Skip to Content

SAPOSS error (SAP Router)

Hello,

I´m facing an error in the RFC SAPOSS that is related with our SAP Router... because of this error we can´t implement SAP notes using the SNOTE transaction. Some weeks ago I changed the SAP Router certificate with the new configuration that is described in SAP note 2131531 (New Root Certification Authority for saprouter certificates). I believe this error is related with this change.

Error in SAPOSS rfc:

I see the following details in the SAP Router log files logfile.txt and dev_rout:

logfile.txt:

...

Thu May 21 16:04:50 2015 CONNECT ERR S40/51 NIESNC_FAILURE on 'SAProuter 40.4 on 'ORION''

Thu May 21 16:04:50 2015 DISCONNECT S40/51 host 194.39.131.34/3299 (194.39.131.34)

Thu May 21 16:05:38 2015 CONNECT FROM C41/- host 10.10.0.39/49952 (nelt526.noesis.pt)

Thu May 21 16:05:38 2015 CONNECT TO S41/52 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)

Thu May 21 16:05:39 2015 CONNECT ERR S41/52 NIESNC_FAILURE on 'SAProuter 40.4 on 'ORION''

Thu May 21 16:05:39 2015 DISCONNECT S41/52 host 194.39.131.34/3299 (194.39.131.34)

Thu May 21 16:38:11 2015 DISCONNECT C35/28 host 95.94.229.16/54515 (a95-94-229-16.cpe.netcabo.pt)

dev_rout:

...

Thu May 21 16:05:39 2015

*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE' [D:/depot/b 3386]

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [D:/depot/bas/74 3352]

GSS-API(maj): Miscellaneous failure

GSS-API(min): A2200223:Peer certificate path not trusted

Unable to establish the security context

target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

<<- SncProcessInput()==SNCERR_GSSAPI

*** ERROR => NiSncIProcIn: SncProcessInput failed (sncrc=-4;0000000004C000B0;1941) [nisnc.c 1003]

I already performed some telnet tests, for example, from our SAP Router server I ran the telnet 194.39.131.34 3299 and everything is Ok, also a telnet from our SAP Router server to the SAP servers to the 32xx port (telnet 171.20.22.21 3200) and everything is working too.

Can you help me please to understand what is the main problem here?!

Kind regards,

Dimas

SNAG-0164.jpg (159.1 kB)
Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    May 21, 2015 at 04:11 PM

    Hi Joao,

    Have you performed below, during setup of New root certificate for saprouter

    1. From 04/15/2015 11:00 AM CET until 07/18/2015 you need to import the old SAProuter Root CA manually:

    The old SAProuter SMP Root CA certificate is attached to SAP note 2131531.

    Import the old SAProuter SMP CA Root CA certificate as trusted into your PSE.

    sapgenpse maintain_pk -a smprootca.der -p local.pse

    This is necessary, since SAP has to keep using saprouter certificates signed by the old SAProuter SMP Root CA for interoperability reasons. If you omit this step, SNC connections to SAP cannot be established.


    Regards,


    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 21, 2015 at 04:02 PM

    Hi Joao,

    Your issue is

    A2200223:Peer certificate path not trusted

    In previous i reverted for same issue,let me search for the SCN thread

    Regards,

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 21, 2015 at 04:04 PM

    You could follow SAP Note 1867829 - List of SNC Error Codes & SCN thread

    Hope this will help you.

    Good luck !!

    Add comment
    10|10000 characters needed characters exceeded