on 03-30-2016 12:48 PM
Dear friends,
I've a requirement to access SAP EP through a public IP. In our scenario SAP Web Dispatcher is located in DMZ and rest all SAP systems are in MZ.
We have registered a domain name (couple of weeks ago) and binding has been done with the public IP address. Natting has been done between Public IP and private IP of SAP Web Dispatcher. When we are trying to access the portal now using public IP address it doesn't bring any page rather gives error:
202.100.196.244 refused to connect.
ERR_CONNECTION_REFUSED
Below is our Web dispatcher config file contents, kindly suggest if there is something wrong with this:
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SAPGLOBALHOST = SAPWDP01
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_CT_RUN)
DIR_PROFILE = $(DIR_INSTALL)\profile
_PF = $(DIR_PROFILE)\WDP_W00_SAPWDP01
SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%
#-----------------------------------------------------------------------
# Accesssability of Message Server
#-----------------------------------------------------------------------
wdisp/system_0 = SID=EPP, MSHOST=EPPVS01.ENGPL.com, MSPORT=8100,
#-----------------------------------------------------------------------
# Back-end system configuration
#-----------------------------------------------------------------------
wdisp/system_0 = SID=EPP, MSHOST=EPPVS01, MSPORT=8100, SRCVHOST=EPPVS01.ENGPL.com
#-----------------------------------------------------------------------
# Configuration of maximum number of concurrent connections
#-----------------------------------------------------------------------
icm/max_conn = 2000
#-----------------------------------------------------------------------
# Tuning parameters that usually do not need to be adjusted
#-----------------------------------------------------------------------
icm/max_sockets = ($(icm/max_conn) * 2)
icm/max_conn = 16384
icm/max_sockets = 16384
icm/req_queue_len = 6000
icm/min_threads = 100
icm/max_threads = 250
mpi/total_size_MB = (min(0.06 * $(icm/max_conn) + 50, 2000))
mpi/max_pipes = ($(icm/max_conn) * 2)
wdisp/HTTP/max_pooled_con = ($(icm/max_conn))
wdisp/HTTPS/max_pooled_con = ($(icm/max_conn))
ssl/server_cache_size = (min($(icm/max_conn) * 4, 100000))
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
icm/server_port_0 = PROT=HTTPS,PORT=443$$
icm/server_port_1 = PROT=HTTP,HOST=SAPWDP01,PORT=81$$
icm/server_port_2 = PROT=HTTP,HOST=EPPVS01,PORT=81$$
icm/server_port_3 = PROT=HTTP,HOST=localhost,PORT=81$$
#-----------------------------------------------------------------------
# SAP Web Dispatcher Administration
#-----------------------------------------------------------------------
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile)
#-----------------------------------------------------------------------
# Start webdispatcher
#-----------------------------------------------------------------------
_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Restart_Program_00 = local $(_WD) pf=$(_PF)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
icm/HTTP/redirect_00 = PREFIX=/,FROM=*.gov.in*,FROMPROT=HTTP,FOR=EPPVS01.ENGPL.com:50100,PROT=HTTP,HOST=EPPVS01, PORT=50100
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Kindly help, thanks in advance
SUJIT
Hi Sujit.
You can enable the trace using the Httpwatch from public to private. find the where the packet getting drooped . refer the SAP KBA 1994801 - HTTPwatch Tips
Regards
SS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi there,
The configuration you posted seems inconsistent, a few entries are incompatible each other.
Please check these links:
https://wiki.scn.sap.com/wiki/display/SI/Managing+PSE+files+at+the+Web+Dispatcher
http://scn.sap.com/thread/3779410
https://help.sap.com/saphelp_nwce72/helpdata/en/c5/ec466f5544409982c7d3ca29ce1ad3/content.htm
Also, test inside the DMZ system that you can reach the internal remote SAP servers, by using this command: telnet [internal_server_name] 50100
Regards,
MM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Manuel,
The configuration you posted seems inconsistent, a few entries are incompatible each other.
Pls if you don't mind, let me know which entries seem to be incompatible?
I've tried telnet for 50100 port with internal server name and IP and it works fine.
For Natting between Public IP and Domain we have used the IP address of Web Dispatcher system and port number 8100, is that fine ??
Thanks,
SUJIT
These 2:
wdisp/system_0 = SID=EPP, MSHOST=EPPVS01.ENGPL.com, MSPORT=8100,
wdisp/system_0 = SID=EPP, MSHOST=EPPVS01, MSPORT=8100, SRCVHOST=EPPVS01.ENGPL.com
And these ones:
icm/server_port_0 = PROT=HTTPS,PORT=443$$
If you want port 443, you need to remove the $$
icm/server_port_1 = PROT=HTTP,HOST=SAPWDP01,PORT=81$$
icm/server_port_2 = PROT=HTTP,HOST=EPPVS01,PORT=81$$
icm/server_port_3 = PROT=HTTP,HOST=localhost,PORT=81$$
You can't have multiple services on the same port, because you are using 00 for the WD, all 3 ports will try to attach to port 8100
Hello Manuel, hello Sujit,
About having 2 wdisp/system_0 parameters, the second one (in the order they appear at the profile) will overwrite the first one. So, only the second wdisp/system_0 parameter is taking effect.
About icm/server_port_1 to 3, you are almost correct, Manuel .
Notice that each of the parameters is binding the same port but under a specific, different IP address (this is because the HOST argument is being used). Since HOST is being used, this should not be causing any issues.
It seems that the parameter icm/HTTP/redirect_00 will never be used. But in case it matches a request, it seems it would cause an issue as it seems to be making the browser redirect directly to the Portal, bypassing the Web Dispatcher. But this would be something for a different thread, maybe .
About the "connection refused" error, ensure that your firewall (that is "natting" the public IP to the Web Dispather IP) is allowing connections to the TCP ports 8100 and 44300. Your firewall has to accept connections on these ports (at the public IP) and then "nat" them to the Web Dispatcher IP at the same port.
Then, test the connection to your public domain, specifying the port you want to use. For example:
http://www.your-domain.com:8100
or
https://www.your-domain.com:44300
Best regards,
Isaías
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.