
  please help me to solve it.
  Thanks,
  Venkat