Skip to Content

SAP Dispatcher & firewall timeout on port 32xx

Dec 29, 2016 at 05:57 PM


avatar image

Hi team

I am a network administrator trying to find out how to ask the SAP administrators to change their configuration to prevent our firewall dropping sessions due to a timeout.

The problem is with one of the 32xx TCP ports betwen the application servers and the Central Services server. A firewall has been installed between these devices and we are getting regular timeouts on the firewall which drops the session.

This shows itself on the SAP servers through the following error message in the logs:

"Operating system call recv failed (error no. 15004)"

The effect is that work flow processes cannot complete and DB locks are not released. Eventually the system becomes inoperative.

Talking to the application support people, they need these particular sessions held up all the time the system is running. This is OK, but we cannot tell the firewall to do this. We can set long timeouts but I would rather that the application be responsible for its own destiny if possible.

[Edit] This doesn't appear to be an inactivity timeout so it might be what is called a half-close or other timeout. A half-close is when one device sends a TCP FIN but the other doesn't send a FIN-ACK within a specified period. It is not a common practice but I have seen it in other applications when the second device, after getting a FIN, decides to check a bunch of stuff and send more data. The FIN-ACK comes when it decides it has finished. It is a lazy way of finding out if both devices have finished.

We will be doing some further testing to isolate it but I would be very interested to know if anybody else has had this problem and what they did about it.

As I am not really a SAP user and very new to this, my apologies if this finds itself in the wrong section

Many Thanks

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Isaias Freitas
Dec 30, 2016 at 12:58 PM

Hello Laurie,

Do you mean that the application servers are connecting to a TCP port 32xx at the Central Services server (that runs the SAP instance called "ASCS" or "SCS")?

If yes, the process using the TCP port 32xx at the (A)SCS is the Enqueue.

You can ask your SAP Basis team to set the parameter "enque/encni/set_so_keepalive = TRUE" at the (A)SCS profile and restart the (A)SCS in order to activate the parameter.

This will activate the keepalive at the TCP/IP level.

You might still need to adjust the operating system keepalive settings (SAP note 1410736 can help with that).



10 |10000 characters needed characters left characters exceeded