Quantcast
Channel: SCN : All Content - SAP NetWeaver Application Server
Viewing all 2997 articles
Browse latest View live

A guide to configure SAProuter

0
0

INTRODUCTION:

I found a lot of notes and documents  when i wanted to configure saprouter. Here i would like to collaborate all how-to's into a single document.

SAProuter is kind application level firewall, allows your SAP servers to be accessed globally in a secured way. Nowadays it is a basic requirement for every customer who uses Solution manager for getting support from SAP. Following are the situations where you need SAPRouter.

 

  1. You want your users access SAP server out of LAN without having VPN .
  2. You want to get support from SAP.
  3. You are planning to implement SAP Solution manager.
  4. You want to download SAP notes and corrections via snote assistant

 

This document is targeted for those who have following environment.

OS platform  : Windows 2008 or higher (indeed for windows 7)

Architecture : nt-x86_64

 

PREREQUISITES:

1.Get a Public IP from your ISP for SAProuter.


2. Create message on support portal as in this note  28976 - Remote connection data sheet

    You would receive a confirmation from SAP with a Destination SAP IP and Distinguished name.

 

3. NAT policy in firewall with permission to the TCP ports 3200-3299 for the above registered public IP

  (TCP ports for message servers 32<instance_no> and any free TCP port as a dedicated port for SAProuter)

 

4. Download latest version of SAPRouter from support portal.

    (visit Support Packages  --> Browse Download catalogue --> Additional components-- >SAProuter)

 

5. Download latest version of SAPCRYPTOLIB from support portal.

    (visit Support Packages  --> Browse Download catalogue --> Additional components-- >SAPCRYPTOLIB)

 

6. Download latest version of SAPCAR to extract the above downloaded software.

    (visit Support Packages  --> Browse Download catalogue --> Additional components-- >SAPCAR)

 

PREPARATIONS:

1. Copy all the above downloaded files in to temporary dir and uncar the Saprouter and cryptolib files.

2. Open cmd and navigate to above temp location and execute sapcar_<version>.exe  -xvf  <filename>.sar

3. Make new directory (ex: D:\usr\sap\saprouter) and paste the extracted files of router and cryptolib files.

4. I recommend you to create an exclusive local user "sncadm" and set password never expires.

      (in my case i use to change pwd for sidadm and this caused issues in starting router)

5. Logon with user for saprouter and set following user environmental variables.

    SECUDIR =<dir_saprouter>  (ex: SECUDIR = D:\usr\sap\saprouter)

    SNC_LIB  = <dir_saprouter>\nt-x86_x64\sapcrypto.dll  (ex: D:\usr\sap\saprouter\nt-x86_x64\sapcrypto.dll)


CONFIGURATION:
1. Generating a new certificate request.

    a. Goto SAProuter Certificates --> click Apply Now and copy your distinguished name and click next

    b. Open cmd as administrator and navigate to <path_saprouter>\nt-x86_x64\ and execute,

          sapgenpse get_pse -v -r certreq -p local.pse "<Distinguished Name>"

      example: sapgenpse get_pse -v -r certreq -p local.pse"CN=example, OU=00123456, OU=SAProuter, O=SAP, C=DE"

    c. It will ask to enter and re-enter a PIN. This is used to access the local.pse, so better note it down.

    b. A file  "local.pse" will be created in the saprouter directory. (Ex: D:\usr\sap\saprouter\local.pse)

    d. A file "certreq" will under <dir_saprouter>\nt-x86_x64  (Ex: D:\usr\sap\saprouter\certreq)

 

2. Aquiring certificate signed by CA.

    a. Open the "certreq" file with notepad and copy the text (including BEGIN and END)

    b. Paste it on the above opened certificate page and click next.

    c. You would get a certificate (series of jumbled characters) copy this (including BEGIN and END)

    d. create a new file "routcert.txt" under <dir_saprouter>\nt-x86_x64 and paste the above certificate text.

 

3. Importing router certificate.

    a. Open cmd as administrator and navigate to <dir_saprouter>\nt-x86_x64\ and execute,

sapgenpse import_own_cert -c routcert.txt -p local.pse

          Running the above command would ask you to enter PIN, enter the one you have given on step 1c

 

4. Authorizing windows user for accessing SAPRouter.

        Execute the following cmd with the saprouter user (sncadm).

sapgenpse seclogin -p local.pse -O <exclusive_user_SAProuter>

example: sapgenpse seclogin -p local.pse -O hostname\sncadm

        Check whether a file "cred_v2" is created under saprouter directory.

 

5. Verifying authorization for the sncadm of saprouter.

      log on to user for saprouter,  open cmd and navigate to <dir_saprouter>\nt-x86_x64\ and execute

      sapgenpse get_my_name -v -n Issuer

    You should get an output like this. CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE  

 

Voila ! you have configured your SAPRouter successfully.

But wait.. We have to check whether the router works or not.

 

Start your sap router using command  <dir_saprouter>\saprouter.exe -r

You should be getting an out put  "trcfile dev_rout  no logging active". This shows that the router started successfully. But if you close the above cmd prompt, then your SAPRouter will shutdown.

We can avoid this by registering SAProuter as windows service, so that it can run on background


Registering SAProuter as Windows service:


1. open command prompt as administrator, and navigate to <dir_saprouter>


2. execute  following commands as it is. Replace the <path> with your saprouter directory path and <your distinguished name>

    sc.exe create SAPRouter binPath= "<path>\saprouter.exe service -r -S 3299 -W 60000 -R <path>\saprouttab -K ^p:<distinguished name>^" 

    example: sc.exe create SAPRouter binPath= "D:\usr\sap\saprouter\saprouter.exe service -r -S 3299 -W 60000 -R     

        D:\usr\sap\saprouter\saprouttab -K ^p:CN=example, OU=00123456, OU=SAProuter, O=SAP, C=DE^"


3. You would get an output saying service "SAPRouter" created successfully.


4. Open "regedit.exe" and edit the string "ImagePath" under following location.   

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ saprouter


5. Replace ^with " and click OK. The updated value should look like below

      <path>\saprouter.exe service -r -S 3299 -W 60000 -R<path>\saprouttab -K "p:CN=example, OU=00123456, OU=SAProuter, O=SAP, C=DE"


6. Now open "services" right click "SAPRouter" and choose properties. click on "Log On" tab and choose "This account".

    Type the user ID created for configuring saprouter (sncadm), type password and then click apply.

 

7. Now start the saprouter service and you're done.

 

 

Congrats !! You have implemented SAP ROUTER successfully.


R3trans -d RC 12 after upgrade to Oracle 11

0
0

Hi!

I have a SLES11 x86_64 (uname -a : Linux myhostname 2.6.27.19-5-default #1 SMP 2009-02-28 04:40:21 +0100 x86_64 x86_64 x86_64 GNU/Linux)

 

I have just finish to upgrade oracle from 10.2.0.4 to 11.2.0.1

 

The upgrade process finish with no problem.

Database start and stop with no problem with user oraSID

But when I try to run (as SIDadm) R3trans -x i receive the error:

 

R3trans -d
This is R3trans version 6.14 (release 700 - 14.02.08 - 14:55:00).
unicode enabled version
2EETW169 no connect possible: "DBMS = ORACLE                           --- dbs_ora_tnsname = 'TRS'"
R3trans finished (0012).

 

Into the trans.log fiel I have:

 

4 ETW000  [dbsloci.    ,00000]  *** ERROR => CONNECT failed with sql error '1017'
4 ETW000
 27  0.255119
4 ETW000  [dev trc     ,00000]     set_ocica() -> SQL error code 1017
 14  0.255133
4 ETW000  [dev trc     ,00000]  -->oci_get_errmsg (con_hdl=0, rc=1017)
 15  0.255148
4 ETW000  [dev trc     ,00000]     OCIErrorGet -> SQL error code: 1017
 65  0.255213
4 ETW000  [dev trc     ,00000]     ORA-01017: invalid username/password; logon denied

4 ETW000
 25  0.255238
4 ETW000  [dblink      ,00431]  ***LOG BY2=>sql error 1017   performing CON [dblink#5
 @ 431]
4 ETW000
391  0.255629
4 ETW000  [dblink      ,00431]  ***LOG BY0=>ORA-01017: invalid username/password; log
on denied [dblink#5 @ 431]
4 ETW000
 23  0.255652
2EETW169 no connect possible: "DBMS = ORACLE                           --- dbs_ora_tn
sname = 'TRS'"

 

I have applied all SAP notes related to ORA-01017 (OPS$SIDADM) user and recreate it....

I have also upgrade BRtools and oralib...

 

can someone have an idea on how to solve this ?

 

THX

set target client using tp command (OS level)

0
0

dear gurus,

 

does anyone know whether we can set target client for TR in SAP System using tp command ?

 

I could not find any documentation regarding this

 

tp addtobuffer client=xxx

 

is not working due to CTC parameter

 

what I want to achieve is to add TR to buffer with target client is set using tp command and let the background job tp import all import it automatically

 

thank you

Navigation could not be triggered without a navigation target

0
0

Hi Everyone

 

Please assist we have the following error on ess when navigation. See Image. Please assist

Installation Issue

0
0

Dear

SAP Techies

 

I am struck with the installation error in Import ABAP Phase

I have tried while restarting the listeners and the DB

Also and restarted the services also for the DB Oracle DB what will be the reason for that

FYI i am sending you the screen shot of my error  please check it

And give me succesfull information to troubleshoot this issue

SAP DB Host Move to new environment

0
0

Hi Gurus,

 

Good Day!

 

We are planning to move Database Host to new location hence IP and Host Name will get changed.

 

Simple query, in how many files (name) in SAP application side, we will have to perform the changes as a SAP Administrator.

 

I have found the DB host entry in the Default Profile only.

 

Do you think there are more files or any other precaution we will have to keep during this move.?

 

Thanks

Mukesh Khamparia

Transport request confirmation

0
0

Dear Expert

We are planning to upgrade our server to EHP4 EHP6 going to start next week so we need to move all request to prd which are in quality bcaz we are

doing first quality as per plan so kindly suggest me one thing when i use tcode STMS_IMPORT in Prd server when i search with filter the request which are in INIT status moved from Qua but not imported to PRD i think that is correct confirm me i am wrong

 

let me know how to find pending request which are lies qua and not moved to PRD

Kindly suggest some valuable information so i can continue this is quite urgent

 

let me know what i suggest for DEV server as per SAP we should not do system copy from any client to DEV server bcaz we lost our version of abap pgm we have 4 client in Dev then suggest me how we can proceed the upgrade  in DEV server

 

 

Regards

JAVA Component Installation from SAP Installation Master

0
0

Dear SAP Techies,

 

I am trying to install SAP both ABAP and JAVA based components, but, I am facing a problem with the installation as from the installation master it is representing the ABAP based components  for installing the central instance  are appearing but not the JAVA components for installation for central instance . Please find the below attached picture and suggest me the right solution to resolve the issue.

 

Best Regards

Vidya Sagar


SAP AS JAVA trace for authorization check

0
0


Hi all,

 

Is there any tracing tool in NW AS JAVA similar to ST01 in ABAP for getting detailed log for authorization check?

 

Actually we are migrating one of our PI landscape which is on NW 7.00 (AS ABAP + JAVA) to NW PI AEX 7.31 SP09(AS JAVA). There some system users which are used for message processing.

 

I am having trouble finding the appropriate roles for these users in AS JAVA and as a temporary solution I have attached more roles than actually required.

 

I have also gone through the security guide of NW 7.31 PI AEX but still I am not able to identify the exact roles required.

 

Kindly help!!

 

Regards,

Robin Singh

SAP Web Dispatcher - Non-Sap Systems Connection

0
0

Hi All,

 

We are struggling with an issue on SAP Web Dispatcher. We have setup the WD to connect to 2 SAP systems and that is working perfectly, but the problem comes in when we try and connect a external website.

 

Have read most blogs and also the documentation.

 

SAP Web Dispatcher - SAP Library

 

Please have a look at the piece of code below. With this piece I get an error.

ERROR: no message server configured (value of wdisp/system_2 is incorrect)

 

Code :

wdisp/system_2 = SID=EXT, EXTSRV=XXX.XXX.XX.6:8080, SRCSRV=*:8080

 

I have seen other people use this and it works perfectly for them.

 

Thank you,

 

Jannus Botha

User_profile import ended with 'ARCHIVLINK_FILE_WRITE'

0
0

Dear

 

we are on ehp6 fpor erp 6.0 netweaver 7.3 ehp1 our basis release SAPKB73109  while import user_profile form SCC7 it through error 'ARCHIVLINK_FILE_WRITE' when i search in oss1 it show two notes for that 1807799,1579639 ,1497170

they have correction instruction for  the note no 1497170 show


noten.png

our SAP_BASIS is SAPKB73109 but correction note show only SAPKB730 does they match if i apply correction note it serve my purpose

Kindly give me suggestions

 

send me link for SAPKB731 for correction instruction

Thanks in advance

Regards

The database installer reported an error. DIAGNOSIS: Some database applications might still be running

0
0

Hi,

this is the error during my netweaver 7.3 installation

 

 


An error occurred while processing option SAP NetWeaver 7.0 including Enhancement Package 3 > SAP Application Server ABAP > MaxDB > Central System > Central System( Last error reported by the step: The database installer reported an error. DIAGNOSIS: Some database applications might still be running. SOLUTION: Check the log file sdbinst.log and C:\sapdb\data\wrk\MaxDBRuntimeForSAPAS_install__.log.). You can now:

  • Choose Retry to repeat the current step.
  • Choose Log Files to get more information about the error.
  • Stop the option and continue with it later.

Log files are written to C:\Program Files/sapinst_instdir/NW703/AS-ABAP/ADA/CENTRAL/.

 

 

what does this mean ?

anybody could help me ?

Is it possible to update JVM without MOPZ?

0
0

Hi to all,

I have two NW JAVA 7.4 systems. After installation, I carried out the patching of the stack by creating an XML with MOPZ and performing update with SUM.

 

I execute the two operation in different days and also some differences in stack: for this reasont, in the first XML the last JVM version was 6.1 pl 70. In the second XML for the second system the last JVM version was 6.1 pl 71.

 

For maintenance reason, I want to mantain the pl 70 in both system but with MOPZ I can only select pl 71. Is it possible to download JVM 6.1 pl 70 and manually update it?

 

I don't find any documentation about this procedure.

 

Thanks

Regards,

Mark

ECC6 EHP7 Upgrade Error

0
0

Hi ,

 

I am doing upgrade and getting an error in Pre Processing phase Error is

 

Severe error(s) occurred in phase MAIN_SHDRUN/JOB_RSUPDTEC_SHD!

Last error code set: RFC error system DV2 nr 01 function 'SUBST_START_BATCHJOB' failed with code 4 key No selections for program RSUPDTEC: No selections for program RSUPDTEC

 

 

A trouble ticket and an archive with all relevant log files have been generated. Trouble ticket: "E:\usr\sap\DV2\SUM\abap\log\SAPup_troubleticket.log" Log archive: "E:\usr\sap\DV2\SUM\abap\log\SAPup_troubleticket_logs.sar"

 

APup broke during phase JOB_RSUPDTEC_SHD in module MAIN_SHDRUN / Shadow System Operations: SPDD and Activation

Error Message: RFC error system DV2 nr 01 function 'SUBST_START_BATCHJOB' failed with code 4 key No selections for program RSUPDTEC: No selections for program RSUPDTEC

 

I need help. Please let me know if I need to add another group.

 

Thanks in Advance

Installation Based on SAP Netweaver 7.30

0
0

Dear SAP Techies

I am having the SAP Installation Media consist of

desktop 7.PNG

These components we have downloaded from SMP were,

destop 8.PNG

 

Now we are  having the Installation master for based SAP Netweaver 7.30 for the java stack.

 

My Question is

 

Can we download Java Components based on SAP Netweaver 7.30 .

And can we use the above files for the installation purpose ah,like the

Export  and Kernel,Oracle,Oracle Client,SLControler

can be used in Installation of SAP based on Netweaver 7.30

 

Or else the above files should also be based On SAP Netweaver 7.30 ah?

For the installation


Rename SAP SID in windows 2008/ DB is SQL without by sapinst

0
0

Hi

 

I am running ECC6 EHP7 on windows 2008 / SQL. I am looking to rename SID and hostname without system copy method. I know we can do either manual process or using sapinst.

 

Please let me know if anyone has the steps and timing for how long it will take.

 

Thanks

Mohammad

How to forward request from web1/servlet to web2/servlet?

0
0

Hi,

 

I have an exact scenario like in this thread: http://stackoverflow.com/questions/4889113/how-to-forward-request-from-web1-servlet-to-web2-servlet.

 

The code from the thread works for me:

ServletContext web1 = getServletContext();
ServletContext web2 = web1.getContext("/web2");
RequestDispatcher dispatcher = web2.getRequestDispatcher("/servlet2");
dispatcher.forward(request, response);

But I'm wondering: is sharing context between two web applications is the default behavior of the SAP J2EE engine?
If yes, where can I config this behavior?

 

According to the JavaDoc: (ServletContext interface, getContext method):
http://docs.oracle.com/javaee/5/api/javax/servlet/ServletContext.html#getContext%28java.lang.String%29
"In a security conscious environment, the servlet container may return null for a given URL. "

How do I make my environment "security conscious"?

 

J2EE server is 7.31 SP7.

 

Regads,
Omri

Starting SUM in Linux receive Error Controller already started

0
0

Hello,

 

Trying to start SUM in SUSE LINUX and receive error Controller already started.  First time starting SUM started on server.  Verified no processes running, stopped SAP and restarted server.  Still receive same error message.

 

Regards,

Bob

How to disable multiple session login for a single user id through Bex Analyzer

0
0


Hi,

 

How to disable mutliple session login for a single userid through Bex Analyzer ?

 

How one user cannot login more than one session through Bex Analyzer?But in Sap Gui ,we are achieved but in Bex Analyzer how to achieve this .

 

 

Please give input the same.

 

Regards,

Rajesh

Java Install, Cannot insert a key value pair into the secure store fails,

0
0

Dear All,

 

I'm doing Java Intallaion in BI7 on CI and in the midle of installtions we encounter,

TRACE      [iaxxejsexp.cpp:199]

           EJS_Installer::writeTraceToLogBook()

NWException thrown: nw.secureStore.cannotInsertIntoSecureStore:

Cannot insert a key value pair into the secure store fails; see output of log file SecureStoreInsert.log:

SAP Secure Store in the File System - Copyright (c) 2003 SAP AG

 

A key/value pair with this key already exists in the store..

 

ERROR      2008-04-23 11:36:21

           CJSlibModule::writeError_impl()

CJS-30051  Cannot insert a key value pair into the secure store fails; see output of log file SecureStoreInsert.log:

SAP Secure Store in the File System - Copyright (c) 2003 SAP AG

 

A key/value pair with this key already exists in the store..

 

TRACE      [iaxxejsbas.hpp:460]

           EJS_Base::dispatchFunctionCall()

JS Callback has thrown unknown exception. Rethrowing.

 

ERROR      2008-04-23 11:36:21 [iaxxgenimp.cpp:731]

           showDialog()

FCO-00011  The step insertAdminDataInSecStore with step key |NW_Addin_CI|ind|ind|ind|ind|0|0|NW_CI_Instance|ind|ind|ind|ind|8|0|NW_CI_Instance_Configure_Java|ind|ind|ind|ind|4|0|insertAdminDataInSecStore was executed with status ERROR .

 

TRACE      [iaxxgenimp.cpp:719]

           showDialog()

 

 

There's any want in here can help us Please,

 

Thanks and Best Regards,

Chrisna

Viewing all 2997 articles
Browse latest View live




Latest Images