Load balance connections from Portals 6 SP12 to R3
Hi All,
Can you give me a clue/help on how i can load balance connections from Portals 6 SP12 to R3 47x200.
I have 5 servers, but the CI is getting hammered by portal as its not load balancing the workload across the other 4 app servers.
Regards
Karthikeyan
Hi,
You have an option while creating the backend system in the portal, You can create the system as System for load balancing. I am not sure that this can be changed once you create the system. You can delete the system and create the new system with the load balancing option.
Regards,
Vamshi.
Similar Messages
-
Web Dispatcher not doing the load balancing on the portal
Hi Experts
I am having a production issue where the SAP web dispatcher is not doing the load balancing on the portal.
We have ESS/MSS portal with 1 Message server and 2 Application servers. The Web dispatcher is installed on the message server itself. Here is my Web disp profile file
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 16
add default directory settings
DIR_EXECUTABLE = .
DIR_EXECUTABLE = F:\usr\sap\<SID>\sapwebdisp
DIR_INSTANCE = .
Accessibility of Message Servers
rdisp/mshost = <hostname>.com
ms/http_port = 8111
#Log and Trace
rdisp/TRACE = 2
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration as per SAP note 538405
icm/max_conn = 7000
icm/max_sockets = 14000
icm/req_queue_len = 6000
icm/min_threads = 100
icm/max_threads = 300
mpi/total_size_MB = 500
mpi/max_pipes = 14000
wdisp/HTTPS/max_pooled_con = 7000
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=8888
SSL
icm/server_port_1 = PROT=ROUTER,PORT=443, TIMEOUT=60
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
wdisp/enable_j2ee_groups = TRUE
wdisp/HTTPS/sticky_mask = 255.255.255.255
In my Web dispatcher Admin page, I see all the three application servers, however the requests are going to only 1 App server. We are using ENd to End SSL configuration for the web dispatcher.
We also have a reverse proxy in the landscape and reverse proxy is forwarding all the requests to the Web dispatcher. In Web disp Admin page>Dispatching Module>SSL End to END dispatching, I see only ONE table entry in the dispatching table and it is our Reverse Proxy.
As all the requests are coming from only one source (Reverse proxy), it seems to me that the sap web dispatcher is forwarding those to the same Application server every time.
Can anyone please advise ?
I also tried to configure logon group in NWA, the web dispatcher is detecting the logon group and all the app servers in the logon group. It still not doing the load balancing.
I would greatly appreciate any help.
Thanks
VinyVincent, can you please elaborate more ? Is the web dispatcher not able to recognize stateful and stateless application requests ?
I saw that the procedure for configuring SSL Termination on Web dispatcher is long and complicated and looks like SAP web dispatcher needs to have SSL certificate of its own. As we have no ABAP servers and only Java servers, I can not even create the PSEs using STRUST (as described in SAP help -http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/99c388d7c46bb9e10000000a42189d/frameset.htm
We already have SSL certificates for Java App servers.
I suppose there should be a way for web dispatcher to identify the incoming requests and forward to appropriate application servers.
Any help is much appreciated.
Thanks
Viny -
HTTPS connection from portal to external webserver
Hi,
I am looking for a way to open a HTTPS connection from portal server to an external webserver. According to <a href="http://help.sap.com/saphelp_nw04/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm">SAP</a> the code should look like
KeyStore keystoreCAs = ...
SecureConnectionFactory factory = new SecureConnectionFactory(keystoreCAs, null);
HttpURLConnection con = factory.createURLConnection("https://www.mycompany.com");
Does not look difficult, <b>but how do I create the keystore object</b>? The keystore object should somehow be connected to the portal server's keystore which manages the certificates of trusted Certificate Authorities.
Any ideas?
Regards,
MartinHi,
meanwhile I solved the problem by my own. The solution slightly simplified is given below.
javax.naming.InitialContext ctx = new javax.naming.InitialContext();
java.lang.Object o = ctx.lookup("keystore");
com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub manager = (com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub) o;
java.security.KeyStore keystoreCAs = manager.getKeystore("TrustedCAs");
com.sap.security.core.server.https.SecureConnectionFactory factory = new SecureConnectionFactory(keystoreCAs, null);
java.net.HttpURLConnection con = factory.createURLConnection("https://www.mycompany.com");
For connecting via a proxy the host name and port number of the proxy have to be set as System properties using "https.proxyHost" and "https.proxyPort".
java.util.Properties systemSettings = System.getProperties();
systemSettings.put("proxySet", "true");
systemSettings.put("https.proxyHost","192.168.0.1") ;
systemSettings.put("https.proxyPort", "80") ;
Additionally you have to make sure that the server's certificate is issued by a trusted Certification Authority (Must have an entry in your Keystore "TrustedCAs"). To verify this use the Visual Administrator and view service "Key Storage".
Regards,
Martin -
LOAD BALANCE (CSS) and Portal Port Number based on Instance Number
Hi,
My doubt is about LOAD BALANCE (CSS) and Portal Port Number based on Instance Number.
I have to install 3 servers machines and 2 servers databases cluster. There will be a HIGH AVAILABILITY environment. There will be a MIGRATION and UPGRADE.
Today there are 2 servers machines in Windows NLB. Today my production Portal is 6 6.20.
Once, I did something for LABORATORY TEST. Migration (6 6.40) and Upgrade (7.0)in two other machines. But they were with Windows NLB. When I did the installation, for each server machine and during the instalation I had to give one Instance Number for each and in result there was a different Port Number for each.
But I accessed both machines throught a virtual url(dns) with a specific port number. And it works!
NOW, with a HARDWARE LOAD BALANCE _ CSS I don't know how to do.
A guy who works with it tell us that couldn't redirect one Port Number for different port numbers. He couldn't configure the CSS like this.
My question is: Is he write? And if he is, there is a way to give the same instance number for my 3 new Portal servers machines? Example: 5(02)00.
Could you understand?
I need help.
Regards,
cheers,
NiviaNivia,
I have used F5 for load balancing, I am sure you can do the same with CSS. Yes, you can configure a virtual IP on the load balancer with standard ports (80 or 443) and load balancing the traffic to multiple servers with different ports. You can have different ports for each instance.
-Regards
RK -
Does 8i client support load balance connection on 10g RAC?
We will migrate our server to Oracle 10g with RAC and ASM.
On the other hand, our client machines are using Oracle 8i.
Does 8i support load balance connection on 10g RAC server?
Thanks.
Jimmy TangYour Client Machines are running the 8i client?
-
Error when connect from portal system (abap ) to external ssl client - sm59
Hi I am tryign to setup a ssl connection from the abap sm59 portal system to an exteral server.. I have setup the certs that the client has given me in strust.but i m gettign the ffg error.
sysno 60
sid PID
systemid 370 (Solaris on SPARCV9 CPU)
relno 7110
patchlevel 0
patchno 150
intno 20020600
make multithreaded, Unicode, 64 bit, optimized
profile /usr/sap/PID/SYS/profile/PID_DVEBMGS60_pidevdb
pid 3911
[Thr 01] Thu Jun 14 08:38:48 2012
[Thr 01] TRACE FILE TRUNCATED
[Thr 07] Thu Jun 14 08:39:07 2012
[Thr 07] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 07] session uses PSE file "/usr/sap/PID/DVEBMGS60/sec/SAPSSLA.pse"
[Thr 07] SecudeSSL_SessionStart: SSL_connect() failed
[Thr 07] secude_error 536871970 (0x20000422) = "SSL record with the wrong SSLPlaintext.version received"
[Thr 07] >> Begin of Secude-SSL Errorstack >>
[Thr 07] ERROR in ssl3_get_record: (536871970/0x20000422) SSL record with the wrong SSLPlaintext.version received
[Thr 07] << End of Secude-SSL Errorstack
[Thr 07] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"
[Thr 07] SSL NI-sock: local=57.24.111.151:34110 peer=57.24.110.116:5081
[Thr 07] <<- ERROR: SapSSLSessionStart(sssl_hdl=10720d530)==SSSLERR_SSL_CONNECT
[Thr 07] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00020a7c} [icxxconn_mt.c 1957]
When i change the sm59 connection not to use ssl. it give me a pop up screen . and asks me to enter user and password...
He then give me a private key file .. i.e a .pfx file but not sure how to load this in strust. I tried to convert in useign sapgenpse. but it fails with teh ffg error
12% sapgenpse import_p12 -p /usr/sap/PID/amos/amos_client.pse /usr/sap/PID/amos/amos_client_pk.pfx
import_p12: MISSING password for PKCS#12 file "/usr/sap/PID/amos/amos_client_pk.pfx"
Please enter PKCS#12 encryption password: *******
PKCS#12/PFX file contains 1 keypair:
1. FriendlyName = "amos.server.interface.webuser.web_int.cert"
X.509v3 (type=Both) RSA-2048 (signed with sha1WithRsaEncryption)
Subject="CN=AMOS WebService Interface Client, OU=IT&S MRO, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"
Issuer ="[email protected], CN=ca.flysaa.com, OU=Certificate Authority, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"
ERROR: Incomplete certification path -- NEED certificate of "[email protected], CN=ca.flysaa.com, OU=Certificate Authority, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"!
I have attached a doc of what it looks like.. appreciate any helpHi,
There is an error in the publishing of template
Template :"bbpsc02" is not publised in ITS.
Go to T.code: SE80
Publish all the templates again and check
Check with your SAP BASIS team for the help
Regards
Ganesh -
KB2830477 breaks RDS load balancer connections
All clients worked fine prior to KB2830477. Once that patch is installed the clients are unable to connect to our load balancer from outside our office; such as from home or on the road.
Removal of that patch allows them to connect once again.
The events on the RDS load balancer show clients connecting properly. The balancer sends the redirection info back to the client.
The events on the RDS server where the client was redirected show nothing.
It's as if the latest RDC patch breaks the ability for redirection. Or, perhaps, there's a special setting on our load balancer that needs to be updated due to this new patch?
... any helpful tips?
Thanks,
Jason MorrillJust some additional info regarding this problem.
These first few paragraphs represent the eventviewer entries for the failed connection coming from outside our network:
RD Connection Broker received connection request for user SOMEDOMAIN/someuser.
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.rdpfarm
Initial Application =
Call came from Redirector Server = my.fqdn.org
Redirector is configured as Farm member
RD Connection Broker has successfully determined the end point for this connection request.
Endpoint name = rdpfarm
Endpoint type = Farm
Resource plugin name = MS Terminal Services Plugin
RD Connection Broker successfully processed the connection request for user SOMEDOMAIN/someuser. Redirection info:
Target Name = RDSSERVER2
Target IP Address = INSIDE_IP, OUTSIDE_IP
Target Netbios = RDSSERVER2
Target FQDN = my.fqdn.org
Disconnected Session Found = 0x0
========================
And the entries below come from the eventviewer when connecting successfully from within our intranet.
========================
RD Connection Broker received connection request for user SOMEDOMAIN/someuser.
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.rdpfarm
Initial Application =
Call came from Redirector Server = my.fqdn.org
Redirector is configured as Farm member
RD Connection Broker has successfully determined the end point for this connection request.
Endpoint name = rdpfarm
Endpoint type = Farm
Resource plugin name = MS Terminal Services Plugin
RD Connection Broker successfully processed the connection request for user SOMEDOMAIN/someuser. Redirection info:
Target Name = RDSSERVER2
Target IP Address = INSIDE_IP, OUTSIDE_IP
Target Netbios = RDSSERVER2
Target FQDN = my.fqdn.org
Disconnected Session Found = 0x0
This connection request has resulted in a successful session logon (User successfully logged on to the end point). Remote Desktop Connection Broker will stop monitoring this connection request.
Session for user SOMEDOMAIN/someusersuccessfully added to RD Connection Broker's database.
Target Name = my.fqdn.org
Session ID = 2
Farm Name = rdpfarm
========================
It's almost as if something is failing and preventing a successful session logon. Like, perhaps, the updated RDC doesn't like how our internal and external IP addresses are being returned? -
Load Balancing - Problems during Portal Startup
We are using three Portal servers (EP 7.0) and load is distributed between these servers by a load balancer.
Load balancer does a basic check - Portal server is listening on TCP port.
If one of the servers is really down (eg. after a stopsap) the load balancer does not send any request to that server. That was the intention.
During startup of a server, it starts listening on the port and load balancer sends requests to it. As 20 minutes startup phase is not completed, users get a message 503- unavailable. This means we do not really have redundancy.
The load balancer can also check for URL, but expects to get a 200 ok response.
We tried that with page http://<server>:<port>/index.html. This was no improvement, as this page is also displayed in a very early phase of the startup.
If we use http://<server>:<port>/irj/portal load balancer gets authentication requests and no 200 ok and does not send any request to servers, even if they are up and running.
Question :
What URL can be used, which works like index.html (send 200 ok), but only after startup is complete ?Hi,
beside the suggestion from Michael, you could also place a HTML page inside the portal to check for. Like an HTML file in the KM that is acessible in an anonymous way.
This page should only return 200 if the portal is up and running. And if you want to take down or simulate an error, it should be easy to rename / move / delete the page to trigger an error code other than 200.
br,
Tobias -
Can we connect from Portal to MaxDB with the trial version of SAPNetWeaver?
Ive installed SAP NetWeaver Developer Workplace SR2 (trial version) with the following components:
SAP Web Application Server Java 7.00 (J2EE Engine)
MaxDB 7.6.00.34 database + Database Manager and SQL Studio
SAP Enterprise Portal
SAP Content Management and Collaboration
Adobe Document Services
BI SDK
Visual Composer
Composite Application Framework (CAF)
Now, I created new TEST database in MaxDB (user: DBADMIN, pass: abcd).
I want to connect from the Portal to the TEST Database, so I follow the steps described in the documents (How To Configured BI JDBC Connector, .)
- I log on Visual Administrator, create BI JDBC Connector, create new DataSource.
Now, I can get the Data from TEST Database.
- I log on Portal and create new BI JDBC System,
+ Driver: com.sap.dbtech.jdbc.DriverSapDB,
+ Connection URL: jdbc:sapdb://sapep/test
- Then, I create system alias, map user with the user in Test Database (User: DBADMIN. Pass: ABCD)
But when testing the connection, Ive an error:
<b>Connection failed. Make sure user mapping is set correctly and all connection properties are correct.</b>
When I test the connection by the link:
http://sapep:50000/TestJDBC_Web/TestJDBCPage.jsp
Ive an error:
<b>com.sap.ip.bi.sdk.exception.BIConnectionFailedException: Cannot open the connection
Exception id: [0008C72B8B0C00C60000006F0000114000042C18596CD779]</b>
Could you please show me how to resolved this problem ?
I dont know if it is caused by the trial version ?
Thank you very much.Hi Tweety,
I assume that you have create the driver with the required .jar files.
supose its name is MAX_DB
After that go to "Connector Container" in visual admin. To create a new connector,
select the connector SDK_JDBC and click the clone button to create a new BI JDBC connector and enter a name for the connector eg., SDK_MAXDB
Selct the recently created connector and choose the resource Adapter tab. click the add button to assiciate addtional resources the Connector
To add resource, enter the name as "library:MAX_DB".save the changes and restart the server.
Now in the portal there is a property "ConnectionFactory" set this to "SDK_MAXDB".
Now u have said that u have set the values for Driver and Url as
+ Driver: com.sap.dbtech.jdbc.DriverSapDB,
+ Connection URL: jdbc:sapdb://sapep/test
the value for driver is correct but the value for connection URL is wrong.
Connection URL: jdbc:sapdb://<Machine_name>:<Port>/<Databse_name>
Now i dont what is the port no for MaxDB. as for SQL its 1433, for oracle it is 1521, for netezza it is 5480. U can get it from ur system adm or from net.
As u have not mentioned the port thats u r facing the problem.
Regards
Paresh -
Problem Load Balancing connections for Grid Control Console on port 80!
I have two OMS and I'm balancing connections for Grid Control Console using a Software Load Balancer according with "Oracle Enterprise Manager Advanced Configuration". I have success where the load balancer is listening on port different to 80. When I configure Load Balancer to listen on port 80(architecture requirement) and distribute load between the two OMS(Port 7779), when login to Enterprise Manager Console the URL on the web browser changes to the port configured for HTTP server (port 7780) wich produces an "unable to connect" error message; and this behaviour also happends in some of the internal links of Grid Control Console too. Any ideas?
Thanks in advance!
Message was edited by:
user463224I got it working, changing the "Port" directive to 80 on httpd.conf on HTTP Server
-
How to enable Network load balancing for Enterprise portal
Hello,
We have installed EP 7.0 central instance(00) and dialog instance (01) and would like to enable network load balancing between these two EP servers.Have installed network balancer and the configuration has been done at network level.
The below URLs are being used for accessing the portal
Central instance :
http://CIhostname:50000/irj/portal
Dialog Instance:
http://DIhostname:50100/irj/portal
Both the port number has to be same for enabling load balancing.In order to acive this we have to map this port to http port by making some changes in Visual Administrator.
Can you please let me know step by step procedure or any link where i can find the same?
Appreciate your response
Thanks,
VadiDear Jay,
Thnaks for your reply.
No...NLB will helpful in load balancing between different 2 different application (Ep)servers.
We are using microsoft network load balancer.Found the service http provider in VA for making those changes.
Any way thanks.
Regards,
Vadi -
Load balancing connections in 3.7
Hi,
in our current setup we use read-write and read-only proxies. With 3.7 a client that is supposed to connect to a read-only proxy can be redirected to a read-write proxy (and a read-write to a read-only).
Is there a way to partition proxies for load balancing?
Haven't checked the API yet, maybe it is possible to do it by implementing a custom load balancer but I really want to avoid implementing a custom one as much as possible.
Thanks,
AlbertoHi NJ,
we need to access the same cache in a read-only or read-write way.
Anyway thanks you are right, the key point is using different proxy schemes, specifically different proxy services. I've just read the documentation more carefully and it says:
"... proxy – (default) This strategy attempts to distribute client connections equally across proxy service members..."
They should be partitioned by proxy service.
I'll test it tomorrow.
Thanks,
Alberto -
Connect from Portal to CRM only for super_admin_role
Hi all,
We've just imported the Business Package for CRM4.0.
Now I created a testuser and added the user to the role 'Account Manager'.
But when I click on the iView / Link Account Management -> Accounts, I get an error "Unable to lookup System 'SAP_CRM'. Please check the system object and the alias.."
But when I add the testuser to the role 'super_admin_role' the iView is displayed correctly.
What am I doing wrong?
Regards
RalphHi Ankur,
the usermapping is done with SSO to a BW system and there is only one CRM in the landscape.
When I'm doing the connection test in the system configuration from the portal to the CRM system, it tells me the SAP WAS Connection is correct and working (green).
The ITS, Connector and DQE Connection is NOT working (red).
We are working on NW04 Portal SP14.
On calling the iView Accounts I get a log in mask from the CRM System (only as super_admin). If I don't have the super_admin_role I get the error
Unable to lookup System 'SAP_CRM'. Please check the system object and the alias..
See the details for the exception ID in the log file
com.sap.portal.appintegrator.sap.BSP::BSP/SSOLayer
Regards
Ralph -
Load Balancing Connections to CasArray
We have a Exchange 2010 casarray configured with two CAS servers. The casarray is configured only using DNS.
I've noticed that connections to the casarray is 99 to 1 connecting to cas1 vs cas2.
How do I redirect and increase the connections to cas2?
Thanks
RonHi,
When we use DNS round robin for CAS array, each client will get a random Client Access server IP address, and if one of the servers goes down, we need to delete this record in the DNS entry manually. In most cases, we would like to lower the TTL values of
these DNS records to 5 minutes.
There is no way to decide which address will be used. Generally, it is recommended to use WNLB or HLB for CAS servers.
Best regards,
Belinda Ma
TechNet Community Support -
Connect from Portal to BW only for super_admin_role
Dear All,
I am working with Netweaver 2004S, My BSP iVews working only 'super_admin_role' .
for Testuser I am getting Portal Runtime error.
Portal Runtime Error.
An exception occurred while processing a request for:
iView:
pcd:portal_content/com.bp.Roles/com.ds
Component Name : com.sap.portal.appintegrator.sap.BSP
Exception in Application Integrator occured: Cannot retrive system object for this alias. System Alias 'SAP_111'
Thanks,
Regards,
VenkatHi Venkat,
Check this blog on creating the BSP system. You must follow all the steps mentioned here. Be sure, in the
User management details for the User Mapping Type you must select "admin,user ".
<a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3554">BSP iview</a>
Hope it helps.
Regards,
Saravanan
Maybe you are looking for
-
Estimating size of RMAN backsets before taking backup
I have a database version 10.2.0.4 of size 4571.1201 GB ========================================== SQL> select sum(bytes/1024/1024/1024) from dba_data_files; SUM(BYTES/1024/1024/1024) 4571.1201 ========================================== I need to est
-
Frozen iMac with Network problems
I have a 21.5 inch iMac purchased around Nov'12. Three days ago, suddenly no web page could be opened. I thought it to be a problem of my router but when I found out that I was able to use the Internet perfectly from my MacBook, I restarted my iMac b
-
Greetings All. I'm using a 64-bit windows 7 machine. This problem just crept up within the past 2 weeks. I've tried uninstalling and reinstalling flash to no avail. The problem is the same in both Firefox and IE9. Anyway, let's say I have multiple
-
BR0261E BRBACKUP cancelled by signal 15- Error in Archivelog backup to tape
Dear All, I am facing the backup issue for long time. i have tried with different solution. But still i couldnot clear. Please help me to clear the issue. System Details : OS : HP-UX DB : ORACLE 9.2.0.6.0 SAP : ECC6 , Kernel : 304 and DBTOOL : 52 (la
-
Get ident to work on Mac Snak IRC software in OS 10.6
I am trying to get ident to work on Mac Snak IRC software on Mac OS 10.6. I installed their optional ident software. But, the IRC server always reports no ident response. I tried enabling port 113 on the router, even tried turning the firewall off, b