SAP-Router : timeout while pending for route completion
Hi Experts,
I have configured sap-router . Through router I am able to maintain connection for my sap systems on service.sap.com
But when I try to connect through 0SS1 or trying to connect through sm59 it is giving error
ERROR: timeout while pending for route completion
I have checked my saprouttab where I have maintained entry for 3299 port.
I don't know where I am going wrong.
Please provide solution.
Regards
Yogesh
Hello,
Is your SAPRouter in the DMZ ?
In that case, you have to open the firewall port.
Regards,
Abhilash
Similar Messages
-
Saprouter Error:Timeout while pending for route completion
Please help me with this connection troubleshoot, status of our network are as follows:
Settings:
Global IP : WW.XX.YY.ZZ --Natted to AA.BB.CC.DD
Port Open on Firewall:
SAPROUTER 3200 3299
Gateway 3300 3399
SNC Gateway 4800 4899
Host file entry for PRD R/3, BI PRD server, saprouter machine, sapserv2 on all system.
Service file entry for BI server 3601 in saprouter system is done.
SAPROUTER version 700 u2013 221
Saprouter is setup with all the environment variables set e.g: In user
variables SNC_LIB, & in system variables SECUDIR.
OSS1 setting is as per note # 33135 - Guidelines for OSS1
We are able to ping to 194.39.131.34 sapserv2 from all the system even the BI PRD server.
SAP Connection to BI server is open
Service connector is running
SAPROUTTAB:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.0.0.18 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.0.0.18 3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.0.0.15 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
#Access from the local Network to SAPNet - R/3 Frontend (OSS)
P 10.0.0.19 194.39.131.34 3299
P * 194.39.131.34 3299
P * * *
deny all other connections
D * * *
I am creating 2 part to this post as this post is getting jumbled up and making it to difficult for people to read. The second part conatins the error log from trc files.
Edited by: gab basis on Dec 24, 2009 6:45 PMErrors:
dev_rf_trc
Trace file opened at 20091224 135230 India Standard Time, SAP-REL
700,0,221 RFC-VER U 3 1090073 MT-SL
Error RFCIO_ERROR_SYSERROR in abrfcpic.c : 2517
LB: Hostname or service of the message server unknown
DEST =SAPOSS
MSHOST =/H/WW.XX.YY.ZZ /S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
R3NAME =OSS
GROUP =EWA
ABAP Programm: RSRFCPIN (Transaction: SM59)
User: SEALBASIS (Client: 900)
Destination: SAPOSS (handle: 2, , )
dev_lg_trc
trc file: "dev_lg", trc level: 1, release: "700"
[Thr 332] Thu Dec 24 13:53:09 2009
[Thr 332] ***LOG Q0I=> NiPConnect2: connect (10060: WSAETIMEDOUT:
Connection timed out) [nixxi.cpp 2823]
[Thr 332] *** ERROR => NiPConnect2: SiPeekPendConn failed for hdl 0 /
sock 1892
(SI_ECONN_REFUSE/10060; I4; ST; 116.214.28.72:3299) [nixxi.cpp
2823]
[Thr 332] *** ERROR => MsIAttachEx: NiBufConnect
to /H/WW.XX.YY.ZZ /S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001/S/sapmsO01/x failed (rc=NIEC
[Thr 332] *** ERROR => LgIAttach: MsAttach (rc=NIECONN_REFUSED)
[lgxx.c 3980]
[Thr 332] *** ERROR => LgApplSrvInfo: LgIAttach(rc=LGEMSLAYER)
[lgxx.c 1272]
[Thr 332]
[Thr 332] * ERROR partner '116.214.28.72:sapdp99' not reached
[Thr 332] *
TIME Thu Dec 24 13:53:09 2009
[Thr 332] * RELEASE 700
[Thr 332] * COMPONENT NI (network interface)
[Thr 332] * VERSION 38
[Thr 332] * RC -10
[Thr 332] * MODULE nixxi.cpp
[Thr 332] * LINE 2823
[Thr 332] * DETAIL NiPConnect2
[Thr 332] * SYSTEM CALL connect
[Thr 332] * ERRNO 10060
[Thr 332] * ERRNO TEXT WSAETIMEDOUT: Connection timed out
[Thr 332] * COUNTER 1
[Thr 332] *
[Thr 332]
Edited by: gab basis on Dec 24, 2009 6:59 PM -
Client-Auth reports: HTTP4030: Timeout while waiting for client certificate
Hello,
I'm having problems with the certificate authentication in my Sun Java System Web Server Enterprise Edition 6.1: I have created an ACL in the SJWS that asks for a client certificate when the user goes to a specific URI:
acl "uri=/server1/myaction.do";
authenticate (user) {
method="ssl";
deny (all)
user = "admin";
It works great and, when the user goes to "/server1/myaction.do" (we are using Internet Explorer 7 as Web browser), the window for selecting the client certificate appears:
- If the user selects a certificate that doesn't require password, everything works fine.
- The problem comes when the certificate is configured in Internet Explorer for asking for a password every time it is accessed. Once the user has selected the password protected certificate, the window for typing the password appears, but if the user doesn't type it and click OK IN LESS THAN 5 SECONDS (I've timed it), the following messages appear in the SJWS logs:
[28/Nov/2007:09:25:05] failure ( 2055): for host 10.0.145.11 trying to GET /server1/myaction.do, Client-Auth reports: HTTP4030: Timeout while waiting for client certificate.
[28/Nov/2007:09:25:05] security ( 2055): HTTP4290: get_auth_user_ssl: client passed no certificate.
I tried to add the following two lines to the magnus.conf file of the SJWS, but nothing changed:
SSLClientAuthTimeout 240
AcceptTimeout 3600
Has anyone experienced something similar? Any little piece of advice would be greatly appreciated.
Thank you very much in advance,
Carlos.This is fixed in Web Server 7.0 update 2. Please migrate/upgrade to Web Server 7.0 update 2. Sorry for the inconvenience.
-
Error while checking connection after establishing sap router
Hello All,
I have installed a sap router on our solution manager on Linux environment
when i try to check the RFC connection from SM59 i am receiving the following error.
my message server is configured as follows
Msg. Server - /H/<SAP Router Ip>/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
<SAP Router> is my solman ip address
Connection Test SAPOSS
Logon Connection Error
Error Details Error when opening an RFC connection
Error Details ERROR: timeout while pending for route completion
Error Details LOCATION: SAP-Server sgtr-s-devs1d_S1D_67 on host sgtr-s-devs1d (wp 0)
Error Details DETAIL: NiErrSet
Error Details COMPONENT: NI (network interface)
Error Details COUNTER: 175
Error Details MODULE:
Error Details LINE:
Error Details RETURN CODE: -12
Error Details SUBRC: 0
Error Details RELEASE: 700
Error Details TIME: Wed Feb 22 23:33:20 2012
Error Details VERSION: 38
my oss1 tecnical settings are as follows.
sap router at customer side
Name sgtr-s-devs1d
IP Address 65.38.107.196
Instance no. 99
sap router at sap
Name sapserv2
IP Address 194.39.131.34
Instance no. 99
when i do a logon i get the following error
Unable to connect to SAPNet message server
(Default connection will be used...)
To check whether saprouter is working or not i have executed few commands
u2022 ps -ef|grep saprouter
s1dadm 9873 9590 0 05:53 pts/2 00:00:00 saprouter -r -S 3299 -V 3 -K p:CN=sgtr-s-devs1d, OU=0000858034, OU=SAProuter, O=SAP, C=DE
s1dadm 9951 9590 0 06:09 pts/2 00:00:00 grep saprouter
u2022 lsof -w -n -i tcp:3299
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
saprouter 9873 s1dadm 4u IPv4 5333574 0t0 TCP *:pdrncs (LISTEN)
u2022 fuser -n tcp 3299
3299/tcp: 9873
u2022 netstat -anp|grep :3299
tcp 0 0 0.0.0.0:3299 0.0.0.0:* LISTEN 9873/saprouter
In /usr/sap/saprouter
my saprouttab contains
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local system for R/3-Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 65.38.107.196 3267
Access from your local Network to SAP
P 65.38.107.196 194.39.131.34 3299
All other connections will be denied
#D * * *
one thing i want to know is my saprouter started or did i miss any configuration how to check whether my sap router is started.
Please advice me if i miss any,
Thanks in advance,
Vardhan.Thanks for the quick reply.
sgtr-s-devs1d:s1dadm > saprouter -r
trcfile dev_rout
LOCATION SAProuter 38.10 on 'sgtr-s-devs1d'
ERROR service '0.0.0.0:3299' in use
TIME Thu Feb 23 07:23:36 2012
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -4
MODULE nixxi.cpp
LINE 3227
DETAIL NiIBindSocket
SYSTEM CALL bind
ERRNO 98
ERRNO TEXT Address already in use
COUNTER 2
looke like my sap router is on SAProuter 38.10
already i have started router earlier
Thanks!
Vardhan -
RMAN-10011: synchronization error while polling for rpc 8, action=startdefa
Could anybody explain what is this error message caused by?
TIA
The entire spool below:
051107064744: NetBackup RMAN Backup Started
ORACLE_SID=db02
backup_type=cold
number_of_channels=2
Started by: Oracle
051107064745: Checking database status
051107064745: Database status: OPEN
051107064745: Getting database password
051107064746: Checking database password
051107064746: Database password: Valid
051107064746: Checking Database mode
051107064746: Database mode: NOARCHIVELOG
051107064746: Shutdown no archive
051107064838: RMAN BACKUP STARTED
Recovery Manager: Release 10.1.0.4.0 - 64bit Production
Copyright (c) 1995, 2004, Oracle. All rights reserved.
connected to target database: db02 (DBID=3504436532)
RMAN> connect catalog *
2> run
3> {
4> sql 'alter session set sort_area_size=12582912';
5> sql 'alter session set sort_area_retained_size=1048576';
6> allocate channel t1 type 'SBT_TAPE' parms="ENV=(NB_ORA_POLICY=ORA_solcdi02, NB_ORA_SERV=sun4)"
7> format 'df_%d_%p_%u_%t';
8> set limit channel t1 maxopenfiles=1;
9> allocate channel t2 type 'SBT_TAPE' parms="ENV=(NB_ORA_POLICY=ORA_solcdi02, NB_ORA_SERV=sun4)"
10> format 'df_%d_%p_%u_%t';
11> set limit channel t2 maxopenfiles=1;
12> backup database filesperset=64
13> include current controlfile;
14> sql 'alter database open';
15> release channel t1;
16> release channel t2;
17> }
18>
connected to recovery catalog database
starting full resync of recovery catalog
full resync complete
sql statement: alter session set sort_area_size=12582912
sql statement: alter session set sort_area_retained_size=1048576
allocated channel: t1
channel t1: sid=160 devtype=SBT_TAPE
channel t1: VERITAS NetBackup for Oracle - Release 5.1 (2004122521)
allocated channel: t2
channel t2: sid=159 devtype=SBT_TAPE
channel t2: VERITAS NetBackup for Oracle - Release 5.1 (2004122521)
Starting backup at 11-MAY-07
channel t1: starting full datafile backupset
channel t1: specifying datafile(s) in backupset
input datafile fno=00005 name=/oradata/10gid/u01/grid102/grid102/mgmt.dbf
input datafile fno=00006 name=/oradata/10gid/u01/grid102/grid102/mgmt_ecm_depot1.dbf
input datafile fno=00007 name=/oradata/10gid/u01/grid102/grid102/system02.dbf
input datafile fno=00004 name=/oradata/10grid/u01/grid102/grid102/users01.dbf
channel t1: starting piece 1 at 11-MAY-07
channel t2: starting full datafile backupset
channel t2: specifying datafile(s) in backupset
input datafile fno=00008 name=/oradata/10ggrid/u01/grid102/grid102/mngmecm02.dbf
input datafile fno=00001 name=/oradata/10ggrid/u01/grid102/grid102/system01.dbf
input datafile fno=00002 name=/oradata/10ggrid/u01/grid102/grid102/undotbs01.dbf
input datafile fno=00003 name=/oradata/10ggrid/u01/grid102/grid102/sysaux01.dbf
channel t2: starting piece 1 at 11-MAY-07
channel t2: finished piece 1 at 11-MAY-07
piece handle=df_GRID102_1_19ihecmm_622277334 comment=API Version 2.0,MMS Version 5.0.0.0
channel t2: backup set complete, elapsed time: 00:06:05
channel t2: starting full datafile backupset
channel t2: specifying datafile(s) in backupset
including current controlfile in backupset
channel t2: starting piece 1 at 11-MAY-07
channel t2: finished piece 1 at 11-MAY-07
piece handle=df_GRID102_1_1aihed24_622277700 comment=API Version 2.0,MMS Version 5.0.0.0
channel t2: backup set complete, elapsed time: 00:00:35
channel t1: finished piece 1 at 11-MAY-07
piece handle=df_GRID102_1_18ihecmm_622277334 comment=API Version 2.0,MMS Version 5.0.0.0
channel t1: backup set complete, elapsed time: 00:06:48
Finished backup at 11-MAY-07
Starting Control File and SPFILE Autobackup at 11-MAY-07
piece handle=c-3404436532-20070511-00 comment=API Version 2.0,MMS Version 5.0.0.0
Finished Control File and SPFILE Autobackup at 11-MAY-07
sql statement: alter database open
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-10010: error while checking for RPC completion
RMAN-10011: synchronization error while polling for rpc 8, action=startdefault
Recovery Manager complete.
051107065708: RMAN BACKUP FAILED, RMAN exit status=1
051107065708: Cleaning log file (removing passwords)
051107065709: Error Log Check
051107065837: Rman Stat Generator
051107065956: Backup Html Generator
051107065956: NetBackup RMAN Backup Finished
######################################################Check on metalink:
RMAN-10011: synchronization error while polling for rpc 3, action=startdefault
Note:429572.1
Werner -
Error while importing SAP Router renew Certificate
Hi Gurus,
My sap router certificate got expired and got mail from SAP to renew, so I decided to renew it and followed link http://wiki.sdn.sap.com/wiki/display/Basis/HowtorenewtheSAPRouterlicense to renew saprouter certificate. All the steps were executed fine But I got below error while importing certificate from srcert file.
C:\saprouter>sapgenpse import_own_cert -c srcert -p local.pse
Please enter PIN:
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your
public key found
Please advise me to solve this issue.
Thanks,
VenkatHi Deepak,
thanks for your reply.
yes i have entered correct Pin and in the first step i have moved local.pse and cred_v2, certreq, srcert files to C:/saprouter/backup folder
After executing import command it has given error first time so i copied local.pse file to C:\saprouter folder and executed but same error result.
please help me to solve it.
Thanks,
Venkat -
Setting up SAP Router for SNC ... error...
Hi,
My SAP Router is installed on a server that is Linux based. (IP address is 10.11.0.24)
I'm not sure if is saprouttab or saprouter itself having issue.
I started the saprouter via this command: saprouter -r -G routerlog -W 60000 -S 3299 -K "p:CN=XXXXXXXX, OU=ZZZZZZZZZZ, OU=SAProuter, O=SAP, C=DE"
saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *
KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
# SNC connection to local system for R/3-Support for support
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3200
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.24 3201
KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 10.11.0.23 3200
# Access from local network to SAPNet (OSS)
P 10.11.0.* 169.145.197.110 3299
P * 10.11.0.* * *
# deny all other connections
D * * *
Troubleshooting steps taken:
Running niping -s on SAP Router Server & niping.exe -c -H 10.11.0.24 is successful, self-test is okay but... when running both niping -s & saprouter -r on SAP Router Server is giving me the following error:
C:\test>niping.exe -c -S 3299 -H 10.11.0.24
Wed Feb 05 14:51:29 2014
connect to server o.k.
Wed Feb 05 14:51:30 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp 2146]
*** ERROR => NiTClientLoop: NiTReadLoop (rc=-93) [nixxtst.cpp 2590]
* LOCATION SAProuter 40.4 on 'XXXXXXXX'
* ERROR internal error
* TIME Wed Feb 5 14:51:29 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -93
* MODULE nirout.cpp
* LINE 2698
* DETAIL NiRClientHandle: route expected
* COUNTER 2
C:\Users\tohcy\Desktop\test>niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.24
Wed Feb 05 15:01:00 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2146]
*** ERROR => NiBufIConnect: route connect for non-buffered hdl 1 failed (rc=-94;/H/10.11.0.24/H/10.11.0.24); pong not received [nibuf.cpp 4801]
*** ERROR => NiTClientLoop: NiHandle (rc=-94) [nixxtst.cpp 2590]
* LOCATION SAProuter 40.4 on 'XXXXXXXX'
* ERROR XXXXXXXX: route permission denied (YYY to 10.11.0.24, 3299)
* TIME Wed Feb 5 15:00:59 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -94
* COUNTER 7Hi Deepak,
I've changed to the P * * *
I run the command: niping.exe -c -S 3299 -H /H/10.11.0.24/H/10.11.0.23
Can I check if this command is correct?
Router is 10.11.0.24 trying to reach sap server 10.11.0.23.
Error:
Thu Feb 06 09:20:17 2014
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-5 (NIETIMEOUT) from peer [nibuf.cpp 2146]
NiBufIConnect: route connect of non-buffered hdl 1 to '/H/10.11.0.24/H/10.11.0.23' timeout
*** ERROR => NiTClientLoop: NiHandle (rc=-5) [nixxtst.cpp 2590]
* ERROR timeout occured
* TIME Thu Feb 06 09:20:17 2014
* RELEASE 720
* COMPONENT NI (network interface)
* VERSION 40
* RC -5
* MODULE nibuf.cpp
* LINE 4795
* DETAIL NiBufIConnect: route connect '/H/10.11.0.24/H/10.11.0.23'
* timeout
* COUNTER 1
routerlog:
Thu Feb 6 09:27:21 2014 CONNECT FROM C19/- host 10.11.0.181/50107
Thu Feb 6 09:27:21 2014 CONNECT TO S19/12 host 10.11.0.23/3299
Thu Feb 6 09:28:21 2014 CONNECT ERR S19/12 could not establish connection within 60s
Thu Feb 6 09:28:21 2014 DISCONNECT S19/12 host 10.11.0.23/3299
10.11.0.181 is my computer current IP address.
Any other clues/hint? -
Hi Team,
We have installed a new sap router in our landscape, Now across all the systems SAP is getting timeout issue from our router.
If i am changing it to old router everything works fine.
My query is what all commands need to check for network timeout issue, then is there any timeout parameter need to set after installation of new router in windows server 2008 for SAP Router.
Kindly suggest on this .
Thanks,
Pradeep.Hi Nirav,
Verify if saprouter.exe and niping.exe is placed under directory E:USRSAPSAPROUTER and same path is mentioned in windows services.
If path is correct one then you need to modify registry
Under HKEY_LOCAL_MACHINE ® SYSTEM ® CurrentControlSet ® Services ® Event Log ® Application enter the key saprouter and define the following values for it:
EventMessageFile (REG_SZ): ....saproutersaprouter.exe
TypesSupported (REG_DWORD): 0x7
I hope this will help you.
Regards,
Rupali Bajpai -
Hi,
I can not find proper module for me to post this message, so I post it here.
When we create a new item in the SAP logon screen , we need to specify the following parameters:
1) System description
2) Message server
3) SAP Router String (optional)
4) System ID
5) System Number
4) Group
My question is, what's SAP router string for? How to define a new SAP router string?
Because sometimes we don't need to input SAP router string, and we can still logon to the system successfully.
So, If I need to create a new SAP router string, where to define?
Thanks.Hi
A route string describes the stations of a connection required between two hosts. A route string has the syntax
(/H/host/S/service/W/pass)*
It consists of any number of substrings in the form /H/host/S/service/W/pass .
A route string contains a substring for each SAProuter and for the target server.
Each substring contains the information required by SAProuter to set up a connection in the route: the host name, the port name, and the password, if one was given.
Syntax for substrings:
· /H / indicates the host name‑{}‑
Note that the host name must be at least two characters long.
· /S/ is used for specifying the service (port); it is an optional entry, the default value is 3299
· /W/ indicates the password for the connection between the predecessor and successor on the route and is also optional (default is u201Cu201D, no password)
In earlier Releases (<4.0A), the password entry was made one substring later and with the letter /P/.
New: /H/saprouter/W/pass/H/targetserver
Old: /H/saprouter/H/targetserver/P/pass
(Here pass is the password which is checked by the SAProuter on host saprouter to set up or prohibit the connection from the source host to the target host.)
Due to downward compatibility, the old password entry form is still possible.
Thenaks & Regards
Kishore -
Wrong Distinguished Name for SAP-Router
Hello Everybody,
I have a Problem about the Distinguish name of my sap router.
The Problem, when I go to sap to look for my Distinguish name and therefore to generate the saprouter certificat.
I found something totally wrong :
e.g. CN=SAProuter, OU=0000755120, OU=SAProuter, O=SAP, C=DE
but it muss be like this e.g. CN=Routi, OU=0003380660, OU=SAProuter, O=SAP, C=DE
How can I change this, I don't want to start my saprouter with the wrong Distinguish name.
Thanks in Advance.
Best Regards,
KaisHello,
Is your SAPRouter in the DMZ ?
In that case, you have to open the firewall port.
Regards,
Abhilash -
SAP router installation for VPN method
Hi All,
Can any one share me the steps to perform SAP Router Configuration with VPN method.
Also what are changes i need to make in saproutab file.
Appreciate your inputs.
Thanks
Pradeep.There is paperwork that you need to fill out with IPSec information, once its filled out you fax it over to SAP.
Not entirely sure what changes need to be made in saprouttab? Are you changing SAPRouter to no longer perform SNC to SAP?
Here is the doco I used for my company - https://support.sap.com/content/dam/library/SAP%20Support%20Portal/remote-support/RemoteSupport.pdf -
Prerequisites for SNC SAP router
I want to configure SAP router in my system (intranet) which is not having any pubic ip. What are the Prerequisites for configuring SNC SAP router.
HI
There are many pre requisite for sap snc router
1) one system with Winwods
2) one Public IP I.e compulsary
after public IP U have to fill DATA Sheet and sent TO sap
With ur system name And Public ip
after that u have to download
sacar file for installed SAP router ( letest version )
And
Ond OSS User ID And Password
for cripto file just to below link
https://websmp210.sap-ag.de/~form/handler?_APP=00200682500000000917&_EVENT=DISPLAY
download letedst version according ur opration system
and make directory
e.g -. drive://usr/sap/saprouter
uncar ur letes version here and sart to sap router installtion
best of luck -
Pre requisites for installing SAP Router
Hi Friends,
As i am going through the implementation phase, I have to install sap router which i am new at. Also i am doing it because i have to connect Maintenance Optimizer to Sap service Market place for which Router would be essentially required.
I have some questions to put forth.
1. what are the pre requisites for SAP Router
2. Do we require Public IP and what would be the use of this ip
3. how to configure the SAP Router
4. Can i install the SAP router on the same host on which we have Solution manager, is it advisable. or we should go for a seperate host.
Regards
AayushInstalling the sapcrypto library and starting the SAProuter
Contents
u2022 Downloading necessary software components from SAP Service Marketplace
u2022 Creating the certificate request
u2022 Additional actions necessary before you can start saprouter
This section describes the necessary steps to download and install the sapcrypto library for use with saprouter. The saprouter must be started with the options described later in this section.
The license for the sapcrypto library covers saprouter connections between saprouters at SAP and the first saprouter on customer sites and backend connections within the customer`s network. For all other purposes the library CANNOT be used!
Downloading necessary software components from SAP Service Marketplace
1. Login to the SAP Service Marketplace with the Service Marketplace USERID which is assigned to your installation.
2. Change to the alias SAPROUTER-SNCADD. Before you can download the software components two preconditions must be met.
a. You must have been allowed to download the software. This authorization is added as soon as SAP has received a positive statement from the "Bundesausfuhramt". This procedure is necessary since the software falls under EU regulations.
b. For more information on how to obtain authorization if download is not possible see note 397175.
c. You must accept that you must follow the regulations imposed by the EU on the use and distribution of the cryptographic software components downloaded from the SAP Service Marketplace.
3. The acceptance of the terms and conditions is logged with your USERID and stored for reporting purposes to the "Bundesausfuhramt".
4. Accepting with the button on the web-based form takes you to the folder where you can download the Software components.
These are packed into a single CAR file sapcrypto.car
5. Copy the file to the direcory where the saprouter executable is located
6. You can get the file car.exe/sapcar.exe, which is necessary to unpack the archive from any Installation Kernel CD.
Executing the command car -xvf SAPCRYPTO.CAR will unpack the following files:
[lib]sapcrypto.[dll|so|sl]
sapgenpse[.exe]
ticket
Creating the certificate request
1. As user <snc>adm set the environment variables
SECUDIR = <directory_of_saprouter>
2. Change to the Shortlink SAPROUTER-SNCADD. From the list of SAProuters registered to your installation, choose the relevant "Distinguished Name"
3. Generate the certificate Request with the command
sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
4. Alternatively use the two commands:
sapgenpse get_pse -v -noreq -p local.pse "<Your Distinguished Name>"
sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
5. Display the output file "certreq" and with copy&paste insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name
6. In response you will receive the certificate signed by the CA in the Service Marketplace, cut&paste the text to a local file named srcert
7. With this in turn you can install the certificate in your saprouter by calling
sapgenpse import_own_cert -c srcert -p local.pse
8. now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account)
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
9. This will create a file called cred_v2 in the same directory.
For increased security please check that the file can only be accessed by the user running the SAProuter.
Do not allow any other access (not even from the same group)!
On UNIX this will mean permissions being set to 600 or even 400!
On NT check that the permissions are granted only to the user the service is running as!
1. Check if the certificate has been imported correctly
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
2. If this is not the case, delete the files cred_v2, local.pse and start over at Item 4. If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands
4.,7.,8. and 10.
Additional actions necessary before you can start saprouter
1. The environment variable SNC_LIB needs to be set for the user account SAProuter is running under.
SNC_LIB has the form
UNIX <path_to_libsecude>/<name_of_sapcrypto_library>
Windows NT, Windows 2000 <drive>:\<path_to_libsecude>\<name_of_sapcrypto_library>
2. Check if the environment of the user running saprouter contains the environment variable SNC_LIB
UNIX printenv
Windows NT System environment variable
3. start the saprouter with the following command line:
saprouter -r -S <port> -K "p:<Your Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
the corresponding file ./saprouttab should contain at least the following entries
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
repeat this for the servers and port_numbers you will need to allow,
please make sure that all explicit ports are inserted in front of a
generic entry '*' for port_number
outbound connections to <sapservX> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port>
permission entries to check if connection is allowed at all
P <IP address of a local host> <IP address of sapserv2>
all other connections will be denied
D * * *
Example
For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
deny all other connections
D * * *
Lalit Kumar -
Public-real IP changed for SAP Router
Hello,
The real IP for SAP Router system has changed, therefore I would need to re configure the same.
I have gone through existing threads, but not throwing much light related to my query.
I tried to reconfigure, but when generating the certificate I get below error. The /usr folder is the old folder of the router and am trying to reconfigure in folder is /newrouter. The OS is windows server 2008.
D:\NewRouter\ntintel>sapgenpse get_pse -v -r certreq -p local.pse "CN=<hostname>,
OU=0000872340, OU=SAProuter, O=SAP, C=D"
Got absolute PSE path "D:/usr\local.pse".
get_pse ERROR: PSE already exists "D:/usr\local.pse"
I have already changed the environment variables for SECU_DIR and LIB one.
My questions are :
1) Is there any way to just update the ip address on the market place by just opening the ticket at XX-SER-NET OR do I need to perform the whole procedure after uninstalling previous configuration.
2) What is the method for uninstallation of SAP Router?
Thanks.
SatHi,
Thanks for your reply.
Actually I changed the env variables and after restarting the sapgenpse command worked.
But I did not proceed further.
I have informed SAP to update the new ip address.
My query is what action should I perform at my end instead of reconfiguring the router again.
Thanks.
Sat -
Benefits for Jco to use SAP router?
When creating Jco destinations, there is an option to use SAP router.
Can we use this option to make the connection more secured for data transfer?
Any other benefits by using this option?
Thanks!Hi,
check below 2 notes. Note 816032 will answer your question in my point of view.
Note 815837 - JCO saprouter string support for Live Auction application
Reason and Prerequisites
In some cases where security is a concern, customer would like to use
saprouter string as a means to define the jco connections instead of
using direct hostname to the SRM system
Note 816032 - Using saprouter to configure UME with ABAP user management
Reason and Prerequisites
In some cases where security is a concern, customer would like to use saprouter string as mean to configure the UME with ABAP user management instead of using the direct hostname in the J2EE Standalone to connect to the ABAP system.
Regards,
Koti Reddy
Maybe you are looking for
-
I have a Macbook Pro early 2011 running on mountain lion version 10.8.2. A while back, i purchased a mini display port thru HDMI port so i could watch dvds on my toshiba television. it all worked great for a while, then the sound just stopped working
-
Camera Connection questions...
I have a couple questions about the iPad Camera Connection that I have not been able to find answers for on the forum: 1. Does the Photo app recognise already imported images if you leave images on your camera after importing and want to import newly
-
Is it possible to connect a 24" LED display to my Power Mac G5? Thanks in advance for any help.
-
Blank offline mixes in Nokia Music
Has anyone experienced specific mixes dissapearing or appearing blank when downloaded to offline from Nokia Music? http://www.nokia.com/support
-
I installed Ad connector 9.1.1.4. No issues were reported during installation. ADITResource was configured according to documentation. If I go Resource Management-> Manage and search Resource Name by AD* the following objects appear: AD Organization