Hi All,
There seems to be a problem regarding the application server , while trying to login to NWA we are getting the 503 error page .
Attached screenshot for reference.
We see some of the services are in failed state (Attached screenshot)
Kindly let us know how to proceed further.
Thanks and Regards,
Kaushik G
Hi All,
I'm configuring SAP GUI 7.4, I've done this by pulling entries from a server via the registry, there are also local entries that are being pulled from the usual Roaming\AppData\SAP\Common.. folder.
I want all of these entries to be listed under the connections folder when the GUI is launched, currently only the local entries are listed and a sub folder has been generated for the server entries.
Is anyone aware of how I can get the pulled server entries to appear under the connections folder?
Below are screenshots of my issue, any help would be appreciated!
Local entries within connections folder:
Server entries within generated subfolder (named Local by default):
Thanks!
Dear Experts,
This is regarding below two errors in log viewer belonging to component BC-XI-IBD
1) No hostname and Http port defined in Exchange profile sld.<SID>.<hostname>
2) Creating CIM client failed. Parameter password is empty.
SAP Process Orchestration system 7.40 on Oracle 11
This system was recently upgraded to 7.40 and we saw the first error mentioned above "No hostname and http port defined...." in D, Q and P system.
Hence we applied note 2198240, in which it says to change property of usage_type setting from XPI to CE
After we applied the change throughout the landscape the error "No hostname and http port..." were NOT occurring in systems
But we found strange thing ONLY in production system, we started receiving the second error "Creating CIM client failed. Parameter password is empty"
For the second error we found note 1638667, which says to change usage_type setting property from CE to XPI.
We want to get rid of this reoccurring errors everday.
Kindly let me know your expert views.
regards,
Trever
Once when we create an exception operation mode and when it is active, the timetable does not display which mode is then currently active.(even though it displays before the mode being active).So my point of concern is:
1. Is it a normal behavior ?
2.If so, how do we check the same after a particular number of days ( say a date so that the system log also gets cleared by then ).
Kindly help me out with this.
Thanks in advance
Edu Krishnan
I am starting today a new blog series about how to use the logon trace created via SM50 to resolve logon-based issues. I will use the logon trace to analyze password issues, issues with SSO based on logon tickets and issues with SSO based on X.509 client certificates.
The basics is how to configure the SM50 logon trace. Probably you might know SAP note 495911, which tells about SM20 and SM50 logon traces, but sometimes the SM50 settings are not correctly used, making the trace unfriendly (more than the usual!) – looking for a needle in the haystack.
Enabling the trace
It is quite simple enabling the trace: the first step is execute transaction code SM50.
It might be worthy if you can truncate the trace files - so you can have only Security-related events recorded: access menu Administration -> Trace -> Reset -> Work Process Files:
Confirm the popup.
Now, to activate the logon trace, access menu Administration -> Trace -> Active Components:
For those that like a good keyboard shortcut: Ctrl+Shift+F7 do the trick!
Now write “2” as Trace level value, write “DIA” for the WpType and select only “Security” in the Components section. You probably will find “Taskhandler” and “VM Container” checked: uncheck both. As a result, you should see a screen like:
Finally, save the settings.
You will note that the SM50 screen changed, i.e. the color of the rows for DIA work processes is now yellow:
Important… As the system might have more than one application server, the setting must be performed in all of them. You can switch among the app servers via SM51, just double clicking on a specific instance name:
If you can isolate the issue to a specific app server, then you are already good to go.
Finally, you can reproduce the issue. All the information are recorded in dev_wXX trace files. These files can be viewed via transaction code ST11.
Disabling the trace
Assuming that you have reproduced the logon issue, collected the necessary trace files, now it is time to reset the settings in SM50.
Access menu Administration -> Trace -> Active Components and have the settings like this:
After you saved the settings, the SM50 screen is back to normal (no more yellow rows):
If you changed the settings in more than one application server, you need to perform the same steps in the affected app servers.
Next steps?
You have the trace you need in your hands. If you still see entries not related to security in the trace file, then you might want to split the information using a tool like this. Now it is time to analyze the traces and find the reason for the issue and the solution for it. I will present, in my next blogs, at least three examples where the SM50 logon trace is invaluable.
Remarks
If your logon issue happens in background processing, then you need to select all the WpType. In this case, use F5 to select all the work processes before call the Active Components window – then leave the WpType input field blank.
Important SAP notes:
Hi experts,
When i was running the SPAM for basis upgrade (SAPKB73103), the server automatically stops stops and shows the below error.
But when i again logged , i got the following error.
Please Help . I am in a critical situation as none of the users wasn't bale to logging.
Awaiting yours earliest reply
Regards
Praveen
dear all,
I´m running ecc 6.0 on a win 2012r2 with MSSQL Server 2005.
Now I want to rename a SID but i´m getting this error here, can someone help me please.
##########
INFO 2016-04-05 05:51:39.036 (SAPSDV\Administrator)
Execute step getDBUserJava_Source of component |offlineadjustment_dialogs|ind|ind|ind|ind|0|0
INFO 2016-04-05 05:51:40.695 (SAPSDV\Administrator)
Execution of the command "C:\Users\ADMINI~1\AppData\Local\Temp\3\sapinst_exe.6372.1459827975\jre\bin\java.exe -classpath E:\usr\sap\SDV\SYS\global\sltools\sharedlib\sap.com~tc~bl~offline_launcher~impl.jar com.sap.engine.offline.OfflineToolStart com.sap.inst.secstore.GetDBConnectInfo E:/usr/sap/SDV/SYS/global/security/lib/tools;E:/usr/sap/SDV/SYS/global/sltools/sharedlib;E:\change_sid/COMMON/INSTALL -sec E:/usr/sap/SDV/SYS/global/security/data/SecStore.properties -sid SDV" finished with return code 1. Output: Exception in thread "main" java.lang.NoClassDefFoundError: com/sap/engine/offline/OfflineToolStart
Caused by: java.lang.ClassNotFoundException: com.sap.engine.offline.OfflineToolStart
at java.net.URLClassLoader$1.run(URLClassLoader.java:255)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:243)
at java.lang.ClassLoader.loadClass(ClassLoader.java:376)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:344)
at java.lang.ClassLoader.loadClass(ClassLoader.java:317)
Could not find the main class: com.sap.engine.offline.OfflineToolStart. Program will exit.
ERROR 2016-04-05 05:51:40.707 (DRACO\Administrator) id=nw.syscopy.storagecopy.secstore.GetDBUserJavaFailed errno=CJS-30249
<p style="margin-top: 0"> Cannot retrieve Java database user, see output of log file 'C:\Program Files\sapinst_instdir\NW73\SBC\STANDARD\getDBConnectInfo.log'. </p>
ERROR 2016-04-05 05:51:40.747 (DRACO\Administrator) id=controller.stepExecuted errno=FCO-00011
The step getDBUserJava_Source with step key |offlineadjustment_dialogs|ind|ind|ind|ind|0|0|getDBUserJava_Source was executed with status ERROR ( Last error reported by the step: <p style="margin-top: 0"> Cannot retrieve Java database user, see output of log file 'C:\Program Files\sapinst_instdir\NW73\SBC\STANDARD\getDBConnectInfo.log'. </p>).
INFO 2016-04-05 05:51:40.884 (DRACO\Administrator)
Creating file C:\Program Files\sapinst_instdir\NW73\SBC\STANDARD\__instana_tmp.xml.
############
What i´m missing please?
regards,
Nelson\
Hello Experts,
I would like to switch unexpected F4 search to Normal expected F4 Search Help.
Any suggestions would be appreciated.
Best regards,
Kaz
Unexpected: automatically executed F4 Search Help
Expected : when pushing F4, the help popups
Hi Gurus,
We have a SAP web Dispatcher set up in the landscape and is being used to redirect all the links to the internal servers.
Although it directs the links to the abap stack and HANA , While setting it up with the netweaver 7.5 PI system ( JAVA only ) , I am getting the below error
I also checked the Check config in the server and ther results are valid and shows no error. Please find the below attachment check config.
Now typically this is enough to reach the sap JAVA system services.
But in the below discussion it was mentioned to take the sap web dispatcher to the latest patch level .
Web Dispatcher redirection is not working for Portal
which was also done , Now the Web dispatcher patch version is as below.
Any Suggesstions are welcome .
Regards,
Suratharajan .S
Dear all
In table E070 we are getting all entries but in stms_import tcode the same request does not show but in PRD all thins are fine
it show import queue is empty
same record found in PRD server
kindly suggest
our route is DEV QUA PRD
Regards
In my first blog on the SM50 logon trace scenarios, I demonstrated how to correctly setup the logon trace.
In this blog I will show some common entries that can be found in the logon trace, when password-based logon is used.
A correct password-based logon
If you don't use any SSO form in your system, then your end users will have own passwords. When they access the system with the correct password, then you can find entries similar to these in the logon trace:
"...
N DoW MoY dd hh:mm:ss yyyy
N DyISigni: client=ccc, user=userID , lang=E, access=A, auth=P
N DyDoSncChecks: client/user/access/auth :ccc/userID /A/P
N AcceptInsecure : Login without SNC accepted, reason: Profile parameter
N snc/accept_insecure_gui = Y
N usrexist: effective authentification method: <client,username,password>
N chckpass: client=ccc, user=userID , accesstype=A
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=41)
N codvn=H => password is case-sensitive and up to 40 chars long
N chckpass: correct password
N Get_RefUser(ccc,userID) =>
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N password change not required (expiration period=0 / days gone=716)
N save user time zone = >BRAZIL< for user >ccc> / >userID > into spa
N syssigni: checking for multiple dialog logons
M ThEppGetConnectionCounter: read connectionCounter 0 from epp 0
N dy_UserLocalTimeInit ()
N DyISignR: return code=0 (see note 320991)
..."
The important message: "return code=0"! This means that no error happened while providing the user ID and password to access the system.
What happens if the incorrect password is used? Well, the return code is, obviously, different than 0:
"...
N DoW MoY dd hh:mm:ss yyyy
N DyISigni: client=ccc, user=userID , lang=E, access=A, auth=P
N DyDoSncChecks: client/user/access/auth :ccc/userID /A/P
N AcceptInsecure : Login without SNC accepted, reason: Profile parameter
N snc/accept_insecure_gui = Y
N usrexist: effective authentification method: <client,username,password>
N chckpass: client=ccc, user=userID , accesstype=A
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N codvn=H => password is case-sensitive and up to 40 chars long
N chckpass: incorrect password ==> increase lock counter:1
N send_usr02_refresh_req : send info
N save user time zone = >BRAZIL< for user >ccc> / >userID > into spa
N DyISigni: return code=1 (see note 320991)
..."
You can read that an "incorrect password" was used, causing the lock counter to increase (a new feature, per SAP KBA 1894688).
There are more information about the possible return codes in SAP note 320991.
Preventing multiple GUI logons
You decided to follow SAP note 142724 and prevent multiple logons from users when they use SAPGUI.
The profile parameter login/disable_multi_gui_login was set to 1.
In this case, if someone tries to logon a second time (a concurrent session), the "License Information for Multiple Logon" screen appears, with the following options:
"...
User userID is already logged on in client ccc
(Terminal xxx.yyy.zzz.aaa-TerminalName , since dd.mm.yyyy, hh:mm:ss)
Note that multiple logons to the production system using the same user
ID are not part of the SAP licence agreement.
You can:
( ) Continue with this logon and end any other logons in system
When ending any existing logons to system, unsaved data is lost.
(*) Terminate this logon
..."
The logon trace reflects the parameter being set:
"...
N DoW MoY dd hh:mm:ss yyyy
N DyISigni: client=ccc, user=userID , lang=E, access=A, auth=P
N DyDoSncChecks: client/user/access/auth :ccc/userID /A/P
N AcceptInsecure : Login without SNC accepted, reason: Profile parameter
N snc/accept_insecure_gui = Y
N usrexist: effective authentification method: <client,username,password>
N chckpass: client=ccc, user=userID , accesstype=A
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N codvn=H => password is case-sensitive and up to 40 chars long
N chckpass: correct password
N Get_RefUser(ccc,userID) =>
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N password change not required (expiration period=0 / days gone=716)
N usrexist: update logon timestamp (M)
N save user time zone = >BRAZIL< for user >ccc> / >userID > into spa
N syssigni: checking for multiple dialog logons
..."
The system forbids the second access: only one logon is possible, except if you use login/multi_login_users (this parameter should be used for an exception list).
New password checks
What happens when you create a new user in the system and an initial password is provided? What happens in the first logon?
These are the logon trace entries:
"...
N DoW MoY dd hh:mm:ss yyyy
N DyISigni: client=ccc, user=userID , lang=E, access=A, auth=P
N DyDoSncChecks: client/user/access/auth :ccc/userID /A/P
N AcceptInsecure : Login without SNC accepted, reason: Profile parameter
N snc/accept_insecure_gui = Y
N usrexist: effective authentification method: <client,username,password>
N chckpass: client=ccc, user=userID , accesstype=A
N password logon is generally enabled (default)
N initial password is still valid (expiration period=0 / days gone=0)
N codvn=I => password is case-sensitive and up to 40 chars long
N chckpass: correct password
N Get_RefUser(ccc,userID) =>
N password logon is generally enabled (default)
N initial password is still valid (expiration period=0 / days gone=0)
N password change required (initial password)
N usrexist: partially update logon timestamp (M) - see note 441453
N save user time zone = >BRAZIL< for user >ccc> / >userID > into spa
N syssigni: checking for multiple dialog logons
N dy_UserLocalTimeInit ()
N DyISignR: return code=0 (see note 320991)
N ext_pwdrules_new: 2(0) digits, 6(0) letters, 5(0) lower-case, 1(0) upper-case, 0(0) special chars determined (required) in new pa
N password_distance_ok: determined 8 different chars (required: 1) in old/new password
N No outdated USRPWDHISTORY records found for<ccc,userID >
N syssignc: update logon timestamp (M)
N send_usr02_refresh_req : send info
..."
The 5 last rows show what happened: the new password should abide to the password rules set in the system. There is no specific configuration defined.
It is possible to see that 2 digits and 6 letters were used, and no special character.
As there is no password history, the password set was accepted and the logon data and history data were updated in the database.
And what about when the password was reset by the administrator, so a new password must be informed?
If the user tries to use the same password causes a popup:
"...
Choose a password that is different from your last
5 passwords
..."
In the logon trace:
"...
N DoW MoY dd hh:mm:ss yyyy
N DyISigni: client=ccc, user=userID , lang=E, access=A, auth=P
N DyDoSncChecks: client/user/access/auth :ccc/userID /A/P
N AcceptInsecure : Login without SNC accepted, reason: Profile parameter
N snc/accept_insecure_gui = Y
N usrexist: effective authentification method: <client,username,password>
N chckpass: client=ccc, user=userID , accesstype=A
N password logon is generally enabled (default)
N initial password is still valid (expiration period=0 / days gone=0)
N codvn=I => password is case-sensitive and up to 40 chars long
N chckpass: correct password
N Get_RefUser(ccc,userID) =>
N password logon is generally enabled (default)
N initial password is still valid (expiration period=0 / days gone=0)
N password change required (initial password)
N save user time zone = >BRAZIL< for user >ccc> / >userID > into spa
N syssigni: checking for multiple dialog logons
N dy_UserLocalTimeInit ()
N DyISignR: return code=0 (see note 320991)
N ext_pwdrules_new: 2(0) digits, 6(0) letters, 5(0) lower-case, 1(0) upper-case, 0(0) special chars determined (required) in new pa
N password_distance_ok: determined 8 different chars (required: 1) in old/new password
..."
Here the action was interrupted by the popup above.
After entering a new valid password:
"...
N ext_pwdrules_new: 1(0) digits, 7(0) letters, 6(0) lower-case, 1(0) upper-case, 0(0) special chars determined (required) in new pa
N password_distance_ok: determined 7 different chars (required: 1) in old/new password
N No outdated USRPWDHISTORY records found for<ccc,userID >
N syssignc: update logon timestamp (M)
N send_usr02_refresh_req : send info
..."
Here the password and the history were updated.
In another example, the password was reset again by the administrator. A third different password should be informed, as login/password_history_size= 5.
Four other parameters were also set:
login/min_password_lng = 12
login/min_password_digits = 2
login/min_password_letters = 4
login/min_password_specials = 2
The resulting logon trace shows:
"...
N DoW MoY dd hh:mm:ss yyyy
N DyISigni: client=ccc, user=userID , lang=E, access=A, auth=P
N DyDoSncChecks: client/user/access/auth :ccc/userID /A/P
N AcceptInsecure : Login without SNC accepted, reason: Profile parameter
N snc/accept_insecure_gui = Y
N usrexist: effective authentification method: <client,username,password>
N chckpass: client=ccc, user=userID , accesstype=A
N password logon is generally enabled (default)
N initial password is still valid (expiration period=0 / days gone=0)
N codvn=I => password is case-sensitive and up to 40 chars long
N chckpass: correct password
N Get_RefUser(ccc,userID) =>
N password logon is generally enabled (default)
N initial password is still valid (expiration period=0 / days gone=0)
N password change required (initial password)
N save user time zone = >BRAZIL< for user >ccc> / >userID > into spa
N syssigni: checking for multiple dialog logons
N dy_UserLocalTimeInit ()
N DyISignR: return code=0 (see note 320991)
N ext_pwdrules_new: 1(2) digits, 5(4) letters, 4(0) lower-case, 1(0) upper-case, 2(2) special chars determined (required) in new p
..."
As the minimum length was not observed, then the popup below is displayed:
"...
Password is not long enough (minimum length: 12
characters)
..."
A new (and valid) attempt:
"...
N ext_pwdrules_new: 2(2) digits, 10(4) letters, 7(0) lower-case, 3(0) upper-case, 2(2) special chars determined (required) in new p
N password_distance_ok: determined 14 different chars (required: 1) in old/new password
N No outdated USRPWDHISTORY records found for <ccc,userID >
N syssignc: update logon timestamp (M)
N send_usr02_refresh_req : send info
..."
More information
You can find more information about logon-related profile parameters in the following SAP notes:
2467 - Password rules and preventing incorrect logons
622464 - Change: Password change requirement for user type "SYSTEM"
862989 - New password rules as of SAP NetWeaver 2004s (NW ABAP 7.0)
1023437 - ABAP syst: Downwardly incompatible passwords (since NW2004s)
If you have a particular password-based example that you would like to discuss, then please use the comments and I will be glad to improve this blog.
Stay tuned for my next logon trace blog, involving SSO with logon tickets.
Typical scenario: you have a Portal system (Java-based) and an ECC system (ABAP-based). You want your end users to access ECC content via Portal, without having a new authentication being required.
By reading SAP note 1257108 [Collective Note: Analyzing issues with Single Sign On (SSO)] you realize that there are several SSO possibilities. This blog will talk about the use of the SM50 logon trace to verify logon tickets (MYSAPSSO2 cookie) for SSO purposes.
Configuration made easy
In order to establish a trusted relationship between the Portal and the ECC system is quite easy.
In the ECC, all you need is execute transaction code STRUSTSSO2, import the certificate from the Portal into the Certificate List of the System PSE (usually used for SSO based on logon tickets) and adjust the ACL:
In the Portal, use the Netweaver Administrator tool to access the “Trusted Systems” application, in the “Configuration” tab. This will allow you to a) import the certificate from the ECC system or b) logon to the ECC system, so the Portal reads the certificate from the ECC:
Test made easy
How to test if the SSO is working? I used the Portal URL (http://<FQDN>:<port>/irj/portal) to create a new System (“System Administration” -> “System Landscape” path). There is a wizard to walk you through the steps.
Once I have the new system created, I just went to the “Content Administration” area and created a transaction iView, using the recently created system as the target. I called transaction SU01, just for testing purposes. The goal here is having a preview of the transaction, without the ECC asking for credentials.
Test: web browser side
I logged on to the Portal, using my Portal ID and password. I accessed, inside the “Portal Content” folder, the iView I have created. By right clicking on the node and clicking on “Preview”:
The transaction code SU01 was displayed:
While playing with the browser, I recorded the HTTP traffic using Fiddler tool. Inside the trace file, you should be able to find one cookie called MYSAPSSO2. It contains the actual logon ticket that will grant you access to the transaction code:
You can also see that cookie SAPWP_active=1 was sent, telling the ECC that the Portal is active.
As you were able to see SU01 running, the SSO worked as expected. If, however, you were not able to see SU01 and you saw another cookie in the list: sap-ssolist, then you found a reason for the SSO failed. sap-ssolist is a cookie that can be decoded by a Base 64 parser: it will show you the system ID, the client number and the server name that does not accept logon tickets from the Portal you have used.
Test: ECC side, a.k.a. SM50 logon trace
While the web browser test was being executed, the SM50 logon trace was also recorded, by following the steps from my first blog on logon trace.
These are the entries recorded in dev_w2, related to this test:
"...
N DoW MoY dd hh:mm:ss yyyy
N dy_signi_ext: LOGON TICKET logon (client ccc)
N mySAPUnwrapTicket: was called.
N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.
N HmskiFindTicketInCache: Try to find ticket with cache key: ccc:ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ .
N HmskiFindTicketInCache: Couldn't find ticket in ticket cache.
N mySAP: Got the following SSF Params:
N DN =CN=XXX
N EncrAlg =DES-CBC
N Format =PKCS7
N Toolkit =SAPSECULIB
N HashAlg =SHA1
N Profile =C:\usr\sap\XXX\DVEBMGS00\sec\SAPSYS.pse
N PAB =C:\usr\sap\XXX\DVEBMGS00\sec\SAPSYS.pse
..."
Here we can see that the entries are related to a logon ticket logon, on client “ccc”. We can also find the PSE used to store the certificates, SAPSYS.pse (System PSE).
"...
N Got the codepage 4103.
N Got ticket (head) AjExMDAgA Ww S gx T M4g E hc lj. Length = 484.
N Convert ticket content from SAP_CODEPAGE >1100< to >4103<
N MskiValidateTicket returns 0.
N Got content client = 000.
N Got content sysid = ZZZ .
N Got date yyyymmddhhmm from ticket.
N Cur time = yyyymmddhh18.
N Computing validity in hours.
N Computing validity in minutes.
N CurTime_t = 1460495880, CreTime_t = 1460494860
N validity: 28800, difference: 1020.000.
..."
The entries above show a small part of the logon ticket (head only), as the logon trace was recorded using level 2 (with level 3 trace, the entire logon ticket would be dumped into the dev_w2 trace file). We also found the system that originated the cookie (ZZZ). As the logon tickets have a validity (usually 8 hours), the system will calculate the difference between the time the logon ticket was created with the current time. If the difference exceeds the limit, the ticket cannot be used for authentication.
"...
N Ticket is without recipient information.
N Ticket contains no RFC Payload info.
N Ticket contains no language info.
N HmskiInsertTicketInCache: Trying to insert logon ticket in ticket cache.
N HmskiInsertTicketInCache: Inserted new ticket into logon ticket cache with cache key: ccc: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ .
N HmskiInsertTicketInCache: Inserted new ticket into logon ticket cache with cache info: <USER>=userID ,<CLIENT>=ccc,<LANGUAGE
N mySAPUnwrapTicket returns 0.
..."
The ticket is then inserted into the ticket cache for future reference.
"...
N DyISigni: client=ccc, user=userID , lang=E, access=H, auth=T
N usrexist: effective authentification method: SAP logon ticket
N Get_RefUser(ccc,userID) =>
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N password change not required (expiration period=0 / days gone=705)
N usrexist: update logon timestamp (M)
N save user time zone = >BRAZIL< into spa
N DyISignR: return code=0 (see note 320991)
..."
Finally, the system checks the user ID from the logon ticket with the existent in the system. The return code equal 0 indicates that the SSO based on the logon ticket worked as expected.
If another access is made, then the logon trace will show:
"...
N HmskiFindTicketInCache: Logon ticket found in ticket cache.
N HmskiFindTicketInCache: Ticket information in ticket cache is: <USER>=userID ,<CLIENT>=ccc,<LANGUAGE>=
N HmskiFindTicketInCache: Ticket information in ticket cache read successfully.
N DyISigni: client=ccc, user=userID , lang=E, access=H, auth=T
N usrexist: effective authentification method: SAP logon ticket
..."
Here the logon ticket was found in the cache, so it is not necessary to the system to decode the logon ticket again.
Additional information
If you have a particular scenario that you would like to discuss, then use the comments and I will improve the blog to address your case.
Stay tuned for my next logon trace blog, involving SSO with X.509 client certificates.
In this document you will find the latest information about the SAP kernel such as
If you are interested in getting notifications when this document is updated, please activate the "Receive email notifications" feature. To unsubscribe from receiving notifications, click on "Stop email notifications".
In edge cases a select statement may return an unexpected result. For details see SAP Note 2273425.
It is recommended to upgrade to SP Stack Kernel 745 PL 100 or Kernel 742 PL 329 which is the last release candidate before the upcoming SP Stack Kernel 742 PL 400.
After an extended validation phase kernel 745 PL#100 has been released as a downward compatible kernel (DCK) to kernels 742, 741 and 740 and can be used instead of these with SAP NetWeaver 7.4. Refer to SAP Note 2251972 for details on installation and usage of kernel 742 as DCK. The release roadmap for 74* kernels is presented in SAP Note 1969546.
SP stack kernel 722 PL #101 is now available on SAP Support Portal. It contains various improvements and enhancements that are outlined in detail in Note 2292019.
Information on known issues in the stack kernel 722 PL #101 can be found in Note 2292017. This note will be updated on a regular basis.
As a precaution the Kernel (dw.sar) for 721 PL 618 and 722 PL 20 and 21 have been revoked from the SAP Support Portal.
For further details see SAP Note 2259736. We are working a patch highest priority.
During Q1/2016 SAP Kernel 745 will be made available as Downward Compatible Kernel for SAP NetWeaver 7.4.
SAP Kernel 745 will eventually succeed SAP Kernel 742 (and 741 and 740).
SAP Kernel 742 will be retired in Q1/2017, one year later than the availability of SAP Kernel 745 as DCK. No more patches will be provided for SAP Kernel 742 after that date.
See also Understanding Kernel Releases for the SAP NetWeaver AS ABAP and SAP Note 1969546 - Release Roadmap Kernel 740
SP stack kernel 742 PL #300 is now available on SAP Support Portal. It contains various improvements and enhancements that are outlined in detail in SAP Note 2237353.
Information on known issues in the stack kernel 742 PL #300 can be found in SAP Note 2231749. This note will be updated on a regular basis.
As a precaution Enqueue Server 722 PL 14 (enserver.sar) and Kernel (dw.sar) 722 PL 14 and PL 15 have been revoked from the SAP Support Portal.
The new patch of the Enqueue Server might not be 100% compatible to older clients (e.g. disp+work PL 13) and the newer disp+work starting PL 14 might not be 100% compatible with old Enqueue Servers (prior patch 14). Standard operations Enque, Dequeue and DequeueAll are NOT affected. Details can be found in SAP Note 2239931
SP stack kernel 721 PL #600 is now available on SAP Support Portal. It contains various improvements and enhancements that are outlined in detail in SAP Note 2214191.
Information on known issues in the stack kernel 721 PL #600 can be found in SAP Note 2214680. This note will be updated on a regular basis.
Please do not use patch 13 for the 722 Oracle lib_DBSL
Further details can be found in note 2220724. A fix is expected early next week.
The last SP stack kernel for the 741 kernel version has been released today. Kernel 741 PL #300 can be downloaded from the archive area of SAP Support Portal. Refer to release note 2207362 for information on fixes included in this stack kernel.
As announced previously, kernel 741 has reached its end of maintenance, see note 1969546 for more detail. Future 74* kernel corrections will be delivered through 742 kernel patches.
SP stack kernel 742 PL #200 is now available on SAP Support Portal. It contains various improvements and enhancements that are outlined in detail in Note 2178917.
Information on known issues in the stack kernel 742 PL #200 can be found in Note 2176515. This note will be updated on a regular basis.
The SAP Kernel 741 reached its end of maintenance, see note 1969546. We will continue to deliver regression fixes during July and a final stack kernel 741 PL#300 in August. After that corrections will be delivered through kernel 742 patches.
SAP Kernels which are out of maintenance like SAP Kernel 720 can be found in the archive https://support.sap.com/software/patches/archive.html
For SAP Kernel 720 the last version is patch level 800. Please read the release note 2158874 - SAP Support Package Stack Kernel 7.20 (EXT) Patch Level 800. Corresponding note for regression found in the future is 2138737.
SAP kernel 722 has been released for customers today. The first shipment (Kernel 722 PL#4) can now be downloaded from SAP Support Portal. With this a new release cycle has been established for 72X kernel versions that can be used with all SAP NetWeaver releases 7.00-7.31:
Refer to SAP Note 2133909 for general information on Kernel 722 including new features and current limitations. This note will be updated on regular basis.
Kernel 722 can be applied manually as a kernel patch, see Note 2115344 - Installation of Kernel 722 (EXT) for detailed instructions. Options to apply Kernel 722 during upgrade/update are outlined in Note 2133909.
A new SP stack kernel 721 PL #500 is now available on SAP Support Portal.
SAP Note 2158856 contains the list of changes and enhancements introduced in this stack kernel compared to the previous stack kernel PL #402.
All regressions known in the PL #402 have been fixed.
Review SAP Note 2155366 for known issues in the stack kernel 721 PL #500. This note will be continuously updated.
After an extended validation phase kernel 742 PL#101 has been released as a downward compatible kernel (DCK) to kernels 741 and 740 and can be used instead of these with SAP NetWeaver 7.4. Refer to Note 2128122 for details on installation and usage of kernel 742 as DCK. The release roadmap for 74* kernels is presented in Note 1969546.
As announced previously, SP Stack kernels for 741 and 742 kernel versions have been updated. 741 PL#201 replaces 741 PL#200 and 742 PL#101 replaces 742 PL#100. New SP stack kernels can be now downloaded from SAP Support Portal, following fixes are included:
For more details on 741 PL#201 refer to Notes 2150081 - SAP Support Package Stack Kernel 7.41 Patch Level 201 and 2100429 - Known regressions in kernel 7.41 patch level 201.
Fixes and enhancements in the SP stack kernel 742 PL#101 are listed in the note 2145156. Information on known issues with this stack kernel can be found in the Note 2134238.
The latest SP stack kernels 741 (PL#200) and 742 (PL#100) contain a regression in the Oracle DBSL Library, see Note 2118448 -Termination during secondary database connection; LRAW length error, Point 2.
As a solution you may use the latest ORA lib_dbsl available on SAP Support portal. For kernel 741 on Windows, please be aware of the issue 2142073 - Application server in Windows NT with Oracle does not start.
Updated stack kernels will be provided as soon as possible.
SP Stack kernel 721 PL #402 has been released and can be downloaded from SAP Support Portal. The issues from PL#400 (Note 2118382) and PL#401 (Note 2138260) are fixed.
Refer to Note 2138680 - SAP Support Package Stack Kernel 7.21 (EXT) Patch Level 402 for overview of new features, enhancements and improvements added since PL#300. Known regressions are documented in Note 2138678.
SP stack kernel 742 PL #100 is now available on SAP Support Portal. It contains various improvements and enhancements that are outlined in detail in Note 2136550.
Information on known issues in the stack kernel 742 PL #100 can be found in Note 2129327. This note will be updated on regular basis.
SP Stack kernel 721 PL #401 has been revoked from SAP Support Portal for all platforms except for MS Windows because the kernel archives contained some files with wrong versions.
In most cases it is not necessary to replace the kernel in a system running with PL#401 because the issue has a limited impact and does not affect the kernel itself. Details are outlined in Note 2138260.
SP stack kernel PL#402 will be released as soon as possible; this document will be updated accordingly.
A new SP stack kernel 741 PL #200 has been released today and can be downloaded from SAP Support Portal.
For a summary of enhancements and improvements included into this stack kernel, see SAP Note 2101802 - SAP Support Package Stack Kernel 7.41 Patch Level 200.
Current SP stack kernel 721 PL#400 has been replaced with PL#401, see Note 2121693 - SAP Support Package Stack Kernel 7.21 (EXT) Patch Level 401.
It fixes a file permission issue that has a very limited impact:
This means: even if above criteria apply, it is not always necessary to replace already installed 721 kernel PL#400. Refer to Note 2118382 for more information.
Note 2084437 contains the list of known regressions in the stack kernel 721 PL #401. This note will be continuously updated.
A new SP stack kernel 721 PL #400 is now available on SAP Service Marketplace.
SAP Note 2101779 contains the list of changes and enhancements introduced in this stack kernel compared to the previous stack kernel PL #300.
All regressions known in the PL #300 have been fixed.
Review SAP Note 2084436 for known issues in the stack kernel 721 PL #400. This note will be continuously updated.
Dear SAP Basis Gurus and SAP Abap Gurus,
I am executing a sap report to create business partner in SAP CRM system. Now i have used parallel processing methodology in this report for business partner creation.
This report works fine with 80% of total dialogue processors in the system(quality/development/testing sap servers) used with multiple batch jobs in parallel (example if total dialogue processes in system is 100 then i schedule this report with 10 batch jobs and 8 dialogue processor per batch job).
But in production system we have 12 application servers with (150 dialogue processors, 20 update 1, 10 update 2 and 30 batch processes) per application server. So total resource is
dialogue processor : 1800
update 1: 240
update 2 : 120
batch jobs available: 360
Now i am scheduling the business partner creation report with 84 batch jobs and assigned 17 dialogue processor per batch job.
But only 7-8 jobs are remaining active after scheduling and updating the database creating customer and rest of the jobs are finished in 1 second without updating anything (note: there is nothing wrong with data creation as we write application log for error while data creation and nothing has come up in application log). Now i reprocesses the rest of the batch jobs which completed in 1 second earlier and didn't update, again 7-8 jobs are remaining active and creating business partner and rest of them are finished in 1 second and so on.
This report is working fine in other sap systems like quality/development/testing, and this problem is only happening in production.
I am not at all familiar with basis configurations, So kindly help me out with this issue.
Thanks for your help
Sudipto
By now, you already know how to setup the SM50 logon trace and how to configure the system to use X.509 client certificates.
Now it is time to go a bit deeper in the logon trace (and some other resources) and see what happens to have the SSO working.
Test: web browser side
Using IE or any other web browser, access a service in the ECC, e.g. the WEBGUI service (SAPGUI for HTML). The URL is:
https://<FQDN>/sap/bc/gui/sap/its/webgui
The port number is hidden (443 is the default HTTPS port).
The expected result is the WEBGUI loaded:
The question is: what happened behind the scenes? Using Fiddler I can see the SSL connection being established:
"...
HTTP/1.0 200 Connection Established
...
Secure Protocol: Tls12
Cipher: Aes128 128bits
Hash Algorithm: Sha256 ?bits
Key Exchange: RsaKeyX 4096bits
== Client Certificate ==========
[Subject]
CN=...
...
[Issuer]
CN=...
[Serial Number]
6...
[Not Before]
...
[Not After]
...
[Thumbprint]
...
== Server Certificate ==========
[Subject]
CN=...
[Issuer]
CN=...
[Serial Number]
0...
[Not Before]
...
[Not After]
...
[Thumbprint]
2...
..."
So, the client certificate was sent to the ECC system. Where can I see the certificate? What happened then?
Test: ECC side, part 1: ICM trace
The ICM is the actual web server of the SAP system. It will receive the HTTP/HTTPS requests and, according to the configuration, pass the information to the appropriate handler.
In the ICM trace file, I can find the certificate information. Note that I set, prior of calling the WEBGUI service, the ICM trace level to 3, so I have a lot of information! I also set icm/trace_secured_data=1, so the HTML code is recorded in the trace file.
In the ICM trace file, I could find the following information:
"...
[Thr 3852] IcmWorkerThread: worker 8 got the semaphore
[Thr 3852] DoW moY dd hh:mm:ss yyyy
[Thr 3852] REQ TRACE BEGIN: 4/2944/1
[Thr 3852] REQUEST:
Type: ACCEPT_CONNECTION Index = 3891
[Thr 3852] CONNECTION (id=4/2944):
used: 1, type: default, role: Server(1), stateful: 0
NI_HDL: 115, protocol: HTTPS(2)
local host: xx.yyy.zzz.aa:443 ()
remote host: xx.bbb.ccc.ddd:53128 ()
status: NOP
connect time: dd.mm.yyyy hh:mm:ss
MPI request: <0> MPI response: <0> MPI next: <0>
request_buf_size: 0 response_buf_size: 0
request_buf_used: 0 response_buf_used: 0
request_buf_offset: 0 response_buf_offset: 0
..."
This is the moment that the ICM received the request, so thread 3852 will process my connection.
The ICM is acting as a server and, having auth_type=1 (ICM parameter:icm/HTTPS/verify_client=1), the client certificate is requested.
"...
[Thr 3852] ->> SapSSLSessionInit(&sssl_hdl=0000000020162400, role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT))
[Thr 3852] <<- SapSSLSessionInit()==SAP_O_K
[Thr 3852] in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"
[Thr 3852] out: sssl_hdl = 000000000554DC50
[Thr 3852] ->> SapSSLSetNiHdl(sssl_hdl=000000000554DC50, ni_hdl=115)
[Thr 3852] SSL NI-hdl 115: local=xx.yyy.zzz.aa:443 peer=xx.bbb.ccc.ddd:53128
[Thr 3852] <<- SapSSLSetNiHdl(sssl_hdl=000000000554DC50, ni_hdl=115)==SAP_O_K
[Thr 3852] ->> SapSSLSessionStart(sssl_hdl=000000000554DC50)
..."
The SSL handshake happens, where server and client check their respective cipher suites, and decided for one:
"...
[Thr 3852] Server-configured Ciphersuites: "TLS_RSA_WITH_AES128_GCM_SHA256:TLS_RSA_WITH_AES256_GCM_SHA384:TLS_RSA_WITH_AES128_CBC_
[Thr 3852] Client-offered Ciphersuites: "TLS_ECDHE_RSA_WITH_AES256_CBC_SHA384:TLS_RSA_WITH_AES256_GCM_SHA384:TLS_RSA_WITH_AES128_G
[Thr 3852] Client Certificate available (FCPath-Len= 0)
[Thr 3852] New session (TLSv1.2, TLS_RSA_WITH_AES128_GCM_SHA256)
[Thr 3852] HexDump of new SSL session ID { &buf= 000000002040B73C, buf_len= 32 }
..."
The client certificate is received:
"...
[Thr 3852] Base64-Dump of peer certificate (len=1052 bytes)
[Thr 3852]
[Thr 3852] -----BEGIN CERTIFICATE-----
[Thr 3852] MIIEGDCC 4 g w B g K T c gG B FA v s Q D
...
[Thr 3852] l 7/ i n R q g Qu Y o 8=
[Thr 3852] -----END CERTIFICATE-----
[Thr 3852] <<- SapSSLSessionStart(sssl_hdl=000000000554DC50)==SAP_O_K
[Thr 3852] in/out: status = "new SSL session,TLSv1.2,TLS_RSA_WITH_AES128_GCM_SHA256, received client cert"
[Thr 3852] Subject DN = "CN=..."
[Thr 3852] Issuer DN = "CN=CA Cert..."
..."
The URL requested was:
"...
[Thr 3852] Address Offset IcmReadFromConn received
[Thr 3852] ------------------------------------------------------------------------
[Thr 3852] 0000000020714358 000000 47455420 2f736170 2f62632f 6775692f |GET /sap/bc/gui/|
[Thr 3852] 0000000020714368 000016 7361702f 6974732f 77656267 75692048 |sap/its/webgui H|
[Thr 3852] 0000000020714398 000064 5454502f 312e310d 0a416363 6570743a |TTP/1.1..Accept:|
[Thr 3852] 00000000207143A8 000080 20746578 742f6874 6d6c2c20 6170706c | text/html, appl|
...
[Thr 3852] 0000000020714568 000528 0a0d0a |... |
[Thr 3852] ------------------------------------------------------------------------
[Thr 3852] HttpPlugInHandleNetData(rqid=4/2944/1): role: Server(1), status: 1
[Thr 3852] content-length: 0/0, buf_len: 531, buf_offset: 0, buf_status: 0
...
[Thr 3852] GET /sap/bc/gui/sap/its/webgui HTTP/1.1
[Thr 3852] accept: text/html, application/xhtml+xml, */*
[Thr 3852] user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
[Thr 3852] accept-encoding: gzip, deflate, peerdist
..."
Additional information from the peer:
"...
[Thr 3852] Connection Info: role=Server, local=FQDN:443, peer=xx.bbb.ccc.ddd, protocol=HTTPS
[Thr 3852] ->> SapSSLGetPeerInfo(sssl_hdl=000000000554DC50, &cert=000000003F55E6B8, &cert_len=000000003F55E6B0,
[Thr 3852] &subject_dn=000000003F55E6C8, &issuer_dn=000000003F55E6C0, &cipher=000000003F55E6D0)
[Thr 3852] <<- SapSSLGetPeerInfo(sssl_hdl=000000000554DC50)==SAP_O_K
[Thr 3852] out: subject = "CN=..."
[Thr 3852] out: issuer = "CN=CA Cert..."
[Thr 3852] out: cert_len = 1052
[Thr 3852] out: cipher = "TLS_RSA_WITH_AES128_GCM_SHA256"
[Thr 3852] Client certificate info: subject="CN=...", issuer="CN=CA Cert..."
...
[Thr 3852] HttpModGetDefRules: Client certificate received: with len=1052, subj="CN=...", issuer="CN=CA Cert..."
[Thr 3852] HttpModGetDefRules: determined the defactions: COPY_CERT_TO_MPI ADD_CERT_TO_HEADER COMPAT_HANDLING (21)
[Thr 3852] ->> SapSSLGetPeerInfo(sssl_hdl=000000000554DC50, &cert=000000003F545610, &cert_len=000000003F5455D8,
[Thr 3852] &subject_dn=000000003F5456A8, &issuer_dn=000000003F5456B0, &cipher=000000003F5456A0)
[Thr 3852] <<- SapSSLGetPeerInfo(sssl_hdl=000000000554DC50)==SAP_O_K
[Thr 3852] out: subject = "CN=..."
[Thr 3852] out: issuer = "CN=CA Cert..."
[Thr 3852] out: cert_len = 1052
[Thr 3852] out: cipher = "TLS_RSA_WITH_AES128_GCM_SHA256"
..."
Now the certificate will be copied to the header:
"...
[Thr 3852] HttpModHandler: add cert to headers: cert_array_len=1, cipher_id_len=2, cipher_size=128
[Thr 3852] cipher_suite: 009c[
[Thr 3852] HttpModHandler: perform the actions: COPY_CERT_TO_MPI ADD_CERT_TO_HEADER COMPAT_HANDLING (21)
[Thr 3852] MPI<139>4#4 GetOutbuf -1 214260 65536 (0) -> 00000000207042D0 104857600 MPI_OK
[Thr 3852] HttpModHandler: serialize new http header
[Thr 3852] ICT: IctHttpCloseMessage( 0000000020408020 ) -> u=0 rc=0
[Thr 3852] HttpModHandler: copy cert to buffer (len=1052)
[Thr 3852] Address Offset ssl client cert:
[Thr 3852] ------------------------------------------------------------------------
[Thr 3852] 00000000203F9EF0 000000 30820418 30820381 a0030201 02020a65 |0...0..........e|
...
[Thr 3852] 00000000203FA300 001040 f85d0ba0 7c5633a6 1a1399bf |.]..|V3..... |
[Thr 3852] ------------------------------------------------------------------------
[Thr 3852] ICT: IctIHttpOpenMessage: 000000000564CC20 typ=1
[Thr 3852] Address Offset request header rewritten (1 block):
[Thr 3852] ------------------------------------------------------------------------
[Thr 3852] 0000000020714774 000000 47455420 2f736170 2f62632f 6775692f |GET /sap/bc/gui/|
...
[Thr 3852] 0000000020714984 000528 0a73736c 5f636c69 656e745f 63657274 |.ssl_client_cert|
[Thr 3852] 0000000020714994 000544 3a204d49 49454744 43434134 47674177 |: MIIEGDCCA4GgAw|
...
[Thr 3852] 0000000020714F04 001936 75676646 597a7068 6f546d62 383d0d0a |ugfFYzphoTmb8=..|
[Thr 3852] 0000000020714F14 001952 73736c5f 63697068 65725f75 73656b65 |ssl_cipher_useke|
[Thr 3852] 0000000020714F24 001968 7973697a 653a2031 32380d0a 73736c5f |ysize: 128..ssl_|
[Thr 3852] 0000000020714F34 001984 63697068 65725f73 75697465 3a203030 |cipher_suite: 00|
[Thr 3852] 0000000020714F44 002000 39630d0a 0d0a |9c.... |
[Thr 3852] ------------------------------------------------------------------------
[Thr 3852] MPI<139>4#5 DiscardOutbuf 2 0 0 214260 0 0 -> 00000000207042B0 MPI_OK
[Thr 3852] HTTP request (rewritten) [4/2944/1]:
[Thr 3852] GET /sap/bc/gui/sap/its/webgui HTTP/1.1
[Thr 3852] accept: text/html, application/xhtml+xml, */*
[Thr 3852] user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
[Thr 3852] accept-encoding: gzip, deflate, peerdist
...
[Thr 3852] ssl_client_cert: MIIEGDCCA4GgAw...
[Thr 3852] ssl_cipher_usekeysize: 128
[Thr 3852] ssl_cipher_suite: 009c
..."
Finally, the application server will be called to handle the URI:
"...
[Thr 3852] HttpSAPR3Handler: Call SAP AppServer for URI: /
..."
So now a work process will start handling the request, calling the ITS handler that will process the WEBGUI service request... but this is a matter for another blog in another community. 
Test: ECC side, part 2: SM50 logon trace
The entries for my logon were recorded in dev_w2:
"...
---------------------------------------------------
trc file: "dev_w2", trc level: 2, release: "742"
---------------------------------------------------
*
* ACTIVE TRACE LEVEL 2
* ACTIVE TRACE COMPONENTS all, N
*
..."
The logon trace shows that my logon was based on X.509 client certificate, asking to create a logon ticket:
"...
N DoY MoY dd hh:mm:ss yyyy
N dy_signi_ext: X.509 client certificate logon with ticket request
N dy_signi_ext: logon ticket creation disabled (system setting)
..."
The logon ticket creation is disabled (as I have login/create_sso2_ticket=3, i.e. only assertion tickets are created).
The certificate details are then displayed:
"...
N CertGetInfo: Subject-Name>CN=...<
N CertGetInfo: Issuer-Name>CN=CA Cert...<
N CertGetInfo: Validity>Validity - NotBefore: DoY moY dd hh:mm:ss yyy (...Z)
N NotAfter: DoY MoY dd hh:mm:ss yyyy (...Z)
N <
..."
The system looks for the mapping information (One certificate to one SAP user ID):
"...
N lookup USREXTID for certificate mapping information
N GetUsrExtId: search for <DN, "CN=..."> in client ccc for user ""
N GetUsrExtId: found matching user>UserID< in client ccc
N CheckX509CertIssuer: check skipped
N GetUsrExtId: 1 matching USREXTID entries found
..."
Since there is a valid entry, then the authentication takes place:
"...
N DyISigni: client=ccc, user=UserID , lang=E, access=H, auth=X
N usrexist: effective authentification method: X.509 client certificate
N Get_RefUser(ccc,UserID) =>
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=1)
N password change not required (expiration period=0 / days gone=717)
N usrexist: update logon timestamp (M)
N save user time zone = >BRAZIL< for user >ccc> / >UserID > into spa
N dy_UserLocalTimeInit ()
N DyISignR: return code=0 (see note 320991)
..."
The return code equal 0 was expected - as the WEBGUI screen was displayed!
Additional information
If you have a particular scenario that you would like to discuss, then use the comments and I will improve the blog to address your case.
Hi Guru's
I have a requirement
There is a background job in our Production system which is scheduled to run on hourly basis regularly . i have received a new requirement to stop executing the job for between 4 pm to 7 pm only on Sunday and rest of the days it should run regularly on hourly basis
awaiting for valid inputs
Regards
Harsha
Hi All
First time poster here.
I was trying to upgrade our Netweaver server from 7.1CE to 7.5 Java only. It was listed in one of the Notes to upgrade Kernel to 7.45.
In doing so I downloaded SAPEXEDB_100-80000795.SAR and SAPEXE_100-80000796.SAR, unpacked and put them in "<Drive>:\usr\sap\<SID>\SYS\exe\uc\NTAMD64". After doing this the SAP management console was in Yellow State and Further reading mentioned the Kernel Level and disp+work should be of same patch.
I followed by downloading dw_114-80000796.sar and putting all the contents again <Drive>:\usr\sap\<SID>\SYS\exe\uc\NTAMD64. This completely back fired with SAPSID_00 services not coming up and also manament console not showing any SAP services.
I restored the NTAMD64 folder with older contents still of no help.
Any help appreciated.
Thanks
Hi guys
I have SAP NW 7.4 (only JAVA stack).
Was configure p4, add to profile this parameters
icm/server_port_2 = PROT=P4, PORT=5$(SAPSYSTEM)04
icm/server_port_3 = PROT=P4SEC, PORT=5$(SAPSYSTEM)05
and set ALLOW_NON_SSL_TUNNELING = true
can you help me, what I do wrong, I write next JAVA code but can't connect to server
import javax.naming.InitialContext;
import javax.naming.NamingException;
import java.util.Properties;
public class rmi2 {
private static InitialContext ctx = null;
public static void main(String[] args) {
init ("", "10.0.0.5", "50005", "user", "1111", "httptunneling");
}
public static void init(String schema, String host, String port, String user, String pass, String transportType) {
try {
Properties p = new Properties();
if (schema == null) {
schema = "P4://";
}
p.put("java.naming.factory.initial", "com.sap.engine.services.jndi.InitialContextFactoryImpl");
p.put("java.naming.provider.url", schema+host+":"+port);
p.put("java.naming.security.principal", user);
p.put("java.naming.security.credentials", pass);
// Parameter transportType for Transport Layer Queue has value
// "None", "ssl", "httptunneling_ssl" or "httptunneling".
ctx = new InitialContext(p);
System.out.println("NamingClient context: " + ctx);
} catch(NamingException e) {
e.printStackTrace();
}
}
}
get this error
com.sap.engine.services.jndi.persistent.exceptions.NamingException: Exception while trying to get InitialContext. [Root exception is com.sap.engine.services.security.exceptions.BaseLoginException: Cannot create new RemoteLoginContext instance.]
at com.sap.engine.services.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:539)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at rmi2.init(rmi2.java:25)
at rmi2.main(rmi2.java:10)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Cannot create new RemoteLoginContext instance.
at com.sap.engine.services.security.remote.login.RemoteLoginContext.<init>(RemoteLoginContext.java:98)
at com.sap.engine.services.jndi.implclient.LoginHelper.clientSideLogin(LoginHelper.java:78)
at com.sap.engine.services.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:403)
... 11 more
Dear All,
We are facing problem in printing in the WEP HQ 2650 Printer (Heavy Duty Dot Matrix). The problem is mainly with SWIN Output Device type & Page Format. The printing is coming in X_65_80 & X_90_120 correctly but not in higher formats like X_120_150 which are desired.
Is there any better way to print in the model mentioned.
In anticipation of your reply.
Hello All,
This is my first upgrade of SAP system and please excuse if questions are silly.
Currently I have downloaded following Packages and and have set up the SUM on the host.
After first few steps in SUM its asking about the download directory in SELECT TARGET SYSTEM version step.
I dont have Solution manager and intend to Prepare the download directory Manually. I want to know what all do I need to put in download directory to proceed.
Is there any detailed Guide to explain this.
I am currently following NW Update Guide using SUM but that does not list in detail.
Thanks
Rupesh