Saprouter to Saprouter using SNC
Hi.. we already have a saprouter (routerA) using SNC connected to SAP for the OSS connection.
Now we were thinking to create anothe snc connection from routerA to another saprouter (routerB).
Which distinguish name that we should use and how is the process ? found documents on setting up SNC to SAP, and we can get our distinguish name from SAP.
But for connection to another SAP i could not find any.
Suggestion and reply really appreciated.. thank you
Hi,
First of all,why do you require another router?
Call up the nearest SAP center for more details.
Rgs
vikas
Similar Messages
-
SAPRouter to SAPRouter SNC Setting
Dear Experts Teams.
It is currently established the SNC connection of their SAPRouter server and SAP AG.
I want to connect the SAPRouter to external network SAPRouter for SNC.
However, I know that there are certificates to SNC connections, but in SAPRouter server,
I don't know the procedure of issuance of the order to configure the SNC.
Tell me the procedure of SAPRouter to external network SAPRouter SNC connection.
In addition, this configuration or would not have been supported by SAP?
Regards.
JunError is displayed when you start -K option SAPRouter.
By the way, SAPRouter have the following settings.
■SAPRouter Host1
※Possible SNC connection with SAP AG SAProuter
SNC Name:CN=SNC201401-01 OU=SAProuter, O=SAP, C=DE
SAProuttab:
KT "p:CN=snc201306-09" * 3299
P * * *
SAPRouter Command:
saprouter -r -S 3299 -T dev_rout -K "p:CN=SNC201401-01, OU=0000657984, OU=SAProuter, O=SAP, C=DE"
■SAPRouter Host2
SNC Name:CN=SNC201401-02
SAProuttab:
KT "CN=SNC201401-01 OU=SAProuter, O=SAP, C=DE" <Host1 Gloval IP> 3299
P * * *
SAPRouter Command:
saprouter -r -K p:CN=SNC201401-02
SAPRouter of Host1 to start normally, but, SAPRouter of Host2 can not boot properly.
And has implemented procedures to reference the URL.
http://wiki.scn.sap.com/wiki/display/Basis/How+to+setup+SNC+connection+between+SAProuters
Jun -
Configure SSO for ITS to R/3 using SNC/Kerberos
Our R/3 systems had been configured for SSO using SNC and Kerberos for awhile now. We now have a requirement to configure SSO between ITS and R/3. Since our R/3 env. has been using kerberos library, we won't be able to use SAP Cryptographic library. I had modified the registry, environment and services in itsadmin to point to the kerberos library and principal names for agate and r/3 servers as described in SNC User Guide; also, I updated table SNCSYSACL with the Agate SNC name. That seems to work fine. From the trace file, it recognized GSS-API library for Kerberos and the SNC name for Agate. However, when I tried to logon to R/3 from ITS, I still am being prompted with the logon screen to enter my SAP account/password.
I found several whitepapers and documentations stating that ITS does support Kerberos for SSO but I couldn't find any procedure on how to implement it. Following is the error I'm getting from the sapbasis.trc file but I can't find any document on this error:
=====================================================
[Thr 5284] SncInit(): Initializing Secure Network Communication (SNC)
[Thr 5284] PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
[Thr 5284] SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "C:\WINNT\system32\gsskrb5.dll".
[Thr 5284] File "C:\WINNT\system32\gsskrb5.dll" dynamically loaded as GSS-API v2 library.
[Thr 5284] The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
[Thr 2888] Sun Jan 15 22:44:59 2006
[Thr 2888] <<- ERROR: SncSetParam()==SNCERR_PARAM_DENIED
[Thr 2888] *** WARNING => NO Domain! domain==NULL means: No domain at all within the cookie. [sapss1_loctr 333]
[Thr 2888] Sun Jan 15 22:45:29 2006
[Thr 2888] *** WARNING => NO Domain! domain==NULL means: No domain at all within the cookie. [sapss1_loctr 333]
=====================================================
Does anyone know what am I missing? Any help is greatly appreciated.
Thank you!
DiemHi Markus,
I also just installed/configured PAS for LDAP authentication using the "PAS for External Authentication Mechanisms" documentation. I think the domain problem probably due to not having the external authentication mechanism install (in this case - PAS). Does that sound right to you?
I tried both options for ~extid_type parameter = "LD" and "UN". I added the DN information to table USREXTID when ~extid_type="LD" but both options gave me error of "LDAP authentication failed". I increased the trace level for sapextaut.trc but I don't see enough detail information. Following are the errors/data from the trace file. Can you please let me know how I can tell what string is being passed for authentication?
I'm quite sure the LDAP host and port data is correct since we've been using the same information for the SAP LDAP connector and we've been using our LDAP connector between MS AD and R/3 for a long time without any problem.
To logon to R/3 through ITS, I entered the AD account (CN attribute in AD) when I got the errors.
Thank you very much for all your help.
Diem Tran
Trace:
=====================================================
2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth, 437]: W sapextauth: PAS session begins...
2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth, 456]: sapextauth: SncNameR3 is: "p:na1adm/[email protected]"
2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth, 462]: sapextauth: SncNameAGate is: "p:[email protected]"
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 468]: sapextauth: SNC_LIB is: "C:\WINNT\system32\gsskrb5.dll"
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 568]: sapextauth: XGatConnectSession leaving....
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 616]: sapextauth: XGatHandleLogin called....
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 976]: sapextauth: Entering XGatHandleLogin with LDAP...
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 993]: W Either ~login or ~password missing, returning XGDKRCloginrequired.
2006-01-18T01:39:50.281 p001688 t4992 s00000000 [sapextauth, 398]: sapextauth: XGatEventOpenSession called...
2006-01-18T01:39:50.281 p001688 t4992 s0158B4E8 [sapextauth, 616]: sapextauth: XGatHandleLogin called....
2006-01-18T01:39:50.281 p001688 t4992 s0158B4E8 [sapextauth, 976]: sapextauth: Entering XGatHandleLogin with LDAP...
2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1059]: sapextauth: LDAP port ist 389
2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1261]: E sapextauth: LDAP authentication failed.
2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1277]: E sapextauth: Wrong try for user Tran_Diem
2006-01-18T01:39:59.140 p001688 t4992 s00000000 [sapextauth, 398]: sapextauth: XGatEventOpenSession called...
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 616]: sapextauth: XGatHandleLogin called....
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 976]: sapextauth: Entering XGatHandleLogin with LDAP...
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1059]: sapextauth: LDAP port ist 389
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1261]: E sapextauth: LDAP authentication failed.
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1277]: E sapextauth: Wrong try for user Tran_Diem
======================================================= -
Scheduling BW Crystal Reports Using SNC?
Here is the workflow that I am trying to handle:
I have created a Crystal report against a BW query and published that report to our BOE environment. That report is currently being scheduled to run in BOE using my BW credentials under Database Configuration. I do not want to continually maintain the BW credentials under Database Configuration when password changes occur.
Can I avoid this maintenance by enabling server-side SNC between BW and BOE?I don't know the expiration, you'd have to test but if users login with SAP then a token is cached for a pretty long time (even after system reboots) They do eventually expire in some cases and you run into issues if users change their passwords in SAP. You can use SNC to work around those issues if they are even issues. So if your users change their passwords often and you see the logon token expiring then use SNC server trust (KB 1500150 will have all the info you need) else try without.
Regards,
Tim -
Performance Impact When Using SNC Communication
Hello,
Does anybody know if and how much performance impact there is if we use SNC for communication between the SAP Server and SAPGUI?
I think there are two areas that may be impacted; Network and server CPU.
For network load, I did find a part in "Front-End Network Requirements for SAP Business Solutions" document saying "overhead of roughly 350 bytes per user interaction step" but it does not specify the type of encryption. I wonder if there is any other info on this?
For CPU impact, how much overhead should I consider for sapgui access?
I see no field for this in the quicksizer and I can't seem to find any white papers on this subject.
Thank you in advance.>
Peter Adams wrote:
> Ken,
>
> if you plan to use SAPcryptlib for SNC between SAP servers, then you should use a SAPcryptolib-compatible solution for the SNC communication between SAPGUI and SAP server, and there is only one vendor who can provide this. Let me know, if you need help finding it. My contact information is in my SDN business card.
Just so Kan is clear - It is not legal to use the SAP cryptolib provided by SAP for SNC between SAP GUI and SAP servers, so if x.509 is the desired mechanism you need to purchase additional software from the company which Peter works for to provide SAP GUI SNC-based SSO. I think instead, Kan might be using the free SAP supplied SNC Kerberos library, which is why I asked him to confirm this in my last post. I doubt he is interested to buy any third party software.
> As to the performance discussion: first of all, yes, there will be a small performance impact if SNC is used (no matter which type or implementation), but from our experience with many actual SNC implementations, I can state that this is practically not relevant. It is not noticeable by users. There were never any performance discussions with customers. See also SAP Note 1043694.
I agree with this - the performance impact is not noticed by users, but the system managers who look after the servers where SAP is installed, and the team responsible for the network need to be aware of any differences (if any) when SNC is turned on and when SNC is turned off. I think this is why Kan is asking these questions, not because he is concerned about users noticing any difference when they logon to SAP.
> Just a first quick comment on certain statements above: Tim's arguments for proving his overall statement are not conclusive from my perspective. Nor do I think his overall statement itself is correct.
The facts I mentioned are well known facts, e.g. symmetric crypto is far better from performance point of view than asymmetric. I know the examples I have shown which I found when doing a quick google search were not conclusive, but they were shown as initial examples, not necessarily the best examples. This is why I specifically mentioned that if you search in google yourself you will see many more references where comparisons are done between Kerberos (e.g. symmatric) compared with PKI (e.g. asymmetric).
> First of all, he only selects one aspect of performance - CPU impact of encryption algorithms.
No, I didn't. Some of the examples I referred to also discuss other differences. I also mentioend other differences such as memory and what protection level is used when configuring SNC.
> But for a true comparison, you'd have to look at all relevant aspects (latency, network overhead, ...).
Yes, I agree. No doubts here.
>Network performance overhead is usuallly worse with Kerberos than with PKI.
This is not true. When SAP is using SNC, the GSS-API standard is used and so the only network communication involves SAP software sending a standard GSS token from the workstation to the SAP server, and this GSS token is often about the same size, regardless of which mechanism is used, so any network performance differences are not related to the mechanism, but more related to the complexity of the cryptography used on each end (mostly on the server side).
>Second, you need to look at the specific usage scenario. For example, the first report referenced by Tim is an analysis about different Token Profile mechanism for WS Security, for one specific implementation. This does not allow to draw any conclusion for the SNC use case in general, and for sure not for a specific implemenation. It does not take the overhead for the encryption of the message content into account. Third, Tim associates PKI exclusively with asymmetric encryption. Yes, it is well known that asymmetric algorithms are slower than symmetric ones, but it is also well known that the encryption of the message content (by far the majority of the data) happens with symmetric encryption algorithms in the PKI scenario. With PKI-based SNC, you can even select a symmetric algorithm and use a more performant one that the ones that Kerberos prescribes.
Kerberos works with many different symmetric algorithms as well, so mentioning that the alg is selectable is not relavent to any comparison.
> To summarize, I will try and collect facts that will support the opposite point of view. From our practical experience, the performance overhead is not relevant, and criteria like consistency with SAPcryptolib, strength of security, ease of administration, choice of authentication and encryption mechanism, etc. are much more important.
>
> Peter -
Connectig to sapserv7 via FTP using SNC
HI All ,
I am having SNC configured in saprouter for R3support, now i need to transfer huge files to sap for which i have been asked to transfer through ftp, any help in this regard?
Regards
Robert.Hi Rishi,
thanx for your reply, i have asked sap, they have opened a container to upload the files.
but i need to understand how to configure my saprouter for ftp connection.
Regadrs
Robert -
I have configured a Jco in my SLD, configured a system in the portal and the connection test to the backend is successful.
I then changed the System properties in the portal to SNC and the connection still worked.
I then changed the JCo in the SLD but the Pint and Test from the SLD using the SNC Jco now does not work. The following errors occur
com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: connection closed without message (CM_NO_DATA_RECEIVED)
Failed to ping JCo destination 'SAP_R3_HumanResources'
Any cluesHi Graham,
Please have a look at [JCo Exceptions |http://help.sap.com/saphelp_nw70ehp1/helpdata/en/f6/daea401675752ae10000000a155106/content.htm]
Hope it will helps
Regards
Arun -
Multiple SAProuters in line to OSS
Hi all,
I have an interesting situation that might work but at the moment doesn't...
The connection from the SAP-system to OSS is as follows:
1. SAPserver --> unencrypted to
2. Local SAProuter --> with password to
3. Remote SAProuter --> with SNC to
4. SAProuter at SAP
The link between 1. SAPserver and 2. Local SAProuter works.
The link between 2. Local SAProuter and 3. Remote SAProuter gives an error when testing the connection in SM59:
"timeout, return code -93", "timeout occured / LB: Unexpected error in LG layer".
The link between 3. Remote SAProuter and 4. SAProuter at SAP using SNC works (yes, it's been tested).
For those interested in helping me with this problem the setting in the RFC destination:
/H/192.168.16.5/S/sapdp99/W/
/H/{public IP of 3.Remote SAProuter}/S/sapdp99
/H/147.39.131.34/S/sapdp99
/H/oss001
Ideas anyone?
Please?
Kind regards,
MartinOK, with the help of SAP-support (Vielen Dank, Birgit!) I got it to work:
The routing between the SAProuters must be OK.
The first SAProuter in the chain as seen from SAP is registered at the General Tab of the System Data at SAP Service Marketplace.
The second SAProuter as seen from SAP is registered at the Database Tab under Additional SAProuter !
When using application servers you must also register the Second SAProuter under Additional SAProuter.
The routerstring used when opening the Service Connection must include BOTH SAProuters in the correct order as seen from SAP .
Quite simple really. -
Solution Manager's network requirements
Hi Experts,
we want to install solution manager. But it seems Solution manager should be connected to SAP.
Is it possible to use SNC over Internet to connect our Solution manager to SAP? What kind of connection is normally used?
Thanks a lot.
Rongfeng>
Rongfeng Shi wrote:
> Hi Experts,
>
> we want to install solution manager. But it seems Solution manager should be connected to SAP.
>
> Is it possible to use SNC over Internet to connect our Solution manager to SAP? What kind of connection is normally used?
>
> Thanks a lot.
>
> Rongfeng
Hello Rongfeng,
Yes you are right. Solution Manager requires a connection to SAP to work on functions lilke Service Desk and Maintenance Optimizer.
These connections are made via RFC typically the RFC SAP-OSS and SAP-OSS-LIST-O01. Also the RFC SAPOSS and SAPNET_RFC is used.
It is possible to have a SAPRouter setup to use SNC over internet and then use this SAPRouter with Solution Manager in the details of these RFC's so that the RFC's function.
Following notes discuss the details on SNC and SAProuter :
35010 -- Service connections: Composite note (overview)
31515 -- Service connections
30289 -- SAProuter documentation
Hope that this information helps.
Regards
Amit -
SNC with SAPRouter configuration for Third party company
Hi expers,
Need your advise for my below scenario.
We are running SAP on IBM i. My question is about outside world connectivity with encryption mechanism to SAP AS.
As of now , we are not using SNC either for internal / external network connectivity with SAP apps server. But we are going to allow third party company to connect for one of the payment processing takes place. Since the third party company not accepting VPN connectivity, we are planning to implement Separate SAPRouter configured with SNC, (encryption option), and open the firewall port for them. How much secured it is ? we are in the process of installaing and configuring windows server for SNC & SAPRouter installation. What are all the required configuration in SAP Application server level & new SNC server, for this ? How exactly SAPGui ( from third party company) to SAP Apps Server will go through the traffic ? Need experts advise on this ?
Basically I want to make sure, once it is configured, trafic will go through encrypted way outside of our network. Thanks in advance for all your valuable reply !Hi mgrant,
The information at the bottem of the article in in Keith_Beddoe's personal website may help. Link: Using your own router for Infinity
The MTU Size needs to be set as 1492
Cheers
jac_95 | BT.com Help Site | BT Service Status
Someone Solved Your Question?
Please let other members know by clicking on ’Mark as Accepted Solution’
Try a Search
See if someone in the community had the same problem and how they got it resolved. -
Using saprouter in solution manager 4.0 environment with SMD
I am currently using Solution manager 3.2 (on SAP basis 6.20 technology). We have not used any Solution Manager functionality that necessitated using the internal ITS, thus all access to solution manager SAP has been through sapgui or RFC. Both these protocols can be routed through saprouter and we make use of this fact, having placed non-natting firewalls between both sapgui users ans SAP; and some ccmagents and SAP.
Now we want to move on to solution manager 4.0 with the JAVA stack and also run SMD. We need SMD because we have also begun using SAP Netweaver 04 Enterprise Portal (Java only SAPs) which we wish to monitor with SAP solution monitor. The portals are all on an internet facing eithernet segment outside the non-natting firewall protecting our ABAP SAPs (including Solution Monitor host).
Is it possible to route SDM agent connections to SDM through saprouter? If so, are there any examples?
What about sapwebdispatcher? Can it also be routed through saprouter? examples?
What about SLD? same questions...
What about Mercury Loadrunner?No! No! I am not interested in using a saprouter between OSS and my http connection that is effectively http://myhost:5xx00/smd. I am wondering about the SMD agent connection to SMD server (and vise versa). The hosts I want to monitor cannot ping the solution monitor diagnostics machine, but ccmsping via saprouter is possible. Can the SMD agent talk to the SMD server via saprouter? Examples? Can the SMD server talk to the agent via saprouter (perhaps different saprouter)?
SMD agent ---> firewall1 --> intranet --> firewall2/saprouter --> SMD server
SMD server --> firewall2/saprouter --> firewall1/saprouter --> SMD agent -
Configurar saprouter para aceitar conexoes de fora
Olha sei que este topico ja foi aberto mas volto a pedir um suporte. Preciso me conectar ao meu SAP de casa, tenho no meu saprouttab o seguinte:
# SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
# SNC connection to local system for R/3-Support
# R/3 Server: 192.168.1.1
# R/3 Instance: 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.1.15 3200
# SNC connection to local WINDOWS system for WTS, if applicable
# Windows server: 192.168.1.2
# Default WTS port: 3389
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.1.15 3389
# SNC connection to local UNIX system for SAPtelnet, if applicable
# UNIX server: 192.168.1.3
# Default Telnet port: 23
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.1.15 23
# SNC connection to local Portal system for URL access, if applicable
# Portal server: 192.168.1.4
# Port number: 50003
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.1.1.15 50003
# Access from the local Network to SAP
P 10.1.1.15 194.39.131.34 3299
# Permitir todas as redes temporariamente
P * * *
# deny all other connections
D * * *
Ja coloquei no meu SAPGui a seguinte string:
/H/<IP PUBLICO DA FIREWALL>/S/3299/H/
IP - 10.1.1.15 = IP Do servidor de SAPRouter que é o mesmo Servidor que correr o SAP ECC 6.
So que mesmo assim nao consigo conectar-me, o que estará errado aqui.
cumprimentos.Bom dia!
Estou tentando configurar o SAP ROUTER para possbilitar conexões a partir de uma rede externa. Entretanto, sem sucesso. Agradeço toda ajuda!
# inbound connections MUST use SNC
# yyy --> SAP ROUTER DA EMPRESA QUE IRÁ ACESSAR O MEU SAP VIA SAP ROUTER.
# ECC --> SERVIDOR ECC 6
# SOL --> SERVIDOR SOLMAN
# SRM --> SERVIDOR SRM
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YYY.YYY.YYY.YYY *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" ECC.ECC.ECC.ECC 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" ECC.ECC.ECC.ECC *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" ECC.ECC.ECC.ECC 3300
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" ECC.ECC.ECC.ECC 3600
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SOL.SOL.SOL.SOL 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SOL.SOL.SOL.SOL *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SOL.SOL.SOL.SOL 3300
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SOL.SOL.SOL.SOL 3600
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SRM.SRM.SRM.SRM 3600
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SRM.SRM.SRM.SRM 3300
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" SRM.SRM.SRM.SRM *
# outbound connections to <sapservX> will use SNC --
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YYY.YYY.YYY.YYY *
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YYY.YYY.YYY.YYY 3200
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YYY.YYY.YYY.YYY 3298
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" YYY.YYY.YYY.YYY 3299
# permission entries ONLY ECC
P ECC.ECC.ECC.ECC YYY.YYY.YYY.YYY 3200
P ECC.ECC.ECC.ECC YYY.YYY.YYY.YYY *
P ECC.ECC.ECC.ECC YYY.YYY.YYY.YYY 3299
P ECC.ECC.ECC.ECC YYY.YYY.YYY.YYY 3389
# all other connections will be denied
D * * * -
Not able to start Saprouter from services.msc
Hi,
We have installed a saprouter into Windows 2003 Server. It is running fine. When we start the system then we need to manually start the saprouter by a batch file, so i am trying to register a service so that we need not to start the router manually.
i have read the note 525751 and install a new service by this command
ntscmgr install saprouter -b c:\saprouter\saprouter.exe -p "service -r -W 60000 -R c:\saprouter\saprouttab -K "p:CN=SAPROUTER, OU=0000835750, OU=SAProuter, O=SAP, C=DE""
Service successfully created. I have followed the note and done everything as per the note, but when i try to start the service i am getting this error couldnot start saprouter service on local computer, error 1067 process terminated unexpectedly
When i checked the event log i found this message.
RROR Unable to load the GSS-API DLL
named "sncgss32.dll"
TIME Tue Oct 06 16:30:17 2009
RELEASE 640
COMPONENT NI (network interface)
VERSION 5
RC -17
MODULE sncxxdl.c
LINE 342
DETAIL SncPDLInit
SYSTEM CALL LoadLibrary
COUNTER 1
I have checked some thread on related to issue but not able to solve the problem. Could you please assist what's wrong.
Regards,
Subhash>
Tomas Gustafsson wrote:
> I'm sorry to put a silly question here, but this message is a little bit hard to get the grip on:
> Do you use the same user for both the command prompt and the service?
Yes I understand it's frustrating now., and Yes i am using the same user srvsolmgr to run from Services.msc and from command prompt also.
> Also
> Can you please post the command which runs successfulll (from the command prompt)
> and the complete command for the saprouter-service.
C:\>cd saprouter
C:\saprouter>saprouter -r -G log.txt -R C:\saprouter\saprouttab -S 3299 -K "p:CN
=SAPROUTER, OU=0000835750, OU=SAProuter, O=SAP, C=DE"
trcfile dev_rout
logfile log.txt
Connection test OK
u Oct 08 16:03:56 2009
SAP Network Interface Router, Version 37.11
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -G
command line arg 3: log.txt
command line arg 4: -R
command line arg 5: C:\saprouter\saprouttab
command line arg 6: -S
command line arg 7: 3299
command line arg 8: -K
command line arg 9: p:CN=SAPROUTER, OU=0000835750, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "C:\saprouter\sapcrypto.dll".
File "C:\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main(): pid = 2776, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a SAProuter)
reading routtab: C:\saprouter\saprouttab
Regards,
Subhash -
Saprouter doesn't start as service
Hello!
We faced with some troubles with our system (based on MSWin2003).
Our saprouter worked correct before using SNC connect to SAP.
Now, when we try to start saprouter via services.msc we get
error 1053 the service did not respond to the start or control request in a timely fashion
On MS site I have found article where describes the same problem with other service. Article told us that the problem in Framework.NET and recommends to upgrade it. Here is the link [NET Framework|http://support.microsoft.com/kb/839174]
Now saprouter works only in console mode.
d:\saprouter\saprouter.exe -r -K "p:CN=<our_servername>, OU=<our_cust_numb>, OU=SAProuter, O=SAP, C=DE"
With the same string in services saprouter doesn't work.
Thanks
ArtemHi Artem,
1st - when I start saprouter error 1053 occured: the service did not respond to the start or control request in a timely fashion. It must start by sidadm user.
This seems that the user you are trying to start the router does not have the permissions at os level so user <sidadm> to start the router.
2nd - you told me that I can use "service" parameter in command line. And I ask you: Will saprouter appear in services.msc as service or will it be work in "background" without appear in services.msc?
Normally we start the router at command prompt by using the command saprouter -r <parameters> at the os level in the folder usr/sap/saprouter
But as you want to make it as windows service you have to first install it as a service then only you can use it as a service.Simply typing service in the command can not make the router to be installed as service.If you want to install this as a service then you have to execute the command which i have posted in my previous post.
Hope this helps!!!
Reward points if helpfull.
Regards,
Vamshi. -
SAPRouter problem ERROR: sapserv2a: route permission denied
Hello Gurus,
we have a problem with connection with SAPOSS, when we test the connection present the following message:
Connection Error
Error when opening an RFC connection
ERROR: sapserv2a: route permission denied (200.30.70.220 to oss001, sapmsOSS)
LOCATION: SAProuter 37.15 on sapserv2a
COMPONENT: NI (network interface)
COUNTER: 5
MODULE:
LINE:
RETURN CODE: -93
SUBRC: 0
RELEASE: 640
TIME: Fri Apr 11 23:54:16 2008
VERSION: 37
In the Tx OSS1 we have:
saprouter1
name: server name where saprouter is installed
IP address: LAN IP address where saprouter is installed (is locally intalled)
Instance no. 99
Saprouter at SAP
Name sapserv2
IP Address 194.39.131.34 (ping to this IP response)
instance 99
name oss001
db name o01
instance 01
In Tx ST11, dev_lg log file contains:
RSTR0006: Display Developer Traces
trc file: "dev_lg", trc level: 1, release: "700"
[Thr 4780] Fri Apr 11 16:41:16 2008
[Thr 4780] *** ERROR => NiBufIProcMsg: hdl 0 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp 2125]
[Thr 4780] *** ERROR => MsINiWrite: NiBufSend (rc=NIEROUT_INTERN) [msxxi.c 2480]
[Thr 4780] *** ERROR => MsIAttachEx: MsINiWrite (rc=NIEROUT_INTERN) [msxxi.c 734]
[Thr 4780] *** ERROR => LgIAttach: MsAttach (rc=NIEROUT_INTERN) [lgxx.c 3980]
[Thr 4780] *** ERROR => LgApplSrvInfo: LgIAttach(rc=LGEMSLAYER) [lgxx.c 1272]
[Thr 4780]
[Thr 4780] * LOCATION SAProuter 37.15 on sapserv2a
[Thr 4780] * ERROR sapserv2a: route permission denied (200.30.70.220 to oss001,
sapmsO01)
[Thr 4780] *
TIME Fri Apr 11 23:32:17 2008
[Thr 4780] * RELEASE 640
[Thr 4780] * COMPONENT NI (network interface)
[Thr 4780] * VERSION 37
[Thr 4780] * RC -93
[Thr 4780] * COUNTER 3
[Thr 4780] *
[Thr 4780] *****************************************************************************
dev_rout file in /usr/sap/saprouter contains:
trc file: "dev_rout", trc level: 1, release: "700"
Fri Apr 11 17:02:21 2008
SAP Network Interface Router, Version 38.10
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -R
command line arg 3: ./saprouttab
main: pid = 5504, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
Fri Apr 11 17:02:36 2008
ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2125]
Fri Apr 11 17:03:15 2008
ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2125]
Thanks,
HEPCHello Kaushik,
the problem was solved adding the following line in the saprouttab file, this line must be the firts line in the file:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
the file continue with:
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3200
outbound connections to <sapserv2> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server with saprouter> 3299
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
permission entries to check if connection is allowed at all
P <IP server 1> 194.39.131.34 *
P <IP server 2> 194.39.131.34 *
I hope this solve your problem,
Hernando Polania
Colombia
Maybe you are looking for
-
How can I download itunes when I get the following errors ..ituneshelper did not install correctly error 7..I .have installed and uninstalled a dozen times with various fixes...b noir for example and used Revo to clean up. This has been a problem fo
-
Organize Imports & Auto Importing/Class Lookup
I've been working with Flex Builder 3 now for over a month. I love many of its features. It does so much for me in building AIR/ActionScript/Flex apps that there really is no other option. However, the "organize imports" function just doesn't work we
-
Which is better (RFC or ZIDOC)
i have to create Shipment Cost Document (vi01). I have create a ZIDOC with 4 fields only and now have to create ZFM for Process Code. But these is no BAPI or Standard FM for Shipment cost. I have to code BDC inside it (ZFM of process code) But guys s
-
Change Warranty Type in Tcode BGM2
I have multiple warranty types and when I created master warranty in BGM1, I had wrongly assigned the warranty type. In BGM2, I found no where for me to change warranty type because the field is greyed. Does anyone know how to reassign warranty type?
-
Where can I get this similar case?
I saw this from my fd's facebook, anyone know where I can buy this kind of case? I tried to msg my fd, but she didn't reply.