Skip to Content
avatar image
Former Member

Environment variable SECUDIR with multiple instances on a host LINUX


I have an ERP 6 EHP6 (NW 7.31) system on Linux OS and need to configure SECUDIR environment variable for SNC.

On our installation we have multiple SAP instances on two hosts: host1 and host2. The SAP instances are placed as follows:

host1: DVEBMGS00, D01, D02

host2: D03, D04

To set the SECUDIR environment variable I've checked the SAP Note 1827566 - How to set environment variables for SAP system? and it says there are two ways of setting the environment variables.

1.- on operating system level

  • Set environment variable on operating system level for the <sid>adm user


I configure the SECUDIR variable on the .sapenv.(c)sh or .profile of the <sid>adm but the problem is that configuring the SECUDIR variable on the profile file of the operating system user <sid>adm, I can only configure 1 directory for "sec" directory, and I have more than 1 instances per host.

On host1:




and on host2:



I cannot configure the variable for the directory of each of the SAP instances (DVEBMGS00, D01, D02 (host1) / D03, D04 (host2)) at the same time.

I start the sap services (sapstartsrv) and if y run sapcontrol:

sapcontrol -nr 00 -function GetEnvironment

I get the same value for SECUDIR for all the instances. The one configured on the .profile file:


But each instance has it's own "sec" directory.

2.- The second way of configuring environment variables mentioned in SAP Note 1827566

  • Set environment variable in startup profile

Add entries in start (up to 710) or instance profile (as of 710 no start profile exists)  in this form

SETENV_xx = SECUDIR=/usr/sap/BCS/D03/sec

After setting the variable in the START profile (I've also tried on instance profile) I stop the SAP services (sapstartsrv) processes and start them again, but the command sapontrol:

sapcontrol -nr 00 -function GetEnvironment

does not return the SECUDIR variable and thus the SAP Instances are not able to start as the SNC is configured and the system does not know where to find the .pse files.

I tried configuring the SECUDIR variable for a common "sec" directory of the <sid>adm user, ie. /home/<sid>adm/sec

and SECUDIR=/home/<sid>adm/sec but when I go to transaction STRUST the path of the .pse credentials are stored in /usr/sap/<SID>/<INSTANCE>/sec and I've configured SECUDIR=/home/<sid>adm/sec.

In my opinion the best approach is setting environment variable in startup profile instead of the .profile or .sapenv_<hostname>.(c)sh of the <sid>adm user. But it doesn't seam to work.

Any idea on how to configure SECUDIR environment variable for multiple SAP instances on a host, and maintaining the "sec" directory of each instance?

Thanks for the support.

Kind regards.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Sep 25, 2014 at 11:00 AM


    Found the discussion: Profile parameter icm/server_port_0 being ignored

    A reply from Cristiano Hansen:

    "Could you please check the SAPCRYPTOLIB installation?

    Check whether you see in dev_icm the SAPCRYPTOLIB initialization. I don't have a NW 7.3 Java to give you an example, but it should look like:


    [Thr 3628] =================================================

    [Thr 3628] = SSL Initialization    platform tag=(NTAMD64)

    [Thr 3628] =   (720_REL,Aug 12 2013,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)

    [Thr 3628]   profile param "ssl/ssl_lib" = "C:\usr\sap\XXX\DVEBMGS00\exe\sapcrypto.dll"

    [Thr 3628]            resulting Filename = "C:\usr\sap\XXX\DVEBMGS00\exe\sapcrypto.dll"

    [Thr 3628] =   found SAPCRYPTOLIB  5.5.5C pl36  (Jul  3 2013) MT,AESNI,NB

    [Thr 3628] =   current UserID: ZZZZZZZZ\SAPServiceXXX

    [Thr 3628] =   found SECUDIR environment variable

    [Thr 3628] =   using SECUDIR=C:\usr\sap\XXX\DVEBMGS00\sec

    [Thr 3628] = Success    SapCryptoLib SSL ready!

    [Thr 3628] =================================================


    If you have more than one instance in the same server, then you can add the SECUDIR environment variable in the start profile, like:




    You can check more about the SAPCRYPTOLIB installation here."

    So I've checked the START profiles and I've added:

    00 as it is the first env-var.

    After that the SM51 -> Goto -> Server Name -> Information -> Environment shows the correct SECUDIR environment variable values for each instance.

    But still with the sapcontrol -nr 00 -function GetEnvironment doesn't return the SECUDIR environment variable. Even though the system starts up and I am able to connect correctly.

    Kind regards.

    Add comment
    10|10000 characters needed characters exceeded