Skip to Content

SAP Router configuration on Linux RedHat platform (error with SNCInit)

Hello SAP Gurus,

I need your hilfe. I have been trying to setup a SAPRouter in Linux a while ago and kind of got stuck in a variable in Linux. I tried the command to set the variable: export SNC_LIB=/usr/sap/saprouter/sapcrypto.mfand I see there is also another filesapcrypto.lst(these two files, and more, where unzipped when ran the SAPCAR for the SAPCRYPTOLIBPxxxx.SAR). Ofcourse, also set the variables SECURDIR and PATH.
Also SAPCAR my saprouterxxx.SAR file.

When I run my script “./script” I get the following:

__________________________________________________________________
\n Starting saprouter

[root@saprouter saprouter]#

*****************************************************************************

*
* ERROR SNC processing failed:
* SncInit
*
* TIME Thu May 25 12:19:34 2017
* RELEASE 745
* COMPONENT NI (network interface)
* VERSION 40
* RC -17
* MODULE /bas/745_REL/src/base/ni/nisnc.c
* LINE 553
* DETAIL NiSncInit: sncrc=-1
* COUNTER 4
*

*****************************************************************************

trcfile dev_rout

_______________________________________________________

This is the script thta I am applying:
####################################################

export PATH=$PATH:/usr/sap/saprouter
export SECUDIR=/usr/sap/saprouter
export SNC_LIB=/usr/sap/saprouter/sapcrypto.mf

SRDIR=/usr/sap/saprouter
LOGFILE=$SRDIR/saproute.log
if [ -f $SRDIR/saprouter ]; then
echo "\n Starting saprouter" | tee -a $LOGFILE
$SRDIR/saprouter -r -R $SRDIR/saprouttab -G $LOGFILE -W 60000 -K "p:CN=saprouter, OU=0000672351, OU=saprouter, O=SAP, C=DE" | tee -a $LOGFILE &

fi
###########################################

The script above was created in Linux, not created in Windows and then exported to Linux.

When I run the command: sapgenpse get_my_name -v -n Issuer

I get the issuer digital certificate without any problem, everything appears "ok"
*****Opening PSE "/usr/sap/saprouter/local.pse"... PSE (v2) open ok. Retrieving my certificate... ok. Getting requested information... ok. SSO for USER "root" with PSE file "/usr/sap/saprouter/local.pse" Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE*****

And when I run a “cat dev_rout” I get the following message
---------------------------------------------------

trc file: "dev_rout", trc level: 1, release: "745"

---------------------------------------------------

Thu May 25 12:25:13 2017

SAP Network Interface Router, Version 40.4

command line arg 0: /usr/sap/saprouter/saprouter

command line arg 1: -r

command line arg 2: -R

command line arg 3: /usr/sap/saprouter/saprouttab

command line arg 4: -G

command line arg 5: /usr/sap/saprouter/saproute.log

command line arg 6: -W

command line arg 7: 60000

command line arg 8: -K

command line arg 9: p:CN=saprouter, OU=0000672351, OU=saprouter, O=SAP, C=DE

SncInit(): Initializing Secure Network Communication (SNC)

AMD/Intel x86_64 with Linux (mt,ascii,SAP_UC/size_t/void* = 8/64/64)

UserId="root" (0), envvar USER="root"

SncInit(): Trying environment variable SNC_LIB as

gssapi library name: "/usr/sap/saprouter/sapcrypto.mf".

*** ERROR => DlLoadLib()==DLENOACCESS - dlopen("/usr/sap/saprouter/sapcrypto.mf") FAILED

"/usr/sap/saprouter/sapcrypto.mf: invalid ELF header" [dlux.c 521]

*** ERROR => SncPDLInit()==SNCERR_INIT, Adapter #1 (/usr/sap/saprouter/sapcrypto.mf) not loaded [/bas/745_R 727]

<<- SncInit()==SNCERR_INIT

sec_avail = "false"

*** ERROR => NiSncInit: SncInit failed (sncrc=-1) [nisnc.c 555]

*** ERROR => main: NiSncInit failed (rc=-17) [nirout.cpp 1958]

*****************************************************************************

*

* ERROR SNC processing failed:
* SncInit

*

* TIME Thu May 25 12:25:13 2017

* RELEASE 745

* COMPONENT NI (network interface)

* VERSION 40

Thu May 25 12:25:13 2017

* RC -17

* MODULE /bas/745_REL/src/base/ni/nisnc.c

* LINE 553

* DETAIL NiSncInit: sncrc=-1

* COUNTER 4

*

*****************************************************************************

<<- ERROR: SncDone()==SNCERR_INIT_FIRST

I am log as root user, I would highly appreciate your help towards this matter.

Thank you in advanced,

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • May 26, 2017 at 10:51 PM

    Hello Experts,

    After a few tweaks, I am getting the following message after running my script:

    \n Starting saprouter
    [root@saprouter saprouter]#
    ***************************************************************************** *
    * LOCATION SAProuter 40.4 on 'saprouter'
    * ERROR service '0.0.0.0:3299' in use *
    * TIME Fri May 26 17:43:33 2017
    * RELEASE 745
    * COMPONENT NI (network interface)
    * VERSION 40
    * RC -4
    * MODULE /bas/745_REL/src/base/ni/nixxi.cpp
    * LINE 3831
    * DETAIL NiIBindSocket
    * SYSTEM CALL bind
    * ERRNO 98
    * ERRNO TEXT Address already in use
    * COUNTER 2 Fri May 26 17:43:33 2017
    * *****************************************************************************

    trcfile dev_rout

    My script looks now like this:
    export PATH=$PATH:/usr/sap/saprouter
    export SECUDIR=/usr/sap/saprouter
    export SNC_LIB=/usr/sap/saprouter/libsapcrypto.so

    SRDIR=/usr/sap/saprouter
    LOGFILE=$SRDIR/saproute.log
    if [ -f $SRDIR/saprouter ]; then
    echo "\n Starting saprouter" | tee -a $LOGFILE
    $SRDIR/saprouter -r -R $SRDIR/saprouttab -G $LOGFILE -W 60000 -K "p:CN=saprouter, OU=0000672351, OU=saprouter, O=SAP, C=DE" | tee -a $LOGFILE &

    fi

    Thanks again for your support. I believe there was a post similar to this but I am getting a different error message. PLease hilfe.

    Add comment
    10|10000 characters needed characters exceeded

  • May 29, 2017 at 11:40 PM

    Hello Alfonso,

    The new error indicates that there is another process (another saprouter?) already using the TCP/IP port 3299:

    * ERROR service '0.0.0.0:3299' in use *
    * TIME Fri May 26 17:43:33 2017
    * RELEASE 745
    * COMPONENT NI (network interface)
    * VERSION 40
    * RC -4
    * MODULE /bas/745_REL/src/base/ni/nixxi.cpp
    * LINE 3831
    * DETAIL NiIBindSocket
    * SYSTEM CALL bind
    * ERRNO 98
    * ERRNO TEXT Address already in use

    You can follow this WIKI page for assistance in identifying which is the other process.

    Then, you need to stop this other process, so the saprouter can use the port 3299.

    Regards,

    Isaías

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Alfonso,

      Something must be changing the environment variables.

      I'm not sure how you could track what is doing it, no ideas come to my mind at this point :).

      About the connection not working, do you see any entries being written at the saprouter trace (dev_rout) or log file (saproute.log)? You can perform "connection tests" at SM59 and see whether the same entries are written every time the test is performed.

      If you see entries related to the connection issue, please post them here.

      If this is urgent, you could open an SAP incident under the component XX-SER-NET. They can help with the connection between customers and SAP.

      I do not work with that area, but I work with the saprouter component.

      Regards,

      Isaías

  • Jun 27, 2017 at 05:58 PM

    Hola Isaias,

    Sorry for my late reply. I will check it, and let you know. I tried setting up a saprouter and works perfectly (in a Windows environment).

    This is the dev_rout I get, which is weird again since I got it right after I stopped the saprouter -s and then start my script:

    [root@saprouter saprouter]# cat dev_rout
    ---------------------------------------------------
    trc file: "dev_rout", trc level: 1, release: "745"
    ---------------------------------------------------
    Tue Jun 27 12:55:52 2017
    SAP Network Interface Router, Version 40.4
    command line arg 0:     /usr/sap/saprouter/saprouter
    command line arg 1:     -r
    command line arg 2:     -R
    command line arg 3:     /usr/sap/saprouter/saprouttab
    command line arg 4:     -G
    command line arg 5:     /usr/sap/saprouter/saproute.log
    command line arg 6:     -W
    command line arg 7:     60000
    command line arg 8:     -K
    
    Tue Jun 27 12:55:53 2017
    command line arg 9:     p:CN=saprouter, OU=0000672351, OU=saprouter, O=SAP, C=DE
    SncInit(): Initializing Secure Network Communication (SNC)
          AMD/Intel x86_64 with Linux (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
          UserId="root" (0), envvar USER="root"
    SncInit(): Trying environment variable SNC_LIB as
        gssapi library name: "/usr/sap/saprouter/libsapcrypto.so".
      File "/usr/sap/saprouter/libsapcrypto.so" dynamically loaded as GSS-API v2 library.
      SECUDIR="/usr/sap/saprouter" (from $SECUDIR)
      The internal Adapter for the loaded GSS-API mechanism identifies as:
      Internal SNC-Adapter (Rev 1.1) to CommonCryptoLib
      Product Version = CommonCryptoLib 8.5.12 (Apr 12 2017) [SSE3]
    main: pid = 972, ppid = 1, port = 3299, parent port = 0 (0 = parent is not a saprouter)
    reading routtab: '/usr/sap/saprouter/saprouttab'
    
    If I open a ticket with SAP, are they going to charge me? :(  We can only open 2 tickets a year in SAP.

    When I run the following command netstat -anp|grep 3299; I get:

    tcp 0 0 0.0.0.0:3299 0.0.0.0:* LISTEN 972/saprouter

    Thank you in advanced for all your help,

    Alfonso

    Add comment
    10|10000 characters needed characters exceeded