Skip to Content
avatar image
Former Member

SAPOSS RFC - Problem with saprouter

Dear all,

We do have a problem to start SAPOSS RFC from all SAP systems.

We do have an issue related to our saprouter.

Our environnement :

1. S00 is our SAP Solution Manager system (as example)

2. atd-saprouter is the server where the saprouter runs

3. We are using sapserv2 194.39.131.34

4. We have configured a SNC connection.

1. From atd-saprouter to S00 (Solman), the connection works

telnet ...

2. From S00 (Solman) to atd-saprouter, the connection works.

3. SAP can login to our S00. We have opened an R/3 connection in S00 and SAP is able to logued on to S00.

4. We have re-installed the sap certificate with sapgenpse. It works.

Info :

1. To start the saprouter, we are using the following command :

./saprouter -r -G sap-rtt.toto.ch.log -S 3299 -K "p:CN=sap-att.toto.ch, OU=0002273377, OU=SAProuter, O=SAP, C=DE"

2. Content of sap-rtt.toto.ch.log

Tue Mar 15 14:00:31 2011 INIT LOGFILE

Tue Mar 15 14:00:31 2011 READ ROUTTAB ./saprouttab o.k.

Tue Mar 15 14:00:52 2011 CONNECT FROM C1/- host 10.120.140.245/45161 (slv0745v)

Tue Mar 15 14:00:52 2011 CONNECT TO S1/2 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)

Tue Mar 15 14:00:52 2011 DISCONNECT S1/2 host 194.39.131.34/3299 (194.39.131.34)

Tue Mar 15 14:22:06 2011 CONNECT FROM C1/- host 10.120.140.246/39760 (totoslt0807v)

Tue Mar 15 14:22:06 2011 CONNECT TO S1/2 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)

Tue Mar 15 14:22:06 2011 DISCONNECT S1/2 host 194.39.131.34/3299 (194.39.131.34)

3. Here you have the saprroutab content :

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *

P * * *

4. dev_rout content file

-


trc file: "dev_rout", trc level: 1, release: "700"

-


Tue Mar 15 14:00:31 2011

SAP Network Interface Router, Version 38.10

command line arg 0: ./saprouter

command line arg 1: -r

command line arg 2: -G

command line arg 3: sap-rtt.toto.ch.log

command line arg 4: -S

command line arg 5: 3299

command line arg 6: -K

command line arg 7: p:CN=sap-rtt.toto.ch, OU=0002273377, OU=SAProuter, O=SAP, C=DE

SncInit(): Initializing Secure Network Communication (SNC)

AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 8/64/64)

SncInit(): Trying environment variable SNC_LIB as a

gssapi library name: "/usr/sap/saprouter/linux-x86_64-glibc2.3/libsapcrypto.so".

File "/usr/sap/saprouter/linux-x86_64-glibc2.3/libsapcrypto.so" dynamically loaded as GSS-API v2 library.

The internal Adapter for the loaded GSS-API mechanism identifies as:

Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2

main: pid = 32312, ppid = 24529, port = 3299, parent port = 0 (0 = parent is not a saprouter)

reading routtab: './saprouttab'

Tue Mar 15 14:00:52 2011

***LOG Q0I=> NiPConnect2: connect (111: Connection refused) [nixxi.cpp 2823]

  • ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 7

(SI_ECONN_REFUSE/111; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]

Tue Mar 15 14:22:06 2011

***LOG Q0I=> NiPConnect2: connect (111: Connection refused) [nixxi.cpp 2823]

  • ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 7

(SI_ECONN_REFUSE/111; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]

4. Result of the following command

./niping -c -H /H/194.39.131.34/H/194.39.131.34

***LOG Q0I=> NiPConnect2: connect (111: Connection refused) [nixxi.cpp 2823]

  • ERROR => NiPConnect2: SiPeekPendConn failed for hdl 0 / sock 3

(SI_ECONN_REFUSE/111; I4; ST; 194.39.131.34:3299) [nixxi.cpp 2823]

  • ERROR => NiTClientLoop: NiHandle (rc=-10) [nixxtst.cpp 2861]

  • ERROR partner '194.39.131.34:3299' not reached

  • TIME Tue Mar 15 14:38:00 2011

  • RELEASE 700

  • COMPONENT NI (network interface)

  • VERSION 38

  • RC -10

  • MODULE nixxi.cpp

  • LINE 2823

  • DETAIL NiPConnect2

  • SYSTEM CALL connect

  • ERRNO 111

  • ERRNO TEXT Connection refused

  • COUNTER 1

  • Any suggestions are welcome.

    Best regards

    SAP NetWeaverAdmin

    Add comment
    10|10000 characters needed characters exceeded

    • Follow
    • Get RSS Feed

    2 Answers

    • Best Answer
      Mar 15, 2011 at 03:08 PM

      ***LOG Q0I=> NiPConnect2: connect (111: Connection refused) http://nixxi.cpp 2823

      • ERROR => NiPConnect2: SiPeekPendConn failed for hdl 2 / sock 7

      (SI_ECONN_REFUSE/111; I4; ST; 194.39.131.34:3299)

      ERROR partner '194.39.131.34:3299' not reached

      • ERRNO TEXT Connection refused

      Either your SAPRouter is not properly registered with SAP or you have a problem with your firewall..

      Also, what type of SAPRouter connection are you using (VPN, SCN, ISDN)?

      Regards

      Juan

      Add comment
      10|10000 characters needed characters exceeded

    • Mar 16, 2011 at 02:35 PM

      Let me give you one last suggestion,

      Security wise your saprouttab is completely open

      3. Here you have the saprroutab content :

      KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

      KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *

      P * * *

      You should create one entry per system rather than * *

      1. SNC-connection from SAP to local R/3-System for Support

      KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <System_IP> 32XX

      1. Access from your local Network to SAP R/3 Frontend (OSS)

      P * 194.39.131.34 3299

      1. All other connections will be denied

      D * * *

      This info is available at service.sap.com/saprouter

      Regards

      Juan

      Add comment
      10|10000 characters needed characters exceeded