Skip to Content

SUM Failing on OS User credential step SAPCONTROL issue

Hi i'm simply trying to add the latest support packs to our PI double stack 711 SP07 to SP14.

On WINDOWS\MSSQL

Using SUM 1.0 SP 13 PL06

3 screens in I cannot get pass the User Authentication for SIDADM. In fact it is not a user/password issue because I can put anything in those fields.

The issue is SUM cannot connect to SAPCONTROL to execute it's commands.

The error is the following:

C:\Windows>sapcontrol -nr 0 -host OT9DV094 -prot NI_HTTPS -function AccessCheck

Stop

sapparam: sapargv(argc, argv) has not been called!

sapparam(1c): No Profile used.

sapparam: SAPSYSTEMNAME neither in Profile nor in Commandline

SapSSLInit failed

I've looked at every note, I updated the kernel.

One concern I have, note 1401712 says the following:

Additionally, the new instance detection mechanism is not supported by all

kernel versions. If you have an old kernel which does not support the new

functionality, the old detection mechanism will be used.

- SAP KERNEL

release 7.10: supported by all PATCH levels

- SAP KERNEL release 7.20:

supported by all PATCH levels

- SAP KERNEL release 7.30: supported by all

PATCH levels

- SAP KERNEL release 7.00: supported by PATCH 96 and higher

-

SAP KERNEL release 6.40: supported by PATCH 169 and higher

I'm using Kernel 711 PL 169.

System works fine, no issues. I've rebooted many times, reset SUM,

I've had issues before and made the service\protectedwebmethods=NONE to all profiles. Didn't help.

My hostagent meets the criteria of sum version 190

I've looked at notes:

http://service.sap.com/sap/support/notes/1895278

http://service.sap.com/sap/support/notes/1401712

Upgrade issue - Get instance Properties | SCN

http://service.sap.com/sap/support/notes/1600846

http://service.sap.com/sap/support/notes/1563660

http://service.sap.com/sap/support/notes/2189669

http://service.sap.com/sap/support/notes/1873918

Error :sapstart.exe=>sapparam(1c): No Profil... | SCN

I'm stuck. Anyone have some ideas?

I'm really just think trying to jump kernel from 711 to 721

3.jpg (735.8 kB)
2.jpg (51.4 kB)
1.jpg (269.0 kB)
Add a comment
10|10000 characters needed characters exceeded

Related questions

8 Answers

  • Best Answer
    Posted on Aug 26, 2015 at 04:00 PM

    Hi Joshua,

    Its giving a SSL issue for the system.

    run the below command

    sapcontrol -nr 0 -host <hostname> -user sidadm password -prot NI_HTTPS -function GetProcessList -debug

    Then you will able to see the certificate

    You need copy this certificate in a txt file for example SID.txt

    Then you need integrate it to SAPSSLC.pse

    sapgenpse maintain_pk -p E:\usr\sap\<SID>\DVEBMGS<xx>\sec\SAPSSLC.pse -a C:\SID.txt

    Moreover if you have chosen the option

    "Authentication with user and password is not required" in the SUM tool. while giving the password of sidadm user then again you to extract the SUM tool and moving ahead without selecting the option "Authentication with user and password is not required" as per the sapnote


    http://service.sap.com/sap/support/notes/2189669

    With Regards

    Ashutosh Chaturvedi

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 26, 2015 at 07:42 PM

    I upgraded the kernel and still doesn't work but, I now am able to run this command. I do not see a key as described by francois here SUM 1.0 SP10 p3 - sapcontrol -prot NI_HTTPS Get... | SCN

    I do see errors at the end.

    sapcontrol -nr 0 -host OT9DV094 -user pjdadm <password> -prot NI_HTTPS

    -function GetProcessList -debug

    [Thr 5720] Wed Aug 26 15:31:32 2015
    [Thr 5720] NiIInit: allocated nitab (2048 at 0000000003C77FA0)
    [Thr 5720] NiIHSBufInit: initialize hostname buffer (IPv4)
    [Thr 5720] NiHLInit: alloc host buf (100 entries)
    [Thr 5720] NiSrvLInit: alloc serv bufs (100 entries)
    [Thr 5720] ***LOG Q0I=> NiPGetServByName: 'sapctrls00' not found: getaddrinfo (1
    0109: WSATYPE_NOT_FOUND: The specified class was not found.) [ninti.c 941]
    [Thr 5720] NiSrvLGetServNo: service name 'sapctrls00' not found by operating sys
    tem
    [Thr 5720] <<- SapSSLSetTraceFile()==SAP_O_K
    [Thr 5720] ->> SapSSLInit(read_profile=0, &init_params=00000000020E19F0, &return
    _reserved=0000000000000000)
    [Thr 5720] =================================================
    [Thr 5720] = SSL Initialization platform tag=(ntamd64-msc16)
    [Thr 5720] = (721_REL,Apr 28 2015,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)
    [Thr 5720] SapISSLComposeFilename(ssl_lib): using default "sapcrypto.dll"
    [Thr 5720] DlLoadLib success: LoadLibrary("sapcrypto.dll"), hdl 0, addr 000007FE
    EA9B0000
    [Thr 5720] using "D:\usr\sap\PJD\SYS\exe\uc\NTAMD64\sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_API_startup") from "sapcryp
    to.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_API_cleanup") from "sapcryp
    to.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_API_get_last_error") from "
    sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_check_last_io") from "sapcr
    ypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_new") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_duplicate") from "sapcrypto
    .dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_set_session_by_ssl") from "
    sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_clear") from "sapcrypto.dll
    "
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_set_fd") from "sapcrypto.dl
    l"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_accept") from "sapcrypto.dl
    l"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_connect") from "sapcrypto.d
    ll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_set_verify_mode") from "sap
    crypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_set_options") from "sapcryp
    to.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_state") from "sapcrypto
    .dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_read") from "sapcrypto.dll"

    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_write") from "sapcrypto.dll
    "
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_peek") from "sapcrypto.dll"

    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_pending") from "sapcrypto.d
    ll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_set_shutdown_mode") from "s
    apcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_shutdown") from "sapcrypto.
    dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_free") from "sapcrypto.dll"

    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_renegotiate") from "sapcryp
    to.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_do_handshake") from "sapcry
    pto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_is_session_resumed") from "
    sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_session") from "sapcryp
    to.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_state_description_long"
    ) from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_certificate_request_ca_
    dnames") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_new") from "sapcrypto.d
    ll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_set_default_pse_by_name
    ") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_set_default_verify_mode
    ") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_set_options") from "sap
    crypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_set_session_cache_mode"
    ) from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_set_session_cache_max_i
    tems") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_get_session_cache_numbe
    r") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_get_default_cipher_suit
    es") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_set_default_cipher_suit
    es") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_flush_session_cache") f
    rom "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_free") from "sapcrypto.
    dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_set_protocol_version_fl
    ags") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CTX_get_protocol_version_fl
    ags") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_protocol_version_number
    s") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_peer_certificates") fro
    m "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CIPHER_SUITE_get_name_info"
    ) from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CIPHER_SUITE_get_info") fro
    m "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_CIPHER_SUITE_get_sym_key_si
    ze") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_cipher_suite_used") fro
    m "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_cipher_suite_used_id")
    from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_cipher_suites") from "s
    apcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_get_cipher_suites_peer") fr
    om "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_SESSION_set_timeout") from
    "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("SSL_SESSION_get_session_id") fr
    om "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_sprint_error") from "sapcry
    pto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("th_last_error") from "sapcrypto
    .dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("th_get_last_error_text") from "
    sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_free") from "sapcrypto.dll"

    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_free_error") from "sapcrypt
    o.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_get_Certificate_n_from_Cert
    ificates") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_get_tbs_DERcode_of_Certific
    ate") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("e_Certificate") from "sapcrypto
    .dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_get_serialnumber_of_Certifi
    cate") from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_get_subject_of_Certificate"
    ) from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_get_issuer_of_Certificate")
    from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_cmp_DName") from "sapcrypto
    .dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_sprint_DName") from "sapcry
    pto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_free_String") from "sapcryp
    to.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_free_OctetString") from "sa
    pcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("aux_putenv") from "sapcrypto.dl
    l"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapcr_init") from "sapcrypto.dl
    l"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapcr_done") from "sapcrypto.dl
    l"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapcr_get_version") from "sapcr
    ypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapcr_get_secudir") from "sapcr
    ypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapcr_set_secudir") from "sapcr
    ypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapcr_config") from "sapcrypto.
    dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapsecu_create_CertEntryList")
    from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapsecu_free_CertEntryList") fr
    om "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sapsecu_sprint_CertEntryList")
    from "sapcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sap_create_memory_PSE") from "s
    apcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sap_delete_memory_PSE") from "s
    apcrypto.dll"
    [Thr 5720] DlLoadFunc successful GetProcAddress("sap_load_memory_PSE") from "sap
    crypto.dll"
    [Thr 5720] = found CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.38 pl40 (Jul 1
    2015) MT-safe
    [Thr 5720] = current UserID: SAP\pjdadm
    [Thr 5720] = found SECUDIR environment variable
    [Thr 5720] = using SECUDIR=D:\usr\sap\PJD\DVEBMGS00\sec
    sapparam: sapargv(argc, argv) has not been called!
    sapparam(1c): No Profile used.
    sapparam: SAPSYSTEMNAME neither in Profile nor in Commandline
    [Thr 5720] SapISSLComposeFilename(client_pse): using default "D:\usr\sap\PJD\D
    VEBMGS00\sec\SAPSSLC.pse"
    [Thr 5720] *** ERROR => secudessl_Create_SSL_CTX(): PSE "D:\usr\sap\PJD\DVEBM
    GS00\sec\SAPSSLC.pse": unable to use! [ssslsecu.c 1793]
    [Thr 5720] No Secude Error present in trace stack!
    [Thr 5720] SapISSLDeleteCTX(): deleting SSL_CTX (cred "<NULL>",refcount=0)
    [Thr 5720] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying t
    o create CLIENT Credential
    for "D:\usr\sap\PJD\DVEBMGS00\sec\SAPSSLC.pse" [ssslxxi.c 2422]
    [Thr 5720] DlUnloadLib successful FreeLibrary("sapcrypto.dll") hdl 0
    [Thr 5720] *** ERROR => Initialization of SSL library failed -- NO SSL available
    !
    [Thr 5720] =================================================
    [Thr 5720]
    [Thr 5720] <<- ERROR: SapSSLInit(read_profile=0)==SSSLERR_PSE_ERROR
    SapSSLInit failed

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Joshua,

      You have to upgrade the sapcrypto file as well because error is "unable to use!"

      Thr 5720] SapISSLComposeFilename(client_pse): using default "D:\usr\sap\PJD\D

      VEBMGS00\sec\SAPSSLC.pse"

      [Thr 5720] *** ERROR => secudessl_Create_SSL_CTX(): PSE "D:\usr\sap\PJD\DVEBM

      GS00\sec\SAPSSLC.pse": unable to use! [ssslsecu.c 1793]

      [Thr 5720] No Secude Error present in trace stack!

      [Thr 5720] SapISSLDeleteCTX(): deleting SSL_CTX (cred "<NULL>",refcount=0)

      With Regards

      Ashutosh Chaturvedi

  • Posted on Aug 26, 2015 at 01:49 PM

    Interesting

    C:\Windows>r3load -testconnect
    sapparam: sapargv(argc, argv) has not been called!
    sapparam(1c): No Profile used.
    sapparam: SAPSYSTEMNAME neither in Profile nor in Commandline
    r3load: START OF LOG: 20150826094707

    r3load: sccsid @(#) $Id: //bas/711_REL/src/R3ld/R3load/R3ldmain.c#8 $ SAP
    r3load: version R7.11/V1.4 [UNICODE]
    Compiled Sep 8 2012 22:41:30
    process id 8636
    r3load -testconnect

    (DB) INFO: connected to DB
    (DB) INFO: disconnected from DB

    r3load: job completed
    r3load: END OF LOG: 20150826094707


    C:\Windows>sapparam: sapargv(argc, argv) has not been called!
    'sapparam:' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Windows>sapparam(1c): No Profile used.
    'sapparam' is not recognized as an internal or external command,
    operable program or batch file.

    Add a comment
    10|10000 characters needed characters exceeded

    • If I run the syntax but remove SSL, works fine

      C:\Windows>sapcontrol -nr 0 -host OT9DV094 -prot NI_HTTPS -function AccessCheck
      Stop
      sapparam: sapargv(argc, argv) has not been called!
      sapparam(1c): No Profile used.
      sapparam: SAPSYSTEMNAME neither in Profile nor in Commandline
      SapSSLInit failed

      C:\Windows>sapcontrol -nr 0 -host OT9DV094 -prot NI_HTTP -function AccessCheck S
      top

      26.08.2015 11:14:05
      AccessCheck
      OK

  • author's profile photo Former Member
    Former Member
    Posted on Aug 26, 2015 at 02:39 PM

    Hello Joshua,

    Services SAPSID_00,SAPSID_01 might be running with SAPServiceSID users.

    If SAPServiceSID is domain. Change the password in domain.

    Note:- Do not close SIDADM session where SUM is running.

    Open another session with Administrator.

    You should change the password of SAPServiceSID to the password which you might have given during initial stages in SUM.

    Update services SAPSID_00,SAPSID_01 user password in Windows Services.

    If the these two services are running with domain ID.Restart these services with a Domain id.

    Continue your SUM step with SIDADM.

    I hope this will resolve your issue.

    Regards

    Anand

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 26, 2015 at 03:25 PM

    So you can see, I can access the profile from the command and see my setting

    C:\Windows>sapcontrol -nr 00 -user pjdadm <mypassword> -function GetStartProfile | f

    indstr protectedwebmethods

    service/protectedwebmethods = NONE

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Joshua,

      Could you paste the few last lines of INPUT-OS-USER-PASSWORD* log file.
      You should be able to find the log file in ..SUM/sdt/log directory.

      You would be able to find the command which is failing. You can try running same command as
      sidadm to get more details . Also you can check the ../sdt/tmp/ directory . It shoud have some logs as
      sapcontrol_output_xx.log and should have output of the sapcontrol commands run by SUM.

      Also try running :

      sapcontrol -nr <instance number> -host <hostname> -user <sidadm> <password> GetInstanceProperties

      BR,
      Gaurav

  • Posted on Aug 26, 2015 at 07:14 PM

    Dear Joshua,

    I think you are using a wrong user to logon to the server.

    Logon to the server , with <sid>adm user and then run the SUM tool.

    In cmd , i can see that you have used a administrator user.

    With Regards

    Ashutosh Chaturvedi

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 27, 2015 at 01:06 PM

    Can someone tell me where this checkbox is? I cannot find it.

    Alternatively, you may consider to restore the system and start over. This time

    make sure no SSO is utilized, do not select "Authentication with user and

    password is not required" checkbox in SUM.

    So you'll be asked to provide

    user/password during the upgrade.

    I have searched for this selection box!

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Joshua ,

      It could be SAPSSLC.pse is unreadable / corrupt

      Before i can suggest any , Want to check whether your PI system has already some certificates installed . So if possible send the following

      Traverse to the following directory

      D:\usr\sap\PJD\DVEBMGS00\sec\


      check for the file SAPSSLS.pse , check the authorizations and send a screenshot



      Now log on to your system and Txn STRUST . Expand all the Nodes ike system PSE and SSL standards and send the screen shot .#


      Thanks ,

      Manu



  • Posted on Aug 27, 2015 at 02:34 PM

    OK I found a workaround for my case.

    See I knew all along that the issue resided with my SSL key and a trust between SUM and my PSE on the server.

    But I wanted the freedom of not using SSL for SUM regardless if my server is configured for it.

    So here is what I did.

    I was using SUM SP13 PL06.

    I downgraded to SUM SP11 PL03.

    I did hit the same error message but it was much more clear:

    So at this point,

    Open the jump_config.txt file contained in the
    \usr\sap\SUM\sdt\param directory

    Edit the last parameter value (/sapstartsrv/httpsconnection)
    from true to false and execute the step again.

    It then prompts you for the SIDADM and password and moves.

    The difference between the two SUM tools. SP 13 would not take this parameter change and also it prompts for the SIDADM/Password first then does the check, where in SUM SP 11 it checks first, takes the override parameter then asks for the password.

    Also, you must have this setting in your profiles service/protectedwebmethods = DEFAULT

    So now I can continue without SSL in SUM.

    I'm not closing this thread yet until I get done the upgrade incase something pops up.


    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.