Skip to Content

Saprouter Error (GSS-API(maj): Miscellaneous failure)

Dear Gurus,

We decided to upgrade our SAPROUTER related to note 2131531 - New Root Certification Authority for saprouter certificates


Everything seems ok, i follow up fresh installation snc saprouter ; Installing the sapcrypto library and starting the SAProuter | SAP Support Portal

----------------------------------------------------------------------------------------------

Here is SAPROUTER as a Service COMMAND ; (It works and run well)


d:\usr\sap\saprouter\saprouter.exe service -r -D -W 20000 -G d:\usr\sap\saprouter\saprouter.log -S 3299 -R d:\usr\sap\saprouter\saprouttab -K "p:CN=........., OU=......., OU=SAProuter, O=SAP, C=DE"

---------------------------------------


Env Variables ;

SNC_LIB

D:\usr\sap\saprouter\sapcrypto.dll


SECUDIR

D:\usr\sap\saprouter


---------------------------------------------------------------------------------------------

Here also check commands for SAPROUTER working correctly ;


D:\usr\sap\saprouter>sapgenpse get_my_name -v -n Issuer

Opening PSE "D:\usr\sap\saprouter\local.pse"...

PSE (v2) open ok.

Retrieving my certificate... ok.

Getting requested information... ok.

SSO for USER "Administrator"

  with PSE file "D:\usr\sap\saprouter\local.pse"

Issuer  : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE

D:\usr\sap\saprouter>sapgenpse.exe get_my_name -n validity

SSO for USER "Administrator"

  with PSE file "D:\usr\sap\saprouter\local.pse"

Validity  -  NotBefore:   Tue May  5 16:23:09 2015 (150505142309Z)

              NotAfter:   Wed May  4 16:23:09 2016 (160504142309Z)




WHEN CHECK SAPOSS Connection is failed (it was working before upgrade SAPROUTER)

--------------------------------------------------------------------------

DEV_ROUT ;

Tue May 05 18:51:01 2015

*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE' [D:/depot/b 3386]

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [D:/depot/bas/74 3352]

      GSS-API(maj): Miscellaneous failure

      GSS-API(min): A2200223:Peer certificate path not trusted

    Unable to establish the security context

    target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

<<- SncProcessInput()==SNCERR_GSSAPI

*** ERROR => NiSncIProcIn: SncProcessInput failed (sncrc=-4;000000000282E8A0;1941) [nisnc.c      1003]

Tue May 05 18:51:11 2015

*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE' [D:/depot/b 3386]

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [D:/depot/bas/74 3352]

      GSS-API(maj): Miscellaneous failure

      GSS-API(min): A2200223:Peer certificate path not trusted

    Unable to establish the security context

    target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

<<- SncProcessInput()==SNCERR_GSSAPI

*** ERROR => NiSncIProcIn: SncProcessInput failed (sncrc=-4;000000000282E8A0;1941) [nisnc.c      1003]

------------------------------------------------------------------------------------------------------------------

WHAT COULD BE THE WRONG ???

Also Here is SAPROUTER Version ;

--------------------

SAProuter information

--------------------

kernel release                742

kernel make variant           742_REL

DBMS client library

compiled on                   NT 6.1 7601 x86 MS VC++ 16.00 for NTAMD64

compiled for                  64 BIT

compilation mode              Non-Unicode

compile time                  Mar 31 2015 19:17:37

update level                  0

patch number                  111

source id                     0.111

RKS compatibility level       0

---------------------

supported environment

---------------------

database (SAP, table SVERS)   740

operating system

Windows NT 6.0

Windows NT 6.1

Windows NT 6.2

Windows NT 6.3

Regards

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    May 05, 2015 at 04:23 PM

    Hi,

    GSS-API(min): A2200223:Peer certificate path not trusted

    Suggest you to follow SAP Note  1867829 - List of SNC Error Codes

    as per note this message indicates

    A2200223 Peer certificate path not trusted.

    The certificate verification failed because the certificate path is not complete (CA certificate is missing), or the root certificate is not trusted.

    Thanks,

    Add comment
    10|10000 characters needed characters exceeded

  • May 06, 2015 at 06:42 AM

    It is resolved now, i missed this step. Thank you guys

    1. From 04/15/2015 11:00 AM CET until 07/18/2015 you need to import the old SAProuter Root CA manually:

    The old SAProuter SMP Root CA certificate is attached to SAP note 2131531.

    Import the old SAProuter SMP CA Root CA certificate as trusted into your PSE.

    sapgenpse maintain_pk -a smprootca.der -p local.pse

    This is necessary, since SAP has to keep using saprouter certificates signed by the old SAProuter SMP Root CA for interoperability reasons. If you omit this step, SNC connections to SAP cannot be established.

    Add comment
    10|10000 characters needed characters exceeded

  • May 05, 2015 at 04:17 PM

    Please follow the recommendations again.

    It seems you have missed something somewhere.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 05, 2015 at 04:25 PM

    You could also refer similar SCN thread at

    Thanks,

    Add comment
    10|10000 characters needed characters exceeded