Skip to Content
avatar image
Former Member

SAP Dispatcher & firewall timeout on port 32xx

Hi team

I am a network administrator trying to find out how to ask the SAP administrators to change their configuration to prevent our firewall dropping sessions due to a timeout.

The problem is with one of the 32xx TCP ports betwen the application servers and the Central Services server. A firewall has been installed between these devices and we are getting regular timeouts on the firewall which drops the session.

This shows itself on the SAP servers through the following error message in the logs:

"Operating system call recv failed (error no. 15004)"

The effect is that work flow processes cannot complete and DB locks are not released. Eventually the system becomes inoperative.

Talking to the application support people, they need these particular sessions held up all the time the system is running. This is OK, but we cannot tell the firewall to do this. We can set long timeouts but I would rather that the application be responsible for its own destiny if possible.

[Edit] This doesn't appear to be an inactivity timeout so it might be what is called a half-close or other timeout. A half-close is when one device sends a TCP FIN but the other doesn't send a FIN-ACK within a specified period. It is not a common practice but I have seen it in other applications when the second device, after getting a FIN, decides to check a bunch of stuff and send more data. The FIN-ACK comes when it decides it has finished. It is a lazy way of finding out if both devices have finished.

We will be doing some further testing to isolate it but I would be very interested to know if anybody else has had this problem and what they did about it.

As I am not really a SAP user and very new to this, my apologies if this finds itself in the wrong section

Many Thanks

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Dec 30, 2016 at 12:58 PM

    Hello Laurie,

    Do you mean that the application servers are connecting to a TCP port 32xx at the Central Services server (that runs the SAP instance called "ASCS" or "SCS")?

    If yes, the process using the TCP port 32xx at the (A)SCS is the Enqueue.

    You can ask your SAP Basis team to set the parameter "enque/encni/set_so_keepalive = TRUE" at the (A)SCS profile and restart the (A)SCS in order to activate the parameter.

    This will activate the keepalive at the TCP/IP level.

    You might still need to adjust the operating system keepalive settings (SAP note 1410736 can help with that).



    Add comment
    10|10000 characters needed characters exceeded

  • Feb 15, 2018 at 04:32 PM

    SAP does not recommend to put firewalls between the network communication of application servers and database/Message servers.

    Check SAP Note

    2438832 - Network problems if firewall used between database and application servers

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 15, 2018 at 05:02 PM

    Hello Laurie Passmore,

    I would suggest you to go through below SAP Community blog

    Where should I place a firewall in my SAP landscape?



    Add comment
    10|10000 characters needed characters exceeded