SAPROUTER - route permission denied

Similar Messages

• SAPRouter problem ERROR: sapserv2a: route permission denied

  Hello Gurus,
  we have a problem with connection with SAPOSS, when we test the connection present the following message:
  Connection Error
  Error when opening an RFC connection
  ERROR: sapserv2a: route permission denied (200.30.70.220 to oss001, sapmsOSS)
  LOCATION: SAProuter 37.15 on sapserv2a
  COMPONENT: NI (network interface)
  COUNTER: 5
  MODULE:
  LINE:
  RETURN CODE: -93
  SUBRC: 0
  RELEASE: 640
  TIME: Fri Apr 11 23:54:16 2008
  VERSION: 37
  In the Tx OSS1 we have:
  saprouter1
  name: server name where saprouter is installed
  IP address: LAN IP address where saprouter is installed (is locally intalled)
  Instance no. 99
  Saprouter at SAP
  Name sapserv2
  IP Address 194.39.131.34 (ping to this IP response)
  instance 99
  name oss001
  db name o01
  instance 01
  In Tx ST11, dev_lg log file contains:
  RSTR0006: Display Developer Traces
  trc file: "dev_lg", trc level: 1, release: "700"
  [Thr 4780] Fri Apr 11 16:41:16 2008
  [Thr 4780] *** ERROR => NiBufIProcMsg: hdl 0 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp    2125]
  [Thr 4780] *** ERROR => MsINiWrite: NiBufSend (rc=NIEROUT_INTERN) [msxxi.c      2480]
  [Thr 4780] *** ERROR => MsIAttachEx: MsINiWrite (rc=NIEROUT_INTERN) [msxxi.c      734]
  [Thr 4780] *** ERROR => LgIAttach: MsAttach (rc=NIEROUT_INTERN) [lgxx.c       3980]
  [Thr 4780] *** ERROR => LgApplSrvInfo: LgIAttach(rc=LGEMSLAYER) [lgxx.c       1272]
  [Thr 4780]
  [Thr 4780] *  LOCATION    SAProuter 37.15 on sapserv2a
  [Thr 4780] *  ERROR       sapserv2a: route permission denied (200.30.70.220 to oss001,
               sapmsO01)
  [Thr 4780] *
  TIME        Fri Apr 11 23:32:17 2008
  [Thr 4780] *  RELEASE     640
  [Thr 4780] *  COMPONENT   NI (network interface)
  [Thr 4780] *  VERSION     37
  [Thr 4780] *  RC          -93
  [Thr 4780] *  COUNTER     3
  [Thr 4780] *
  [Thr 4780] *****************************************************************************
  dev_rout file in /usr/sap/saprouter contains:
  trc file: "dev_rout", trc level: 1, release: "700"
  Fri Apr 11 17:02:21 2008
  SAP Network Interface Router, Version 38.10
  command line arg 0:     saprouter
  command line arg 1:     -r
  command line arg 2:     -R
  command line arg 3:     ./saprouttab
  main: pid = 5504, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
  reading routtab: './saprouttab'
  Fri Apr 11 17:02:36 2008
  ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2125]
  Fri Apr 11 17:03:15 2008
  ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2125]
  Thanks,
  HEPC

  Hello Kaushik,
  the problem was solved adding the following line in the saprouttab file, this line must be the firts line in the file:
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  the file continue with:
  inbound connections MUST use SNC
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3299
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3299
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3200
  outbound connections to <sapserv2> will use SNC
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server with saprouter> 3299
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
  permission entries to check if connection is allowed at all
  P <IP server 1> 194.39.131.34 *
  P <IP server 2> 194.39.131.34 *
  I hope this solve your problem,
  Hernando Polania
  Colombia

• SAPRouter - sapserv2a: route permission denied

  Hi Gurus,
  I have configured and registered SAProuter.
  Version: SAP Network Interface Router, Version 38.10
  When try to Log On to SAPNet with 1_Public , I get following error
  *sapserv2a: route permission denied
  Routtab entired:
  SNC connection to and from SAP
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  SNC connection to local system for R/3-Support
  R/3 Server: 192.168.2.4
  R/3 Instance: 00
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.2.4 3200
  SNC connection to local WINDOWS system for WTS, if applicable
  Windows server: 192.168.2.35
  Default WTS port: 3389
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.2.35 3389
  Access from the local Network to SAP
  P 192.168.. 194.39.131.34 3299
  Deny all other connections
  D * * *
  SOLMAN: SP17
  WIN32
  I did not find any latest version of SAPRouter for WIN32. Please suggest ..
  Regards
  Shreeshail Ganiger

  Hi,
  > *sapserv2a: route permission denied
  >
  Why it is picking sapserv2a ? It should be sapserv2. Please check.
  Thanks
  Sunny

• Saprouter  "sapserv3: route permission denied"

  Hi!
  I have one question regarding the SAP router functionality.
  If I check the connection via Tx. OSS1 I can choose the different groups (EWA, 1_PUBLIC, etc.) but after this I am getting the error "sapserv3: route permission denied (212.6.91.12 to 10.16.1.19, sapdp01").
  <b>How can I solve the problem?</b>
  My SAPROUTTAB looks like "P * * *" (it means alls connections are allowed)

  Hi Axel,
  The direct connection via OSS1 is not possible anymore. SAP has deactivated this since April-2006.
  You should make the configuration in OSS1 (I think that is okay for your case as you are getting the different group selection as pop-up).
  Only RFC connection logon is allowed. For more info please check note: 33135
  http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=33135&_NLANG=E
  Cheers !!
  Satya.
  PS: Pls reward points if the answer is helpful...Thx.

• SAP ROUTE PERMISSION DENIED

  Hi Experts,
  When i try to logon SAPNET from T/Code OSS1 its througing error as
  "sapsrv2a: route permission denied(12.34.23.5 to oss1 sapdp01)
  Location SAPoruter 37.15 on sapserv2a
  Component  NI
  Release 640
  Version 37
  Return Code -93
  Counter 5
  Kindly suggest any solution for this problem
  Thanks in Advance,
  Ramamurthy

  HI
  I have this error too if I try to logon to sapnet with OSS1 transaction.
  you must logon to sapnet trought internet explorer http://service.sap.com
  Note 33135 - Guidelines for OSS1
  Note Language:       Version: 15     Validity: valid since 30.06.2006     
  PDF     Download Corrections     Compare Versions     SSCR
       Go to SAP Note:  Display     
  Content:  Summary  |  Header Data  |  Releases  |  Related Notes
  Summary
  Symptom
  You are using transaction OSS1 to establish a remote connection.
  Other terms
  OSS1, RFC connections to SAPNet - R/3 Frontend, SAPOSS, OSS_RFC, SAProuter
  Reason and Prerequisites
  Remote connection to SAP, R/3 system
  Solution
  On April 03, 2006, SAPNet - R/3 Frontend was deactivated as a user interface. SAPNet - R/3 Frontend, which was introduced in 1995 as SAP's Online Service System (OSS), was SAP's first and, for a long time, its only support system, which customers worldwide accessed using transaction OSS1.
  Today, the SAProuter connection via transaction OSS1 continues to be used for the following RFC connections:
  - Transfer of EarlyWatch Alert data
  - Exchange of data using the SAP Notes Assistant
  To install and configure this transaction, proceed exactly as follows:
    1. Making the technical settings for OSS1
  You must configure transaction OSS1 before you can use it. Choose "Parameter" from the menu bar (-> Techn. Settings) and choose "Change".
  The technical settings for transaction OSS1 are set by default to Walldorf (sapserv3) with the IP address 147.204.2.5. If this address does not correspond with the entry in your host file, choose the sapserv3 IP address that is valid for you by choosing the menu option "SAPRouter at SAP -> Walldorf".
  Furthermore, enter your local SAPRouter information in the "SAPRouter 1" fields. Now save the settings.
  After making these changes, the screen for the technical settings should be as follows:
  Router data for the logon to SAPNet - R/3 Frontend
  -Customer SAPRouters----
  -SAPRouter 1----    -SAPRouter 2----
  Name         my_saprouter
  Name
  IP Address   x.x.x.x
  IP Address
  Instanc No.  99
  Instance No.
  -SAPRouter and OSS Message Server at SAP----
  -SAPRouter at SAP----    -OSS Message Server----
  Name          sapservX
  Name          oss001
  IP Address    x.x.x.x
  DB Name       O01
  Instance No.  99
  Instance No.  01
  NOTE:
  Replace sapservX with the following values:
  sapserv1 (194.117.106.129) connection via Internet VPN
  sapserv2 (194.39.131.34)  connection via Internet SNC
  sapserv3 (147.204.2.5)    for customers with connection to Germany
  sapserv4 (204.79.199.2)    for customers in America
  sapserv5 (194.39.138.2)    for customers with connection to Japan
  sapserv6 (194.39.139.16)  for customers in Australia and New Zealand
  sapserv7 (194.39.134.35)   for customers in Asia
  Choose "Start Logon to SAPNet - R/3 Frontend". If the system issues message S1 452, there are errors in the operating system configuration. In this case, see appendix A.
  When you install an access authorization file "saprouttab", you should ensure that all of your front ends and R/3 servers can establish a connection to sapserv3, service sapdp99. Appendix E contains examples of saprouttabs. For more information on the SAPRouter, refer to the SAPRouter documentation (Note 30289).
  Try it again until the dialog box "Please select a group" appears. If the dialog box "Please select a group" is displayed, the configuration for transaction OSS1 is correct. You can then proceed with the next section.
  NOTE:
  When you try to log on to SAPNet - R/3 Frontend, the system issues an error message indicating that you are no longer allowed to log on to SAPNet - R/3 Frontend.
    2. Further questions?
  As soon as you have carried out the steps described above, transaction OSS1 should connect you to the most efficient SAPNet - R/3 Frontend application server.
  If you have further questions or problems, the file entitled "OSS1. TroubleShooting" contains additional information. If you have a problem that you cannot solve, contact our hotline: 0180/5 34 34 3-3.
  Appendix A
  If message S1 452 appears when you try to log on to SAPNet - R/3
  Frontend with transaction OSS1, there is an incorrect setting somewhere (either in the technical settings for OSS1 or at operating system level).
  To find out why the connection to the message server was unsuccessful, choose Tools (Case, Test ( Developer trace (transaction ST11). The trace contains an entry for dev_lg. This file contains the error log. The LOCATION line, if available, contains the host on which the error occurred. The problem description is found in the ERROR line. If you cannot find the entry dev_lg, check whether the program "lgtst" exists (see appendix B).
  Examples of the contents of dev_lg:
  ERROR       partner not reached (host abc.def.gh.i, service sapdp99)
  TIME        Thu Aug 10 09:17:57 1995
  RELEASE    21J
  COMPONENT   NI (network interface)
  VERSION    15
  RC          -10
  MODULE      niuxi.c
  LINE        773
  DETAIL      NiPConnect
  SYSTEM CALL connect
  ERRNO      239
  ERRNO TEXT  Connection refused
  COUNTER    1
  Here, the system could not reach the SAPRouter. For example, no SAProuter could be found under service 99 (port 3299) on the host with the IP address abc.def.gh.i. The SAPRouter process does not work or the IP address was not configured correctly in OSS1.
  ERROR      service 'sapdp99' unknown
  TIME        Thu Aug 10 09:22:00 1995
  RELEASE    30A
  COMPONENT   NI (network interface)
  VERSION    17
  RC          -3
  MODULE      niuxi.c
  LINE        404
  DETAIL      NiPServToNo
  SYSTEM CALL getservbyname
  COUNTER    1
  This message indicates that the service sapdp99 was not entered in /etc/services. Add the entry in /etc/services. This must be available on all R/3 servers and front ends.
  LOCATION    SapRouter on abc.def.gh.i
  ERROR      route permission denied (XXXXXXXX to sapservX, sapdp99)
  TIME        Thu Aug 10 09:37:44 1995
  RELEASE    30A
  COMPONENT   NI (network interface)
  VERSION    17
  RC          -94
  MODULE      nixxrout.c
  LINE        1426
  COUNTER    1
  The file saprouttab, which contains the valid connections, is not correct. The SAPRouter on the host abc.def.gh.i does not set up the connection to sapservX. Check the SAPRouter file saprouttab. This should contain every R/3 server and frontend (see also appendix E).
  LOCATION    SapRouter on abc.def.gh.i
  ERROR      internal error
  TIME        Thu Aug 10 10:50:18 1995
  RELEASE    21J
  COMPONENT   NI (network interface)
  VERSION    15
  RC          -93
  MODULE      niuxi.c
  LINE        773
  DETAIL      NiPConnect
  SYSTEM CALL connect
  ERRNO      242
  ERRNO TEXT  No route to host
  COUNTER    1
  This error message indicates that the host abc.def.gh.i cannot process the IP address of the next host configured in OSS1. If the SAPRouter error message appears and the next host is sapservX, check the address for sapservX. OSS1 is delivered with the default settings sapserv3 and IP address 147.204.2.5. Customers in the U.S.A. are normally connected to sapserv4, IP address 204.79.199.2. If required, change the technical settings of OSS1 accordingly.
  ERROR      internal error
  TIME        Thu Nov 23 00:11:20 1995
  RELEASE    21J
  COMPONENT   NI (network interface)
  VERSION    15
  RC          -1
  COUNTER    1
  This message shows that the instance number entered does not agree with at least one of the technical settings for the SAPRouter defined in OSS1. The default for the instance number of the SAPRouter is 99. Under no circumstances should you enter the instance number of your R/3 system for the SAPRouter. You need to specify instance number 99 for sapservX. Otherwise, it is not possible to log on to SAPNet - R/3 Frontend.
  LOCATION    SapRouter on sapservX
  ERROR       route permission denied (XXXXXX to oss002, sapmsO01)
  TIME        Mon Nov 27 19:25:54 1995
  RELEASE    30A
  COMPONENT   NI (network interface)
  VERSION    15
  RC          -94
  MODULE      nixxrout.c
  LINE        1390
  COUNTER    1
  An incorrect server was entered as message server 001, in this example, the server oss002. The message server for O01 is oss001. Change the technical settings for transaction OSS1 accordingly.
  Appendix B (for Windows NT only)
  Change to the directory "\usr\sap\<SID>\SYS\exe\run" and search for the program "lgtst.exe". If you cannot find it, or if the length of this file is not exactly 640216 bytes, import the program "lgtst.exe" from sapservX via ftp:
  > ftp sapservX
  Connected to sapservX.
  220 sapservX FTP server (Version 1.7.194.2 Wed Sep  8 17:23:04 GMT 1993) ready.
  Name: ftp
  331 Guest login ok, send ident as password.
  Password: <Your_customer_number>
  ftp> cd dist/permanent/OSS1/lgtst.exe
  250 CWD command successful.
  ftp> binary
  200 Type set to I.
  ftp> get lgtst.exe
  150 Opening BINARY mode data connection for lgtst.exe (640216 bytes).
  226 Transfer complete.
  640216 bytes received.
  ftp> bye
  Copy this file into the aforementioned directory.
  Appendix C
  The messages from transaction OSS1 (error messages and information) are given in the following list. Each message is described briefly.
  |No.| Message Text
  |450| Maintain technical settings first.
  |452| Unable to connect to SAPNet - R/3 Frontend message server.
  |454| E: Unable to start SAPGUI.
  |455| SAPGUI was started.
  |456| Specify a server name.
  |457| Specify an IP address.
  |458| Specify an instance number.
  |459| Specify a database name.
  |460| No authorization to log on to SAPNet - R/3 Frontend.
  |461| No authorization to maintain technical settings.
  |462| E: RFC destination could not be generated
  Number 450: Maintain technical settings first
  You can only log on to SAPNet - R/3 Frontend if the technical settings
  are maintained. The technical settings determine the network path from the customer R/3 system to the online service system.
  Number 452: Unable to connect to SAPNet - R/3 Frontend message server.
  This message appears if the connection to the SAPNet - R/3 Frontend message server was not possible (system name O01, server oss001). There can be different reasons for this (see appendix A).
  Number 454: E: Unable to start SAPGUI.
  Transaction OSS1 could start the SAPGUI (not SAPTEMU), either because the program does not exist in the path given, or because the execute permission is not set correctly. Check whether the SAPGUI exists; SAPTEMU alone is not sufficient.
  Number 455: SAPGUI was started.
  This is not an error message. It merely informs you that an additional SAPGUI was started to establish a connection to SAPNet - R/3 Frontend.
  Number 456: Specify a server name.
  The server name was omitted from the technical settings.
  Number 457: Specify an IP address.
  The IP address was omitted from the technical settings.
  Number 458: Specify an instance number.
  The instance number was omitted from the technical settings.
  Number 459: Specify a database name.
  The database name for the Online Service System (001) was omitted from the technical settings.
  Number 460: No authorization to log on to Online Service System
  You do not have authorization to call transaction OSS1. Up to Release 2.2F: The authorization S_TSKH_ADM is checked for value 1. After Release 2.2F: For transaction OSS1, there are two special authorization profiles (see appendix D).
  Number 461: No authorization to maintain technical settings.
  You do not have the authorization to maintain the technical settings (see appendix D).
  Number 462: E: RFC destination could not be generated.
  In Releases 2.2, you can ignore this message. When saving the technical settings, an attempt is made to generate the RFC destination SAPOSS. The length of an RFC destination is limited in 2.2, and the maximum length was exceeded by the parameters of the technical settings.
  Appendix D
  As of Release 2.2F, there are two different authorization profiles for transaction OSS1: S_OSS1_START and S_OSS1_ADMIN.
  S_OSS1_START authorizes you to call transaction OSS1 and to log on to the Online Service System. In addition, S_OSS1_ADMIN contains the
  authorization to maintain the technical settings for the transaction.
  The technical settings of OSS1 must be made at least once. Therefore, add S_OSS1_ADMIN to your user profile, log off, and then log on again afterwards.
  Appendix E
  Prerequisites:
  (A TCP/IP connection can be established between the SAProuter on
  the customer system and the SAProuter on sapserv3 in Walldorf.
  (The SAProuter process must be started on the server that is registered
  with SAP:
  saprouter -r -R saprouttab &
  Example of the "saprouttab" file with minimum configuration:
  saprouttab - Example
  Allows connections from the entire customer network to sapservX
  and therefore to the Online Service System via SAProuter port 3299.
  P      *      sapservX    sapdp99         *
  Allows connections from sapserv3 to the entire customer network,
  for example for EarlyWatch or First Level Support.
  P   sapservX      *          *            *
  Header Data
  Release Status:     Released for Customer
  Released on:     30.06.2006  09:13:57
  Priority:     Correction with high priority
  Category:     Consulting
  Primary Component:     XX-SER-NET Network connection
  Antonio.
  Edited by: Antonio Voce on May 22, 2008 5:07 PM

• Sapserv1:route permission denied (216.53.212.149 to 147.204.100.55, sapdp01

  Hi,
  We are having issue with our sapnet connection. When ever I am trying to connect to sapNet im getting this error. The following is the procedure i m doing
  1. t-code oss1
  2. logon to SAPNet
  3. selecting the group PUBLIC
  then I m getting thid error
  sapserv1:route permission denied (216.53.212.149 to 147.204.100.55, sapdp01)
  Please reply me back ASAP as this is urgent issue. I will appriciate ur help n sugsestions.

  Hi,
  On April 03, 2006, SAPNet - R/3 Frontend was deactivated as a user interface. SAPNet - R/3 Frontend, which was introduced in 1995 as SAP's Online Service System (OSS), was SAP's first and, for a long time, its only support system, which customers worldwide accessed using transaction OSS1.
  Today, the SAProuter connection via transaction OSS1 continues to be used for the following RFC connections:
  - Transfer of EarlyWatch Alert data
  - Exchange of data using the SAP Notes Assistant
  To install and configure this transaction, proceed exactly as follows:
    1. Making the technical settings for OSS1
  You must configure transaction OSS1 before you can use it. Choose "Parameter" from the menu bar (-> Techn. Settings) and choose "Change".
  The technical settings for transaction OSS1 are set by default to Walldorf (sapserv3) with the IP address 147.204.2.5. If this address does not correspond with the entry in your host file, choose the sapserv3 IP address that is valid for you by choosing the menu option "SAPRouter at SAP -> Walldorf".
  Furthermore, enter your local SAPRouter information in the "SAPRouter 1" fields. Now save the settings.
  NOTE:
  Replace sapservX with the following values:
  sapserv1 (194.117.106.129) connection via Internet VPN
  sapserv2 (194.39.131.34)  connection via Internet SNC
  sapserv3 (147.204.2.5)    for customers with connection to Germany
  sapserv4 (204.79.199.2)    for customers in America
  sapserv5 (194.39.138.2)    for customers with connection to Japan
  sapserv6 (194.39.139.16)  for customers in Australia and New Zealand
  sapserv7 (194.39.134.35)   for customers in Asia
  Choose "Start Logon to SAPNet - R/3 Frontend". If the system issues message S1 452, there are errors in the operating system configuration.
  When you install an access authorization file "saprouttab", you should ensure that all of your front ends and R/3 servers can establish a connection to sapserv3, service sapdp99.
  Try it again until the dialog box "Please select a group" appears. If the dialog box "Please select a group" is displayed, the configuration for transaction OSS1 is correct.
  I hope this will help you.
  Regards
  Aashish Sinha
  PS : reward points if helpful

• Route permission denied

  Hello everbody;
  When I want to entry to the server sap, I have this error route permission denied (181.66.156.130 to n4sexternal,sapdp01)
  Someone can help me please

  Hi, Robert!
  You'll have to config your SapRouter appropriately. It's usually done by Basis team.

• Saprouttab, route permission denied

  hi,
  I have to open one ITS (internet transaction server) link to SAP thru saprouttab. I have done the entry in saprouttab. But when SAP is trying to connect, he is getting error "SAP WEB PROXY: destination server not reachable"
  detail error : route permission denied.
  I have a ITS link <hostname.mycompany.com> and the port is 80. In saprouttab table, permission is given and entry is
  P 204.79.199.2 <hostname.mycompany.com>             80
  P 147.204.2.5  <<hostname.mycompany.com>         5631
  My Question:
  What is the correct port for ITS link ? Since my ITS link is having default port 80, I have given 80  in saprouttab. But still it is giving error route permission denied. SAP has send me the error screen snapshot and in that destination port it is showing 3299.
  Can any one help me what should be the correct entry in saprouttab and the correct port number ?? Is there any way I can check the permission before asking SAP to check ?
  Thanks
  Regards,
  Basis

  hi basis ck,
  3299, is the SAP Gateway Service port. So check whether this service is mentioned in "service" file or not. If not then make an entry there.
  Normally, if u have a SAPGUI installed in ur machine, then the entry will be automatic.
  I think then connection should be ok or else then try with 3299 in place of 80 in ur saprouttab entry.
  with regards,
  Samarpan

• JCO Connection - route permission denied

  Coulds any one suggest on this error
  Connect to SAP gateway failed Connect_PM
  Rout permission denied

  Hello Mario,
  it seems that the SAP Router which is used with hte connection String does not allow you to connect. Have you tried the Connection string to logon with SAP GUI?
  Regards
  Gregor

• Permission denied in sap router

  Hello everybody,
  I have installed the SAPROUTER.
  when our remote user login by SAPSTRING 114.240.174.28 then user can login without any problem
  but when the user used the  /H/114.240.174.28/H/192.168.0.170/S/3299/H/
  then they can not able to login, get error
  router permission denied 115.240.50.30 to 192.168.0.170, 3299
  I have check the saposs RFC from sap its work fine.
  In my SAP routtab file I maintain the entries as follows
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.180 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.185 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.186 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.180 *
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.185 *
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.186 *
  P * 194.39.131.34 3299
  P * * *
  Please suggest where is wrong.
  Thanks
  Ganesh

  HI,
  Our remote user can access with the    /H/external_IP_of_saprouter/H/internal_IP_of_saprouter/H/  this string
  but now they are not able to access by using above said string , when they tired to access they got message
  like
  router permission denied 115.240.50.30 to 192.168.0.170, 3299
  actually, in saprouttab I mention P * * * .
  Thanks
  Ganesh

• Maintain the Route Permission Table in the system32 for saprouter

  Hi friends,
  I am establishing a remote connection to SAP
  1) I have installed saprouter in Windows, saprouter service created successfully
  2) I followed the link http://help.sap.com/saphelp_nw70/helpdata/en/4f/992dab446d11d189700000e8322d00/content.htm and according did all configurations
  3) Now I don't know how to create and maintain Rout Permission Table in system 32
  The following example I got from help.sap.com
  156.56..
  All host addresses beginning with 156.56
  133.27.17.*
  All host addresses beginning with 133.27.17
  133.27.16.0/24
  All host addresses beginning with 133.27.16 (0/24 at the end means that the first 24 bits are relevant, that is, the first three blocks)
  156.56.1011xxxx.*
  All host addresses from 156.56.176.* to 156.56.191.*.
  (Binary interpretation of the third byte of the address. u2018xu2019 is a freely selectable binary value (1 or 0).)
  I found complex in above note:
  My router IP is 192.168.1.116
  Kindly guide me for further help.
  Regards
  Nilanchal

  Nilanchal,
  Check out the following links:
  [http://help.sap.com/saphelp_45b/helpdata/en/4f/992dab446d11d189700000e8322d00/frameset.htm]
  You can check route permission table link in the above link.
  Have you posted real IP addresses? if yes, please do not post real IP addresses on the forum for your network security reasons.
  Also check following Note:
  Note 525751 - Installation of the SNC SAPRouter as NT Service
  Hope this helps.
  Manoj
  Edited by: Manoj Chintawar on Mar 30, 2009 12:34 PM

• Continous mDNSPlatformTCPConnect ("Permission denied") errors. What does this mean? What should I do to resolve this?

  MB Air (1.8GHz); MacOS 10.9.2
  In the System Log I see frequent and, at times, continuous (up to several per second) entries like the following:
  4/16/14 9:00:13.936 AM mDNSResponder[73]: ERROR: mDNSPlatformTCPConnect - connect failed: socket 63: Error 13 (Permission denied) length 16
  While I can't point to any specific system issues that result from this, I do have the following (perhaps related, perhaps unrelated) problems:
  1. Over time, memory pressure gradually increases until, every few days, I need to re-boot. I'm not accustomed to having to perform "maintenance boots" under MacOS. (For example, my Mac Mini, also running Mavericks, runs for weeks/months without needing to re-boot; it's my household media server, running iTunes but that's about it.) Feels like a memory leak to me.
  2. TimeMachine is unpredictable for me. When I have TimeMachine enabled, it will do incremental backups for up to a day or so, then the machine ends up in what looks like a run loop, with apps (such as Mail) in a "not responding" state. Can't reliably force-quit those apps at that time - pretty much have to hard-boot the machine and restart. (Note that I'm using a QNAP NAS disk array; has worked fine in the past, pre Mavericks; I'm running latest/greatest NAS firmware.)
  At any rate, any insights regarding the DNS error (what it means; what triggers it; whether I should care; if so, what I should do to quell it; etc.) deeply appreciated.
  Doug Engfer

  May I ask why you want me to remove the AV software?
  Because it's the likely cause of your problem, and even if it isn't, it's worse than useless.
  1. This is a comment on what you should and should not do to protect yourself from malicious software ("malware") that circulates on the Internet. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to your computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  If you find this comment too long or too technical, read only sections 5, 6, and 10.
  OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
  The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
     3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
  An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
  Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
     For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
  4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
  5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
  Software from an untrustworthy source
  Software of any kind is distributed via BitTorrent. or Usenet, or on a website that also distributes pirated music or movies.
  Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, your browser, or anything else.
  Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
  The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
  Software that is plainly illegal or does something illegal
  High-priced commercial software such as Photoshop is "cracked" or "free."
  An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
  Conditional or unsolicited offers from strangers
  A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
  You win a prize in a contest you never entered.
  Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
  A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
  Anything online that you would expect to pay for is "free."
  Unexpected events
  You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
  An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
  Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
  I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
     6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
  Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
  7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. Research has shown that most successful attacks are "zero-day"—that is, previously unknown. Recognition-based malware scanners do not defend against such attacks.
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  Most importantly, a false sense of security makes you more vulnerable.
  8. An anti-malware product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  An anti-virus app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize by the file name alone. An actual example:
  London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
  You don't need any software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's seldom a reason to use recognition software unless an institutional policy requires it. Windows malware is so widespread that you should assume it's in every unknown email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may be useful if an ill-informed network administrator says you must run some kind of "anti-virus" application.
  The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
  10. As a Mac user you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither should you assume that you will always be safe from exploitation, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. "Hmmmm, this torrent is a crack of that new game I want. I think I'll download it. It could be a trojan, but the antivirus will warn me if it is." Then they wonder why their Mac is so slow all of a sudden. It's slow because it's running flat out mining Bitcoins for a hacker who has already sold their credit card number and banking passwords to a criminal gang. Maybe a week later the antivirus does warn them, but what good does that do?
  Nothing can lessen the need for safe computing practices.

• I get an error message when I try to revise items I am selling on ebay. eBay says it is my computer. This is the error message as follows lscgid: execve():/home/wwocom/public_html/style.cgi: Permission denied..What can I do

  I get an erro message when I try to revise my items while selling on ebay.
  The error message is as follows: lscgid: execve():/home/wwocom/public_html/style.cgi: Permission denied
  I called ebay they say it is my computer.
  What do I do to clear this message so I can sell on eBay?

  That's a server message : ebay's computers, rather than yours.
  You could try clearing cache & cookies for ebay in your browser : eg. Safari - Preferences - Privacy
  & if you still have problems, restart your modem/router.
  You're sure that the message shows at a genuine ebay site ? : see the recent replies at
  http://community.ebay.com/t5/Trust-Safety-Safe-Harbor/Fake-eBay-Sign-In/td-p/185 55847/page/2

• How to resolve "SCRIPT70: Permission Denied" on IE10?

  Hi there,
  One some of IE10/WIN7 machines, the javascript-coded popup menu is disabled on an enterprise web application. I enabled the developer tools and found the following error. It is clear that the issue is not with the web application, but with IE or
  client machine configuration. I have been searching for the solution for one week and still go nowhere.  The javascript is enabled on browser side. What information shall I collect to narrow down the problem? Thank you.
  Error Msg is:
  SCRIPT70: Permission Denied
  PopupMenu.js, line 305 character 1.
  Jay

  I have the same problem.
  I actually have a web site developed with angularJs v1.2.26, with firefox and chrome its all ok, but i
  have the need of compatibility with IE10 and up.
  Sometimes I get the error "SCRIPT70:
  permission denied" and its solved clicking F5 and information is loaded, but its not a real solution.
  I have a route /login when someone enters to my web site, and in this controller the only thing that happens is a redirecto to a url where user is authenticathed with
  SAML.
  The code i have in this login.controller.js is:$window.location.href = '/auth/saml/login';
  I think IE10 has some problem in reload information, or with this code.
  Also when user is logeed and IdP send me the response , user is redirected to my main page for watchinf information. "res.redirect('/') and I have the same error too.
  What could happen? In other browsers all is correct. Could you reach/find a solution?
  Thank you too much.

• Rlogind: Permission denied.

  Let me start with I know very little about the Solaris OS or any flavor Unix. This was dumped on me when the server was installed and rsh and rlogin would not work becasue we do not have a Solaris admin on staff. So please talk slow.
  When we attempte to rlogin across the network to this new server the error rlogind: Permission denied. is returned. RSH returns nothing at all, just a blank line. Due to some IP conflicts and routing issues, I have had to play some games to allow connectivity between the source network and the server. The IP we rsh to is an IP on the firewall mapped to an IP that is NATed to the real server IP. RSH and RLOGON has been tested coming from another network segment not going through all the NAT's and Mapped IP's and that works ok. I have simulated the setup on my firewall to another server and RLOGON works through the mapped IP setup. The only part I do not have access to test is the NAT to the real server IP on the vendor network.
  What do I need to be looking at to make this work?

  Hello,
  Please try to login from the server where the rsh server daemon is running and let us know the result.
  ex : rlogin localhost
  Thanks,
  Sal.