SAP Router and SNC

Similar Messages

• Is this possible: SNC connection from SAP GUI to SAP Router, and ...

  Hi,
  I have (stupid perhaps) question.
  Is this scenario possible:
  SNC connection from SAP GUI to SAP Router, and non-SNC connection from SAP Router to SAP System.
  I know how to set up scenario like this:
  SAP System --- (non-SNC conn) --- saprouter1 --- (SNC conn) --- saprouter2 --- (non-SNC conn) --- SAP GUI.
  Best regards,
  Marek Majchrowski

  Wolfgang,
  To be sure myself and Marek understand, can you confirm the different scenarios supported:
  Scenario 1:
  SAP GUI --- (non SNC conn) --- saprouter1 --- (SNC conn) --- saprouter2 --- (non-SNC conn) --- SAP System
  With this scenario, it would be possible for a user to logon using SAP GUI onto the SAP System, but without SAP GUI SNC.
  Scenario 2:
  SAP GUI --- (SNC conn) --- saprouter1 --- (non SNC conn) --- saprouter2 --- (SNC conn) --- SAP System
  With this scenario it would be possible to logon to the SAP System using SAP GUI, and using SNC authentication.
  Also, with this scenario the SAP GUI software and SAP System software would consider this to be similar to:
  SAP GUI -- (SNC conn) -- SAP System
  Scenario 3:
  This is the scenario mentioned by Marek in his initial question:
  SAP GUI -- (SNC conn) -- saprouter1 -- (non SNC conn) -- SAP System
  With this scenario it will not be possible to logon to SAP System using SNC, and only possible if the SAP GUI is configured to not use SNC. In other words the SNC connection between SAP GUI and saprouter1 is available, but cannot be used.
  Thanks,
  Tim
  Edited by: Tim Alsop on Feb 25, 2008 5:24 PM

• Setting up SAP Router for SNC ... error...

  Hi,
  My SAP Router is installed on a server that is Linux based. (IP address is 10.11.0.24)
  I'm not sure if is saprouttab or saprouter itself having issue.
  I started the saprouter via this command: saprouter -r -G routerlog -W 60000 -S 3299 -K "p:CN=XXXXXXXX, OU=ZZZZZZZZZZ, OU=SAProuter, O=SAP, C=DE"
  saprouttab
  # SNC connection to and from SAP
  KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *
  KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
  # SNC connection to local system for R/3-Support for support
  KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
  KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3201
  KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.23 3200
  # Access from local network to SAPNet (OSS)
  P 10.11.0.* 169.145.197.110 3299
  P * 10.11.0.* * *
  # deny all other connections
  D * * *
  Troubleshooting steps taken:
  Running niping -s on SAP Router Server & niping.exe -c -H 10.11.0.24 is successful, self-test is okay but... when running both niping -s & saprouter -r on SAP Router Server is giving me the following error:
  C:\test>niping.exe -c -S 3299 -H 10.11.0.24
  Wed Feb 05 14:51:29 2014
  connect to server o.k.
  Wed Feb 05 14:51:30 2014
  *** ERROR => NiBufIProcMsg: hdl 1 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp    2146]
  *** ERROR => NiTClientLoop: NiTReadLoop (rc=-93) [nixxtst.cpp  2590]
  *  LOCATION    SAProuter 40.4 on 'XXXXXXXX'
  *  ERROR       internal error
  *  TIME        Wed Feb  5 14:51:29 2014
  *  RELEASE     720
  *  COMPONENT   NI (network interface)
  *  VERSION     40
  *  RC          -93
  *  MODULE      nirout.cpp
  *  LINE        2698
  *  DETAIL      NiRClientHandle: route expected
  *  COUNTER     2
  C:\Users\tohcy\Desktop\test>niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.24
  Wed Feb 05 15:01:00 2014
  *** ERROR => NiBufIProcMsg: hdl 1 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2146]
  *** ERROR => NiBufIConnect: route connect for non-buffered hdl 1 failed (rc=-94;/H/10.11.0.24/H/10.11.0.24); pong not received [nibuf.cpp    4801]
  *** ERROR => NiTClientLoop: NiHandle (rc=-94) [nixxtst.cpp  2590]
  *  LOCATION    SAProuter 40.4 on 'XXXXXXXX'
  *  ERROR       XXXXXXXX: route permission denied (YYY to 10.11.0.24, 3299)
  *  TIME        Wed Feb  5 15:00:59 2014
  *  RELEASE     720
  *  COMPONENT   NI (network interface)
  *  VERSION     40
  *  RC          -94
  *  COUNTER     7

  Hi Deepak,
  I've changed to the P * * *
  I run the command: niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.23
  Can I check if this command is correct?
  Router is 10.11.0.24 trying to reach sap server 10.11.0.23.
  Error:
  Thu Feb 06 09:20:17 2014
  *** ERROR => NiBufIProcMsg: hdl 1 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp    2146]
  NiBufIConnect: route connect of non-buffered hdl 1 to '/H/10.11.0.24/H/10.11.0.23' timeout
  *** ERROR => NiTClientLoop: NiHandle (rc=-5) [nixxtst.cpp  2590]
  *  ERROR       timeout occured
  *  TIME        Thu Feb 06 09:20:17 2014
  *  RELEASE     720
  *  COMPONENT   NI (network interface)
  *  VERSION     40
  *  RC          -5
  *  MODULE      nibuf.cpp
  *  LINE        4795
  *  DETAIL      NiBufIConnect: route connect '/H/10.11.0.24/H/10.11.0.23'
  *              timeout
  *  COUNTER     1
  routerlog:
  Thu Feb  6 09:27:21 2014 CONNECT FROM C19/- host 10.11.0.181/50107
  Thu Feb  6 09:27:21 2014 CONNECT TO   S19/12 host 10.11.0.23/3299
  Thu Feb  6 09:28:21 2014 CONNECT ERR  S19/12 could not establish connection within 60s
  Thu Feb  6 09:28:21 2014 DISCONNECT   S19/12 host 10.11.0.23/3299
  10.11.0.181 is my computer current IP address.
  Any other clues/hint?

• SAPRouter and SNC

  Does anybody know how to create encrypted connection (SNC) between two saprouters , and how could certificates be generated ? The possibility to do that between SAP and Clients exist and good documented. However I cannot find documentation how to make that between 2 Clients (for instance access per internet from one site to another).
  thanks in advance
  Boris D.

  Hi Boris,
  Install saprouter and cryptographic library in one directory.
  Then generate the self signed certifcate on one saprouter and import it into other sap router and vice versa.
  start the saprouter with SNC mode.
  We have tested and implemented on our site , its working perfectly fine.
  Regards,
  Atul

• SAP router is shutting down automatically

  Hi All,
  I have configured SAP router and started SAP router service using command in command prompt and left command window unclosed. It is working for some time and after regular intervals automatically it is shutting down. So, I need to check and start manually. There is no SAP router service in services list. I guess this might be the problem.
  Can anyone please tell me the solution?
  Note: I have done all this in Solution Manager System.
  OS : Windows 2008
  DB: SQL Server
  Thanks in Advance
  Uday.

  Hi Varun,
  Thanks for helpful answer.
  Only SAP router is stopping not the window.
  I have tried installing SAProuter as NT service.
  After creating service should I need to reboot the system?
  Hi Sravanthi,
  Thanks for helpful answer.
  I have started SAProuter with 'saprouter -r &' command. Let me see the result.
  And also I installed a service as NT service( According to note 525751).
  Service was created successfully but when I select saprouter service and start(services.msc) it is getting terminated with the following error:
  Error 1067: The process terminated unexpectedly.
  Hi Siva,
  Thanks for your response.
  I have started SAProuter service using 'saprouter -r &' command, let me see this how long it works.
  Then I will start the service as you suggested.
  Thanks & regarda
  Uday

• Prerequisites for SNC SAP router

  I want to configure SAP router in my system (intranet) which is not having any pubic ip. What are the Prerequisites for configuring SNC SAP router.

  HI
  There are many pre requisite for sap snc router
  1) one system with Winwods
  2) one Public IP I.e compulsary
  after public IP U have to fill DATA Sheet and sent TO sap
  With ur system name And Public ip
  after that u have to download
  sacar file for installed SAP router ( letest version )
  And
  Ond OSS User ID And Password
  for cripto file just to below link
  https://websmp210.sap-ag.de/~form/handler?_APP=00200682500000000917&_EVENT=DISPLAY
  download letedst  version according ur opration system
  and make directory
  e.g -. drive://usr/sap/saprouter
  uncar ur letes version here and sart to sap router installtion 
  best of luck

• How to install and configure SAP Router

  Dear SAP Expert !
  I want to install SAP Router but i dont know the SAP router package is allocated on DVD ? what is the DVD number ?
  If you already configure SAP router please let me know how to configure ?

  Hello Thao
  what is th exact issue that are u facing.
  The account must be the administartor of the machine where u are installing SAPROUTER.Make sure you are following the correct steps as follows:
  Downloading necessary software components from SAP Service Marketplace
  1. Login to the SAP Service Marketplace with the Service Marketplace at using
  the USERID/PASSWORD which was assigned for your installation.
  2. Change the alias to www.service.sap.com/tcs to downloaded the SAP
  cryptographic software. Select the correct SAPcrptographic software
  depending on your saprouter operating system as shown below.
  3. You must have the sapcar.exe in order to extract the SAP cryptographic
  software file.
  4. With the command of u201Csapcar -xvf xxxxxxx.saru201D, /ntintel directory would be
  created and the following files would be extracted.
  (Example C:/saprouter/ntintel)
  ( when the Microsoft Windows NT Intel version is downloaded)
  C:/saprouter/ntintel/sapcrypto.dll
  C:/saprouter/ntintel/sapgenpse.exe
  C:/saprouter/ticket
  Issue of Electronic Certificate
  5. It is necessary to define the environment variable for u201CSECUDIRu201D and
  u201CSNC_LIBu201D under system account.
  Window NT environment variable setup :
  Right-clicked the icon of you computer
  Property -> details -> environment variable
  SECUDIR = < Directory name >
  Example. Variable name : SECUDIR
  Variable value
  : C:/saprouter/SNC_LIB = < Directory name >
  Example. Variable name : SNC_LIB
  Variable value : C:/saprouter/ntintel/sapcrypto.dll
  UNIX
  <path_to_libsecude>/<name_of_sapcrypto_library>
  Windows
  NT,
  <drive>:/<path_to_libsecude>/<name_of_sapcrypto_library>
  Windows
  2000
  6. Check if the environment of the user running saprouter contains the
  environment variable SNC_LIB.
  UNIX
  Printenv
  Windows NT
  System environment Variable
  7. You may now apply for a SAProuter certificate from the SAP Trust Center
  Service of SAP service marketplace
  http://service.sap.com/tcs
  > SAP Trust Center Service in Detail
  > SAProuter Certificates
  SAProuter Certificate "Apply Now"
  Click the button.
  8. Please take note of your "Distinguished Name"
  Please refer to the example above
  -SAPRouter Name
  : JPL50020586
  -Distinguished Name
  CN=JPL50020586, OU=0000036946, OU=SAProuter, O=SAP, C=DE
  Then, clicked the "Continue" button.
  9. Execute the following command in the /saprouter/ntintel
  directory in order to generate your certificate to be exchanged with SAP.
  sapgenpse get_pse -v -r certreq -p local.pse "Distinguished Name"
  Example
  sapgenpse get_pse u2013v -r certreq -p local.pse "CN=JPL50020586, OU=0000036946,
  OU=SAProuter, O=SAP, C=DE"
  Enter the PIN number. (you may enter any PIN Number you wish.)
  Please enter PIN :
  Please re-enter PIN :
  <- you must use the same PIN Number as the above.
  10. The "certreq" file is created in the /saprouter/ntintel directory.
  11. Use a notepad to open the "certreq" file and copy the displayed information
  (From the -BEGIN .to the END -)
  12.You now have to paste the above copy content into the space provided
  shown below. After you have pasted the text, click the u201CRequest certificateu201D
  button to submit your request.
  13. Once you click on the u201CRequest Certificateu201D a new screen will be displaying
  your certificate issued by SAP CA (Certification Authority).
  14. Using a notepad to copy the content (From u2013Beingu2026 to -END) and save it
  as u201Csrcertu201D into /saprouter/ntintel/srcert.
  Note :
  - Please rename srcert.txt into srcert without any extension.
  15. You then need to import this certificate into SAProuter using the following
  command.
  Please run on /saprouter/ntintel directory.
  sapgenpse import_own_cert -c srcert -p local.pse
  Please enter PIN : (same as point 9)
  16. Execute the following command in the /saprouter/ntintel directory.
  sapgenpse seclogin -p local.pse
  Please enter PIN : (same as point 9)
  This will create a file "cred_v2" in the same directory.
  17. Please check whether the certificate has been imported correctly.
  Execute this command in /saprouter/ntintel directory.
  sapgenpse get_my_name -v -n Issuer
  The result should be "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE".
  18. When the above results are not obtained , please delete local.pse and
  cred_v2 and work again from steps 9. Please seek the assistance from your
  local SAP helpdesk or create an OSS message via component XX-SER-NET-
  OSS, if you are not able to obtain the above-mentioned result after you have
  repeated the above steps.
  Route permission table (saprouttab)
  19. The corresponding file ./saprouttab should contain at least the following
  entries.
  Example : by SNC connection, when connecting to sapserv2
  (194.39.131.34) the following entries need to be indicated by saprouttab.,
  SNC-connection to SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34
  SNC-connection from SAP to local R/3-System for Support
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
  SNC-connection from SAP to local R/3-System for pcANYWHERE, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631
  SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
  SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
  Access from the local Network to SAPNet - R/3 Frontend (OSS)
  P <IP-addess of a local PC> 194.39.131.34 3299
  deny all other connections
  D * * *
  Start the SAProuter with the following command.
  Saprouter -r -S <port> -K
  "p: <Your Distingiushed Name>"
  -K tells the saprouter to start with loading the SNC library.
  Example: saprouter -r -S 3299 u2013K "p:CN=JPL50020586, OU=0000036946,
  OU=SAProuter, O=SAP, C=DE"
  Additional Note
  -You may refer to SAP note: 30289 in the SAP service marketplace for detail
  information with regards to SAProuter
  http://www.service.sap.com/note

• SAP Router, SNC processing Failed

  Hello Guru's
  I seem to be having a connection problem with the Back end of SAP's Sapserv2.
  I am trying to reconnect my SAP router to SAP. It was Working before licenses and Certs timed out.
  The error that i see in SM59 is
  SNC Processing failed: SncProcessInput.
  Dev_route shows this error,
  Tue Jul 27 16:09:57 2010
  ERROR => NiBufIProcMsg: hdl 17 received rc=-104 (NIEROUT_SNC_FAILURE) from peer [nibuf.cpp    2115]
  WARNING => NiBufISetHS: ready-queue could not be freed (hdl 18) [nibuf.cpp    4384]
  Tue Jul 27 16:09:59 2010
  ERROR => NiBufIProcMsg: hdl 18 received rc=-104 (NIEROUT_SNC_FAILURE) from peer [nibuf.cpp    2115]
  WARNING => NiBufISetHS: ready-queue could not be freed (hdl 19) [nibuf.cpp    4384]
  Tue Jul 27 16:10:01 2010
  ERROR => NiBufIProcMsg: hdl 19 received rc=-104 (NIEROUT_SNC_FAILURE) from peer [nibuf.cpp    2115]
  Tue Jul 27 16:11:00 2010
  WARNING => NiBufISetHS: ready-queue could not be freed (hdl 20) [nibuf.cpp    4384]
  Tue Jul 27 16:11:01 2010
  ERROR => NiBufIProcMsg: hdl 20 received rc=-104 (NIEROUT_SNC_FAILURE) from peer [nibuf.cpp    2115]
  Tue Jul 27 16:11:06 2010
  WARNING => NiBufISetHS: ready-queue could not be freed (hdl 21) [nibuf.cpp    4384]
  ERROR => NiBufIProcMsg: hdl 21 received rc=-104 (NIEROUT_SNC_FAILURE) from peer [nibuf.cpp    2115]
  any help will be appreciated.

  Hi,
  Please follow Note 1178684 - No service connection:"SNC processing failed". This should solve your issue. also the below post may be of help to you:
  RFCIO_ERROR_SYSERROR
  Rajeev

• SAP GUI with SNC logon and Hummingbird Exceed - SAP GUI window size issue

  We have discovered an issue when SAP GUI 7.10 is used to logon via SNC and Hummingbird Exceed is used on the same workstation to logon to a UNIX system either via x-windows or telnet.
  When the user logs onto a UNIX system using Hummingbird Exceed, then uses SAP GUI to logon to a SAP system with SNC authentication, the SAP GUI authentication works, but the favourites list is not fully displayed and has to be resized before any of the entries are available.
  Has anybody else seen this issue, and do they know if there is a fix available ? We wondered if there might be an issue with fonts or some other sort of conflict between Exceed and SAP GUI, but it is strange that the problem only occurs if SNC authentication is being used, and when userid+password is used to logon to SAP the problem does not occur.
  Cheers,
  Tim

  Hello Tim and Wolfgang,
  I was curious too as I found it interesting... so I tested a few combinations, but could not reproduce what Tim has described, at least not before my CPU reached 100% and the applications stopped responding (~2GHz processor, 1GB RAM, 48 kbps connection, latency ~ 2 x width of the Pacific Ocean, but Backend 7.00!).
  However I did notice some indications which might be a help (based on 7.00!):
  Back in 4.?? there was a problem in that large menus could not be searched(!). Sorry, I don't have access to SAP now, but from memory the note # was 444043 (or very similar) and introduced a form routine for large menus - from a printscreen I still have the message number which led me to the note - 'I476(S#)'.
  The system certainly distinguishes between MENU_TYPEs and the above note corrections could be found in several locations relating to the SAP menu 'S', the role menu 'A' etc, but I could only see that for favourites 'F' this is implemented for the menu search (when searching, not when loading).
  @ Tim: Ask you customer to create a favourites menu which only has 1 node or max 2 (certainly not more than 4!) and ~ 20 executable objects in it (not more than 30!)? Can they under any conditions achieve the described problem with such a menu?
  If not possible to reproduce, then the closest I could guess is a maximum limit of 4 nodes and max 30 objects for a 'F'avourite menu, before it is a minimum candidate for "performance problems" and consideration to be converted to a role ('A'ctivity group) menu instead.
  Sorry that I can only help by speculating, because I could not reproduce what you have described.
  Hopefully this problem will not happen to me in the New Year, and hope you will solve it for the rest of the year
  Cheers,
  Julius
  Updated memory (not RAM) by: Julius Bussche on Jan 3, 2008 9:07 AM

• Issue with parallel operation of SAP NW SSO 2.0 and SNC Client Encryption (Logon Groups)

  Hi!
  One of our customers is using the SNC Client Encryption solution to ensure encryption using SNC (based on Kerberos Technology) for their SAP GUI Dialog connections. They have lots of SAP backends DEV, QAS, PRD all with the SNC Client Encryption SNC Lib installed. The profile parameter snc/identity/as contains the following value: p:CN=SAP/<ServiceAccount>@<DOMAIN>.
  Example: p:CN=SAP/[email protected]
  The customer is using one AD Service Account "SNCServiceUser" with one registered SPN "SAP/SNCServiceUser" for all systems (yes, this is not recommended... but the case).
  Important: All users use group entries in the SAP Logon (saplogin.ini). Means, for SAP logon the SNC name can not be manually configured on the SAP Front End. With group logons, the application server's SNC name is dynamically requested by the message server each time a SAP GUI connection is started. The SNC Name is greyed out in this case as dynamically obtained from the applications servers profile parameter snc/identity/as.
  Now our customer implements SAP NetWeaver Single Sign-On 2.0 within his landscape. Based on the Secure Login Server 2.0 (SP3) he likes to use X.509 based authentication to his AS ABAP backends using SAP GUI SNC while others still use SNC Client Encryption.
  Replacing the SNC Library on the AS ABAP
  The Secure Login Library 2.0 (SP3) has been installed on one of the ABAP systems and the SNC Client Encryption SNC Library (which is based on SSO 1.0) is no longer used, thus we changed the parameter snc/gssapi_lib to point to the new SNC library. We removed the old PSE.ZIP containing the keytab and created the new SAPSNCSKERB.PSE incl. the keytab and proper credentials. To ensure parallel operation, we kept the snc/identity/as value as is =  p:CN=SAP/[email protected].
  After restarting the system with initialized Secure Login Library 2.0, still the SNC client encryption works fine for existing users.
  The problem
  We created on the Secure Login Server an SNC certificate for the AS ABAP which has the following X.509 Distinguised Name Fomat: CN=SAP/[email protected] This is to avoid having to change the snc/identity/as to an "real" X.509 DN which would lead to non-working SNC Client Encryption for all the other users using SAP GUI and logon groups.
  As soon as we install the PSE via STRUST on the system the SNC Client Encryption solution stops working with error „Server refuses kerberos key exchange“.
  As part of an pilot implementation we have installed Secure Login Client 2.0 (SP3) on some test PCs. The test PC with SLC is able to perform Single Sign-On with SNC based on X.509 (incl. Encryption) to the ABAP system.
  Seems the SAP System now only tries to do X.509 based authentication thus key exchange fails. The problem is, we cannot change the snc/identity/as value because of the logon groups. If we were able to do so, we would in any case set the server identity to X.509 DN and in addition create the SAPSNCSKERB.PSE incl. keytab. This should work, as confirmed by SAP see this post.  
  Any ideas how to solve this and have both solutions in parallel?
  Appreciate any help.
  Regards,
  Carsten

  Hi all,
  we was able to fix the issue. It was an issue with the customers cluster configuration and the  $SECUDIR variable. This tricky issue leads to non working or sporadic working SNC Client Encryption...
  This was how the configuration looks before:
  Environment variable $SECUDIR is defined:
  "/ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec“
  sapgenpse seclogin -l -v
  running seclogin with USER="<SID>adm"
  Credentials for username '<SID>adm':
  0 (LPS:OFF):
           (LPS:OFF): /ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCSKERB.pse
  1 (LPS:OFF):
           (LPS:OFF): /usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCS.pse
  After changing the $SECUDIR to "/usr/sap/<SID>/DVEBMGSxx/sec“ and re-creating the credentials, it worked like a charm.
  As a result of this we can confirm, this configuration and SNC Client Encryption works with CommonCryptoLib in parallel to the SSO configuration.
  And Valerie was right with 2. SLC starting from V. 1.0 SP2 PL3 was able to convert the CN= part of the SNC Name into an SPN, was my mistake. In addition SNC Client Encryption starting from Version 1 SP1 PL1 does this also.. just to make this clear
  Thread closed hope this helps someone
  Carsten

• SNC between SAP BO and SAP BW for MS Advanced Analysis

  Hy experts, i have configured the SNC between SAP BO and SAP BW but for any user i have this issue:
  when the user launch a Bex Query by MS Advanced Analysis, this error message occurs:
  No applicable data found.
  On the SAP BW system, on ST22 there is this runtime error:
  CALL_FUNCTION_SEND_ERROR.
  An error occurred when executing a Remote Function Call.
  "SNCERR_INVALID_FRAME#A received frame is invalid/truncated or is no SNC-frame"
  What happened?
  "CPIC-CALL: 'ThCMSEND' : cmRc=6 thRc=766#General SNC error "
  An error occurred when executing a Remote Function Call.
  An error occurred when executing a Remote Function Call.
  "CPIC-CALL: 'ThCMSEND' : cmRc=6 thRc=766#General SNC error "
  Status of connection.... "CODE=CM_SECURITY_NOT_VALID CM_SEND_RECEIVED
  CM_COMPLETE_DATA_RECEIVED SAPCODE=766 CONV=91584639"
  Internal error code.... "RFC_IO5"
  There is an error in the communication system. To clarify
  and resolve the error, contact your system administrator.
  Last error logged in SAP kernel
  Component............ "SNC (Secure Network Communication)"
  Place................ "CPIC (TCP/IP) on host ANDREA_13"
  Version.............. 5
  Error code........... "-12"
  Error text........... "SNCERR_INVALID_FRAME#A received frame is
  invalid/truncated or is no SNC-frame"
  Description.......... "SncProcessInput"
  System call.......... " "
  Module............... "sncxx.c"
  Line................. " "
  The error reported by the operating system is:
  Error number..... " "
  Error text....... " "
  User and Transaction
  Client.............. 100
  User................ 00000015
  Language Key........ "E"
  Transaction......... " "
  Transactions ID..... "6A3E22E031EEF13395AE0019BBCB620C"
  Program............. "SAPLRSBOLAP_BICS_PROVIDER"
  Screen.............. "SAPMSSY1 3004"
  Screen Line......... 2
  Information on caller of Remote Function Call (RFC):
  System.............. "########"
  Database Release.... 720
  Kernel Release...... 720
  Connection Type..... "E" (2=R/2, 3=ABAP System, E=Ext., R=Reg. Ext.)
  Call Type........... "synchron and non-transactional (emode 0, imode 0)"
  Inbound TID.........." "
  Inbound Queue Name..." "
  Outbound TID........." "
  Outbound Queue Name.." "
  Client.............. "###"
  User................ "############"
  Transaction......... " "
  Call Program........."C:\Program Files\Microsoft Office\Office1"
  Function Module..... "BICS_PROV_GET_INITIAL_STATE"
  Call Destination.... "GBP_boe_Default"
  Source Server....... "ANDREA_13"
  Source IP Address... "10.101.3.80"
  Additional information on RFC logon:
  Trusted Relationship " "
  Logon Return Code... 0
  Trusted Return Code. 0
  Note: For releases < 4.0, information on the RFC caller are often
  only partially available.
  Information on where terminated
  Termination occurred in the ABAP program "SAPLRSBOLAP_BICS_PROVIDER" - in
  "BICS_PROV_GET_INITIAL_STATE".
  The main program was "SAPMSSY1 ".
  In the source code you have the termination point in line 1
  of the (Include) program "LRSBOLAP_BICS_PROVIDERU13".
  Could you help me?
  Thank's a lot and best regards.
  Andrea Maraviglia

  Ciao Andrea,
  just a couple of hints:
  - Did you already tried to skip logon to BOE and instead directly select BW system? this should avoid to involve snc and then BEx query should be accessible. This would be a further confirmation that issue is the SNC, even if the log you posted is pretty clear about that.
  - Do you have snc installed even in local PC running MS Advanced Analysis? I Think it is necessary for the described workflow (page 24 of Admin Guide): 
  "With SAP BusinessObjects Enterprise as the BI platform, single sign-on works if the following conditions
  are true:
  u2022 BusinessObjects Enterprise XI 3.1 is configured correctly for single sign-on. For more information,
  see u201CConfiguring SAP authenticationu201D in the Integration for SAP Solutions Install and Admin Guide
  at http://service.sap.com/bosap-instguides SAP BusinessObjects Business Intelligence (BI) >
  Integration for SAP Solutions > XI 3.1.
  u2022 Secure Network Communications (SNC) is installed on each client PC. For more information, see
  SAP Help Portal at http://help.sap.com SAP NetWeaver > SAP NetWeaver Library > SAP
  NetWeaver by Key Capability > Security > Network and Transport Layer Security > Secure
  Network Communications.
  u2022 Each end user has a user account in the connected BW system."
  Furthermore, if I rember correctly, there could be restriction in license using SAP Cryptographic Library (client connection is not supported: SAP notes 597059 and 397195), so you should check your SNC software.
  Hope it could hep.
  Regards.
  Roberto.

• SNC between SAP BO and SAP BW

  Hy esperts, i have configured the SNC between SAP BO and SAP BW but for any user i have this issue: 
  when the user launch a Bex Query by MS Advanced Analysis,  this error message occurs:
  No applicable data found.
  On the SAP BW system, on ST22 there is this runtime error:
  CALL_FUNCTION_SEND_ERROR.
  An error occurred when executing a Remote Function Call.
  "SNCERR_INVALID_FRAME#A received frame is invalid/truncated or is no SNC-frame"
  What happened?
  "CPIC-CALL: 'ThCMSEND' : cmRc=6 thRc=766#General SNC error "
  An error occurred when executing a Remote Function Call.
  An error occurred when executing a Remote Function Call.
  "CPIC-CALL: 'ThCMSEND' : cmRc=6 thRc=766#General SNC error "
  Status of connection.... "CODE=CM_SECURITY_NOT_VALID CM_SEND_RECEIVED
  CM_COMPLETE_DATA_RECEIVED SAPCODE=766 CONV=91584639"
  Internal error code.... "RFC_IO5"
  There is an error in the communication system. To clarify
  and resolve the error, contact your system administrator.
  Last error logged in SAP kernel
  Component............ "SNC (Secure Network Communication)"
  Place................ "CPIC (TCP/IP) on host ANDREA_13"
  Version.............. 5
  Error code........... "-12"
  Error text........... "SNCERR_INVALID_FRAME#A received frame is
  invalid/truncated or is no SNC-frame"
  Description.......... "SncProcessInput"
  System call.......... " "
  Module............... "sncxx.c"
  Line................. " "
  The error reported by the operating system is:
  Error number..... " "
  Error text....... " "
  User and Transaction
      Client.............. 100
      User................ 00000015
      Language Key........ "E"
      Transaction......... " "
      Transactions ID..... "6A3E22E031EEF13395AE0019BBCB620C"
      Program............. "SAPLRSBOLAP_BICS_PROVIDER"
      Screen.............. "SAPMSSY1 3004"
      Screen Line......... 2
      Information on caller of Remote Function Call (RFC):
      System.............. "########"
      Database Release.... 720
      Kernel Release...... 720
      Connection Type..... "E" (2=R/2, 3=ABAP System, E=Ext., R=Reg. Ext.)
      Call Type........... "synchron and non-transactional (emode 0, imode 0)"
      Inbound TID.........." "
      Inbound Queue Name..." "
      Outbound TID........." "
      Outbound Queue Name.." "
      Client.............. "###"
      User................ "############"
      Transaction......... " "
      Call Program........."C:\Program Files\Microsoft Office\Office1"
      Function Module..... "BICS_PROV_GET_INITIAL_STATE"
      Call Destination.... "GBP_boe_Default"
      Source Server....... "ANDREA_13"
      Source IP Address... "10.101.3.80"
      Additional information on RFC logon:
      Trusted Relationship " "
      Logon Return Code... 0
      Trusted Return Code. 0
      Note: For releases < 4.0, information on the RFC caller are often
      only partially available.
  Information on where terminated
      Termination occurred in the ABAP program "SAPLRSBOLAP_BICS_PROVIDER" - in
       "BICS_PROV_GET_INITIAL_STATE".
      The main program was "SAPMSSY1 ".
      In the source code you have the termination point in line 1
      of the (Include) program "LRSBOLAP_BICS_PROVIDERU13".
  Could you help me?
  Thank's a lot and best regards.
  Andrea Maraviglia

  Hi Ingo,
  the runtime error occurs in this scenario:
  1) Launch MS Advanced Analysis
  2) Logon on SAP BO
  3) Select the System connection for SAP BW where the SNC has been configured
  4) Select  the bex Query
  5) The system response with this message: No applicable data found.
  On ST22 , on SAP BW, there is the runtime error: CALL_FUNCTION_SEND_ERROR with the message:
  "SNCERR_INVALID_FRAME#A received frame is invalid/truncated or is no SNC-frame".
  Thank's a lot.
  Best Regards.
  Andrea
  Edited by: Maraviglia Andrea on Jan 24, 2011 6:02 PM

• Business Connector and sap router on same server?

  Hello,
  We are investigating currently in order to install "Business Connector" and "Sap router" on a same dedicated server.
  I would like to know if it is possible or not recommended, etc... if there are some guidelines.
  If someone has experience in this solution.
  Many thanks for your help

  I can't see a reason why not... any particular concerns?
  Regards
  Juan

• Connect EPM and web portal BPC through SAP router string

  Dear Expert,
  Please tell me how to connect EMP and web BPC through SAP router string?
  thanks so much
  hungth

  Hi hungth,
  Can you explain more? Do you mean you need a sap support to log on to your BPC web and investigate your BPC issues? If so, you can open HTTP connect connection by following note 592085.
  Best regards,
  Charlie

• SAP SD Route and Transportation Management  Doc or PDF or Ppt

  Hi Experts,
  I am learning route and transportation management functionality in SAP SD. Could you please share any doc or pdf or ppt; if you have the same? It would be helpful for me to understand concepts and configuration in better way. Thank You!
  Best Regards, Sani

  Welcome to the forum.  Before posting a question, please go through the forum rules detailed in the link
  [Read this before posting |Read this before posting;
  As stated there, please search the forum as this question has been answered many times.
  thanks
  G. Lakshmipathi