SAP router IP address
i am confused with what should be my SAP router Machine IP.
my WAN IP is 115.186.139.38
the Live IP pool or public IP address which i have purchased from by ISP:
115.186.151.200/30
115.186.151.201
115.186.151.202
115.186.151.203
and the machince on which saprouter is running local IP is 192.168.1.91 should i put the IP pool IP in IP4 setting of local machine or just need to map it with the IP i.e. WAN static IP: 115.186.139.38 through which i browing the internet
CURRENTLY MY VPN GATWAY IS 115.186.151.201
can i use the WAP IP for traffic mapping with local IP or i have to use some other public like address like 115.186.151.202
Edited by: Mohammad Farooq on Jun 10, 2010 1:49 PM
Hi Farooq
I will give give you GUI Settings for SAProuter
Application Server: Private IP or static IP. here 115.186.139.38
System No.: <nn>
System ID : <SID>
SAProuter String: /H/public IP/S/ServerPort/H
eg: /H/192.168.1.91/3299/H
Thanks&Regards
Uday
Similar Messages
-
Hello All
We are facing the following issue while starting the SAP router. The router just hangs with the following statement in the command prompt.
trcfile dev_rout
no logging active
upon providing trace level 3 and looking into the dev_route file, the following information is found.
Please help in suggesting possible resolution.
trc file: "dev_rout", trc level: 3, release: "742"
Thu Apr 23 19:06:49 2015
NiIHSBufInit: initialize hostname buffer (IPv4)
NiHLInit: alloc host buf (200 entries)
NiSrvLInit: alloc serv bufs (200 entries)
NiIInit: allocated nitab (811 at 00000000041A2610)
NiIInit: host/serv bufs already initialized
SAP Network Interface Router, Version 40.4
Compiled Mar 30 2015 18:27:50
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -V
command line arg 3: 3
command line arg 4: -K
command line arg 5: p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE
service : 3299
routtab : ./saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
tracefile limit : 0 byte
tracefile maxcnt : 0
socket buffer size : 32768
logfile : no logging active
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=000000000213F148)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
GetUserName()="um1adm" NetWkstaUser="um1adm"
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll".
DlLoadLib success: LoadLibrary("E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"), hdl 0, count 1, addr 0000000010000000
using "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): failed GetProcAddress("sapsnc_init_adapter") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
with error 127 = "The specified procedure could not be found."
DlLoadFunc(): successful GetProcAddress("gss_acquire_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
Thu Apr 23 19:06:49 2015
DlLoadFunc(): successful GetProcAddress("gss_init_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_accept_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_process_context_token") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_delete_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_context_time") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_get_mic") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_verify_mic") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_wrap") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_unwrap") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_display_status") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_indicate_mechs") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_compare_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_display_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_import_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_buffer") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_oid_set") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_cred_by_mech") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_wrap_size_limit") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_export_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_import_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_names_for_mech") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_mechs_for_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_canonicalize_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_export_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
File "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
DlLoadFunc(): successful GetProcAddress("sapcr_get_version") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("sapcr_get_secudir") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
SECUDIR="E:\usr\sap\saprouter" (from $SECUDIR)
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.1) to SAPCRYPTOLIB 5.x
Product Version = SAPCRYPTOLIB 5.5.5C pl38 (Oct 7 2014) MT,AESNI,NB
<<- SncPDLInit()==SAP_O_K
<<- SncInit()==SAP_O_K
sec_avail = "true"
->> SncSetMyName(snc_hdl=0000000000000000, myname="p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE")
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
Thu Apr 23 19:06:49 2015
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiSetParamEx: set NIP_SOCK_BUFFER_SIZE 32768
NiMyHostName: hostname = 'USCINSAPSVR10'
main: pid = 13232, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiSelICreateSet: new set0
SiSelNInit: allocate 172528 bytes for FI (811)
NiSelIInit: size of set0 is 811
NiICreateHandle: hdl 1 state NI_INITIAL_LIS
NiIInitSocket: set default settings for new hdl 1/sock 508 (I4; ST)
Windows Version 6.1, Build 7601
Running on Windows Vista
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 1 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 1 FALSE
NiIListen: state of hdl 1 NI_LISTEN
SiSelNSet: sock 508 added to set pos 0
NiSelIAddMsg: added hdl 1 to set0
SiSelNSet: set events of sock 508 to: rp-
reading routtab: './saprouttab'
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0000000003E5FF60, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34/32 (0/0)
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0000000003E5FF60, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
addrinfo of 'USCINSAPSVR09':
0: 192.168.120.19:0 Thu Apr 23 19:06:49 2015
'USCINSAPSVR09' <unknown socket type 0> (0-2-0-0-16)
1: 192.168.120.19:0 <unknown socket type 0> (0-2-0-0-16)
NiHLGetNodeAddr: got hostname 'USCINSAPSVR09' from operating system
NiIGetNodeAddr: hostname 'USCINSAPSVR09' = addr 192.168.120.19
NiIGetServNo: servicename '3200' = port 3200
NiStrToAddrMask: '192.168.*.*' -> 192.168.0.0/16 (0/1)
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34/32 (0/0)
contents of routtab ('./saprouttab', 3 entries):
KT*,*<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=00000000042354D4, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 194.39.131.34/32 * *
KP*,*<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=000000000423599C, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
Thu Apr 23 19:06:49 2015
p:CN=sapserv2, OU=SAProuter, O= 192.168.120.19/32 3200 p
P*,* 192.168.0.0/16 194.39.131.34/32 * *
******* NI-ROUTER LOOP ********
SiSelNSelect: start select (timeout=-1)** Trace file opened at 20150417 112112 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =CONNECTION_PING
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_DSMOP_RFC_WATCHER==========CP (Transaction: )
er: SOLMAN_BTC (Client: 100)
stination: SAP-OSS (Handle: 1, DtConId: 00000000000000000000000000000000, DtConCnt: 0, ConvId: ,)
P RootContextId: 74D4356C5F6B1ED4B6E3593B0548B699, ConnectionId: 74D4356C5F6B1ED4B6E35960B5B7D699, ConnectionCnt: 1
P TransactionId: 5B15E5E476B3F1738EAD74D4356C5F6B
** Trace file opened at 20150417 112113 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =SAP-OSS
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_SM_DATA_SENDER_RFC=========CP (Transaction: )
er: SOLMAN_BTC (Client: 100)
stination: SAP-OSS (Handle: 2, DtConId: 00000000000000000000000000000000, DtConCnt: 0, ConvId: ,)
P RootContextId: 74D4356C5F6B1ED4B6E3593B0548B699, ConnectionId: 74D4356C5F6B1ED4B6E35960B5B7D699, ConnectionCnt: 1
P TransactionId: 5B15E5E476B3F1738EAD74D4356C5F6B
** Trace file opened at 20150417 112113 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =SAP-OSS
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_SM_DATA_SENDER_RFC=========CP (Transaction: ) -
Setting up SAP Router for SNC ... error...
Hi,
My SAP Router is installed on a server that is Linux based. (IP address is 10.11.0.24)
I'm not sure if is saprouttab or saprouter itself having issue.
I started the saprouter via this command: saprouter -r -G routerlog -W 60000 -S 3299 -K "p:CN=XXXXXXXX, OU=ZZZZZZZZZZ, OU=SAProuter, O=SAP, C=DE"
saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
# SNC connection to local system for R/3-Support for support
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3201
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.23 3200
# Access from local network to SAPNet (OSS)
P 10.11.0.* 169.145.197.110 3299
P * 10.11.0.* * *
# deny all other connections
D * * *
Troubleshooting steps taken:
Running niping -s on SAP Router Server & niping.exe -c -H 10.11.0.24 is successful, self-test is okay but... when running both niping -s & saprouter -r on SAP Router Server is giving me the following error:
C:\test>niping.exe -c -S 3299 -H 10.11.0.24
Wed Feb 05 14:51:29 2014
connect to server o.k.
Wed Feb 05 14:51:30 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp 2146]
*** ERROR => NiTClientLoop: NiTReadLoop (rc=-93) [nixxtst.cpp 2590]
* LOCATION SAProuter 40.4 on 'XXXXXXXX'
* ERROR internal error
* TIME Wed Feb 5 14:51:29 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -93
* MODULE nirout.cpp
* LINE 2698
* DETAIL NiRClientHandle: route expected
* COUNTER 2
C:\Users\tohcy\Desktop\test>niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.24
Wed Feb 05 15:01:00 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2146]
*** ERROR => NiBufIConnect: route connect for non-buffered hdl 1 failed (rc=-94;/H/10.11.0.24/H/10.11.0.24); pong not received [nibuf.cpp 4801]
*** ERROR => NiTClientLoop: NiHandle (rc=-94) [nixxtst.cpp 2590]
* LOCATION SAProuter 40.4 on 'XXXXXXXX'
* ERROR XXXXXXXX: route permission denied (YYY to 10.11.0.24, 3299)
* TIME Wed Feb 5 15:00:59 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -94
* COUNTER 7Hi Deepak,
I've changed to the P * * *
I run the command: niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.23
Can I check if this command is correct?
Router is 10.11.0.24 trying to reach sap server 10.11.0.23.
Error:
Thu Feb 06 09:20:17 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp 2146]
NiBufIConnect: route connect of non-buffered hdl 1 to '/H/10.11.0.24/H/10.11.0.23' timeout
*** ERROR => NiTClientLoop: NiHandle (rc=-5) [nixxtst.cpp 2590]
* ERROR timeout occured
* TIME Thu Feb 06 09:20:17 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -5
* MODULE nibuf.cpp
* LINE 4795
* DETAIL NiBufIConnect: route connect '/H/10.11.0.24/H/10.11.0.23'
* timeout
* COUNTER 1
routerlog:
Thu Feb 6 09:27:21 2014 CONNECT FROM C19/- host 10.11.0.181/50107
Thu Feb 6 09:27:21 2014 CONNECT TO S19/12 host 10.11.0.23/3299
Thu Feb 6 09:28:21 2014 CONNECT ERR S19/12 could not establish connection within 60s
Thu Feb 6 09:28:21 2014 DISCONNECT S19/12 host 10.11.0.23/3299
10.11.0.181 is my computer current IP address.
Any other clues/hint? -
Hi All,
I have installed SAP Router before but this time when I installed and tried to start SAP Router its not getting started, and also not giving any error log file in SAP Router directory.
Please check the below command and correct me if I am wrong.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\sap_admin>cd \
C:\>cd SAPRTR
C:\SAPRTR>saprouter -r -S 3299 -K "p:CN=<MyRouterHOSTNAME>, OU=<Cust_NUM>, OU=SAProuter,
O=SAP, C=DE"
SAP Network Interface Router, Version 38.10
Compiled Oct 7 2009 03:08:09
start router : saprouter -r
stop router : saprouter -s
soft shutdown: saprouter -p
router info : saprouter -l (-L)
new routtab : saprouter -n
toggle trace : saprouter -t
cancel route : saprouter -c id
dump buffers : saprouter -d
flush " : saprouter -f
hide errInfo : saprouter -z
start router with third-party library: saprouter -a library
additional options
-R routtab : name of route-permission-file (default ./saprouttab)
-G logfile : name of log file (default no logging)
-T tracefile : name of trace file (default dev_rout)
-V tracelev : trace level to run with (default 1)
-H hostname : of running SAProuter (default localhost)
-S service : service-name / number (default 3299)
-P infopass : password for info requests
-C clients : maximum no of clients (default 800)
-Y servers : maximum no of servers to start (default 1)
-K [myname] : activate SNC; if given, use 'myname' as own sec-id
-A initstring: initialization options for third-party library
-D : switch DNS reverse lookup off
-E : append log- and trace-files to existing
-J filesize : maximum log file size in byte (default off)
-6 : IPv6 enabled
-Z : hide connect error information for clients
expert options
-B quelength : max. no. of queued packets per client (default 1)
-Q queuesize : max. total size for all queues (default 20000000 bytes)
-W waittime : timeout for blocking net-calls (default 5000 millisec)
-M min.max : portrange for outgoing connects, like -M 1.1023
-I address : address for outgoing connects, like -I 155.56.76.6
this is a sample routtab : -----------------------------------------
D host1 host2 serviceX
D host3
P * * serviceX
P 155.56.. 155.56
P 155.57.1011xxxx.*
P host4 host5 * xxx
P host6 localhost 3299
P host7 host8 telnet
S host9
P0,* host10
KP sncname1 * *
KS * host11 *
KD "sncname "abc" * *
KT sncname3 host11 *
deny routes from host1 to host2 serviceX
deny all routes from host3
permit routes from anywhere to any host using serviceX
permit all routes from/to addresses matching 155.56
permit ... with 3rd byte matching 1011xxxx
permit routes from host4 to host5 if password xxx supplied
permit information requests from host6
permit native-protocol-routes to non-SAP-server telnet
permit ... excluding native-protocol-routes (SAP-servers only)
permit ... if number of preceding/succeeding hops (SAProuters) <= 0/*
permit SNC-connection with partnerid = 'sncname1' to any host
permit all SAP-SAP SNC-connections to host11
deny all SNC-connections with partnerid = 'sncname "abc'
open connects to host11 with SNC enabled and partnerid = 'sncname3'
first match [host/sncname host service] is used
permission is denied if no entry matches
service wildcard (*) does not apply to native-protocol-routes
C:\SAPRTR>
Rg
RameshHello my friend
It could be certificate didn't import properly or routtab content is not correct. Here's your checklist:
Creating the certificate request
1) As user <snc_adm> set the environment variables SNC_LIB and SECUDIR
2) Change to the alias SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant u201CDistinguished Nameu201D.
3) Generate the certificate Request with the command:
sapgenpse get_pse -v -r certreq -p local.pse u201C<Distinguished Name>u201D
You will be asked twice for a PIN here. Please choose a PIN and document it, you have to enter it identically both times. Then you will have to enter the same PIN every time you want to use this PSE.
4) Display the output file "certreq" and with copy&paste (including the BEGIN and END statement) insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
5) In response you will receive the certificate signed by the CA in the Service Marketplace. Copy&paste the text to a new local file named "srcert", which must be created in the same directory as the sapgenpse executable.
6) With this in turn you can install the certificate in your saprouter by calling:
sapgenpse import_own_cert -c srcert -p local.pse
7) Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user_for_saprouter>, the credentials are created for the logged in user account).
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
Note: The account of the service user should always be entered in full <domainname>\<username>
8) This will create a file called "cred_v2" in the same directory as "local.pse"
9) Check if the certificate has been imported successfully with the following command:
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
10) If this is not the case, delete the files "cred_v2"and "local.pse" and start over at Item 3.
Additional actions necessary before you can start SAProuter
1. Check if the environment of the user running SAProuter contains the environment variable SNC_LIB and SECUDIR
2. Start the SAProuter with the following command line (to start the SAProuter as a Windows service, please follow the steps described in SAP note 525751):
saprouter -r -S <port> -K "p:<Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
3. The corresponding file "saprouttab" should look like:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
SNC-connection from SAP to telnet in your network
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P * 194.39.131.34 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your IP> <port>
Regards,
Effan
DON'T KNOW WHY THE FORMAT MESSED UP, PLEASE USE QUOTE ORIGINAL IN REPLY MODE TO READ THE CORRECT FORMAT CONTENT. SORRY! -
Error while checking connection after establishing sap router
Hello All,
I have installed a sap router on our solution manager on Linux environment
when i try to check the RFC connection from SM59 i am receiving the following error.
my message server is configured as follows
Msg. Server - /H/<SAP Router Ip>/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
<SAP Router> is my solman ip address
Connection Test SAPOSS
Logon Connection Error
Error Details Error when opening an RFC connection
Error Details ERROR: timeout while pending for route completion
Error Details LOCATION: SAP-Server sgtr-s-devs1d_S1D_67 on host sgtr-s-devs1d (wp 0)
Error Details DETAIL: NiErrSet
Error Details COMPONENT: NI (network interface)
Error Details COUNTER: 175
Error Details MODULE:
Error Details LINE:
Error Details RETURN CODE: -12
Error Details SUBRC: 0
Error Details RELEASE: 700
Error Details TIME: Wed Feb 22 23:33:20 2012
Error Details VERSION: 38
my oss1 tecnical settings are as follows.
sap router at customer side
Name sgtr-s-devs1d
IP Address 65.38.107.196
Instance no. 99
sap router at sap
Name sapserv2
IP Address 194.39.131.34
Instance no. 99
when i do a logon i get the following error
Unable to connect to SAPNet message server
(Default connection will be used...)
To check whether saprouter is working or not i have executed few commands
u2022 ps -ef|grep saprouter
s1dadm 9873 9590 0 05:53 pts/2 00:00:00 saprouter -r -S 3299 -V 3 -K p:CN=sgtr-s-devs1d, OU=0000858034, OU=SAProuter, O=SAP, C=DE
s1dadm 9951 9590 0 06:09 pts/2 00:00:00 grep saprouter
u2022 lsof -w -n -i tcp:3299
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
saprouter 9873 s1dadm 4u IPv4 5333574 0t0 TCP *:pdrncs (LISTEN)
u2022 fuser -n tcp 3299
3299/tcp: 9873
u2022 netstat -anp|grep :3299
tcp 0 0 0.0.0.0:3299 0.0.0.0:* LISTEN 9873/saprouter
In /usr/sap/saprouter
my saprouttab contains
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local system for R/3-Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 65.38.107.196 3267
Access from your local Network to SAP
P 65.38.107.196 194.39.131.34 3299
All other connections will be denied
#D * * *
one thing i want to know is my saprouter started or did i miss any configuration how to check whether my sap router is started.
Please advice me if i miss any,
Thanks in advance,
Vardhan.Thanks for the quick reply.
sgtr-s-devs1d:s1dadm > saprouter -r
trcfile dev_rout
LOCATION SAProuter 38.10 on 'sgtr-s-devs1d'
ERROR service '0.0.0.0:3299' in use
TIME Thu Feb 23 07:23:36 2012
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -4
MODULE nixxi.cpp
LINE 3227
DETAIL NiIBindSocket
SYSTEM CALL bind
ERRNO 98
ERRNO TEXT Address already in use
COUNTER 2
looke like my sap router is on SAProuter 38.10
already i have started router earlier
Thanks!
Vardhan -
Hi Guys,
I just installing and configured the saprouter in our system, when I'd registered the server SID in OSS, they gave me this IP which is not our internal or external IP.What's this IP for actually? Do I need to put it in my saprouttab coz right now I open the connection from OSS (Host did not respond X times).
TQHi,
I just configured my saprouter and everything went okay, even the OSS1 is working but when i open the connection in the OSS (service.sap.com), the connection is open for about 8 minutes but then its lost connection (yellow).Was there something missing here? I already put the outbound connection (KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *) and our server (KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <my SAP router> *) in my saprouttab. Here the recent log from devrout :
trc file: "dev_rout", trc level: 3, release: "700"
Tue Jan 15 11:33:53 2008
NiHsLInit: alloc host/serv bufs (200/200 entries)
NiIInit: allocated nitab (811 at 00280048)
NiIInit: host/serv bufs already initialized
NiPGetNodeAddrList: got 1 interface(s) from operating system
[0] IP-Address: 192.168.1.220
NiIGetServNo: servicename '3299' = port 0C.E3/3299
SAP Network Interface Router, Version 38.10
Compiled Sep 27 2007 01:16:41
command line arg 0: d:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -R
command line arg 3: d:\usr\sap\saprouter\saprouttab
command line arg 4: -S
command line arg 5: 3299
command line arg 6: -K
command line arg 7: p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE
command line arg 8: -V3
service : 3299
routtab : d:\usr\sap\saprouter\saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
logfile : no logging active
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=01D1FF1B)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll".
load shared library (D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll), hdl 0
using "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll"
DlLoadFunc: GetProcAddress(sapsnc_init_adapter) Error 127
Error 127 = "The specified procedure could not be found."
load shared func (gss_acquire_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_init_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_accept_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_process_context_token) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_delete_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_context_time) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_get_mic) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_verify_mic) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_wrap) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_unwrap) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_display_status) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_indicate_mechs) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_compare_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_display_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_import_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_buffer) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_oid_set) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_add_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_cred_by_mech) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_wrap_size_limit) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_export_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_import_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_create_empty_oid_set) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_add_oid_set_member) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_test_oid_set_member) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_names_for_mech) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_mechs_for_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_canonicalize_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_export_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_duplicate_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
File "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
<<- SncPDLInit()==SAP_O_K
<<- SncInit()==SAP_O_K
sec_avail = "true"
->> SncSetMyName(snc_hdl=00000000, myname="p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE")
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiIMyHostName: hostname = 'vantage01'
main: pid = 5072, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiICreateHandle: hdl 0 state NI_INITIAL
NiIInitSocket: set default settings for new hdl 0 / sock 180 (I4; ST)
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 0 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 0 FALSE
NiIListen: state of hdl 0 NI_LISTEN
NiIListen: listen for client requests on hdl 0
NiSelICreateSet: new set0
SiSelNInit: allocate 134544 bytes for FI (811)
NiSelIInit: size of set0 is 811
SiSelNSet: sock 180 added to set pos 0
NiSelIAddMsg: added hdl 0 to set0
SiSelNSet: set events of sock 180 to: rp-
reading routtab: 'd:\usr\sap\saprouter\saprouttab'
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3200' = port 0C.80/3200
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3299' = port 0C.E3/3299
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3201' = port 0C.81/3201
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3299' = port 0C.E3/3299
contents of routtab ('d:\usr\sap\saprouter\saprouttab', 7 entries):
KT,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DD8E0, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 194.39.131.34 ffff:ffff:ffff: * *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DDD48, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: * *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DE1B0, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3200 *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DE618, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3299 *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DEA80, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3201 *
P, 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 194.39.131.34 ffff:ffff:ffff: 3299 *
D, 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 * *
NI-ROUTER LOOP ********
SiSelNSelect: start select (timeout=-1) -
Pre requisites for installing SAP Router
Hi Friends,
As i am going through the implementation phase, I have to install sap router which i am new at. Also i am doing it because i have to connect Maintenance Optimizer to Sap service Market place for which Router would be essentially required.
I have some questions to put forth.
1. what are the pre requisites for SAP Router
2. Do we require Public IP and what would be the use of this ip
3. how to configure the SAP Router
4. Can i install the SAP router on the same host on which we have Solution manager, is it advisable. or we should go for a seperate host.
Regards
AayushInstalling the sapcrypto library and starting the SAProuter
Contents
u2022 Downloading necessary software components from SAP Service Marketplace
u2022 Creating the certificate request
u2022 Additional actions necessary before you can start saprouter
This section describes the necessary steps to download and install the sapcrypto library for use with saprouter. The saprouter must be started with the options described later in this section.
The license for the sapcrypto library covers saprouter connections between saprouters at SAP and the first saprouter on customer sites and backend connections within the customer`s network. For all other purposes the library CANNOT be used!
Downloading necessary software components from SAP Service Marketplace
1. Login to the SAP Service Marketplace with the Service Marketplace USERID which is assigned to your installation.
2. Change to the alias SAPROUTER-SNCADD. Before you can download the software components two preconditions must be met.
a. You must have been allowed to download the software. This authorization is added as soon as SAP has received a positive statement from the "Bundesausfuhramt". This procedure is necessary since the software falls under EU regulations.
b. For more information on how to obtain authorization if download is not possible see note 397175.
c. You must accept that you must follow the regulations imposed by the EU on the use and distribution of the cryptographic software components downloaded from the SAP Service Marketplace.
3. The acceptance of the terms and conditions is logged with your USERID and stored for reporting purposes to the "Bundesausfuhramt".
4. Accepting with the button on the web-based form takes you to the folder where you can download the Software components.
These are packed into a single CAR file sapcrypto.car
5. Copy the file to the direcory where the saprouter executable is located
6. You can get the file car.exe/sapcar.exe, which is necessary to unpack the archive from any Installation Kernel CD.
Executing the command car -xvf SAPCRYPTO.CAR will unpack the following files:
[lib]sapcrypto.[dll|so|sl]
sapgenpse[.exe]
ticket
Creating the certificate request
1. As user <snc>adm set the environment variables
SECUDIR = <directory_of_saprouter>
2. Change to the Shortlink SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant "Distinguished Name"
3. Generate the certificate Request with the command
sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
4. Alternatively use the two commands:
sapgenpse get_pse -v -noreq -p local.pse "<Your Distinguished Name>"
sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
5. Display the output file "certreq" and with copy&paste insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name
6. In response you will receive the certificate signed by the CA in the Service Marketplace, cut&paste the text to a local file named srcert
7. With this in turn you can install the certificate in your saprouter by calling
sapgenpse import_own_cert -c srcert -p local.pse
8. now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account)
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
9. This will create a file called cred_v2 in the same directory.
For increased security please check that the file can only be accessed by the user running the SAProuter.
Do not allow any other access (not even from the same group)!
On UNIX this will mean permissions being set to 600 or even 400!
On NT check that the permissions are granted only to the user the service is running as!
1. Check if the certificate has been imported correctly
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
2. If this is not the case, delete the files cred_v2, local.pse and start over at Item 4. If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands
4.,7.,8. and 10.
Additional actions necessary before you can start saprouter
1. The environment variable SNC_LIB needs to be set for the user account SAProuter is running under.
SNC_LIB has the form
UNIX <path_to_libsecude>/<name_of_sapcrypto_library>
Windows NT, Windows 2000 <drive>:\<path_to_libsecude>\<name_of_sapcrypto_library>
2. Check if the environment of the user running saprouter contains the environment variable SNC_LIB
UNIX printenv
Windows NT System environment variable
3. start the saprouter with the following command line:
saprouter -r -S <port> -K "p:<Your Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
the corresponding file ./saprouttab should contain at least the following entries
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
repeat this for the servers and port_numbers you will need to allow,
please make sure that all explicit ports are inserted in front of a
generic entry '*' for port_number
outbound connections to <sapservX> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
permission entries to check if connection is allowed at all
P <IP address of a local host> <IP address of sapserv2>
all other connections will be denied
D * * *
Example
For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
deny all other connections
D * * *
Lalit Kumar -
Quality Server not connect through SAP Routing String
Hi,
When remotely access client SAP through SAP routing string in Quality Server it shows error message as
"timeout occured
Location : SAP router 37.11 on solman
Time: Tue May 05 11:19:37 2009
Component : NI (Network Interface)
Release : 640
Version : 37
Return Code : -93
Counter : 131 "
Here GUI version is 7.1(where from connecting). Client SAP version is ECC 5.0 and they use GUI 6.4 version. But Development server is being connected through SAP Routing String.
Regards,
SamratYou might want to check following things:
Can you do a ping to the IP address you specified?
Is the data correct (ip, host, system number,...)?
Is the gateway with system number 00 running on the server?
Did you install the SAP RFC SDK dll's?
Glenn Colpaert - MCTS BizTalk Server - Blog : http://blog.codit.eu -
Changing SAP Router to different System
HI Experts,
SAP Router is installed in our Develpoment system can it be possible for us to install this on the solution manager System. Is this advisable to change the SAP router to a different machine. If so How is that possible?
Regards,
Vamshi.Hi,
Please use the following step.
Installation Steps
1.1 Downloading necessary software components from SAP Service Marketplace:
1. SAProuter
Use the latest SAProuter version (37.x), which can be downloaded from
SAP Service Marketplace under the following link.
http://service.sap.com/swdc
 Download
 Support Packages and Patches
 Entry by Application Group
 Additional Components
 SAPROUTER
 SAPROUTER 6.40
SAPROUTER 6.40
From the available list of SAProuters, select the SAProuter for your OS platform.
2. SNC Libraries (SAPcryptolib) download:
http://service.sap.com/swdc
 Download
 SAP Cryptographic Software
Select the SAPcrytoLib libraries compatible with your Operating System.
Note: Please also download the SAPCAR.exe file from the above location to extract the SAProuter archive files.
3. Create a folder in /usr/sap with the name as: saprouter.
4. Extract both the files i.e. SAProuter.SAR and Cryptolib.CAR files into saprouter folder using the command:
SAPCAR -xvf SAProuterxxx.SAR
SAPCAR -xvf CRYPTOLIBxxx.CAR
1.2 Creating the certificate request
1. As user <snc>adm set the environment variables:
SECUDIR = /usr/sap/saprouter
SNC_LIB = /usr/sap/saprouter/libsapcrypto.so
2. Go to the Trust Center Service - Download Area and get the "Distinguished Name" for your SAProuter from the list of SAProuters registered for your installation.
3. Generate the certificate Request with the command:
./sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
P.S: We can also get the distinguished name from SAP itself when we register for the remote service connection.
4. Display the output file "certreq" using the command:
cat certreq
and with copy & paste insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
1.3 Importing the certificate request
1. With this in turn you can install the certificate in your saprouter by calling
./sapgenpse import_own_cert -c srcert -p local.pse
1.4 Setting secured login to SAProuter
1. Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account)
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
2. This will create a file called cred_v2 in the same directory.
3. Check if the certificate has been imported correctly
./sapgenpse get_my_name -v -n Issuer
4. If this is not the case, delete the files cred_v2, local.pse and start over at Item 3 of 4.2 . If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands 3 of 4.2, 4.3, and 4.4.
1.5 Additional actions necessary before you can start saprouter
1. Logon to the system as <sid>adm, here sa1adm.
2. The environment variables SECUDIR, SNC_LIB and USER needs to be set for the user account SAProuter is running under using the commands:
setenv SECUDIR <path_to_libsecude>
i.e. setenv SECUDIR /usr/sap/saprouter
setenv SNC_LIB <path_to_libsecude>/<name_of_sapcrypto_library>
i.e. setenv SNC_LIB /usr/sap/saprouter/libsapcrypto.so
setenv USER sa1adm
3. Check if the environment of the user running saprouter contains the environment variable SECUDIR, SNC_LIB and USER using : printenv
4. Start the saprouter with the following command line:
#./saprouter -r -S <port> -K "p:<Your Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
Eg. ./saprouter -r -S 3299 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
./saprouter -r -V 2 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
./saprouter -r -R /usr/sap/saprouter/saprouttab -G log.txt -V 2 -K "p:CN=nradev, OU=0000759188, OU=SAProuter, O=SAP, C=DE"
5. The corresponding file ./saprouttab should contain at least the following entries
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
repeat this for the servers and port_numbers you will need to allow,
please make sure that all explicit ports are inserted in front of a
generic entry '*' for port_number
outbound connections to <sapservX> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
permission entries to check if connection is allowed at all
P <IP address of a local host> <IP address of sapserv2>
all other connections will be denied
D * * *
6. Example: For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
deny all other connections
D * * *
Thanks,
Harshal -
SAP router service is not running.
Hi Everyone.,
Today I have tried to renew the certificate in windows system every thing went well till the end but after importing newly generated certificate sap router service failed to start. Below is the error message when i try to start the service.
D:\usr\sap\SOL\SYS\exe\uc\NTI386>saprouter -r -S 3299 -K "p:CN=SOLMGR, OU=000086
1986, OU=SAPRouter, O=SAP, C=DE"
trcfile dev_rout
no logging active
DEV_rout
trc file: "dev_rout", trc level: 1, release: "700"
Sat Dec 04 09:30:26 2010
SAP Network Interface Router, Version 38.0
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -S
command line arg 3: 3299
command line arg 4: -K
command line arg 5: p:CN=SOLMGR, OU=0000861986, OU=SAPRouter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\SOL\SYS\exe\uc\NTI386\sapcrypto.dll".
File "D:\usr\sap\SOL\SYS\exe\uc\NTI386\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 7560, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
When i tried to start the service manually then service is starting fine but when i tried to check OSS-001 connection in SM59 it says routtab permission failed rc-94.
Please suggest if any one ever faced this issue.
REgards,
VinodHi Sunil,
I have cross checked the orutab file. Please see below routab file and sugegst me incase if you find mistakes.
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to your system SOL with SAPGUI
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 88.85.224.92 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" solmgr 3200
SNC-connection from SAP to your system SOL with WTS
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 88.85.224.92 3389
SNC-connection from SAP to your system ECC DEV with SAPGUI
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.128.2.239 3200
SNC-connection from SAP to local R/3-System for PCANYwhere
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631
SNC-connection from SAP to local R/3-System for saptelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from your local Network to SAP R/3 Frontend (OSS)
P * 194.39.131.34 3299
deny all other connections
D * * *
Also today i recieved a mail saying that client has chnaged the IP address of the saolution manager recently. Do they need to re register the IP with sap again. But i am able to telnet sapserv2 server IP using 3299 port and also able to ping the server. Please suggest.
Regards,
Vinod -
Public-real IP changed for SAP Router
Hello,
The real IP for SAP Router system has changed, therefore I would need to re configure the same.
I have gone through existing threads, but not throwing much light related to my query.
I tried to reconfigure, but when generating the certificate I get below error. The /usr folder is the old folder of the router and am trying to reconfigure in folder is /newrouter. The OS is windows server 2008.
D:\NewRouter\ntintel>sapgenpse get_pse -v -r certreq -p local.pse "CN=<hostname>,
OU=0000872340, OU=SAProuter, O=SAP, C=D"
Got absolute PSE path "D:/usr\local.pse".
get_pse ERROR: PSE already exists "D:/usr\local.pse"
I have already changed the environment variables for SECU_DIR and LIB one.
My questions are :
1) Is there any way to just update the ip address on the market place by just opening the ticket at XX-SER-NET OR do I need to perform the whole procedure after uninstalling previous configuration.
2) What is the method for uninstallation of SAP Router?
Thanks.
SatHi,
Thanks for your reply.
Actually I changed the env variables and after restarting the sapgenpse command worked.
But I did not proceed further.
I have informed SAP to update the new ip address.
My query is what action should I perform at my end instead of reconfiguring the router again.
Thanks.
Sat -
Hi,
I have (stupid perhaps) question.
Is this scenario possible:
SNC connection from SAP GUI to SAP Router, and non-SNC connection from SAP Router to SAP System.
I know how to set up scenario like this:
SAP System --- (non-SNC conn) --- saprouter1 --- (SNC conn) --- saprouter2 --- (non-SNC conn) --- SAP GUI.
Best regards,
Marek MajchrowskiWolfgang,
To be sure myself and Marek understand, can you confirm the different scenarios supported:
Scenario 1:
SAP GUI --- (non SNC conn) --- saprouter1 --- (SNC conn) --- saprouter2 --- (non-SNC conn) --- SAP System
With this scenario, it would be possible for a user to logon using SAP GUI onto the SAP System, but without SAP GUI SNC.
Scenario 2:
SAP GUI --- (SNC conn) --- saprouter1 --- (non SNC conn) --- saprouter2 --- (SNC conn) --- SAP System
With this scenario it would be possible to logon to the SAP System using SAP GUI, and using SNC authentication.
Also, with this scenario the SAP GUI software and SAP System software would consider this to be similar to:
SAP GUI -- (SNC conn) -- SAP System
Scenario 3:
This is the scenario mentioned by Marek in his initial question:
SAP GUI -- (SNC conn) -- saprouter1 -- (non SNC conn) -- SAP System
With this scenario it will not be possible to logon to SAP System using SNC, and only possible if the SAP GUI is configured to not use SNC. In other words the SNC connection between SAP GUI and saprouter1 is available, but cannot be used.
Thanks,
Tim
Edited by: Tim Alsop on Feb 25, 2008 5:24 PM -
SAP router error on windows server 2008 64bit
Hi All,
I am installing sap router on windows 2008 server 64 bit.
While trying to generate certificate request it showing below error.
E:\usr\sap\saprouter\nt-x86_64>sapgenpse get_pse -v -r certreq -p local.pse "CN=
solman, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "C:\Users\soladm\sec\local.pse".
Please enter PIN:
Please reenter PIN:
Supplied distinguished name: "CN=solman, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=
DE"
Creating PSE with format v2 (default)
get_pse: Can't create PSE.
ERROR in af_create: (4352/0x1100) could not flush : "SW-PSE"
ERROR in create_PSE: (4352/0x1100) could not flush : "SW-PSE"
ERROR in modified_PSEFile: (4352/0x1100) could not flush : "SW-PSE"
ERROR in flush_PSEFile: (1283/0x0503) Can't write file : "C:\Users\soladm\sec\lo
cal.pse"
ERROR in aux_OctetString2file: (1283/0x0503) Can't write file : "C:\Users\soladm
\sec\local.pse"
I couldn't find the cryptography software specifically for windows 2008 server 64 bit ? So I downloaded the software for windows server 64 bit platform.
Do any one have idea on this...
Please reply..
Regards
VinayHi,
Yes, there is no specific cryptography software for windows server 2008 and whatever u have chosen is correct.
Fom the following error message I could see where the issue arises.
Can't write file : "C:\Users\soladm\sec\local.pse"
I think you have not set the following ENV variable for the SAPRouter admin user (in your case soladm) and hence the sapgenpse tries to import the certificate in the SOLADM user's document folder.
Set the following variables for the user SOLADM and then try to import the certificate as mentioned in the [link|http://service.sap.com/saprouter-sncdoc].
SECUDIR = E:\usr\sap\saprouter
SNC_LIB = E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll
Hope this resolves ur issue.
Regards,
Varadharajan M -
JCO Creation error using SAP router string
Hi All,
I have created technical system using customer system IP. After that I have created the JCO
I have given the details while creating a JCO:
JCO Name : <Name>
Client detail: <Client>
Message Server :< hostname>
Logon Group :<SPACE>
SAP Router String :< /H/<host IP>/H/S/<message server port number>
User Name :<User name>
Password :<***>
I have updated the Host and service file in the portal server.
When I am testing the JCO I got an exception:
com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM TYPE=B MSHOST=dicisap1 GROUP=PUBLIC R3NAME=DCD MSSERV=sapmsDCD SAPROUTER_STRING=/H/<RouterIP>/S/3600 PCS=1 LOCATION SAProuter 37.11 on SOLNMAN ERROR timeout occured TIME Wed Nov 05 17:42:31 2008 RELEASE 640 COMPONENT NI (network interface) VERSION 37 RC -93 COUNTER 4825
How to resolve this problem ?
Regards,
Boopathi MHi
Check out these thread
/message/5401584#5401584 [original link is broken]
JCO$Exception: (102) RFC_ERROR_COMMUNICATION: CPIC-CALL: 'SAP_CMACCPTP'
Thanks -
Connection to R/3 with SAP Router
Hello,
I want a connecton from XI 3.0 to R/3 with SAP Router.
But if i want to import the RFCs i become no connection.
I Edit Software Component Version, but there is it not possible to set any Sap Router String.
For Connection Data you can only set System, Client, Message Server and
Group.
I have also test to write the Router String before the Message Server IP without any sucess. Not enough Place to write the holfe Path in the Field.
I become no connection to the R/3 to import the RFCs.
Regards,
Robinpls check correct port number..
basis will give u this information. or u use tcode SCOT.
Maybe you are looking for
-
1.HOW TO USE IF CONDITIONS IN SMARTFORMS? 2.HOW TO DRAW BOXES IN SMARTFORMS I TRIED TO DRAW BOX WITH FOLLOWING POSITION XORIGIN 5 CH YORIGIN 12 LN SIZE WIDTH 15 CH HEIGHT 2 LN BOX FRAME 10 TW INTENSITY 10 DONT KNOW WHY ITS NOT WORKING 3.How can I ma
-
How to terminate the update of a program that is locked up?
Facebook was updating and then just locked up. The line stopped moving. Shut the iPad off and turned on but still stuck. Held button and off button for 10 seconds but no luck, again. Any ideas?
-
Hi All, I searched threads regarding workitem forwarding, but cldnt get one related to my issue. This WF is related to archiving invoice. On scanning of invoice, WF triggers, sends workitem to AP, AP executes workitem, screen is in edit mode. Due to
-
New to Graphics --- Help Appreciated
Hi all I am trying to do a basic BufferedImage and createGraphics. The code looks like this public static BufferedImage getImage() int height =10; int width = 10; BufferedImage bi = new BufferedImage(width,height,BufferedImage.TYPE_INT_RGB); Graphics
-
I've never used adobe premiere elements and really need help!
Device: High Definition Audio Device Errorcode: FFA-8-000D [8004015] Info Playback failed. The audio system does not seem to respond. Maybe card does not support full duplex mode. This is what has been showing up every time it try to use my premiere