cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP WebDispatcher configuration for Portal access on Public IP

sujit_sharma
Active Participant

on ‎03-30-2016 12:48 PM

0 Kudos

Dear friends,

I've a requirement to access SAP EP through a public IP. In our scenario SAP Web Dispatcher is located in DMZ and rest all SAP systems are in MZ.

We have registered a domain name (couple of weeks ago) and binding has been done with the public IP address. Natting has been done between Public IP and private IP of SAP Web Dispatcher. When we are trying to access the portal now using public IP address it doesn't bring any page rather gives error:

This site can’t be reached

202.100.196.244 refused to connect.

ERR_CONNECTION_REFUSED

Below is our Web dispatcher config file contents, kindly suggest if there is something wrong with this:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SAPGLOBALHOST = SAPWDP01

SAPSYSTEM = 00

INSTANCE_NAME = W00

DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64

DIR_EXECUTABLE = $(DIR_CT_RUN)

DIR_PROFILE = $(DIR_INSTALL)\profile

_PF = $(DIR_PROFILE)\WDP_W00_SAPWDP01

SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%

#-----------------------------------------------------------------------

# Accesssability of Message Server

#-----------------------------------------------------------------------

wdisp/system_0 = SID=EPP, MSHOST=EPPVS01.ENGPL.com, MSPORT=8100,

#-----------------------------------------------------------------------

# Back-end system configuration

#-----------------------------------------------------------------------

wdisp/system_0 = SID=EPP, MSHOST=EPPVS01, MSPORT=8100, SRCVHOST=EPPVS01.ENGPL.com

#-----------------------------------------------------------------------

# Configuration of maximum number of concurrent connections

#-----------------------------------------------------------------------

icm/max_conn = 2000

#-----------------------------------------------------------------------

# Tuning parameters that usually do not need to be adjusted

#-----------------------------------------------------------------------

icm/max_sockets = ($(icm/max_conn) * 2)

icm/max_conn = 16384

icm/max_sockets = 16384

icm/req_queue_len = 6000

icm/min_threads = 100

icm/max_threads = 250

mpi/total_size_MB = (min(0.06 * $(icm/max_conn) + 50, 2000))

mpi/max_pipes = ($(icm/max_conn) * 2)

wdisp/HTTP/max_pooled_con = ($(icm/max_conn))

wdisp/HTTPS/max_pooled_con = ($(icm/max_conn))

ssl/server_cache_size = (min($(icm/max_conn) * 4, 100000))

#-----------------------------------------------------------------------

# SAP Web Dispatcher Ports

#-----------------------------------------------------------------------

icm/server_port_0 = PROT=HTTPS,PORT=443$$

icm/server_port_1 = PROT=HTTP,HOST=SAPWDP01,PORT=81$$

icm/server_port_2 = PROT=HTTP,HOST=EPPVS01,PORT=81$$

icm/server_port_3 = PROT=HTTP,HOST=localhost,PORT=81$$

#-----------------------------------------------------------------------

# SAP Web Dispatcher Administration

#-----------------------------------------------------------------------

icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile)

#-----------------------------------------------------------------------

# Start webdispatcher

#-----------------------------------------------------------------------

_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)

Restart_Program_00 = local $(_WD) pf=$(_PF)

SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec

icm/HTTP/redirect_00 = PREFIX=/,FROM=*.gov.in*,FROMPROT=HTTP,FOR=EPPVS01.ENGPL.com:50100,PROT=HTTP,HOST=EPPVS01, PORT=50100

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Kindly help, thanks in advance

SUJIT

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Sriram2009
Active Contributor
‎03-30-2016 1:07 PM
0 Kudos

Hi Sujit.

You can enable the trace using the Httpwatch from public to private. find the where the packet getting drooped . refer the SAP KBA 1994801 - HTTPwatch Tips


Regards

SS

Show replies
Show replies
mamartins
Active Contributor
‎03-30-2016 12:55 PM
0 Kudos

Hi there,

The configuration you posted seems inconsistent, a few entries are incompatible each other.

Please check these links:

https://wiki.scn.sap.com/wiki/display/SI/Managing+PSE+files+at+the+Web+Dispatcher

http://scn.sap.com/thread/3779410

https://help.sap.com/saphelp_nwce72/helpdata/en/c5/ec466f5544409982c7d3ca29ce1ad3/content.htm

Also, test inside the DMZ system that you can reach the internal remote SAP servers, by using this command: telnet [internal_server_name] 50100

Regards,

MM

Show replies
Show replies
sujit_sharma
Active Participant
‎03-30-2016 4:00 PM
0 Kudos

Dear Manuel,



The configuration you posted seems inconsistent, a few entries are incompatible each other.

Pls if you don't mind, let me know which entries seem to be incompatible?

I've tried telnet for 50100 port with internal server name and IP and it works fine.

For Natting between Public IP and Domain we have used the IP address of Web Dispatcher system and port number 8100, is that fine ??

Thanks,

SUJIT

mamartins
Active Contributor
‎03-30-2016 4:10 PM
0 Kudos

These 2:

wdisp/system_0 = SID=EPP, MSHOST=EPPVS01.ENGPL.com, MSPORT=8100,

wdisp/system_0 = SID=EPP, MSHOST=EPPVS01, MSPORT=8100, SRCVHOST=EPPVS01.ENGPL.com

And these ones:

icm/server_port_0 = PROT=HTTPS,PORT=443$$

If you want port 443, you need to remove the $$

icm/server_port_1 = PROT=HTTP,HOST=SAPWDP01,PORT=81$$

icm/server_port_2 = PROT=HTTP,HOST=EPPVS01,PORT=81$$

icm/server_port_3 = PROT=HTTP,HOST=localhost,PORT=81$$

You can't have multiple services on the same port, because you are using 00 for the WD, all 3 ports will try to attach to port 8100

isaias_freitas
Advisor
Advisor
‎03-31-2016 1:27 PM
0 Kudos

Hello Manuel, hello Sujit,

About having 2 wdisp/system_0 parameters, the second one (in the order they appear at the profile) will overwrite the first one. So, only the second wdisp/system_0 parameter is taking effect.

About icm/server_port_1 to 3, you are almost correct, Manuel .

Notice that each of the parameters is binding the same port but under a specific, different IP address (this is because the HOST argument is being used). Since HOST is being used, this should not be causing any issues.

It seems that the parameter icm/HTTP/redirect_00 will never be used. But in case it matches a request, it seems it would cause an issue as it seems to be making the browser redirect directly to the Portal, bypassing the Web Dispatcher. But this would be something for a different thread, maybe .

About the "connection refused" error, ensure that your firewall (that is "natting" the public IP to the Web Dispather IP) is allowing connections to the TCP ports 8100 and 44300. Your firewall has to accept connections on these ports (at the public IP) and then "nat" them to the Web Dispatcher IP at the same port.

Then, test the connection to your public domain, specifying the port you want to use. For example:

http://www.your-domain.com:8100

or

https://www.your-domain.com:44300

Best regards,

Isaías

Ask a Question