SAP Router Configuration
Hello Gurus
I need help to configure SAP Router in my server, can somebody guide me the process how to configure it.
Details of my server
SAP Version - 640
Oracle - 10.2.0.2.0
O/S - Windows - 2003 Server/ SP1
Thanks & Regards
Shishir
Hi,
check Note 30289 - SAProuter documentation
document is attached to note.
regards,
kaushal
Similar Messages
-
Reg : SAP Router Configuration
Dear Friends,
How to configure the SAP router? If anybody have configuration details pls help me.
Our System is ECC 6.0
OS - 2003 Server
DB : MS SQL Server
Then How to Communicate to SAP.
Regards
kesavHi,
> How to configure the SAP router? If anybody have configuration details pls help me.
1) Download the latest SAP Router files (saprouter.car, nipping, cryptographic library) from SAP Service Market Place --- Patches.
2)Create a user called sncadm as a member of Administrator. Log off administrator and login as sncadm. Create the following environment variables for this user.
SECUDIR = c:\usr\sap\saprouter
SNC_LIB = c:\usr\sap\saprouter\sapcrypto.dll
3) Create folder c:\usr\sap\saprouter and copy the downloaded files into that folder. Extract all the compressed files. Now typically this folder will have the following files.
Sapcrypto.dll
Sapgenpse.exe
Ticket
Ntscmgr.exe
Nipping.exe
Saprouter.exe
(other required files can be copied from kernel directory of other SAP Systems)
4) Go to http://service.sap.com/saprouter-sncadd. Click on u201CApply Nowu201D
You will get information like this (on first screen):
Click on Continue. Now we have to create the request for SAProuter which is to be given as input in the next screen u201CRequest Certificate for SAProuteru201D.
5)Open a command prompt and execute the following commands.
Cd \usr\sap\saprouter
sapgenpse get_pse u2013r sap-router.p10 u2013p sap-router.pse u201CCN=SAP-ROUTER, OU=0000733879, OU=SAProuter, O=SAP, C=DEu201D
You will be asked for a PIN: input any (but do not forget!!!!!) No Password is given in this installation.
This command will create the file sap-router.p10 and sap-router.pse.
Open the file sap-router.p10 with notepad, copy & paste this certificate request to the text area of the u201CRequest Certificate for SAProuteru201D page.
Click on Request Certificate
In response you will get certificate signed by CA.
Copy & paste the text into a text file including the header & footer (saprt.txt is the file created here)
6)Now install the certificate as follows
Sapgenpse import_own_cert u2013c saprt.txt u2013p sap-router.pse
7)Now create credentials for saprouter
Sapgenpse seclogin u2013p sap-router.pse u2013O sncadm
This will create a file called cred_v2 in c:\usr\sap\saprouter
8)Now Check whether certificate has been imported correctly or not
Sapgenpse get_my_name u2013v u2013n Issuer
The name of issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE. If the name is not correct, then delete the file cred_v2 and start all over again from Step u2013 4.
9)Now create a file u201Csaprouttabu201D in the folder c:\usr\sap\saprouter and make the following entries in that.
SNC connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
Access from your local Network to SAPNet - R/3 Frontend
P 172.16.. 194.39.131.34 3299
P 172.17.. 194.39.131.34 3299
P 172.18.. 194.39.131.34 3299
P 172.19.. 194.39.131.34 3299
D * * *
Save the file and close
10) Make the following changes in the hosts file and services file (under windows\system32\drivers\etc folder ) SAP-ROUTER system
hosts file:
172.18.9.8 SAP-ROUTER
194.39.131.34 sapserv2
services file:
sapdp99 3299/tcp
sapgw99 3399/tcp
sapmsO01 3601/tcp
11) Now check the entry in the services files for all servers and all front-end PCs under %winnt%/system32/drivers/etc/ there should have:
sapdp99 3299/tcp
sapmsO01 3601/tcp
12) Now start the sap router using the command (from the saprouter directory)
Saprouter u2013r u2013V 3 u2013K u201Cp:CN=SAP-ROUTER,OU=0000733879,OU=SAProuter,O=SAP,C=DEu201D
13)Connection to SAP can tested using the command
lgtst u2013H /H/172.18.9.8//H/194.39.131.34/S/sapdp99/H/oss001/S/sapmsO01 u2013S x u2013W 30000
Note : The file lgtst.exe can be copied from other SAP systemu2019s kernel directory.
The output should look like these:
Using trcfile: dev_lg
List of reachable application servers
u2026.
u2026..
u2026u2026.
u2026u2026u2026.
If the lgtst command does not display the list of reachable application servers, then the connection to SAP could not be established. Troubleshoot the error and rectify.
For more info see the following sapnote
note 30289 : SAProuter documentation
note 525751: Installation of the SNC-SAPRouter as NT Service
note 46902 : Security aspects in remote access
note 48243 : Integrating SAProuter into a firewall
note 33135 : Guidelines for OSS1 (Version for SAPSERV3).
note 35010 : Service connections: Composite note (overview) -
SAP Router configuration on Linux platform (error in start script)
Hello gurus,
I´m trying to setup the saprouter on Fedora v14 (32 bits).
I did all the configure with root user. The problem is when I run the script that starts the saprouter service, it show me the following error:
[root@saprouter sap]# pwd
/usr/sap/saprouter
[root@saprouter saprouter]# saprouter_start
/usr/sap/saprouter/saprouter_start: line 12: syntax error near unexpected token `|'
'usr/sap/saprouter/saprouter_start: line 12: ` | tee -a $LOGFILE &
The content of this script, has the following sintaxes:
# Start saprouter
# You can automatically start SAProuter when you start the system. In UNIX for example, you would change file /etc/rc.
# saprouter CN=saprouter, OU=0001214237, OU=SAProuter, O=SAP, C=DE sapserv2
SRDIR=/usr/sap/saprouter
LOGFILE="usr/sap/saprouter/saprouter_log"
if [ -f $SRDIR/saprouter ] ; then
echo "Starting SAP Router" | tee -a $LOGFILE
$SRDIR/saprouter -r -R $SRDIR/saprouttab -G $LOGFILE -W 60000 -K "p:CN=saprouter, OU=0001214237, OU=SAProuter, O=SAP, C=DE"
| tee -a $LOGFILE &
fi
The strange of this is I already did this type of configuration on Linux with the same scripts... but in red hat enterprise linux x86_64 and in there it works perfectly!
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4f/992ce8446d11d189700000e8322d00/frameset.htm
Can you help me please in way to solve this problem...?!
Best regards,
João Dimas - PortugalHello Clebio,
First al all, please don´t forget to read my previous message.
I´m writing again because I made other tests that I would like to show you...!
1- In my previous message I mentioned an error when I ran directly the command # saprouter -r... and as you recomend, I typed the "ldd saprouter", the output of this show that libstdc+.so.5: was not found! I already solve this issue, I installed the compat-libstdc+ with # yum install compat-libstdc++. So... now when I run that "ldd saprouter" the result is:
[root@saprouter saprouter]# ldd saprouter
linux-gate.so.1 => (0x003a9000)
libdl.so.2 => /lib/libdl.so.2 (0x00911000)
librt.so.1 => /lib/librt.so.1 (0x00918000)
libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x00110000)
libm.so.6 => /lib/libm.so.6 (0x00923000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00966000)
libpthread.so.0 => /lib/libpthread.so.0 (0x008f4000)
libc.so.6 => /lib/libc.so.6 (0x00768000)
/lib/ld-linux.so.2 (0x00747000)
It seems that is solved! Is not it?
2- After that correction, I ran again the # saprouter -r but now it show me the following error:
[root@saprouter saprouter]# saprouter -r
trcfile dev_rout
no logging active
*** ERROR => invalid lines in './saprouttab', see 'dev_rout' [nirout.cpp 8006]
... next, what I did was, I opened the dev_rout:
trc file: "dev_rout", trc level: 1, release: "700"
Thu Aug 11 13:10:49 2011
SAP Network Interface Router, Version 38.10
command line arg 0: saprouter
command line arg 1: -r
main: pid = 9808, ppid = 2038, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
*** ERROR => SNC field without SNC active, skip line 2 [nirout.cpp 7775]
*** ERROR => SNC field without SNC active, skip line 3 [nirout.cpp 7775]
*** ERROR => SNC field without SNC active, skip line 8 [nirout.cpp 7775]
... and I also checked my saprouttab in there I see...:
1. vim saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KT "p:CN=saprouter, OU=000121987, OU=SAProuter, O=SAP, C=DE" 81.193.132.663 3299
# SNC connection to local system for R/3-Support
# R/3 Server: 192.168.34.178
# R/3 Instance: 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.34.178 3200
# Access from the local Network to SAP
P * 194.39.131.34 3299
# Deny all other connections
#D * * *
What´s the problem!??! I don´t get it!! My God... I don´t understand, all the entries in saprouttab seems well to me! Can you verify this please?! It´s correct, isn´t it?
Can you help me!?
Thank you
João Dimas - Portugal -
SAP router installation for VPN method
Hi All,
Can any one share me the steps to perform SAP Router Configuration with VPN method.
Also what are changes i need to make in saproutab file.
Appreciate your inputs.
Thanks
Pradeep.There is paperwork that you need to fill out with IPSec information, once its filled out you fax it over to SAP.
Not entirely sure what changes need to be made in saprouttab? Are you changing SAPRouter to no longer perform SNC to SAP?
Here is the doco I used for my company - https://support.sap.com/content/dam/library/SAP%20Support%20Portal/remote-support/RemoteSupport.pdf -
Visualizing SAP XI routing configuration across the system landscape
Hi Experts
Iam facing some challenges in visualizing SAP XI routing configuration across the system landscape (Development, Quality, Production). Basically routing is based on a field (technical target system). Depending on the environment we have different target systems (different Mainframe DB that represent the same target system) configured.
Any word/excel/ppt/pdf templates or any comments that could help visualizing routing would be highly appreciated.
Thanks! SantoshHi Santhosh,
If you are worrieed about how your Business Systems will change when you move from Dev to QA to PROD for the Configuration in your ID, then the answer is simple.
You can create transport target for your Business System and so when you migrate the ID objects from dev to Qa and so on, the business Systems will be automatically replaced.
Take a look at this blog,
/people/sap.india5/blog/2005/11/03/xi-software-logistics-1-sld-preparation
Regards,
Bhavesh -
How to install and configure SAP Router
Dear SAP Expert !
I want to install SAP Router but i dont know the SAP router package is allocated on DVD ? what is the DVD number ?
If you already configure SAP router please let me know how to configure ?Hello Thao
what is th exact issue that are u facing.
The account must be the administartor of the machine where u are installing SAPROUTER.Make sure you are following the correct steps as follows:
Downloading necessary software components from SAP Service Marketplace
1. Login to the SAP Service Marketplace with the Service Marketplace at using
the USERID/PASSWORD which was assigned for your installation.
2. Change the alias to www.service.sap.com/tcs to downloaded the SAP
cryptographic software. Select the correct SAPcrptographic software
depending on your saprouter operating system as shown below.
3. You must have the sapcar.exe in order to extract the SAP cryptographic
software file.
4. With the command of u201Csapcar -xvf xxxxxxx.saru201D, /ntintel directory would be
created and the following files would be extracted.
(Example C:/saprouter/ntintel)
( when the Microsoft Windows NT Intel version is downloaded)
C:/saprouter/ntintel/sapcrypto.dll
C:/saprouter/ntintel/sapgenpse.exe
C:/saprouter/ticket
Issue of Electronic Certificate
5. It is necessary to define the environment variable for u201CSECUDIRu201D and
u201CSNC_LIBu201D under system account.
Window NT environment variable setup :
Right-clicked the icon of you computer
Property -> details -> environment variable
SECUDIR = < Directory name >
Example. Variable name : SECUDIR
Variable value
: C:/saprouter/SNC_LIB = < Directory name >
Example. Variable name : SNC_LIB
Variable value : C:/saprouter/ntintel/sapcrypto.dll
UNIX
<path_to_libsecude>/<name_of_sapcrypto_library>
Windows
NT,
<drive>:/<path_to_libsecude>/<name_of_sapcrypto_library>
Windows
2000
6. Check if the environment of the user running saprouter contains the
environment variable SNC_LIB.
UNIX
Printenv
Windows NT
System environment Variable
7. You may now apply for a SAProuter certificate from the SAP Trust Center
Service of SAP service marketplace
http://service.sap.com/tcs
> SAP Trust Center Service in Detail
> SAProuter Certificates
SAProuter Certificate "Apply Now"
Click the button.
8. Please take note of your "Distinguished Name"
Please refer to the example above
-SAPRouter Name
: JPL50020586
-Distinguished Name
CN=JPL50020586, OU=0000036946, OU=SAProuter, O=SAP, C=DE
Then, clicked the "Continue" button.
9. Execute the following command in the /saprouter/ntintel
directory in order to generate your certificate to be exchanged with SAP.
sapgenpse get_pse -v -r certreq -p local.pse "Distinguished Name"
Example
sapgenpse get_pse u2013v -r certreq -p local.pse "CN=JPL50020586, OU=0000036946,
OU=SAProuter, O=SAP, C=DE"
Enter the PIN number. (you may enter any PIN Number you wish.)
Please enter PIN :
Please re-enter PIN :
<- you must use the same PIN Number as the above.
10. The "certreq" file is created in the /saprouter/ntintel directory.
11. Use a notepad to open the "certreq" file and copy the displayed information
(From the -BEGIN .to the END -)
12.You now have to paste the above copy content into the space provided
shown below. After you have pasted the text, click the u201CRequest certificateu201D
button to submit your request.
13. Once you click on the u201CRequest Certificateu201D a new screen will be displaying
your certificate issued by SAP CA (Certification Authority).
14. Using a notepad to copy the content (From u2013Beingu2026 to -END) and save it
as u201Csrcertu201D into /saprouter/ntintel/srcert.
Note :
- Please rename srcert.txt into srcert without any extension.
15. You then need to import this certificate into SAProuter using the following
command.
Please run on /saprouter/ntintel directory.
sapgenpse import_own_cert -c srcert -p local.pse
Please enter PIN : (same as point 9)
16. Execute the following command in the /saprouter/ntintel directory.
sapgenpse seclogin -p local.pse
Please enter PIN : (same as point 9)
This will create a file "cred_v2" in the same directory.
17. Please check whether the certificate has been imported correctly.
Execute this command in /saprouter/ntintel directory.
sapgenpse get_my_name -v -n Issuer
The result should be "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE".
18. When the above results are not obtained , please delete local.pse and
cred_v2 and work again from steps 9. Please seek the assistance from your
local SAP helpdesk or create an OSS message via component XX-SER-NET-
OSS, if you are not able to obtain the above-mentioned result after you have
repeated the above steps.
Route permission table (saprouttab)
19. The corresponding file ./saprouttab should contain at least the following
entries.
Example : by SNC connection, when connecting to sapserv2
(194.39.131.34) the following entries need to be indicated by saprouttab.,
SNC-connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
SNC-connection from SAP to local R/3-System for pcANYWHERE, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631
SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
deny all other connections
D * * *
Start the SAProuter with the following command.
Saprouter -r -S <port> -K
"p: <Your Distingiushed Name>"
-K tells the saprouter to start with loading the SNC library.
Example: saprouter -r -S 3299 u2013K "p:CN=JPL50020586, OU=0000036946,
OU=SAProuter, O=SAP, C=DE"
Additional Note
-You may refer to SAP note: 30289 in the SAP service marketplace for detail
information with regards to SAProuter
http://www.service.sap.com/note -
SLD configuration - JCO connection with SAP Router
Hi,
I installed the new Sneak Preview SP11 Java Edition including SAP Portal. I tried to run an own Web Dynpro Application with RFC-Access on a R/3 System.
Unfortunately I was not able to get the JCO Connection to run. The R/3 System is reached via SAP Router. I am a little bit confused, because with the last Sneak Preview (SP6 or SP7) this application was running without problems. Of course I thought that this can't be. So I uninstalled SP11 and installed the old version (SP7). I configured the JCO-connection, no problems.
Now I know that this is not my mistake (hopefully ).
If I configured a JCO-connection in SP11 and tried to PING, the first PING was ok. After testing the connection with user, the PING failed. The testing with user returns something like "user or password are not accepted".
Any ideas?
Best regards
RenaldIn your SLD configuration, what do you have as your Logon Group under the message server config. Is it "PUBLIC". if so, then the user id needs to belong to that Logon Group in the system.
Regards,
Rich Heilman -
SAP Router connection configuration
Dear experts
Out SAP router is currently using VPN connection to SAP. Due to some migration task, I need to reinstall this router now and would like to ask you what security type is currently "state of the art", also keeping in mind, that I would use our Solution Manager to keep track of service connections between us an SAP.
Should we now change to SNC or keep VPN as security provider?
Thank you for any hints.
Best regards, MichaelIn your SLD configuration, what do you have as your Logon Group under the message server config. Is it "PUBLIC". if so, then the user id needs to belong to that Logon Group in the system.
Regards,
Rich Heilman -
Hi,
I have (stupid perhaps) question.
Is this scenario possible:
SNC connection from SAP GUI to SAP Router, and non-SNC connection from SAP Router to SAP System.
I know how to set up scenario like this:
SAP System --- (non-SNC conn) --- saprouter1 --- (SNC conn) --- saprouter2 --- (non-SNC conn) --- SAP GUI.
Best regards,
Marek MajchrowskiWolfgang,
To be sure myself and Marek understand, can you confirm the different scenarios supported:
Scenario 1:
SAP GUI --- (non SNC conn) --- saprouter1 --- (SNC conn) --- saprouter2 --- (non-SNC conn) --- SAP System
With this scenario, it would be possible for a user to logon using SAP GUI onto the SAP System, but without SAP GUI SNC.
Scenario 2:
SAP GUI --- (SNC conn) --- saprouter1 --- (non SNC conn) --- saprouter2 --- (SNC conn) --- SAP System
With this scenario it would be possible to logon to the SAP System using SAP GUI, and using SNC authentication.
Also, with this scenario the SAP GUI software and SAP System software would consider this to be similar to:
SAP GUI -- (SNC conn) -- SAP System
Scenario 3:
This is the scenario mentioned by Marek in his initial question:
SAP GUI -- (SNC conn) -- saprouter1 -- (non SNC conn) -- SAP System
With this scenario it will not be possible to logon to SAP System using SNC, and only possible if the SAP GUI is configured to not use SNC. In other words the SNC connection between SAP GUI and saprouter1 is available, but cannot be used.
Thanks,
Tim
Edited by: Tim Alsop on Feb 25, 2008 5:24 PM -
Hello
I have installed solution manager 7.0 and then sap router is also configured on the same box.
1. To generate a certificate request,
sapgenpse get_pse -v -r D:\usr\sap\saprouter\certreq -p D:\usr\sap\saprouter\local.pse "CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE"
2. Then you have to request the certificate from
http://service.sap.com/tcs -> Download Area -> SAProuter Certificate
3. Create a file D:\usr\sap\saprouter\srcert and copy the requested
certificate into this file. :
sapgenpse import_own_cert -c D:\usr\sap\saprouter\srcert -p
D:\usr\sap\saprouter\local.pse
4. To generate credentials for the user that's running the SAProuter
service:
sapgenpse seclogin -p D:\usr\sap\saprouter\local.pse -O sapadmin
(this will create the file "cred_v2")
5. Check the configuration:
sapgenpse get_my_name -v -n Issuer
(Result: "CN=SAProuter CA, OU=SAProuter,
O=SAP, C=DE")
6. Create SAProuter service on Windows :
ntscmgr install SAProuter -b D:\usr\sap\saprouter\saprouter.exe -p
"service -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K "CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE"
7. Edit the Windows Registry key :
MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAProuter\ImagePath
8. Start the SAProuter service -- success
9. Enter the parameters in OSS1 -> Technical Settings -->
hostname : sbsapmgrapp01
IP: 10.1.0.112
instance : 00
SAP host name : sapserv2
IP: 194.39.131.34
instance:99
10. saprouttab
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.0.112 3200
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P 10.1.0.112 194.39.131.34 3299
deny all other connections
D * * *
when I check the sap-oss connection i am getting internal error. Any help would be appreciate..
Thanks
seshuHi Rahu
Thanks for your response. Here is my saprouttab entry's
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local Solman System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.0.112 3200
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P 10.1.0.112 194.39.131.34 3299
P 10...* 194.39.131.34 *
Here is my dev_rout file..
trc file: "dev_rout", trc level: 1, release: "700"
Thu Oct 16 02:08:22 2008
SAP Network Interface Router, Version 38.10
command line arg 0: D:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -R
command line arg 3: D:\usr\sap\saprouter\saprouttab
command line arg 4: -W
command line arg 5: 60000
command line arg 6: -K
command line arg 7: p:CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\saprouter\sapcrypto.dll".
File "D:\usr\sap\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 1684, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
Thu Oct 16 09:14:17 2008
***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 256
(SI_ECONN_REFUSE/10061; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
Thu Oct 16 09:14:20 2008
***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 256
(SI_ECONN_REFUSE/10061; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
Kindly suggest the changes in my saprottab file..
Thanks
seshu
Issue resloved..
Edited by: Seshagiri Rao Myneni on Oct 16, 2008 7:31 PM -
Error while checking connection after establishing sap router
Hello All,
I have installed a sap router on our solution manager on Linux environment
when i try to check the RFC connection from SM59 i am receiving the following error.
my message server is configured as follows
Msg. Server - /H/<SAP Router Ip>/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
<SAP Router> is my solman ip address
Connection Test SAPOSS
Logon Connection Error
Error Details Error when opening an RFC connection
Error Details ERROR: timeout while pending for route completion
Error Details LOCATION: SAP-Server sgtr-s-devs1d_S1D_67 on host sgtr-s-devs1d (wp 0)
Error Details DETAIL: NiErrSet
Error Details COMPONENT: NI (network interface)
Error Details COUNTER: 175
Error Details MODULE:
Error Details LINE:
Error Details RETURN CODE: -12
Error Details SUBRC: 0
Error Details RELEASE: 700
Error Details TIME: Wed Feb 22 23:33:20 2012
Error Details VERSION: 38
my oss1 tecnical settings are as follows.
sap router at customer side
Name sgtr-s-devs1d
IP Address 65.38.107.196
Instance no. 99
sap router at sap
Name sapserv2
IP Address 194.39.131.34
Instance no. 99
when i do a logon i get the following error
Unable to connect to SAPNet message server
(Default connection will be used...)
To check whether saprouter is working or not i have executed few commands
u2022 ps -ef|grep saprouter
s1dadm 9873 9590 0 05:53 pts/2 00:00:00 saprouter -r -S 3299 -V 3 -K p:CN=sgtr-s-devs1d, OU=0000858034, OU=SAProuter, O=SAP, C=DE
s1dadm 9951 9590 0 06:09 pts/2 00:00:00 grep saprouter
u2022 lsof -w -n -i tcp:3299
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
saprouter 9873 s1dadm 4u IPv4 5333574 0t0 TCP *:pdrncs (LISTEN)
u2022 fuser -n tcp 3299
3299/tcp: 9873
u2022 netstat -anp|grep :3299
tcp 0 0 0.0.0.0:3299 0.0.0.0:* LISTEN 9873/saprouter
In /usr/sap/saprouter
my saprouttab contains
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local system for R/3-Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 65.38.107.196 3267
Access from your local Network to SAP
P 65.38.107.196 194.39.131.34 3299
All other connections will be denied
#D * * *
one thing i want to know is my saprouter started or did i miss any configuration how to check whether my sap router is started.
Please advice me if i miss any,
Thanks in advance,
Vardhan.Thanks for the quick reply.
sgtr-s-devs1d:s1dadm > saprouter -r
trcfile dev_rout
LOCATION SAProuter 38.10 on 'sgtr-s-devs1d'
ERROR service '0.0.0.0:3299' in use
TIME Thu Feb 23 07:23:36 2012
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -4
MODULE nixxi.cpp
LINE 3227
DETAIL NiIBindSocket
SYSTEM CALL bind
ERRNO 98
ERRNO TEXT Address already in use
COUNTER 2
looke like my sap router is on SAProuter 38.10
already i have started router earlier
Thanks!
Vardhan -
Prerequisites for SNC SAP router
I want to configure SAP router in my system (intranet) which is not having any pubic ip. What are the Prerequisites for configuring SNC SAP router.
HI
There are many pre requisite for sap snc router
1) one system with Winwods
2) one Public IP I.e compulsary
after public IP U have to fill DATA Sheet and sent TO sap
With ur system name And Public ip
after that u have to download
sacar file for installed SAP router ( letest version )
And
Ond OSS User ID And Password
for cripto file just to below link
https://websmp210.sap-ag.de/~form/handler?_APP=00200682500000000917&_EVENT=DISPLAY
download letedst version according ur opration system
and make directory
e.g -. drive://usr/sap/saprouter
uncar ur letes version here and sart to sap router installtion
best of luck -
How to use SAP Router String with SAP Web Services
Hi All,
I have developed an SAP Web Service and I'm using it from a vb.net dll by using web reference.
I want to use an SAP Router string when I try to call web service but I don't how to do it.Should the url of my proxy contain this router string in itself or is there any other attribute that I should configure for this purpose?
Please help!!!
MERAL
My code is as in the followings .
(And my SAP router string is like /H/111.11.111.11/H/)
Dim srvProxy As New PSUDamacanaProxy4.Z_SDB_RFC_GetList
srvProxy.Url = s"http://21.11.1.43:8000/sap/bc/soap/rfc"
srvProxy.Timeout = 10000
srvProxy.Credentials = New System.Net.NetworkCredential(strUserName, strPassword)
srvProxy.Z_SDB_RFC_GetList(p_bayi, durum, True, miktar, telefon, expMusteri, expReturnValue, expSiparis, expTeslimat, expAdSoyad)
musteriAdSoyad = expAdSoyad
ReturnValue = expReturnValue
srvProxy.Dispose()
srvProxy = NothingSince I posted this question, I have abandoned the notion of
auto-generated web services and embraced the good old FDS concept
where the RemoteObject meta-tag does all the conversion work for
me. We are now using the Granite DS package and it is working well
for us. I would love to consume web services, but it just isn't
worth the hassle when all you have to do with Granite (and FDS) is
cast your return objects to the proper object type.
BTW, since this posting, I have investigated competing Flex
app frameworks. After my research, I checked out the PureMVC
framework. Wow!! Cairngorm always left me with an uneasy feeling
and I guess I am not alone. Apparently, Cliff Hall felt the same
way. That is why he started the project. I like his approach alot
more than Cairngorm especially since it includes notifications
which allow me to broadcast my own app level events independent
from the AS Event framework. Check out PureMVC. For what it is
worth, it has my humble endorsement. Cliff was even gracious enough
to acknowledge the other Adobe Consulting guys for their work. Good
for you Cliff, I respect that. Check out a better way at
http://www.puremvc.org/ -
Hi Guys,
I just installing and configured the saprouter in our system, when I'd registered the server SID in OSS, they gave me this IP which is not our internal or external IP.What's this IP for actually? Do I need to put it in my saprouttab coz right now I open the connection from OSS (Host did not respond X times).
TQHi,
I just configured my saprouter and everything went okay, even the OSS1 is working but when i open the connection in the OSS (service.sap.com), the connection is open for about 8 minutes but then its lost connection (yellow).Was there something missing here? I already put the outbound connection (KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *) and our server (KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <my SAP router> *) in my saprouttab. Here the recent log from devrout :
trc file: "dev_rout", trc level: 3, release: "700"
Tue Jan 15 11:33:53 2008
NiHsLInit: alloc host/serv bufs (200/200 entries)
NiIInit: allocated nitab (811 at 00280048)
NiIInit: host/serv bufs already initialized
NiPGetNodeAddrList: got 1 interface(s) from operating system
[0] IP-Address: 192.168.1.220
NiIGetServNo: servicename '3299' = port 0C.E3/3299
SAP Network Interface Router, Version 38.10
Compiled Sep 27 2007 01:16:41
command line arg 0: d:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -R
command line arg 3: d:\usr\sap\saprouter\saprouttab
command line arg 4: -S
command line arg 5: 3299
command line arg 6: -K
command line arg 7: p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE
command line arg 8: -V3
service : 3299
routtab : d:\usr\sap\saprouter\saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
logfile : no logging active
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=01D1FF1B)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll".
load shared library (D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll), hdl 0
using "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll"
DlLoadFunc: GetProcAddress(sapsnc_init_adapter) Error 127
Error 127 = "The specified procedure could not be found."
load shared func (gss_acquire_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_init_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_accept_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_process_context_token) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_delete_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_context_time) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_get_mic) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_verify_mic) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_wrap) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_unwrap) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_display_status) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_indicate_mechs) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_compare_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_display_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_import_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_buffer) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_oid_set) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_add_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_cred_by_mech) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_wrap_size_limit) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_export_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_import_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_create_empty_oid_set) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_add_oid_set_member) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_test_oid_set_member) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_names_for_mech) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_mechs_for_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_canonicalize_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_export_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_duplicate_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
File "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
<<- SncPDLInit()==SAP_O_K
<<- SncInit()==SAP_O_K
sec_avail = "true"
->> SncSetMyName(snc_hdl=00000000, myname="p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE")
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiIMyHostName: hostname = 'vantage01'
main: pid = 5072, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiICreateHandle: hdl 0 state NI_INITIAL
NiIInitSocket: set default settings for new hdl 0 / sock 180 (I4; ST)
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 0 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 0 FALSE
NiIListen: state of hdl 0 NI_LISTEN
NiIListen: listen for client requests on hdl 0
NiSelICreateSet: new set0
SiSelNInit: allocate 134544 bytes for FI (811)
NiSelIInit: size of set0 is 811
SiSelNSet: sock 180 added to set pos 0
NiSelIAddMsg: added hdl 0 to set0
SiSelNSet: set events of sock 180 to: rp-
reading routtab: 'd:\usr\sap\saprouter\saprouttab'
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3200' = port 0C.80/3200
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3299' = port 0C.E3/3299
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3201' = port 0C.81/3201
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3299' = port 0C.E3/3299
contents of routtab ('d:\usr\sap\saprouter\saprouttab', 7 entries):
KT,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DD8E0, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 194.39.131.34 ffff:ffff:ffff: * *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DDD48, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: * *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DE1B0, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3200 *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DE618, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3299 *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DEA80, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3201 *
P, 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 194.39.131.34 ffff:ffff:ffff: 3299 *
D, 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 * *
NI-ROUTER LOOP ********
SiSelNSelect: start select (timeout=-1) -
Pre requisites for installing SAP Router
Hi Friends,
As i am going through the implementation phase, I have to install sap router which i am new at. Also i am doing it because i have to connect Maintenance Optimizer to Sap service Market place for which Router would be essentially required.
I have some questions to put forth.
1. what are the pre requisites for SAP Router
2. Do we require Public IP and what would be the use of this ip
3. how to configure the SAP Router
4. Can i install the SAP router on the same host on which we have Solution manager, is it advisable. or we should go for a seperate host.
Regards
AayushInstalling the sapcrypto library and starting the SAProuter
Contents
u2022 Downloading necessary software components from SAP Service Marketplace
u2022 Creating the certificate request
u2022 Additional actions necessary before you can start saprouter
This section describes the necessary steps to download and install the sapcrypto library for use with saprouter. The saprouter must be started with the options described later in this section.
The license for the sapcrypto library covers saprouter connections between saprouters at SAP and the first saprouter on customer sites and backend connections within the customer`s network. For all other purposes the library CANNOT be used!
Downloading necessary software components from SAP Service Marketplace
1. Login to the SAP Service Marketplace with the Service Marketplace USERID which is assigned to your installation.
2. Change to the alias SAPROUTER-SNCADD. Before you can download the software components two preconditions must be met.
a. You must have been allowed to download the software. This authorization is added as soon as SAP has received a positive statement from the "Bundesausfuhramt". This procedure is necessary since the software falls under EU regulations.
b. For more information on how to obtain authorization if download is not possible see note 397175.
c. You must accept that you must follow the regulations imposed by the EU on the use and distribution of the cryptographic software components downloaded from the SAP Service Marketplace.
3. The acceptance of the terms and conditions is logged with your USERID and stored for reporting purposes to the "Bundesausfuhramt".
4. Accepting with the button on the web-based form takes you to the folder where you can download the Software components.
These are packed into a single CAR file sapcrypto.car
5. Copy the file to the direcory where the saprouter executable is located
6. You can get the file car.exe/sapcar.exe, which is necessary to unpack the archive from any Installation Kernel CD.
Executing the command car -xvf SAPCRYPTO.CAR will unpack the following files:
[lib]sapcrypto.[dll|so|sl]
sapgenpse[.exe]
ticket
Creating the certificate request
1. As user <snc>adm set the environment variables
SECUDIR = <directory_of_saprouter>
2. Change to the Shortlink SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant "Distinguished Name"
3. Generate the certificate Request with the command
sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
4. Alternatively use the two commands:
sapgenpse get_pse -v -noreq -p local.pse "<Your Distinguished Name>"
sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
5. Display the output file "certreq" and with copy&paste insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name
6. In response you will receive the certificate signed by the CA in the Service Marketplace, cut&paste the text to a local file named srcert
7. With this in turn you can install the certificate in your saprouter by calling
sapgenpse import_own_cert -c srcert -p local.pse
8. now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account)
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
9. This will create a file called cred_v2 in the same directory.
For increased security please check that the file can only be accessed by the user running the SAProuter.
Do not allow any other access (not even from the same group)!
On UNIX this will mean permissions being set to 600 or even 400!
On NT check that the permissions are granted only to the user the service is running as!
1. Check if the certificate has been imported correctly
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
2. If this is not the case, delete the files cred_v2, local.pse and start over at Item 4. If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands
4.,7.,8. and 10.
Additional actions necessary before you can start saprouter
1. The environment variable SNC_LIB needs to be set for the user account SAProuter is running under.
SNC_LIB has the form
UNIX <path_to_libsecude>/<name_of_sapcrypto_library>
Windows NT, Windows 2000 <drive>:\<path_to_libsecude>\<name_of_sapcrypto_library>
2. Check if the environment of the user running saprouter contains the environment variable SNC_LIB
UNIX printenv
Windows NT System environment variable
3. start the saprouter with the following command line:
saprouter -r -S <port> -K "p:<Your Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
the corresponding file ./saprouttab should contain at least the following entries
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
repeat this for the servers and port_numbers you will need to allow,
please make sure that all explicit ports are inserted in front of a
generic entry '*' for port_number
outbound connections to <sapservX> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
permission entries to check if connection is allowed at all
P <IP address of a local host> <IP address of sapserv2>
all other connections will be denied
D * * *
Example
For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
deny all other connections
D * * *
Lalit Kumar
Maybe you are looking for
-
How to set your timed access default to no access?
Hi, I deleted my default no access entry on timed access tab on my router, and now i can't add another default no access, since it requires a Mac address to save it. what do i do? how do i set the default to no acceess again to prevent unwated access
-
Requirements Gateway - Searching for requirements in table rows in a Adobe PDF file
In my quest for creating a good understanding of the coverage of requirements of my test cases I download the NIRG (NI Requirements Gateway) and started out importing my SRS (System Requirement Specifications) documents and some of the test cases. Th
-
Why my whole library wont sync to my phone i have the room
Every time i try to sync my itunes to my iphone it only syncs 330 out of 9 something i have the room for it
-
Dependency between projects for presentations, BPM objects and external res
Hi, I am trying to create a common project for all our exceptions, presentations and external resources... I have updated the properties of the project1 for dependeny on project2(exceptions project) but I am not able to see the user exception BPM Obj
-
How can I apply a Brazilian University to iTunes U?
Is there any way to apply an institution from Brazil to be included at iTunes U?