SAP Router dev_rout file maintenence
Hi All,
We have file size 2 GB limitation on our SAP router server So we have to clean several times router trace file manually.
So I want to know do we have any method available which can maintain this file automatically and my manually intervention not required to clean necessery data.
Shivam Mittal
Hi Shivam,
You can make use of Forfiles utility which is a part of MS 2000/2003/2008 resource kit.
or you can download the same from the link below
http://www.petri.co.il/download_free_reskit_tools.htm
Then create a batch file with following command
<path of Forfiles>/Forfiles -p "<path>" -s -m . -d -10 -c "Cmd /C del @FILE" (all files older than 10 days)
Then schedule this batch job in windows scheduler to automate the proccess.
Regards,
Deepak Kori
Similar Messages
-
Host did not respond error in connecting the SAP Router from SERVICE PLACE
Dear Sir,
We renew the Router Certificate by October 2008. We are using broadband connection in our office with firewall (ISA) .
When we try to connect the sap router from SAP Service Market Place, It is connected and after some time, status is changing to Host did not respond due to timeout.
We checked the SAP Router Tab File also. It is correct. Guide us to solve this issue
With Regards
K.NatarajanHi
This type of error occurs maximum,only when there is no proper connection between the systems.So,my suggestion is to check with the connection between the systems with the help of Basis person.
regards
krishna -
Hello All
We are facing the following issue while starting the SAP router. The router just hangs with the following statement in the command prompt.
trcfile dev_rout
no logging active
upon providing trace level 3 and looking into the dev_route file, the following information is found.
Please help in suggesting possible resolution.
trc file: "dev_rout", trc level: 3, release: "742"
Thu Apr 23 19:06:49 2015
NiIHSBufInit: initialize hostname buffer (IPv4)
NiHLInit: alloc host buf (200 entries)
NiSrvLInit: alloc serv bufs (200 entries)
NiIInit: allocated nitab (811 at 00000000041A2610)
NiIInit: host/serv bufs already initialized
SAP Network Interface Router, Version 40.4
Compiled Mar 30 2015 18:27:50
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -V
command line arg 3: 3
command line arg 4: -K
command line arg 5: p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE
service : 3299
routtab : ./saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
tracefile limit : 0 byte
tracefile maxcnt : 0
socket buffer size : 32768
logfile : no logging active
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=000000000213F148)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
GetUserName()="um1adm" NetWkstaUser="um1adm"
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll".
DlLoadLib success: LoadLibrary("E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"), hdl 0, count 1, addr 0000000010000000
using "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): failed GetProcAddress("sapsnc_init_adapter") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
with error 127 = "The specified procedure could not be found."
DlLoadFunc(): successful GetProcAddress("gss_acquire_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
Thu Apr 23 19:06:49 2015
DlLoadFunc(): successful GetProcAddress("gss_init_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_accept_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_process_context_token") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_delete_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_context_time") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_get_mic") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_verify_mic") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_wrap") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_unwrap") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_display_status") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_indicate_mechs") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_compare_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_display_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_import_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_buffer") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_oid_set") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_cred_by_mech") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_wrap_size_limit") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_export_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_import_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_names_for_mech") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_mechs_for_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_canonicalize_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_export_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
File "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
DlLoadFunc(): successful GetProcAddress("sapcr_get_version") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("sapcr_get_secudir") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
SECUDIR="E:\usr\sap\saprouter" (from $SECUDIR)
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.1) to SAPCRYPTOLIB 5.x
Product Version = SAPCRYPTOLIB 5.5.5C pl38 (Oct 7 2014) MT,AESNI,NB
<<- SncPDLInit()==SAP_O_K
<<- SncInit()==SAP_O_K
sec_avail = "true"
->> SncSetMyName(snc_hdl=0000000000000000, myname="p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE")
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
Thu Apr 23 19:06:49 2015
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiSetParamEx: set NIP_SOCK_BUFFER_SIZE 32768
NiMyHostName: hostname = 'USCINSAPSVR10'
main: pid = 13232, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiSelICreateSet: new set0
SiSelNInit: allocate 172528 bytes for FI (811)
NiSelIInit: size of set0 is 811
NiICreateHandle: hdl 1 state NI_INITIAL_LIS
NiIInitSocket: set default settings for new hdl 1/sock 508 (I4; ST)
Windows Version 6.1, Build 7601
Running on Windows Vista
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 1 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 1 FALSE
NiIListen: state of hdl 1 NI_LISTEN
SiSelNSet: sock 508 added to set pos 0
NiSelIAddMsg: added hdl 1 to set0
SiSelNSet: set events of sock 508 to: rp-
reading routtab: './saprouttab'
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0000000003E5FF60, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34/32 (0/0)
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0000000003E5FF60, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
addrinfo of 'USCINSAPSVR09':
0: 192.168.120.19:0 Thu Apr 23 19:06:49 2015
'USCINSAPSVR09' <unknown socket type 0> (0-2-0-0-16)
1: 192.168.120.19:0 <unknown socket type 0> (0-2-0-0-16)
NiHLGetNodeAddr: got hostname 'USCINSAPSVR09' from operating system
NiIGetNodeAddr: hostname 'USCINSAPSVR09' = addr 192.168.120.19
NiIGetServNo: servicename '3200' = port 3200
NiStrToAddrMask: '192.168.*.*' -> 192.168.0.0/16 (0/1)
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34/32 (0/0)
contents of routtab ('./saprouttab', 3 entries):
KT*,*<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=00000000042354D4, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 194.39.131.34/32 * *
KP*,*<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=000000000423599C, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
Thu Apr 23 19:06:49 2015
p:CN=sapserv2, OU=SAProuter, O= 192.168.120.19/32 3200 p
P*,* 192.168.0.0/16 194.39.131.34/32 * *
******* NI-ROUTER LOOP ********
SiSelNSelect: start select (timeout=-1)** Trace file opened at 20150417 112112 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =CONNECTION_PING
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_DSMOP_RFC_WATCHER==========CP (Transaction: )
er: SOLMAN_BTC (Client: 100)
stination: SAP-OSS (Handle: 1, DtConId: 00000000000000000000000000000000, DtConCnt: 0, ConvId: ,)
P RootContextId: 74D4356C5F6B1ED4B6E3593B0548B699, ConnectionId: 74D4356C5F6B1ED4B6E35960B5B7D699, ConnectionCnt: 1
P TransactionId: 5B15E5E476B3F1738EAD74D4356C5F6B
** Trace file opened at 20150417 112113 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =SAP-OSS
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_SM_DATA_SENDER_RFC=========CP (Transaction: )
er: SOLMAN_BTC (Client: 100)
stination: SAP-OSS (Handle: 2, DtConId: 00000000000000000000000000000000, DtConCnt: 0, ConvId: ,)
P RootContextId: 74D4356C5F6B1ED4B6E3593B0548B699, ConnectionId: 74D4356C5F6B1ED4B6E35960B5B7D699, ConnectionCnt: 1
P TransactionId: 5B15E5E476B3F1738EAD74D4356C5F6B
** Trace file opened at 20150417 112113 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =SAP-OSS
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_SM_DATA_SENDER_RFC=========CP (Transaction: ) -
Hello
I have installed solution manager 7.0 and then sap router is also configured on the same box.
1. To generate a certificate request,
sapgenpse get_pse -v -r D:\usr\sap\saprouter\certreq -p D:\usr\sap\saprouter\local.pse "CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE"
2. Then you have to request the certificate from
http://service.sap.com/tcs -> Download Area -> SAProuter Certificate
3. Create a file D:\usr\sap\saprouter\srcert and copy the requested
certificate into this file. :
sapgenpse import_own_cert -c D:\usr\sap\saprouter\srcert -p
D:\usr\sap\saprouter\local.pse
4. To generate credentials for the user that's running the SAProuter
service:
sapgenpse seclogin -p D:\usr\sap\saprouter\local.pse -O sapadmin
(this will create the file "cred_v2")
5. Check the configuration:
sapgenpse get_my_name -v -n Issuer
(Result: "CN=SAProuter CA, OU=SAProuter,
O=SAP, C=DE")
6. Create SAProuter service on Windows :
ntscmgr install SAProuter -b D:\usr\sap\saprouter\saprouter.exe -p
"service -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K "CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE"
7. Edit the Windows Registry key :
MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAProuter\ImagePath
8. Start the SAProuter service -- success
9. Enter the parameters in OSS1 -> Technical Settings -->
hostname : sbsapmgrapp01
IP: 10.1.0.112
instance : 00
SAP host name : sapserv2
IP: 194.39.131.34
instance:99
10. saprouttab
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.0.112 3200
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P 10.1.0.112 194.39.131.34 3299
deny all other connections
D * * *
when I check the sap-oss connection i am getting internal error. Any help would be appreciate..
Thanks
seshuHi Rahu
Thanks for your response. Here is my saprouttab entry's
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local Solman System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.0.112 3200
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P 10.1.0.112 194.39.131.34 3299
P 10...* 194.39.131.34 *
Here is my dev_rout file..
trc file: "dev_rout", trc level: 1, release: "700"
Thu Oct 16 02:08:22 2008
SAP Network Interface Router, Version 38.10
command line arg 0: D:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -R
command line arg 3: D:\usr\sap\saprouter\saprouttab
command line arg 4: -W
command line arg 5: 60000
command line arg 6: -K
command line arg 7: p:CN=sbsapmgrapp01, OU=0000809350, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\saprouter\sapcrypto.dll".
File "D:\usr\sap\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 1684, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
Thu Oct 16 09:14:17 2008
***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 256
(SI_ECONN_REFUSE/10061; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
Thu Oct 16 09:14:20 2008
***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 256
(SI_ECONN_REFUSE/10061; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]
Kindly suggest the changes in my saprottab file..
Thanks
seshu
Issue resloved..
Edited by: Seshagiri Rao Myneni on Oct 16, 2008 7:31 PM -
Hi All,
I have installed SAP Router before but this time when I installed and tried to start SAP Router its not getting started, and also not giving any error log file in SAP Router directory.
Please check the below command and correct me if I am wrong.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\sap_admin>cd \
C:\>cd SAPRTR
C:\SAPRTR>saprouter -r -S 3299 -K "p:CN=<MyRouterHOSTNAME>, OU=<Cust_NUM>, OU=SAProuter,
O=SAP, C=DE"
SAP Network Interface Router, Version 38.10
Compiled Oct 7 2009 03:08:09
start router : saprouter -r
stop router : saprouter -s
soft shutdown: saprouter -p
router info : saprouter -l (-L)
new routtab : saprouter -n
toggle trace : saprouter -t
cancel route : saprouter -c id
dump buffers : saprouter -d
flush " : saprouter -f
hide errInfo : saprouter -z
start router with third-party library: saprouter -a library
additional options
-R routtab : name of route-permission-file (default ./saprouttab)
-G logfile : name of log file (default no logging)
-T tracefile : name of trace file (default dev_rout)
-V tracelev : trace level to run with (default 1)
-H hostname : of running SAProuter (default localhost)
-S service : service-name / number (default 3299)
-P infopass : password for info requests
-C clients : maximum no of clients (default 800)
-Y servers : maximum no of servers to start (default 1)
-K [myname] : activate SNC; if given, use 'myname' as own sec-id
-A initstring: initialization options for third-party library
-D : switch DNS reverse lookup off
-E : append log- and trace-files to existing
-J filesize : maximum log file size in byte (default off)
-6 : IPv6 enabled
-Z : hide connect error information for clients
expert options
-B quelength : max. no. of queued packets per client (default 1)
-Q queuesize : max. total size for all queues (default 20000000 bytes)
-W waittime : timeout for blocking net-calls (default 5000 millisec)
-M min.max : portrange for outgoing connects, like -M 1.1023
-I address : address for outgoing connects, like -I 155.56.76.6
this is a sample routtab : -----------------------------------------
D host1 host2 serviceX
D host3
P * * serviceX
P 155.56.. 155.56
P 155.57.1011xxxx.*
P host4 host5 * xxx
P host6 localhost 3299
P host7 host8 telnet
S host9
P0,* host10
KP sncname1 * *
KS * host11 *
KD "sncname "abc" * *
KT sncname3 host11 *
deny routes from host1 to host2 serviceX
deny all routes from host3
permit routes from anywhere to any host using serviceX
permit all routes from/to addresses matching 155.56
permit ... with 3rd byte matching 1011xxxx
permit routes from host4 to host5 if password xxx supplied
permit information requests from host6
permit native-protocol-routes to non-SAP-server telnet
permit ... excluding native-protocol-routes (SAP-servers only)
permit ... if number of preceding/succeeding hops (SAProuters) <= 0/*
permit SNC-connection with partnerid = 'sncname1' to any host
permit all SAP-SAP SNC-connections to host11
deny all SNC-connections with partnerid = 'sncname "abc'
open connects to host11 with SNC enabled and partnerid = 'sncname3'
first match [host/sncname host service] is used
permission is denied if no entry matches
service wildcard (*) does not apply to native-protocol-routes
C:\SAPRTR>
Rg
RameshHello my friend
It could be certificate didn't import properly or routtab content is not correct. Here's your checklist:
Creating the certificate request
1) As user <snc_adm> set the environment variables SNC_LIB and SECUDIR
2) Change to the alias SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant u201CDistinguished Nameu201D.
3) Generate the certificate Request with the command:
sapgenpse get_pse -v -r certreq -p local.pse u201C<Distinguished Name>u201D
You will be asked twice for a PIN here. Please choose a PIN and document it, you have to enter it identically both times. Then you will have to enter the same PIN every time you want to use this PSE.
4) Display the output file "certreq" and with copy&paste (including the BEGIN and END statement) insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
5) In response you will receive the certificate signed by the CA in the Service Marketplace. Copy&paste the text to a new local file named "srcert", which must be created in the same directory as the sapgenpse executable.
6) With this in turn you can install the certificate in your saprouter by calling:
sapgenpse import_own_cert -c srcert -p local.pse
7) Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user_for_saprouter>, the credentials are created for the logged in user account).
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
Note: The account of the service user should always be entered in full <domainname>\<username>
8) This will create a file called "cred_v2" in the same directory as "local.pse"
9) Check if the certificate has been imported successfully with the following command:
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
10) If this is not the case, delete the files "cred_v2"and "local.pse" and start over at Item 3.
Additional actions necessary before you can start SAProuter
1. Check if the environment of the user running SAProuter contains the environment variable SNC_LIB and SECUDIR
2. Start the SAProuter with the following command line (to start the SAProuter as a Windows service, please follow the steps described in SAP note 525751):
saprouter -r -S <port> -K "p:<Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
3. The corresponding file "saprouttab" should look like:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
SNC-connection from SAP to telnet in your network
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P * 194.39.131.34 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your IP> <port>
Regards,
Effan
DON'T KNOW WHY THE FORMAT MESSED UP, PLEASE USE QUOTE ORIGINAL IN REPLY MODE TO READ THE CORRECT FORMAT CONTENT. SORRY! -
Hi Guys,
I just installing and configured the saprouter in our system, when I'd registered the server SID in OSS, they gave me this IP which is not our internal or external IP.What's this IP for actually? Do I need to put it in my saprouttab coz right now I open the connection from OSS (Host did not respond X times).
TQHi,
I just configured my saprouter and everything went okay, even the OSS1 is working but when i open the connection in the OSS (service.sap.com), the connection is open for about 8 minutes but then its lost connection (yellow).Was there something missing here? I already put the outbound connection (KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *) and our server (KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <my SAP router> *) in my saprouttab. Here the recent log from devrout :
trc file: "dev_rout", trc level: 3, release: "700"
Tue Jan 15 11:33:53 2008
NiHsLInit: alloc host/serv bufs (200/200 entries)
NiIInit: allocated nitab (811 at 00280048)
NiIInit: host/serv bufs already initialized
NiPGetNodeAddrList: got 1 interface(s) from operating system
[0] IP-Address: 192.168.1.220
NiIGetServNo: servicename '3299' = port 0C.E3/3299
SAP Network Interface Router, Version 38.10
Compiled Sep 27 2007 01:16:41
command line arg 0: d:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -R
command line arg 3: d:\usr\sap\saprouter\saprouttab
command line arg 4: -S
command line arg 5: 3299
command line arg 6: -K
command line arg 7: p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE
command line arg 8: -V3
service : 3299
routtab : d:\usr\sap\saprouter\saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
logfile : no logging active
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=01D1FF1B)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll".
load shared library (D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll), hdl 0
using "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll"
DlLoadFunc: GetProcAddress(sapsnc_init_adapter) Error 127
Error 127 = "The specified procedure could not be found."
load shared func (gss_acquire_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_init_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_accept_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_process_context_token) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_delete_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_context_time) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_get_mic) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_verify_mic) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_wrap) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_unwrap) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_display_status) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_indicate_mechs) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_compare_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_display_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_import_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_buffer) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_oid_set) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_add_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_cred_by_mech) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_wrap_size_limit) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_export_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_import_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_create_empty_oid_set) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_add_oid_set_member) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_test_oid_set_member) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_names_for_mech) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_mechs_for_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_canonicalize_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_export_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_duplicate_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
File "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
<<- SncPDLInit()==SAP_O_K
<<- SncInit()==SAP_O_K
sec_avail = "true"
->> SncSetMyName(snc_hdl=00000000, myname="p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE")
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiIMyHostName: hostname = 'vantage01'
main: pid = 5072, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiICreateHandle: hdl 0 state NI_INITIAL
NiIInitSocket: set default settings for new hdl 0 / sock 180 (I4; ST)
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 0 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 0 FALSE
NiIListen: state of hdl 0 NI_LISTEN
NiIListen: listen for client requests on hdl 0
NiSelICreateSet: new set0
SiSelNInit: allocate 134544 bytes for FI (811)
NiSelIInit: size of set0 is 811
SiSelNSet: sock 180 added to set pos 0
NiSelIAddMsg: added hdl 0 to set0
SiSelNSet: set events of sock 180 to: rp-
reading routtab: 'd:\usr\sap\saprouter\saprouttab'
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3200' = port 0C.80/3200
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3299' = port 0C.E3/3299
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3201' = port 0C.81/3201
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3299' = port 0C.E3/3299
contents of routtab ('d:\usr\sap\saprouter\saprouttab', 7 entries):
KT,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DD8E0, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 194.39.131.34 ffff:ffff:ffff: * *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DDD48, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: * *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DE1B0, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3200 *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DE618, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3299 *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DEA80, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3201 *
P, 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 194.39.131.34 ffff:ffff:ffff: 3299 *
D, 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 * *
NI-ROUTER LOOP ********
SiSelNSelect: start select (timeout=-1) -
Hi,
We are configured new installation of SAP Router. Router side it's working fine.
We are not able to connect OSS1. It's given error was "Service ? unknown".
Out saprouttab like
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.17.3.9 3200
P 172.17.3.25 194.39.131.34 3299
dev_rout showing this error.
***LOG Q0I=> NiPGetServByName: service 'sapdp99' not found: getservbyname [ninti.c 463]
Please check it and suggest me.
Regards
S.PrasadHello,
I already solve my problem. I had an error when I tried to log on at transaction OSS1 after I setup the saprouter configuration. It showed a window with the error "Unable to connect to SAPNet message server" and after service 'sapdb99' unknown".
The solution for this was put this entry sapdp99 3299/tcp in services file located in C:WINDOWSsystem32driversetc (on Window) on sap router server!!
After doing a restart the to service (services.msc) of SAP Router the problem has been overcome.
King regards,
João Dimas - Portugal -
SAP router service is not running.
Hi Everyone.,
Today I have tried to renew the certificate in windows system every thing went well till the end but after importing newly generated certificate sap router service failed to start. Below is the error message when i try to start the service.
D:\usr\sap\SOL\SYS\exe\uc\NTI386>saprouter -r -S 3299 -K "p:CN=SOLMGR, OU=000086
1986, OU=SAPRouter, O=SAP, C=DE"
trcfile dev_rout
no logging active
DEV_rout
trc file: "dev_rout", trc level: 1, release: "700"
Sat Dec 04 09:30:26 2010
SAP Network Interface Router, Version 38.0
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -S
command line arg 3: 3299
command line arg 4: -K
command line arg 5: p:CN=SOLMGR, OU=0000861986, OU=SAPRouter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\SOL\SYS\exe\uc\NTI386\sapcrypto.dll".
File "D:\usr\sap\SOL\SYS\exe\uc\NTI386\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 7560, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
When i tried to start the service manually then service is starting fine but when i tried to check OSS-001 connection in SM59 it says routtab permission failed rc-94.
Please suggest if any one ever faced this issue.
REgards,
VinodHi Sunil,
I have cross checked the orutab file. Please see below routab file and sugegst me incase if you find mistakes.
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to your system SOL with SAPGUI
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 88.85.224.92 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" solmgr 3200
SNC-connection from SAP to your system SOL with WTS
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 88.85.224.92 3389
SNC-connection from SAP to your system ECC DEV with SAPGUI
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.128.2.239 3200
SNC-connection from SAP to local R/3-System for PCANYwhere
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631
SNC-connection from SAP to local R/3-System for saptelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from your local Network to SAP R/3 Frontend (OSS)
P * 194.39.131.34 3299
deny all other connections
D * * *
Also today i recieved a mail saying that client has chnaged the IP address of the saolution manager recently. Do they need to re register the IP with sap again. But i am able to telnet sapserv2 server IP using 3299 port and also able to ping the server. Please suggest.
Regards,
Vinod -
SAP Router configuration on Linux platform (error in start script)
Hello gurus,
I´m trying to setup the saprouter on Fedora v14 (32 bits).
I did all the configure with root user. The problem is when I run the script that starts the saprouter service, it show me the following error:
[root@saprouter sap]# pwd
/usr/sap/saprouter
[root@saprouter saprouter]# saprouter_start
/usr/sap/saprouter/saprouter_start: line 12: syntax error near unexpected token `|'
'usr/sap/saprouter/saprouter_start: line 12: ` | tee -a $LOGFILE &
The content of this script, has the following sintaxes:
# Start saprouter
# You can automatically start SAProuter when you start the system. In UNIX for example, you would change file /etc/rc.
# saprouter CN=saprouter, OU=0001214237, OU=SAProuter, O=SAP, C=DE sapserv2
SRDIR=/usr/sap/saprouter
LOGFILE="usr/sap/saprouter/saprouter_log"
if [ -f $SRDIR/saprouter ] ; then
echo "Starting SAP Router" | tee -a $LOGFILE
$SRDIR/saprouter -r -R $SRDIR/saprouttab -G $LOGFILE -W 60000 -K "p:CN=saprouter, OU=0001214237, OU=SAProuter, O=SAP, C=DE"
| tee -a $LOGFILE &
fi
The strange of this is I already did this type of configuration on Linux with the same scripts... but in red hat enterprise linux x86_64 and in there it works perfectly!
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4f/992ce8446d11d189700000e8322d00/frameset.htm
Can you help me please in way to solve this problem...?!
Best regards,
João Dimas - PortugalHello Clebio,
First al all, please don´t forget to read my previous message.
I´m writing again because I made other tests that I would like to show you...!
1- In my previous message I mentioned an error when I ran directly the command # saprouter -r... and as you recomend, I typed the "ldd saprouter", the output of this show that libstdc+.so.5: was not found! I already solve this issue, I installed the compat-libstdc+ with # yum install compat-libstdc++. So... now when I run that "ldd saprouter" the result is:
[root@saprouter saprouter]# ldd saprouter
linux-gate.so.1 => (0x003a9000)
libdl.so.2 => /lib/libdl.so.2 (0x00911000)
librt.so.1 => /lib/librt.so.1 (0x00918000)
libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x00110000)
libm.so.6 => /lib/libm.so.6 (0x00923000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00966000)
libpthread.so.0 => /lib/libpthread.so.0 (0x008f4000)
libc.so.6 => /lib/libc.so.6 (0x00768000)
/lib/ld-linux.so.2 (0x00747000)
It seems that is solved! Is not it?
2- After that correction, I ran again the # saprouter -r but now it show me the following error:
[root@saprouter saprouter]# saprouter -r
trcfile dev_rout
no logging active
*** ERROR => invalid lines in './saprouttab', see 'dev_rout' [nirout.cpp 8006]
... next, what I did was, I opened the dev_rout:
trc file: "dev_rout", trc level: 1, release: "700"
Thu Aug 11 13:10:49 2011
SAP Network Interface Router, Version 38.10
command line arg 0: saprouter
command line arg 1: -r
main: pid = 9808, ppid = 2038, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
*** ERROR => SNC field without SNC active, skip line 2 [nirout.cpp 7775]
*** ERROR => SNC field without SNC active, skip line 3 [nirout.cpp 7775]
*** ERROR => SNC field without SNC active, skip line 8 [nirout.cpp 7775]
... and I also checked my saprouttab in there I see...:
1. vim saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KT "p:CN=saprouter, OU=000121987, OU=SAProuter, O=SAP, C=DE" 81.193.132.663 3299
# SNC connection to local system for R/3-Support
# R/3 Server: 192.168.34.178
# R/3 Instance: 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.34.178 3200
# Access from the local Network to SAP
P * 194.39.131.34 3299
# Deny all other connections
#D * * *
What´s the problem!??! I don´t get it!! My God... I don´t understand, all the entries in saprouttab seems well to me! Can you verify this please?! It´s correct, isn´t it?
Can you help me!?
Thank you
João Dimas - Portugal -
Hi Experts,
We have many File to EDI scenarios wherein XI System pick up the XML and sent to customers via EDI. Recently we faced a problem so created a Back-up System (Production copy) and tested successfully. After sometime the messages were routed to this back-up system and when we notice it and then stopped the back-up system. All the messages that were routed to back-up system, we try to send the same messages from the actually Production system to our customers. Now the problem is XI system (Production system) is unable to pick these files and I check the communication monitoring and encountered the below error message.
Could not process due to error: com.sap.aii.adapter.file.ftp.FTPEx: 550.550
Can anyone let me know how to fix the issue or what needs to be done?
Your help is highly appreciated.
Regards
FaisalHi,
It seems to be problem with permission of files. Please ask your basis to do following:
1. Set the permissions to FTP User you are using as 777 rights(full access to read , write and delete)
2.If you have access to PI server, try to telnet /connect to ftp using command prompt (open ftp .....) the FTP server form there, you should see the same error there , inform this to your network guys.
3.Clear all the files places already in the ftp (take backup) and test afresh after permissions are set by basis team.
Regards
Aashish Sinha -
SAP router error on windows server 2008 64bit
Hi All,
I am installing sap router on windows 2008 server 64 bit.
While trying to generate certificate request it showing below error.
E:\usr\sap\saprouter\nt-x86_64>sapgenpse get_pse -v -r certreq -p local.pse "CN=
solman, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "C:\Users\soladm\sec\local.pse".
Please enter PIN:
Please reenter PIN:
Supplied distinguished name: "CN=solman, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=
DE"
Creating PSE with format v2 (default)
get_pse: Can't create PSE.
ERROR in af_create: (4352/0x1100) could not flush : "SW-PSE"
ERROR in create_PSE: (4352/0x1100) could not flush : "SW-PSE"
ERROR in modified_PSEFile: (4352/0x1100) could not flush : "SW-PSE"
ERROR in flush_PSEFile: (1283/0x0503) Can't write file : "C:\Users\soladm\sec\lo
cal.pse"
ERROR in aux_OctetString2file: (1283/0x0503) Can't write file : "C:\Users\soladm
\sec\local.pse"
I couldn't find the cryptography software specifically for windows 2008 server 64 bit ? So I downloaded the software for windows server 64 bit platform.
Do any one have idea on this...
Please reply..
Regards
VinayHi,
Yes, there is no specific cryptography software for windows server 2008 and whatever u have chosen is correct.
Fom the following error message I could see where the issue arises.
Can't write file : "C:\Users\soladm\sec\local.pse"
I think you have not set the following ENV variable for the SAPRouter admin user (in your case soladm) and hence the sapgenpse tries to import the certificate in the SOLADM user's document folder.
Set the following variables for the user SOLADM and then try to import the certificate as mentioned in the [link|http://service.sap.com/saprouter-sncdoc].
SECUDIR = E:\usr\sap\saprouter
SNC_LIB = E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll
Hope this resolves ur issue.
Regards,
Varadharajan M -
JCO Creation error using SAP router string
Hi All,
I have created technical system using customer system IP. After that I have created the JCO
I have given the details while creating a JCO:
JCO Name : <Name>
Client detail: <Client>
Message Server :< hostname>
Logon Group :<SPACE>
SAP Router String :< /H/<host IP>/H/S/<message server port number>
User Name :<User name>
Password :<***>
I have updated the Host and service file in the portal server.
When I am testing the JCO I got an exception:
com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM TYPE=B MSHOST=dicisap1 GROUP=PUBLIC R3NAME=DCD MSSERV=sapmsDCD SAPROUTER_STRING=/H/<RouterIP>/S/3600 PCS=1 LOCATION SAProuter 37.11 on SOLNMAN ERROR timeout occured TIME Wed Nov 05 17:42:31 2008 RELEASE 640 COMPONENT NI (network interface) VERSION 37 RC -93 COUNTER 4825
How to resolve this problem ?
Regards,
Boopathi MHi
Check out these thread
/message/5401584#5401584 [original link is broken]
JCO$Exception: (102) RFC_ERROR_COMMUNICATION: CPIC-CALL: 'SAP_CMACCPTP'
Thanks -
Error while importing SAP Router renew Certificate
Hi Gurus,
My sap router certificate got expired and got mail from SAP to renew, so I decided to renew it and followed link http://wiki.sdn.sap.com/wiki/display/Basis/HowtorenewtheSAPRouterlicense to renew saprouter certificate. All the steps were executed fine But I got below error while importing certificate from srcert file.
C:\saprouter>sapgenpse import_own_cert -c srcert -p local.pse
Please enter PIN:
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your
public key found
Please advise me to solve this issue.
Thanks,
VenkatHi Deepak,
thanks for your reply.
yes i have entered correct Pin and in the first step i have moved local.pse and cred_v2, certreq, srcert files to C:/saprouter/backup folder
After executing import command it has given error first time so i copied local.pse file to C:\saprouter folder and executed but same error result.
please help me to solve it.
Thanks,
Venkat -
Error in importing SAP Router Certificate
Hello,
I am trying to import my SAP Router certificate with the following command
sapgenpse import_own_cert -c srcert -p local.pse
But I get the following reply
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public key found
I have placed the srcert file in c:\usr\sap\saprouter\ntintel
any suggestions?Dear Vishnu,
Thanks for your time and inputs
I tried the procedure few times. Its just not working..... somethings really strange here
I went through the link you provided but that does not help either
Now I am getting a new error as pasted below
C:\usr\sap\saprouter\ntintel>sapgenpse import_own_cert -p local.pse -c srcert
Please enter PIN:
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1281/0x0501) aux_file2OctetString failed : "No such file or directory"
ERROR in ssf_read_certs_from_file: (1281/0x0501) aux_file2OctetString failed : "No such file or directory"
ERROR in aux_file2OctetString: (1281/0x0501) stat("srcert") returned : "No such file or directory"
Any suggestions? -
SAP Router status shows cancelled in SMP
Dear all,
We have an issue in SAP Router - SMP.
I have checked SAP status , its shows cancelled in Service market place.
we could not able access SAP through Router string .
Kindl;y advise.The envieroment variables are ok,
Check the saprouttab file in C:\saprouter, open the saprouttab file and check entries.
Example saprouttab
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC connection to local system for R/3-Support
R/3 Server: 192.168.1.1
R/3 Instance: 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.1 3200
SNC connection to local WINDOWS system for WTS, if applicable
Windows server: 192.168.1.2
Default WTS port: 3389
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.2 3389
SNC connection to local UNIX system for SAPtelnet, if applicable
UNIX server: 192.168.1.3
Default Telnet port: 23
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.3 23
SNC connection to local Portal system for HTTP URL access, if applicable
Portal server: 192.168.1.4
HTTP Port: 50003
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.4 50003
Access from the local Network to SAP
P 192.168.. 194.39.131.34 3299
Deny all other connections
D * * *
More info in:
http://service.sap.com/access-support
Technical Prerequisites -> How to establish Internet Connections -> SNC: Installing crypto functions
I hope that you can solved your issue
Maybe you are looking for
-
Sales report for the month.
Hi all, I am looking for some help with a query that I am trying to write for a customer. They have asked me for a report that shows them a date range of sales not including: Discount, Tax, and Shipping/Freight. They are wanting to be able to populat
-
Need Inputs - Creation of webservice in SAP R3 through PI
Hi Experts, Need inputs that my client wants me to create an webservice in SAP/R3 through PI and they (client) will call it by their 3rd party software. Webservice contain fields like :- Comany_Code, Location_Code,Item _code etc. SAP - > PI ---> 3r
-
Flash QA: How to extracting all URLs in a flash file
As part of performing link validation on web sites, there's no obvious way to enumerate all URLs in all flash files for link validation. Of course I can open each flash file and review the each actions pane, but that is slow-going. How can I do this
-
im trying to boot from external hdd and efi bios does not even see the external hard drive!!!! i work at the educational facility and i just got 40 imacs that have to be cloned!!! doing every one of those by hand would be a nightmare. does apple actu
-
Hi there I have a working program that takes in the user input, puts it into an array and sorts it using two methods (bubble/selection) and prints them in ascending order. However I would like to compare the efficiency of both of these and at first I