Load balance connections from Portals 6 SP12 to R3

Similar Messages

• Web Dispatcher not doing the load balancing on the portal

  Hi Experts
  I am having a production issue where the SAP web dispatcher is not doing the load balancing on the portal.
  We have ESS/MSS portal with 1 Message server and 2 Application servers. The Web dispatcher is installed on the message server itself. Here is my Web disp profile file
  Profile generated by sapwebdisp bootstrap
  unique instance number
  SAPSYSTEM = 16
  add default directory settings
  DIR_EXECUTABLE = .
  DIR_EXECUTABLE = F:\usr\sap\<SID>\sapwebdisp
  DIR_INSTANCE = .
  Accessibility of Message Servers
  rdisp/mshost = <hostname>.com
  ms/http_port = 8111
  #Log and Trace
  rdisp/TRACE = 2
  SAP Web Dispatcher Parameter
  wdisp/auto_refresh = 120
  wdisp/max_servers = 100
  wdisp/shm_attach_mode = 6
  configuration as per SAP note 538405
  icm/max_conn      = 7000
  icm/max_sockets   = 14000
  icm/req_queue_len = 6000
  icm/min_threads   = 100
  icm/max_threads   = 300
  mpi/total_size_MB = 500
  mpi/max_pipes       = 14000
  wdisp/HTTPS/max_pooled_con = 7000
  SAP Web Dispatcher Ports
  icm/server_port_0 = PROT=HTTP,PORT=8888
  SSL
  icm/server_port_1 = PROT=ROUTER,PORT=443, TIMEOUT=60
  SAP Web Dispatcher Web Administration
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
  wdisp/enable_j2ee_groups = TRUE
  wdisp/HTTPS/sticky_mask = 255.255.255.255
  In my Web dispatcher Admin page, I see all the three application servers, however the requests are going to only 1 App server. We are using ENd to End SSL configuration for the web dispatcher.
  We also have a reverse proxy in the landscape and reverse proxy is forwarding all the requests to the Web dispatcher. In Web disp Admin page>Dispatching Module>SSL End to END dispatching, I see only ONE table entry in the dispatching table and it is our Reverse Proxy.
  As all the requests are coming from only one source (Reverse proxy), it seems to me that the sap web dispatcher  is forwarding those to the same Application server every time.
  Can anyone please advise ?
  I also tried to configure logon group in NWA, the web dispatcher is detecting the logon group and all the app servers in the logon group. It still not doing the load balancing.
  I would greatly appreciate any help.
  Thanks
  Viny

  Vincent, can you please elaborate more ?  Is the web dispatcher not able to recognize stateful and stateless application requests ?
  I saw that the procedure for configuring SSL Termination on Web dispatcher is long and complicated and looks like SAP web dispatcher needs to have SSL certificate of its own. As we have no ABAP servers and only Java servers, I can not even create the PSEs using STRUST (as described in SAP help -http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/99c388d7c46bb9e10000000a42189d/frameset.htm
  We already have SSL certificates for Java App servers.
  I suppose there should be a way for web dispatcher to identify the incoming requests and forward to appropriate application servers.
  Any help is much appreciated.
  Thanks
  Viny

• HTTPS connection from portal to external webserver

  Hi,
  I am looking for a way to open a HTTPS connection from portal server to an external webserver. According to <a href="http://help.sap.com/saphelp_nw04/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm">SAP</a> the code should look like
  KeyStore keystoreCAs = ...
  SecureConnectionFactory factory = new SecureConnectionFactory(keystoreCAs, null);
  HttpURLConnection con = factory.createURLConnection("https://www.mycompany.com");
  Does not look difficult, <b>but how do I create the keystore object</b>? The keystore object should somehow be connected to the portal server's keystore which manages the certificates of trusted Certificate Authorities.
  Any ideas?
  Regards,
  Martin

  Hi,
  meanwhile I solved the problem by my own. The solution slightly simplified is given below.
  javax.naming.InitialContext ctx = new javax.naming.InitialContext();
  java.lang.Object o = ctx.lookup("keystore");          
  com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub manager = (com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub) o;
  java.security.KeyStore keystoreCAs = manager.getKeystore("TrustedCAs");     
  com.sap.security.core.server.https.SecureConnectionFactory factory = new SecureConnectionFactory(keystoreCAs, null);
  java.net.HttpURLConnection con = factory.createURLConnection("https://www.mycompany.com");
  For connecting via a proxy the host name and port number of the proxy have to be set as System properties using "https.proxyHost" and "https.proxyPort".
  java.util.Properties systemSettings = System.getProperties();
            systemSettings.put("proxySet", "true");
            systemSettings.put("https.proxyHost","192.168.0.1") ;
            systemSettings.put("https.proxyPort", "80") ;
  Additionally you have to make sure that the server's certificate is issued by a trusted Certification Authority (Must have an entry in your Keystore "TrustedCAs"). To verify this use the Visual Administrator and view service "Key Storage".
  Regards,
  Martin

• LOAD BALANCE (CSS) and Portal Port Number based on Instance Number

  Hi,
  My doubt is about LOAD BALANCE (CSS) and Portal Port Number based on Instance Number.
  I have to install 3 servers machines and 2 servers databases cluster. There will be a HIGH AVAILABILITY environment. There will be a MIGRATION and UPGRADE.
  Today there are 2 servers machines in Windows NLB. Today my production Portal is 6 6.20.
  Once, I did something for LABORATORY TEST. Migration (6 6.40) and Upgrade (7.0)in two other machines. But they were with Windows NLB. When I did the installation, for each server machine and during the instalation I had to give one Instance Number for each and in result there was a different Port Number for each.
  But I accessed both machines throught a virtual url(dns) with a specific port number. And it works!
  NOW, with a HARDWARE LOAD BALANCE _ CSS I don't know how to do.
  A guy who works with it  tell us that couldn't redirect one Port Number for different port numbers. He couldn't configure the CSS like this.
  My question is: Is he write? And if he is, there is a  way to give the same instance number for my 3 new Portal servers machines? Example: 5(02)00.
  Could you understand?
  I need help.
  Regards,
  cheers,
  Nivia

  Nivia,
  I have used F5 for load balancing, I am sure you can do the same with CSS. Yes, you can configure a virtual IP on the load balancer with standard ports (80 or 443) and load balancing the traffic to multiple servers with different ports. You can have different ports for each instance.
  -Regards
  RK

• Does 8i client support load balance connection on 10g RAC?

  We will migrate our server to Oracle 10g with RAC and ASM.
  On the other hand, our client machines are using Oracle 8i.
  Does 8i support load balance connection on 10g RAC server?
  Thanks.
  Jimmy Tang

  Your Client Machines are running the 8i client?

• Error when connect from portal system (abap ) to external ssl client - sm59

  Hi I am tryign to setup a ssl connection from the abap sm59 portal system to an exteral server.. I have setup the certs that the client has given me in strust.but i m gettign the ffg error.
  sysno      60
  sid        PID
  systemid   370 (Solaris on SPARCV9 CPU)
  relno      7110
  patchlevel 0
  patchno    150
  intno      20020600
  make       multithreaded, Unicode, 64 bit, optimized
  profile    /usr/sap/PID/SYS/profile/PID_DVEBMGS60_pidevdb
  pid        3911
  [Thr 01] Thu Jun 14 08:38:48 2012
  [Thr 01] TRACE FILE TRUNCATED
  [Thr 07] Thu Jun 14 08:39:07 2012
  [Thr 07] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
  [Thr 07]    session uses PSE file "/usr/sap/PID/DVEBMGS60/sec/SAPSSLA.pse"
  [Thr 07] SecudeSSL_SessionStart: SSL_connect() failed
  [Thr 07]   secude_error 536871970 (0x20000422) = "SSL record with the wrong SSLPlaintext.version received"
  [Thr 07] >>            Begin of Secude-SSL Errorstack            >>
  [Thr 07] ERROR in ssl3_get_record: (536871970/0x20000422) SSL record with the wrong SSLPlaintext.version received
  [Thr 07] <<            End of Secude-SSL Errorstack
  [Thr 07]   SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"
  [Thr 07]   SSL NI-sock: local=57.24.111.151:34110  peer=57.24.110.116:5081
  [Thr 07] <<- ERROR: SapSSLSessionStart(sssl_hdl=10720d530)==SSSLERR_SSL_CONNECT
  [Thr 07] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00020a7c} [icxxconn_mt.c 1957]
  When i change the sm59 connection not to use ssl. it give me a pop up screen . and asks me to enter user and password...
  He then  give me a private key file .. i.e a .pfx file but not sure how to load this in strust. I tried to convert in useign sapgenpse. but it fails with teh ffg error
  12% sapgenpse import_p12  -p /usr/sap/PID/amos/amos_client.pse /usr/sap/PID/amos/amos_client_pk.pfx
  import_p12: MISSING password for PKCS#12 file "/usr/sap/PID/amos/amos_client_pk.pfx"
  Please enter PKCS#12 encryption  password: *******
  PKCS#12/PFX file contains 1 keypair:
    1. FriendlyName = "amos.server.interface.webuser.web_int.cert"
       X.509v3 (type=Both) RSA-2048 (signed with sha1WithRsaEncryption)
       Subject="CN=AMOS WebService Interface Client, OU=IT&S MRO, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"
       Issuer ="[email protected], CN=ca.flysaa.com, OU=Certificate Authority, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"
  ERROR: Incomplete certification path -- NEED certificate of "[email protected], CN=ca.flysaa.com, OU=Certificate Authority, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"!
  I have attached a doc of what it looks like.. appreciate any help

  Hi,
  There is an error in the publishing of template
  Template :"bbpsc02" is not publised in ITS.
  Go to T.code: SE80
  Publish all the templates again and check
  Check with your SAP  BASIS team for the help
  Regards
  Ganesh

• KB2830477 breaks RDS load balancer connections

  All clients worked fine prior to KB2830477. Once that patch is installed the clients are unable to connect to our load balancer from outside our office; such as from home or on the road.
  Removal of that patch allows them to connect once again.
  The events on the RDS load balancer show clients connecting properly. The balancer sends the redirection info back to the client.
  The events on the RDS server where the client was redirected show nothing.
  It's as if the latest RDC patch breaks the ability for redirection. Or, perhaps, there's a special setting on our load balancer that needs to be updated due to this new patch?
  ... any helpful tips?
  Thanks,
  Jason Morrill

  Just some additional info regarding this problem.
  These first few paragraphs represent the eventviewer entries for the failed connection coming from outside our network:
  RD Connection Broker received connection request for user SOMEDOMAIN/someuser.
  Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.rdpfarm
  Initial Application = 
  Call came from Redirector Server = my.fqdn.org
  Redirector is configured as Farm member
  RD Connection Broker has successfully determined the end point for this connection request.
  Endpoint name = rdpfarm
  Endpoint type = Farm
  Resource plugin name = MS Terminal Services Plugin
  RD Connection Broker successfully processed the connection request for user SOMEDOMAIN/someuser. Redirection info:
  Target Name = RDSSERVER2
  Target IP Address = INSIDE_IP, OUTSIDE_IP
  Target Netbios = RDSSERVER2
  Target FQDN = my.fqdn.org
  Disconnected Session Found = 0x0
  ========================
  And the entries below come from the eventviewer when connecting successfully from within our intranet.
  ========================
  RD Connection Broker received connection request for user SOMEDOMAIN/someuser.
  Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.rdpfarm
  Initial Application = 
  Call came from Redirector Server = my.fqdn.org
  Redirector is configured as Farm member
  RD Connection Broker has successfully determined the end point for this connection request.
  Endpoint name = rdpfarm
  Endpoint type = Farm
  Resource plugin name = MS Terminal Services Plugin
  RD Connection Broker successfully processed the connection request for user SOMEDOMAIN/someuser. Redirection info:
  Target Name = RDSSERVER2
  Target IP Address = INSIDE_IP, OUTSIDE_IP
  Target Netbios = RDSSERVER2
  Target FQDN = my.fqdn.org
  Disconnected Session Found = 0x0
  This connection request has resulted in a successful session logon (User successfully logged on to the end point). Remote Desktop Connection Broker will stop monitoring this connection request.
  Session for user SOMEDOMAIN/someusersuccessfully added to RD Connection Broker's database.
  Target Name = my.fqdn.org
  Session ID = 2
  Farm Name = rdpfarm
  ========================
  It's almost as if something is failing and preventing a successful session logon. Like, perhaps, the updated RDC doesn't like how our internal and external IP addresses are being returned?

• Load Balancing - Problems during Portal Startup

  We are using three Portal servers (EP 7.0) and load is distributed between these servers by a load balancer.
  Load balancer does a basic check - Portal server is listening on TCP port.
  If one of the servers is really down (eg. after a stopsap) the load balancer does not send any request to that server. That was the intention.
  During startup of a server, it starts listening on the port and load balancer sends requests to it. As 20 minutes startup phase is not completed, users get a message 503- unavailable. This means we do not really have redundancy.
  The load balancer can also check for URL, but expects to get a 200 ok response.
  We tried that with page http://<server>:<port>/index.html. This was no improvement, as this page is also displayed in a very early phase of the startup.
  If we use http://<server>:<port>/irj/portal load balancer gets authentication requests and no 200 ok and does not send any request to servers, even if they are up and running.
  Question :
  What URL can be used, which works like index.html (send 200 ok), but only after startup is complete ?

  Hi,
  beside the suggestion from Michael, you could also place a HTML page inside the portal to check for. Like an HTML file in the KM that is acessible in an anonymous way.
  This page should only return 200 if the portal is up and running. And if you want to take down or simulate an error, it should be easy to rename / move / delete the page to trigger an error code other than 200.
  br,
  Tobias

• Can we connect from Portal to MaxDB with the trial version of SAPNetWeaver?

  I’ve installed SAP NetWeaver Developer Workplace SR2 (trial version) with the following components:
  •     SAP Web Application Server Java 7.00 (J2EE Engine)
  •     MaxDB 7.6.00.34 database + Database Manager and SQL Studio
  •     SAP Enterprise Portal
  •     SAP Content Management and Collaboration
  •     Adobe Document Services
  •     BI SDK
  •     Visual Composer
  •     Composite Application Framework (CAF)
  Now, I created new TEST database in MaxDB (user: DBADMIN, pass: abcd).
  I want to connect from the Portal to the TEST Database, so I follow the steps described in the documents (How To Configured BI JDBC Connector, ….)
  - I log on Visual Administrator, create BI JDBC Connector, create new DataSource.
  Now, I can get the Data from TEST Database.
  - I log on Portal and create new BI JDBC System,
  + Driver: com.sap.dbtech.jdbc.DriverSapDB,
  + Connection URL: jdbc:sapdb://sapep/test
  - Then, I create system alias, map user with the user in Test Database (User: DBADMIN. Pass: ABCD)
  But when testing the connection, I’ve an error:
  <b>Connection failed. Make sure user mapping is set correctly and all connection properties are correct.</b>
  When I test the connection by the link:
  http://sapep:50000/TestJDBC_Web/TestJDBCPage.jsp
  I’ve an error:
  <b>com.sap.ip.bi.sdk.exception.BIConnectionFailedException: Cannot open the connection
  Exception id: [0008C72B8B0C00C60000006F0000114000042C18596CD779]</b>
  Could you please show me how to resolved this problem ?
  I don’t know if it is caused by the trial version ?
  Thank you very much.

  Hi Tweety,
  I assume that you have create the driver with the required .jar files.
  supose its name is MAX_DB
  After that go to "Connector Container" in visual admin. To create a new connector,
  select the connector SDK_JDBC and click the clone button to create a new BI JDBC connector and enter a name for the connector eg., SDK_MAXDB
  Selct the recently created connector and choose the resource Adapter tab. click the add button to assiciate addtional resources the Connector
  To add resource, enter the name as "library:MAX_DB".save the changes and restart the server.
  Now in the portal there is a property "ConnectionFactory" set this to "SDK_MAXDB".
  Now u have said that u have set the values for Driver and Url as
  + Driver: com.sap.dbtech.jdbc.DriverSapDB,
  + Connection URL: jdbc:sapdb://sapep/test
  the value for driver is correct but the value for connection URL is wrong.
  Connection URL:  jdbc:sapdb://<Machine_name>:<Port>/<Databse_name>
  Now i dont what is the port no for MaxDB. as for SQL its 1433, for oracle it is 1521, for netezza it is 5480. U can get it from ur system adm or from net.
  As u have not mentioned the port thats u r facing the problem.
  Regards
  Paresh

• Problem Load Balancing connections for Grid Control Console on port 80!

  I have two OMS and I'm balancing connections for Grid Control Console using a Software Load Balancer according with "Oracle Enterprise Manager Advanced Configuration". I have success where the load balancer is listening on port different to 80. When I configure Load Balancer to listen on port 80(architecture requirement) and distribute load between the two OMS(Port 7779), when login to Enterprise Manager Console the URL on the web browser changes to the port configured for HTTP server (port 7780) wich produces an "unable to connect" error message; and this behaviour also happends in some of the internal links of Grid Control Console too. Any ideas?
  Thanks in advance!
  Message was edited by:
  user463224

  I got it working, changing the "Port" directive to 80 on httpd.conf on HTTP Server

• How to enable Network load balancing for Enterprise portal

  Hello,
  We have installed EP 7.0 central instance(00) and dialog instance (01) and would like to enable network load balancing between these two EP servers.Have installed network balancer and the configuration has been done at network level.
  The below URLs are being used for accessing the portal
  Central instance :
  http://CIhostname:50000/irj/portal
  Dialog Instance:
  http://DIhostname:50100/irj/portal
  Both the port number has to be same for enabling load balancing.In order to acive this we have to map this port to http port by making some changes in Visual Administrator.
  Can you please let me know step by step  procedure or any link where i can find the same?
  Appreciate your response
  Thanks,
  Vadi

  Dear Jay,
  Thnaks for your reply.
  No...NLB will helpful in load balancing between different 2 different  application (Ep)servers.
  We are using microsoft network load balancer.Found the service http provider in VA for making those changes.
  Any way thanks.
  Regards,
  Vadi

• Load balancing connections in 3.7

  Hi,
  in our current setup we use read-write and read-only proxies. With 3.7 a client that is supposed to connect to a read-only proxy can be redirected to a read-write proxy (and a read-write to a read-only).
  Is there a way to partition proxies for load balancing?
  Haven't checked the API yet, maybe it is possible to do it by implementing a custom load balancer but I really want to avoid implementing a custom one as much as possible.
  Thanks,
  Alberto

  Hi NJ,
  we need to access the same cache in a read-only or read-write way.
  Anyway thanks you are right, the key point is using different proxy schemes, specifically different proxy services. I've just read the documentation more carefully and it says:
  "... proxy – (default) This strategy attempts to distribute client connections equally across proxy service members..."
  They should be partitioned by proxy service.
  I'll test it tomorrow.
  Thanks,
  Alberto

• Connect from Portal to CRM only for super_admin_role

  Hi all,
  We've just imported the Business Package for CRM4.0.
  Now I created a testuser and added the user to the role 'Account Manager'.
  But when I click on the iView / Link Account Management -> Accounts, I get an error "Unable to lookup System 'SAP_CRM'. Please check the system object and the alias.."
  But when I add the testuser to the role 'super_admin_role' the iView is displayed correctly.
  What am I doing wrong?
  Regards
  Ralph

  Hi Ankur,
  the usermapping is done with SSO to a BW system and there is only one CRM in the landscape.
  When I'm doing the connection test in the system configuration from the portal to the CRM  system, it tells me the SAP WAS Connection is correct and working (green).
  The ITS, Connector and DQE Connection is NOT working (red).
  We are working on NW04 Portal SP14.
  On calling the iView Accounts I get a log in mask from the CRM System (only as super_admin). If I don't have the super_admin_role I get the error
  Unable to lookup System 'SAP_CRM'. Please check the system object and the alias..
  See the details for the exception ID in the log file
  com.sap.portal.appintegrator.sap.BSP::BSP/SSOLayer
  Regards
  Ralph

• Load Balancing Connections to CasArray

  We have a Exchange 2010 casarray configured with two CAS servers. The casarray is configured only using DNS.
  I've noticed that connections to the casarray is 99 to 1 connecting to cas1 vs cas2.
  How do I redirect and increase the connections to cas2?
  Thanks
  Ron

  Hi,
  When we use DNS round robin for CAS array, each client will get a random Client Access server IP address, and if one of the servers goes down, we need to delete this record in the DNS entry manually. In most cases, we would like to lower the TTL values of
  these DNS records to 5 minutes.
  There is no way to decide which address will be used. Generally, it is recommended to use WNLB or HLB for CAS servers.
  Best regards,
  Belinda Ma
  TechNet Community Support

• Connect from Portal to BW only for super_admin_role

  Dear All,
  I am working with Netweaver 2004S, My BSP iVews working only 'super_admin_role' .
  for Testuser I am getting Portal Runtime error.
  Portal Runtime Error.
  An exception occurred while processing a request for:
  iView:
  pcd:portal_content/com.bp.Roles/com.ds
  Component Name : com.sap.portal.appintegrator.sap.BSP
  Exception in Application Integrator occured: Cannot retrive system object for this alias. System Alias 'SAP_111'
  Thanks,
  Regards,
  Venkat

  Hi Venkat,
    Check this blog on creating the BSP system. You must follow all the steps mentioned here. Be sure, in the
  User management details  for the User Mapping Type you must select "admin,user ".
  <a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3554">BSP iview</a>
  Hope it helps.
  Regards,
  Saravanan