Add aditional SAP web dispatcher on Server

Similar Messages

• SAP Web Dispatcher Configuration (SSL, certificates)

  Hi all,
  We're trying to configure the SAP Web Dispatcher for the use of SSL (terminated) and client authentication using x.509 certificates. All works (almost)fine. However, there's some strange behavior that I can not explain.
  The following access point have been specified in the profile:
  Description of the Access Points
  icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
  icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
  icm/HTTPS/verify_client = 2
  Basicly we only need users to access the web dispatcher using SSL. However, when I remove the line: icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
  The Web Dispatcher returns an error upon accessing it using HTTPS:
  Dispatching Error
  Error: -26
  Version: 6040
  Component: HTTP_ROUTE
  Date/Time: Tue Mar 14 07:19:38 2006 
  Module: http_route.c
  Line: 2383
  Server: sapvm1_DVS_26
  Detail: no valid destination server available for '!ALL' rc=13
  Any help would be highly appreciated. Thanks!
  Frodo

  Hi KS,
  Maybe you were right afterall I found a nice How to on the servce.sap.com (https://websmp203.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073632&_SCENARIO=01100035870000000202) and it seems you do have to add the HTTP server_port parameter in case SSL is being terminated (no re-encryption).
  icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
  icm/server_port_1 = PROT=HTTP, PORT=0, TIMEOUT=15
  However, the trick is to set the port to zero (0), that way you can still only access the Web Dispatcher via HTTPS.
  All is working now.
  Frodo

• SAP Web Dispatcher for Portal reverse proxy

  Hi Experts,
  I am on EP6.0 SP20 and trying to use SAP web dispatcher as reverse proxy.
  I followed the below web log to configure the web dispatcher.
  [How to...Configure SAP Webdispatcher as a reverse proxy|How to...Configure SAP Webdispatcher as a reverse proxy]
  I still have some problems logging into the Portal through the web dispatcher.
  Web Dispatcher is in the DMZ not behind the firewall. We opened the port 80 only for Web dispatcher server.
  We are getting an error in the browser,
  http://<host of portal>.<domain name>:50000/irj/portal can not be recognized.
  I have no clue to how to get rid of this error. any help will be greatly appreciated.
  Regards,

  Hi,
  I do not know the exact ESS WebDynpro you are using but it may be possible that these WebDynpros use absolute URLs which of course do not point to the hostname and port of the Web Dispatcher.
  There are several ways to circumvent this:
  Please check http://help.sap.com/saphelp_nw04s/helpdata/en/62/5f374ff72c40478fcba2bb4fa79ddf/frameset.htm and add the parameters wdisp/add_client_protocol_header and (more important for you: wdisp/handle_webdisp_ap_header) to the WebDynpro configuration.
  (A nice explenation why we have to use this can be found here: https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bsp/using+proxies&)
  another way would be to tell the J2EE engine directly that it is behind a WebDispatcher, by setting the ProxyMappings (http://help.sap.com/saphelp_nw70/helpdata/en/b8/437d46d4451e4c9ab756e272a1581d/frameset.htm)
  Regards,
  Holger.

• Remote Connection to SAP with SAP Web Dispatcher

  Dear Experts,
  i have installed a SAP Router + SAP ECC 6.0 IDES + SAP Portal 7.0 + SAP Solution Manager 7.0. The remote connection works.
  SAP Router is in a DMZ
  SAP ECC 6.0 IDES + SAP Portal 7.0 + SAP Solution Manager 7.0 are in another network only for SAP Systems
  Fo security reason, i would like to install a SAP Webdispatcher with the SAP Router's Server.
  I already:
  have extracted the icmadmin.sar file
  have executed the sapwebdisp -bootstrap command
  have started the web dispatcher with sapwebdisp pf=sapwebdisp.pfl
  have activated /sap/public/icman and /sap/public/icf_info/* services inthe SAP Solution Manager
  As the saprouttab file for the saprouter, i would like to establish the connection to SAP withe the SAP WebDispatcher.
  My questions are:
  What are the parameters i have to put in the sapwebdisp.pfl file?
  Do i have to create the PERMFILE and the AUTHFILE?
  Any example of profil file? (another than the SAP Library example)
  Thank you very much for your help in advance.
  Best regards.
  Pascal Tran.
  PS: Here is the sapwebdisp.pfl file
  Profile generated by sapwebdisp bootstrap
  unique instance number
  SAPSYSTEM = 50
  add default directory settings
  DIR_EXECUTABLE = .
  DIR_INSTANCE = .
  Accessibility of Message Servers
  rdisp/mshost = <Solution_Manager_hostanme>
  rdisp/msserv = sapms<Solution_Manager_SID>
  ms/http_port = 81<Solution_Manager_Instance_Number>
  SAP Web Dispatcher Parameter
  wdisp/auto_refresh = 120
  wdisp/max_servers = 100
  wdisp/shm_attach_mode = 6
  configuration for default scenario (medium size)
  icm/max_conn      = 500
  icm/max_sockets   = 1024
  icm/req_queue_len = 500
  icm/min_threads   = 10
  icm/max_threads   = 50
  mpi/total_size_MB = 80
  #maximum number of concurrent connections to one server
  wdisp/HTTP/max_pooled_con = 500
  wdisp/HTTPS/max_pooled_con = 500
  SAP Web Dispatcher Ports
  icm/server_port_0 = PROT=HTTP,PORT=8050
  SAP Web Dispatcher Web Administration
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
  Hostname per default
  icm/host_name_full = <SAP_Router_Hostname>

  Hello,
  The two important paramters are covered in your profile.
  Accessibility of Message Servers
  rdisp/mshost = <Solution_Manager_hostanme>
  rdisp/msserv = sapms<Solution_Manager_SID>
  ms/http_port = 81<Solution_Manager_Instance_Number>
  And the port on which your webdispatcher listens from outside world.
  icm/server_port_0 = PROT=HTTP,PORT=8050
  For additional security you can use the https port also.
  I dont think you need to maintain any other file manually.
  I had configured web dispatcher but for 640 stack. It should be more or less the same.
  An example file sapwebdisp.pfl
  Profile generated by sapwebdisp bootstrap
  unique instance number
  SAPSYSTEM = 1
  Accessibility of Message Servers
  rdisp/mshost = <hostname>
  ms/http_port = 8101
  ms/https_port = 8005
  SAP Web Dispatcher Parameter
  wdisp/auto_refresh = 120
  wdisp/max_servers = 100
  wdisp/shm_attach_mode = 6
  configuration for default scenario (medium size)
  icm/max_conn      = 500
  icm/max_sockets   = 1024
  icm/req_queue_len = 500
  icm/min_threads   = 10
  icm/max_threads   = 50
  mpi/total_size_MB = 80
  #maximum number of concurrent connections to one server
  wdisp/HTTP/max_pooled_con = 500
  wdisp/HTTPS/max_pooled_con = 500
  wdisp/shm_attach_mode = 6
  SAP Web Dispatcher Ports
  icm/server_port_0 = PROT=HTTPS,PORT=1443
  icm/server_port_1 = PROT=HTTP,PORT=1081
  icm/HTTPS/verify_client = 0
  SAP Web Dispatcher Web Administration
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin
  DIR_INSTANCE = C:\Secudir
  ssl/ssl_lib = C:\Secudir\sapcrypto.dll
  ssl/server_pse= C:\Secudir\SAPSSLS.pse
  wdisp/ssl_cred = SAPSSLS.pse

• Reverse Proxy - Apache vs SAP Web Dispatcher

  Hi,
  my config consists in a portal (EP7.0 - DB/CI + AS) and an ECC system (ECC 6.0 - DB/CI + AS).
  Web developments are based on Abap Web Dynpro and are also located on ECC.
  To ensure load balancing there are 2 web dispatchers : one on EP DB/CI, one on ECC DB/CI.
  Those 2 systems are located in intranet. Intranet access are realized via http.
  Moreover I need to open this solution to internet. I need a component to filter access in DMZ and ensure reverse proxy + https functions.
  Technical target chain links are depicted below.
  internet access : browser (https) -
  >  (https) reverse proxy in DMZ (http) -
  > IS (Portal/ECC)
  intranet access : browser (http) -
  > IS (portal/ECC)
  At the moment two application gateway solutions have been identified :
  Apache (MOD_PROXY + MOD_HTTPS) - My configuration is based on Linux
  SAP Web Dispatcher ("cascading" implementation as described in OSS note 740234)
  I'm looking for PROs and CONs of those 2 solutions and I'm also seeking for the impact of ensuring https encryption/decryption at the application gateway level ("a priori" this usage is not transparent in term of server sizing - CPU/memory, do I require to implement an SSL accelerator ?).
  Regards.
  Frederic.

  Hi,
  PRO Webdispatcher:
  - Supports SAP Java + ABAP
  - Loadbalancing of SAP applications (stateful)
  - Supports load balancing (saplb_* cookie)
  - Free of costs
  - easy to set up (up & running in 2 minutes)
  - Supports HA solutions out-of-the-box (process HA)
  - Filter + Rules to modify the requests
  CONS Webdispatcher
  - not a full reverse proxy
  - Limited functionality
  - one more server/solution (normaly, a company already does have a reverse proxy solution in place)
  - limited user base (only SAP customers)
  PRO Apache
  - free
  - widly in use
  - full reverse proxy
  - allows more complex filtering / rewriting
  - can be used for more web solutions, reuse of existing apache reverse proxy
  CONS Apache
  - does not support SAP load balancing (connection to the message server port for load distribution)
  - can be more complex to set up
  - SAP specific technology / problems are more harder to fix (ABAP, Stateful connections, sap_lb*)
  Short: both will server well as a reverse proxy.
  Rule of thumb: If you go for Apache or Web Dispatcher should mainly depend on you current IT landscape. If you already do have an apache in use, use Apache. You already have the people / knowledge, try to foster it .
  If you start from scratch and have SAP Logon Groups or many WebDynpro ABAP applications, go for the Web Dispatcher.
  br,
  Tobias

• SAP Web dispatcher not forwarding incoming HTTP portal sessions.

  Hello,
  We are using an EP6 Portal from which Abap Web dynpros are launched. The incoming http sessions were accessing our backend ECC6 SAP system through the sap server message . The http sessions were badly dispatched between the two abap servers. We have been advised by SAP to use the sap web dispatcher instead.
  The sap web dispatcher has been correctly installed and configured (on the central abap instance ).
  I have carefully read the SAP help section concerning the server selection using the sap web dispatcher :
  http://help.sap.com/saphelp_nw04s/helpdata/en/5f/7a343cd46acc68e10000000a114084/frameset.htm
  All our settings seem to be OK :
  The incoming HTTP requests are forwarded to abap servers only.
  *In transaction SICF, all the services under the tree
  sap/public/icf_info have been assigned to the same logon group .
  The capacity of the two servers included in the logon
  group " is the same :
  server40 LB=12
  server60 LB=12
  In the Web interface, capacity equal "1" for the two servers.
  wdisp/load_balancing_strategy=  weighted_round_robin
  In the SAP web interface, the prefered server is ALWAYS the same :
  Status of Server Group "LOADIS"
  Loadbalancing Information
  Number of Servers in this group 2
  Last used Server
  Preferred next Server server40_SPA_10
  But it seems that the sap web dispatcher is not used at ALL.
  The Load distribution is still based on the SMLG workload as it was the case, before, with the sap message server. The information displayed in the web interface (preferred server) is wrong.
  The Preferred next Server is ALWAYS server40_SPA_10 (shown in the web interface), but, in fact, the http sessions are distributed between the two servers server60_SPA_00 and server40_SPA_10 depending on the server quality diplayed in transaction smlg. It was exactly the same behaviour we had before, only with the sap server message .
  Any useful help would be highly appreciated.
  Best Regards.

  Hi,
  firstly, have you checked note 1094342? What variant do you want to use? Do you terminate a SSL connection on web dispatcher and create a new one between web dispatcher and application server? It looks like the web dispatcher can't verify SSL certificate used by application server. Maybe you've already tried this but you can try to turn off SSL between dispatcher and application server. If this setup works then problem is in SSL connection. You can check what host name is used in SSL certificate and what host name is used by dispatcher. You can use parameter wdisp/ssl_certhost which sets host name which will be used for certificate validation.
  Cheers

• SAP Web Dispatcher in a high availability environment

  Hello, guys
  We are working in a CRM 7.0 implementation Project. Our system landscape is the following:
     - Two hosts (host1 & host2) on MSCS cluster (Windows 2008) with SQL Server and ASCS in high availability. Additional, this MSCS cluster has a instance of SAP Web Dispatcher.
     - In these two host weu2019ve installed a CI & DI instance, outside of high availability scope
     - Two additional hosts (host3 & host4) with one dialog instance in every host
  We have severe problems with communication between SAP Web Dispatcher and ICM components. Our configuration schema is the next:
     - ASCS (MSCS_virtual_hostname):
  ms/server_port_0 = PROT=HTTP,PORT=8141
  SAPLOCALHOSTFULL = <MSCS_virtual_hostname>.<domain>
     - IC (host1)
  icm/server_port_0 = PROT=HTTP,PORT=8040,TIMEOUT=90,PROCTIMEOUT=600
  icm/host_name_full = <host1>.<domain>
     - ID1 (host2)
  icm/server_port_0 = PROT=HTTP,PORT=8044,TIMEOUT=90,PROCTIMEOUT=600
  icm/host_name_full = <host2>.<domain>
     - ID3 (host3)
  icm/server_port_0 = PROT=HTTP,PORT=8045,TIMEOUT=90,PROCTIMEOUT=600
  icm/host_name_full = <host3>.<domain>
     - ID4 (host4)
  icm/server_port_0 = PROT=HTTP,PORT=8046,TIMEOUT=90,PROCTIMEOUT=600
  icm/host_name_full = <host4>.<domain>
     - SAP Web Dispatcheer (MSCS_virtual_hostname):
  SAPGLOBALHOST = <MSCS_virtual_hostname>
  SAPLOCALHOSTFULL = <MSCS_virtual_hostname>.<domain>
  SAPLOCALHOST = <MSCS_virtual_hostname>
  SAPLOCALHOST = <MSCS_virtual_hostname>
  ms/http_port = 8141
  icm/server_port_0 = PROT=HTTP, PORT=8042,TIMEOUT=30,PROCTIMEOUT=600
  wdisp/add_xforwardedfor_header = TRUE
  In SAP Web Dispatcher log weu2019ve found the following error messages:
  Fri Jan 28 15:45:22 2011
  ***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused)
  *** ERROR => NiPConnect2: SiPeekPendConn failed for hdl 6 / sock 130060
      (SI_ECONN_REFUSE/10061; I4; ST; 192.168.6.182:8044)
  *** ERROR => Connection request to host: , service: 8044 failed (NIECONN_REFUSED)
  SAP Web Dispather is trying to connect to connect with dialog instances through , which itu2019s incorrect (ports 8044, 8045 & 8046 are opened in dialog instances, not in virtual instance). I think it should try with real hostnames (host1, host2, host3 & host4).
  ¡¡Please, help!! Thanks in advance

  Hello, Karthi,
  Our Web Dispatcher profile looks as following:
  Instance specific parameters
  Maybe some of these parameters are needless
  SAPSYSTEMNAME = <CRM SID>
  INSTANCE_NAME = <WD SID>
  SAPSYSTEM = <WD System number>
  SAPGLOBALHOST = <virtual hostname of WD>
  SAPLOCALHOSTFULL = <FQDN of virtual hostname of WD>
  SAPLOCALHOST = <virtual hostname of WD>
  Directorios
  DIR_INSTANCE = R:\usr\sap\wd
  DIR_INSTALL = R:\usr\sap\wd
  DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
  DIR_EXECUTABLE = R:\usr\sap\wd
  DIR_PROFILE = R:\usr\sap\wd
  DIR_HOME = R:\usr\sap\wd
  DIR_ICMAN_ROOT = $(DIR_INSTANCE)\icmanroot
  R:\usr\sap\wd\global\security\data
  Accesibilidad al Message Server
  rdisp/mshost = <virtual hostname of CRM Message Server>
  ms/http_port = <HTTP port of CRM Message Server>
  HTTP Settings
  Puerto estandar de acceso HTTP
  icm/server_port_0 = PROT=HTTP, PORT=8042,TIMEOUT=30,PROCTIMEOUT=600
  These parameters defines load balancing weights
  #wdisp/server_00 = NAME=<hostname_SID_SYSNR>, LB=4, ACTIVE=0
  #wdisp/server_01 = NAME=<hostname_SID_SYSNR>, LB=10, ACTIVE=1
  #wdisp/server_02 = NAME=<hostname_SID_SYSNR>, LB=20, ACTIVE=1
  #wdisp/server_03 = NAME=<hostname_SID_SYSNR>, LB=20, ACTIVE=1
  Puerto de acceso interfaz web de administrador
  icm/HTTP/admin_0 = PREFIX=/sap/admin, DOCROOT=$(DIR_ICMAN_ROOT)/admin, AUTHFILE=$(DIR_INSTANCE)\sec\icmauth.txt
  Activaciu00F3n de la cachu00E9 de SAP Web Dispatcher
  icm/HTTP/server_cache_0/http_cache_control = true
  icm/HTTP/server_cache_0 = PREFIX=/, CACHEDIR=$(DIR_INSTANCE)\cache
  Fichero de log de seguridad
  icm/security_log = LOGFILE=$(DIR_HOME)\log\security_%y%m%d.log, SWITCHTF=day, MAXSIZEKB=1024, FILEWRAP=off
  icm/HTTP/logging_0 = PREFIX=/, LOGFILE=$(DIR_HOME)\log\wd_log_%y%m%d.log, SWITCHTF=day, MAXSIZEKB=1024, FILEWRAP=off
  icm/log_level = 1
  Dispatcher Configuration
  wdisp/add_xforwardedfor_header = FALSE
  Parametrizacion de memoria
  Datos de sizing de los que se parten                                #
  #users = 1800 usuarios (900 concurrentes)
  #req_per_dialog_step = 6 peticiones HTTP por paso
  #thinktime_per_diastep_sec = 10 seg. de "thinktime"
  #conn_keepalive_sec = 30 seg. mantener conexiu00F3n abierta con ICM
  #icm/max_conn = users * req_per_dialog_step * conn_keepalive_sec / thinktime_per_diastep_sec
  icm/max_conn = 16200
  wdisp/HTTP/max_pooled_con = icm/max_conn
  wdisp/HTTP/max_pooled_con = 16200
  icm/max_sockets = al menos la suma de icm/max_conn y wdisp/HTTP/max_pooled_con
  icm/max_sockets = 32400
  mpi/buffer_size = 64K = 64 * 1024 = 65536
  mpi/buffer_size = 65536
  mpi/total_size_MB = icm/max_conn * mpi/buffer_size (hay que convertir mpi/buffer_size a MB)
  mpi/total_size_MB = 1024
  icm/req_queue_len = icm/max_conn / 2
  icm/req_queue_len = 8100
  icm/min_threads = icm/max_conn / ~50
  icm/min_threads = 512
  icm/max_threads = icm/max_conn / ~20
  icm/max_threads = 1024
  Parametrizacion de seguridad
  Evitar el envu00EDo de mensajes tu00E9cnicos al usuario final
  is/HTTP/show_detailed_errors = FALSE
  #icm/HTTP/error_templ_path
  And ICM parameters are:
  - SAPLOCALHOSTFULL= <FQDN of every application server>
  - icm/server_port_0 = PROT=HTTP,PORT=8080,TIMEOUT=90,PROCTIMEOUT=600:
  - icm/host_name_full = <FQDN of every application server>  ## This parameter is ignored if SAPLOCALHOSTFULL is defined
  I hope it helps you.
  Best regards,
  Sergio Su00E1nchez

• Support pakages and patch sap web dispatcher

  Hi,
  I have install sap web dispatcher on a sap server on abap stack.
  I have download support packages for web dispatcher form sap mark.
  Anybody know how can I patch web dispatcher with u201Csapwebdisp_86-20003979.saru201D file.. 
  Thanks for any help.

  Hi my friend
  Just unzip the SAR file and replace the old files with the latest, like replacing kernel files.
  Note 908097 - SAP Web Dispatcher: Released releases and applying patches
  Regards,

• Client authentication in PI when SAP Web dispatcher terminates SSL

  PI Security Experts,
  Here is our design for Third-party Peoplesoft system initiating SOAP Call to PI Web Service created on our PI server.
  1) Third-party Peoplesoft Application server initiates a SOAP call.
  2) Third-party Network Gateway has a URL server certificate from our gateway and our gateway server has a root certificate from the CA used by third-party gateway. this will be used to establish the SSL tunnel between gateway.
  3) SOAP request in our network will be routed through load balancer to SAP web dispatcher.
  4) SAP web dispatcher terminates SSL connection
  5) We will generate client cert for authentication and pass it onto third-party which they will load onto their PeopleSoft application server. SOAP call initiating from the PeopleSoft server will pass the client cert along with the message (My understanding is that the client cert will not be a part of SOAP message body. Ina other words we are not implementing message-level security. Is that true? How will the client cert be passed? How and where will a client attach the client cert with message?My understanding is that this is a network layer security and client certificate will be authenticated on PI J2ee server at SSL protocol level..Is my understanding correct?)
  6) We will also load client certificate generated for client onto J2EE server using Visual Admin and map it to PI user for authentication.
  7) SAP web dispatcher terminates SSL and passes the SOAP message to PI (J2EE) along with client cert in a http header variable.
  There is some conflicting SAP documents. some say that client cert can't be used for PI authentication if Web Dispatcher terminates SSL connection (http://help.sap.com/saphelp_nw04s/helpdata/en/ea/301e3e6217b40be10000000a114084/frameset.htm). There is some other documents that say that authentication using client cert is possible by having J2EE trusting Web Dispatcher and by passing client cert from Web Dispatcher to J2EE in a httpheader variable (http://help.sap.com/saphelp_erp2005/helpdata/en/ea/301e3e6217b40be10000000a114084/content.htm).
  Now if client cert authentication is possible even if Web dispatcher terminates SSL, what cert do we need on J2EE, a cert from Web dispatcher or a client cert that's coming in from the client appication (the one that we created and provided to our third-party)?
  If we install a cert from web dispatcher on J2EE then do we need a client cert on Web dispatcher instead of on J2EE? If so how and where do we map client cert to PI User?
  I will really appreciate any advise on whether we are going down the right path and any pointers to my questions.
  Thanks,
  Saurabh

  Hi,
  May be below links will be helpful
  Check the following links.. you will get the information all about the securities...
  http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
  Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Also find soeminformation in these links
  http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
  /people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
  Step by step guide for SSL security
  step by step guide to implement SSL
  Please go through below link for referance (above information is from below link)
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
  General guide
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
  Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Regarding message level you can encrypt the message using certificates.
  For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
  Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
  Thanks
  Swarup

• Error SAP Web Dispatcher

  Buenas tardes estimados,
  Configure el web dispatcher con solman pero el webdispatcher solo me permite acceder a los servicios del stack de java que corren en el puerto 50000 pero no me deja ver los servicios abap de la SICF que corren en el puerto 8000 alguno tendra una idea de porque ocurre esto? y como puedo solucionarlo?

  Hola Diego,
  Te comento si estan corriendo perfectamente mis servicios de la sicf por el puerto 8000 y los de java por el 50000 mi ms/http_port es el 8101 lo que pasa es que el web dispatcher solo me detecta el stack de java no me detecta el stack de abap por ende puedo acceder a cualquier servicio que corra en el puerto 50000 pero a los que corren en el puerto 8000 que son los de abap no le llego por el webdisp porque el mismo no me esta detectando el stack de abap.
  Pude observar que al introducir esta url http://ServidorDeSolman:8101/msgserver/text/logon obtengo este resultado:
  version 1.0
  J2EE4070400
  J2EE       ServidorDeSolman     50000     LB=1
  J2EES     ServidorDeSolman     50001     LB=1
  P4             ServidorDeSolman     50004     LB=1
  P4S             ServidorDeSolman     50006     LB=1
  P4HTTP     ServidorDeSolman     50005     LB=1
  JC_MIASRV00_LCS_00
  ServidorDeSolman     50018
  Como podemos observar solo arroja info del stack de java y los puertos java pero no arroja la info del stack de ABAP.
  Tambien por el webdisp realice esta prueba via linea de comandos en el cmd:
  C:\usr\sap\WEB\SYS\profile>sapwebdisp -checkconfig pf=WEB_W02_MIASRV00
  Checking SAP Web Dispatcher Configuration
  =========================================
  maximum number of sockets supported on this host: 8192
  Server info will be retrieved from host: ServidorDeSolman:8101 with protocol: http
  Checking connection to message server...OK
  Retrieving server info from message server...OK
  Message Server instance list
  ------++--
  +
  instance name
  hostname
  HTTP port
  HTTPS port
  ------++--
  +
  J2EE4070400 ServidorDeSolman
  50000
  50001
  ------++--
  +
  Checking ABAP servers with URL "/sap/public/icman/ping":
  No server group "!DIAG" defined
  Checking J2EE servers with URL "/index.html":
  Checking J2EE server http://ServidorDeSolman:50000...OK
  Web Dispatcher configuration for J2EE only system: No server group !DIAG defined
  On double stack systems, configure Web Dispatcher to access Message Server of SAP Web AS ABAP     
  Pareciera que debo agregar algun parametro en el webdisp que indique que el sistema es dual stack pero de verdad no tengo idea si sea ese el problema y cual seria el parametro.
  Alguna idea de que se puede hacer?
  Muchas gracias por la ayuda
  Saludos Cordiales

• SAP WEB DISPATCHER

  Hi friends. I need to know if I can install the SAP WEB DISPATHCER in one Intel server with Linux? This configuration I'll need to configure in the HA and the DISPATCHER will running in the DMZ. Somebody can help me? Thanks for your cooperation.

  Yes, please start with this note
  Note 538405 - Composite SAP Note on the SAP Web Dispatcher
  also
  <a href="http://help.sap.com/saphelp_nw70/helpdata/en/42/5cfd3b0e59774ee10000000a114084/frameset.htm">SAP Web Dispatcher</a>

• Two SAP Web Dispatcher

  Dear Sdn
  It is possible to connect two SAP Web Dispatcher togeter
  like this example:
  EP ->(over HTTP) -> Web Dispatcher -> (over HTTPS) ->Web Dispatcher->(over HTTP) -> EP
  in the installtion of web dispatcher it ask for http port of the message server and the web dispatcher is not message server so it dont work for me.
  Thanks for the help.
  Royi

  HI,
  I see in the NOTE 740234 that:
  Important: When you use end-to-end SSL, the Web dispatcher cannot access the URL, which means in this case that you cannot cascade Web dispatchers.
  So I understand I can't do that the two web dispature will comminicate in SSL.
  someone do this?
  Thanks
  Royi Denis

• SAP Web Dispatcher SSL Error

  We are having issues with our SSL connection to the SAP Web AS.  Below is the error in the log files:
  [Thr 472] =================================================
  [Thr 472] = SSL Initialization  on  PC with Windows NT
  [Thr 472] =   (700_REL,Jul 14 2008,mt,ascii,SAP_UC/size_t/void* = 8/32/32)
  [Thr 472]   profile param "ssl/ssl_lib" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
             resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
  [Thr 472]   profile param "ssl/server_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
             resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
  [Thr 472]   profile param "ssl/client_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
             resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
  [Thr 472] =   found SAPCRYPTOLIB  5.5.5C pl24  (Jun 11 2008) MT-safe
  [Thr 472] =   current UserID: NT AUTHORITY\SYSTEM
  [Thr 472] =   found SECUDIR environment variable
  [Thr 472] =   using SECUDIR=c:\program files\sap\sapwebdisp\
  [Thr 472] *** ERROR =>   secudessl_Create_SSL_CTX():  PSE "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse" not found! [ssslsecu.c   1354]
  [Thr 472] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
    secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
  [Thr 472] >> -
  Begin of Secude-SSL Errorstack -
  >>
  [Thr 472] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
  ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
  ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
  ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
  ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
  [Thr 472] << -
  End of Secude-SSL Errorstack -
  [Thr 472] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
          for "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<OurPSE>.pse" [ssslxxi.c    2278]
  [Thr 472] Tue Mar 31 13:30:06 2009
  [Thr 472] *** ERROR => Initialization of SSL library failed -- NO SSL available!
  [Thr 472] =================================================
  [Thr 472] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
  [Thr 472] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c   319]
  [Thr 3744] IcmCreateWorkerThreads: created worker thread 0
  [Thr 2952] *** ERROR => IcmConnClientRqCreate: No service for protocol HTTPS started [icxxconn.c   2701]
  [Thr 2952] *** ERROR => IcmConnClientRqCreate() failed (rc=-1) [icrxx.c      5234]
  [Thr 2952] *** ERROR => Could not connect to SAP Message Server at onebase. URL=/msgserver/text/logon?version=1.2 [icrxx.c      2591]
  [Thr 2952] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c      2592]
  [Thr 2952] *** ERROR => see also OSS note 552286 [icrxx.c      2593]
  [Thr 3744] IcmCreateWorkerThreads: created worker thread 1
  [Thr 3744] IcmCreateWorkerThreads: created worker thread 2
  [Thr 3744] IcmCreateWorkerThreads: created worker thread 3
  [Thr 3744] IcmCreateWorkerThreads: created worker thread 4
  [Thr 3292] IcmWatchDogThread: watchdog started
  I've already used sapgenpse seclogin -p <PSE File> -x <PIN> to create a pin.  I've also gone and deleted the old pin that used to be there and created a new one.
  Also I noticed it says "Beware: changing a PIN of a PSE will not auto-update the SSO-credential
  Beware: adding a new credential will not auto-update an existing credential"
  So once you change it how do you update it?  Do you need to reboot the Web Dispatcher or do you just need to restarted the service?

  I am also facing same issue.
  I have added credentials also and successfully done.
  Here attaching trace file. Please suggest
  trc file: "dev_webdisp", trc level: 1, release: "720"
  sysno 00
  sid WD1
  systemid 390 (AMD/Intel x86_64 with Linux)
  relno 7200
  patchlevel 0
  patchno 68
  intno 20020600
  make multithreaded, ASCII, 64 bit, optimized
  profile /usr/sap/WD1/profile/WD1_W00_sapportal
  pid 26732
  [Thr 139840314074976] Thu Oct 31 13:54:15 2013
  [Thr 139840314074976] *** WARNING => The maximum number of sockets supported on this host is 1020.
  This is less than the number of sockets configured in parameter icm/max_sockets (8192) [icxxrout_mt. 3417]
  [Thr 139840314074976] started security log to file ./dev_icm_sec
  [Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
  [Thr 139840314074976] SAP Web Dispatcher running on: sapportal.abrajoman.com
  [Thr 139840314074976] MtxInit: 30001 0 2
  [Thr 139840314074976] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&sapportal.abrajoman.com&26732&) [icxxrout_mt. 1914]
  [Thr 139840314074976] IcmInit: listening to admin port: 65000
  [Thr 139840314074976] MPI: dynamic quotas disabled.
  [Thr 139840314074976] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
  [Thr 139840314074976] CCMS: SemInMgt: Semaphore Management initialized by AlAttachShm_Ext.
  [Thr 139840314074976] CCMS: SemInit: Semaphore 38 initialized by AlAttachShm_Ext.
  [Thr 139840314074976] CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
  [Thr 139840314074976] IcrCoreInitSessionTable: Session table initialized
  [Thr 139840167098112] HttpExtractArchive: files from archive /usr/sap/WD1/SYS/exe/run/wdispadmin.SAR in directory /usr/sap/WD1/W00/data/icmandir are up to date
  [Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAdminHandler(0x7f2f0c000e70), slot=0, flags=36869) for /sap/admin, active: 1, table 0x7f2f0c000a10
  [Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpModHandler(0x7f2f0c0012e0), slot=1, flags=12293) for /, active: 1, table 0x7f2f0c000a10
  [Thr 139840167098112] CsiInit(): Initializing the Content Scan Interface
  [Thr 139840167098112] AMD/Intel x86_64 with Linux (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
  [Thr 139840167098112] CsiInit(): CSA_LIB = "/usr/sap/WD1/SYS/exe/run/libsapcsa.so"
  [Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAuthHandler(0x7f2f0c001440), slot=2, flags=12293) for /, active: 1, table 0x7f2f0c000a10
  [Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpWebDispHandler(0x7f2f0c008340), slot=3, flags=1060869) for /, active: 1, table 0x7f2f0c000a10
  [Thr 139840167098112] Started service PORT=8100,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
  [Thr 139840167098112] =================================================
  [Thr 139840167098112] = SSL Initialization platform tag=(linuxx86_64_gcc41)
  [Thr 139840167098112] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
  [Thr 139840167098112] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
  [Thr 139840167098112] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
  [Thr 139840167098112] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
  [Thr 139840167098112] = current UserID: "wd1adm", env-var USER="wd1adm"
  [Thr 139840167098112] = using SECUDIR=/usr/sap/WD1/W00/sec
  [Thr 139840167098112] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840167098112] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840167098112] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
  [Thr 139840167098112] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
  [Thr 139840167098112] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
  [Thr 139840167098112] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
  [Thr 139840167098112] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840167098112] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840167098112] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840167098112] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840167098112] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840167098112] << ---------- End of Secude-SSL Errorstack ----------
  [Thr 139840167098112] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
  for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
  [Thr 139840167098112] *** ERROR => Initialization of SSL library failed -- NO SSL available!
  [Thr 139840167098112] =================================================
  [Thr 139840167098112]
  [Thr 139840167098112] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
  [Thr 139840167098112] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
  [Thr 139840167098112] *** WARNING => Could not start service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 651]
  [Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 0
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 1
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 2
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 3
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 4
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 5
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 6
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 7
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 8
  [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 9
  [Thr 139840167098112] IcmWatchDogThread: watchdog started
  [Thr 139840148838144] Thu Oct 31 13:54:36 2013
  [Thr 139840148838144] =================================================
  [Thr 139840148838144] = SSL Initialization platform tag=(linuxx86_64_gcc41)
  [Thr 139840148838144] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
  [Thr 139840148838144] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
  [Thr 139840148838144] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
  [Thr 139840148838144] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
  [Thr 139840148838144] = current UserID: "wd1adm", env-var USER="wd1adm"
  [Thr 139840148838144] = using SECUDIR=/usr/sap/WD1/W00/sec
  [Thr 139840148838144] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840148838144] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840148838144] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
  [Thr 139840148838144] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
  [Thr 139840148838144] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
  [Thr 139840148838144] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
  [Thr 139840148838144] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840148838144] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840148838144] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840148838144] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840148838144] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840148838144] << ---------- End of Secude-SSL Errorstack ----------
  [Thr 139840148838144] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
  for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
  [Thr 139840148838144] *** ERROR => Initialization of SSL library failed -- NO SSL available!
  [Thr 139840148838144] =================================================
  [Thr 139840148838144]
  [Thr 139840148838144] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
  [Thr 139840148838144] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
  [Thr 139840148838144] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
  [Thr 139840148838144] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
  [Thr 139840151480064] Fri Nov 1 10:54:13 2013
  [Thr 139840151480064] =================================================
  [Thr 139840151480064] = SSL Initialization platform tag=(linuxx86_64_gcc41)
  [Thr 139840151480064] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
  [Thr 139840151480064] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
  [Thr 139840151480064] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
  [Thr 139840151480064] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
  [Thr 139840151480064] = current UserID: "wd1adm", env-var USER="wd1adm"
  [Thr 139840151480064] = using SECUDIR=/usr/sap/WD1/W00/sec
  [Thr 139840151480064] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840151480064] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840151480064] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
  [Thr 139840151480064] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
  [Thr 139840151480064] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
  [Thr 139840151480064] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
  [Thr 139840151480064] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840151480064] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840151480064] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840151480064] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840151480064] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
  [Thr 139840151480064] << ---------- End of Secude-SSL Errorstack ----------
  [Thr 139840151480064] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
  for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
  [Thr 139840151480064] *** ERROR => Initialization of SSL library failed -- NO SSL available!
  [Thr 139840151480064] =================================================
  [Thr 139840151480064]
  [Thr 139840151480064] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
  [Thr 139840151480064] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
  [Thr 139840151480064] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
  [Thr 139840151480064] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
  Trace File
     (11768bytes)
  Thanks,
  Kundan

• Kernel NW740 for SAP Web Dispatcher

  Hello,
  where and how can I find the correct kernel "NW740" for my SAP Web Dispatcher installation?
  I proceeded like this:
  Software Provisioning Manager -> SAPinst -> SAP Netweaver 7.4 -> MS SQL Server -> SAP Systems -> Standalone Engines -> Web Dispatcher.
  Now during step 2 "defining parameters" I need to provide a software package calles "Kernel NW740". My server is a MS server 2008 x64.

  Is it this one:
  SAPEXE_60-10011888.SAR
  Kernel Part I
  Found here: My Company's Application Components" Complimentary Software" SAP KERNEL 64-BIT" SAP KERNEL 7.40 64-BIT -> windows x64 -> db independent

• SAP Web Dispatcher in Front of EP6 SP2?

  For increased network security, is it possible to put a Web Dispatcher in front of an EP6 SP2 J2EE engine?
  The Web Dispatcher would be in the DMZ with the J2EE in the next layer of the DMZ.
  If so, is is also possible to have a Web Dispatcher then XI server?
  If the above are not possible, what is the best solution?
  Thanks.

  If you are referencing SAP Web Dispatcher, then yes, your scenarios are possible. Usually, the XI server would be located where the SAP Portal apps would be. You can read,
  http://help.sap.com/saphelp_nw04/helpdata/en/42/5cfd3b0e59774ee10000000a114084/frameset.htm
  If you are refering to just a web dispatcher (ISA, IIS), it typically resides infront of your Apps (i.e. Portal, XI).
  Regards,
  James