If you are uncertain, which Ports are available you can call the Message Server URL as follows: 
In the ABAP Instance you should first run the Task Lists/Program in this Order as the two Task Lists might check for different Technical Users and provoke that the S-User(s) are locked in the SAP OSS Backend.
Until here, a lot of Problems can happen, for Example:
Here we have now the "Chicken - Egg Problem". At this Stage, the ABAP Instance SM9 has no Information about the assigned JAVA Instance SJ9. So calling tx. SOLMAN_SETUP will not start due the missing entries in Table HTTPURLLOC
Always read carefully the Documentation, as I missed already some settings here
Tipp: use tx. SU10 and switch the Users from System to Service, in case you miss additional logon Messages.
Be aware, that the System Preparation must be execute successfully and every Step appears as green. Every shaky decision here and you will pay for it in the upcoming steps.
If you not properly set the SSL Access Points and System Parameters for the JAVA Instance and/or you have mismatches in the ABAP SSL configuration, you might see no entries or only the server host values and ports without the Domain Extension.
the Step: Create RFC Connectivity is not correct. Go to the RFC Destination and modify the entries and add the ABAP Message Server Details and ensure that the JCo Providers in the JAVA Instance are correctly started. Furthermore the assigned Users should have correct Roles and are not locked
Please Note: Without a correctly Configured SAP Diagnostic Agent on the SolMan Host, the existing CA Introscope Installation cannot be detected and ignoring this, would again end up in follow up Errors in the SolMan Configuration. Make sure that everything is correctly activated here.
Last Changed: 27th of September 2023
SAP MacGyver - Installing SAP SolMan 7.2
Blog Content
- Motivation
- Installation - SolMan ABAP and JAVA Instances
- Installation - (correctly) the Diagnostic Agent
- Preparation - SolMan 7.2 Configuration
- Update Certificates in ABAP and JAVA
- SolMan 7.2 - System Configuration
- SolMan 7.2 - Infrastructure Preparation
- SolMan 7.2 - Mandantory Configuration
- SolMan 7.2 - the System is configured
Motivation
Why SAP MacGyver? Ok, that is obvious. There is no SAP Product like the SAP Solution Manager 7.x which needs more creativity with a skillful set of knowledge and capabilities about the Complete Range of SAP (NetWeaver) Technology with the Challenge of a Software Release which is out of Maintenance like SAP NetWeaver 7.40 and the usage of SAP BI-JAVA 7.50
Like Angus MacGyver and his tools: the Swiss Army Knife, Duck Tape, Paper Clip, Matches and a lot of SAP Background Knowledge plus Creativity is necessary to finalize the Task successfully.
Blog - SAP Solution Manager 7.2 SPS13 is Released, What’s In It for Me?
Blog - SAP Solution Manager 7.2 SPS14 Just Dropped. What’s in it for You?
Blog - Check Out the Impressive Innovations Just Delivered with SAP Solution Manager 7.2 Support Package St...
Blog - Support Package Stack 17 for SAP Solution Manager 7.2 is now released!
Since 2007, as the Solution Manger 7.1 was mandantory for the NetWeaver Upgrade to 7.3x and higher, I have implemented several times the SAP SolMan 7.x with different SP Levels and Releases. No Installation was the same as the first one, but the main Challenges/Problem remain the same even after almost 1 1/2 decades. I even succeeded a 7.1 Systemcopy which was impossible to do, but with the BW Postcopy Automation is was and is also today.
Installation - SolMan ABAP and JAVA Instances
You start with the creation of the ABAP and JAVA Instance in the Maintenance Planner and select the needed usages types and for ABAP 7.40 the SAP_UI Frontend 7.54. Please Note, the assigned SAP JAVA Version is now 7.50, where already the first Challenge begins.
Blog - Updates to enhanced Maintenance Planner
The good news: There is now the Service Release 2 (SR2) for SolMan 7.2 based on SP12 available, and the delta to apply is now marginal, if you imagine that SR1 was based on SP04. However this Delta hast to be applied after the initial Installation with SAINT for ABAP and SUM for JAVA.
separate Download of SR2 for SolMan 7.2
For the current SolMan 7.2 Installation based on SR2, you still have to unzip the four Files in it's own Directory to the Download Folder to be able to recognized by the SWPM 1.0 which is still be used. (e.g. SWPM10SP32_6-20009701.SAR)
ABAP Instance SM9 for SolMan 7.2
As the Add-On Focus Build 2.0 is not Part of the SR2 Export, you have to install this after the technical ABAP Installation with tx. SAINT including the rest of the Support Packages.
Automated Initial Setup of ABAP Systems Based on SAP NetWeaver
Installed Software on SM9
Calling sapinst for the ABAP Instance with the stack.xml
./sapinst SAPINST_STACK_XML=/software/SolMan/MP_Stack_1001276584_20210924_SM9_server.xmlFor JAVA this will not work, as otherwise the error Message "The content has been tampered" will occur. in the second Step, you can use the stack.xml to apply SP13 and the JAVA Patches.
Note 2449282 - The integrity check for [TOC.XML, usages_data.xml, pv_descriptor.xml] of Java Compone...
Note 2498029 - Solman installation Error: requested package Java Component NW740 SPS12 or NW750 (fol...
Note 2591258 - ERROR in Selftest. Return code: 3 during start of SWPM Tool (sapinst)
Installation - (correctly) Diagnostic Agent
as this topic becomes more complex, an additional Blog is available now
Blog - another Mystery solved – connect Diagnostic Agent properly
If possible, correct the settings in the connected host and check the availability of the Diagnostic Agents, as an incorrect configuration will interfere in several steps later.
Assign the Diagnostic Agent to the host - SolMan Secure Setup
Nevertheless, the Information of a SAP HANA Database always shows incomplete in several occasions, despite of the time you spend in the investigation of the missing data.
Error Messages during the Managed System Configuration on SAP HANA
The definition of Technical System 'SJ9~JAVA' is not correct: 'SJ9~JAVA': Database 'HM9' must have at least oneHost.
The definition of Technical System 'H4S~HANADB' is not correct: 'H4S~HANADB': Database 'H4S' must have one Software Component Version.
The definition of Technical System 'H4S~HANADB' is not correct: 'H4S~HANADB': Installed Technical System 'H4S~HANADB~server' must have at least one Server
No instances could be loaded from landscape for H4S/HANADB
No Content supplied to EFWK Setup. Nothing to Configure. Please check PPMS Information in Landscape.
Note 2537063 - Kernel component of NetWeaver ABAP system is missing in SLD
This is an Example during the the Managed System Configuration.
Make sure that you cascade the Managed System Configuration for the components as follows:
- (1) the host where the SAP Components are Installed
- (2) the SAP HANA database where the ABAP/JAVA Instances are Installed
- (3) the ABAP Instance which installed on SAP HANA
- (4) optional: the JAVA Instance which is connected to ABAP
switch the Status to "Manually Performed"
as the SolMan has several "Self healing capabilities" and a lot of Job's are executed in Background, the status of the configuration changes from red to green.
Managed System Configuration - Overview
Preparation - SolMan 7.2 Configuration
First Thing is beside the correct System Parameters, is the Checklist for Support Backbone Update
The Document - SAP First Guidance – SEM/BW Modelling in SolMan 7.x with MOPz/MP also contains additional Information for this Step.
Details about the correct SAP Parameters can be found also in the Document - SAP First Guidance - SAP BW on HANA – Edition 2021
Details about the Diagnostic Registration can be found in the Document - SAP First Guidance – SEM/BW Modelling in SolMan 7.x with MOPz/MP
Note 2113602 - SOLMAN_SETUP in Solution Manager 7.2 - Responsibility of individual steps and helpful...
### >>> these following Parameters are added to the Instance Profile <<<
SETENV_06 = SECUDIR=$(DIR_INSTANCE)$(DIR_SEP)sec
SETENV_16 = SAPSSL_CLIENT_SNI_ENABLED=TRUE
SETENV_17 = SAPSSL_CIPHERSUITES=545:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
SETENV_18 = SAPSSL_CLIENT_CIPHERSUITES=918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
csi/enable = 0
icm/min_threads = 16
icm/max_threads = 32
icm/max_conn = 512
icm/keep_alive_timeout = 180
icm/conn_timeout = 50000
icm/host_name_full = $(SAPLOCALHOST).$(SAPFQDN)
icm/HTTP/logging_0 = PREFIX=/, LOGFILE=icmhttph.log, FILTER=SAPSMD, LOGFORMAT=SAPSMD2, MAXSIZEKB=10240,FILEWRAP=on, SWITCHTF=month
icm/HTTP/logging_client_0 = PREFIX=/, LOGFILE=http_client_log, LOGFORMAT=%t %H %a - %r %s %b %{Content-Length}i %L, MAXSIZEKB=102400, FILEWRAP=on
### >>> these following Parameters must reside in the DEFAULT.pfl <<<
icf/cors_enabled = 1
icf/set_HTTPonly_flag_on_cookies = 1
icf/user_recheck = 1
icf/reject_expired_passwd = 1
icm/HTTP/file_access_1 = PREFIX=/clientaccesspolicy.xml,DOCROOT=$(DIR_INSTANCE)/sec, DIRINDEX=clientaccesspolicy.xml
icm/HTTP/file_access_2 = PREFIX=/crossdomain.xml,DOCROOT=$(DIR_INSTANCE)/sec, DIRINDEX=crossdomain.xml
icm/server_port_0 = PROT=HTTP,PORT=80$(SAPSYSTEM),PROCTIMEOUT=180,TIMEOUT=3600
icm/server_port_1 = PROT=HTTPS,PORT=81$(SAPSYSTEM),PROCTIMEOUT=180,TIMEOUT=3600,SSLCONFIG=ssl_config_1
icm/ssl_config_1 = CRED=SAPSSLS.pse,VCLIENT=1
icm/server_port_2 = PROT=SMTP,PORT=25$(SAPSYSTEM),PROCTIMEOUT=180,TIMEOUT=2000
icm/HTTP/server_cache_0 = PREFIX=/, CACHEDIR=$(DIR_DATA)/cache
icm/HTTP/server_cache_0/size_MB = 100
icm/HTTP/max_request_size_KB = 1024000
is/HTTP/show_detailed_errors = TRUE
icm/HTTPS/client_sni_enabled = TRUE
icm/HTTPS/verify_client = 1
is/SMTP/virt_host_0 = *:25$(SAPSYSTEM)
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 3
mpi/total_size_MB = 64
ms/server_port_0 = PROT=HTTP,PORT=82$(SAPSYSTEM)
ms/server_port_1 = PROT=HTTPS,PORT=83$(SAPSYSTEM)
ms/urlmap_secure = 1
ms/urlprefix_secure = 1
sec/rsakeylengthdefault = 4096
ssl/client_sni_enabled = TRUE
ssl/ciphersuites = 545:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
ssl/client_ciphersuites = 918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGHSSL Parameter in ABAP Instance - SM9
You can check your Cipher Configuration as follows (Client/Server):
lt5087:sm9adm > sapgenpse tlsinfo -v -c 918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
lt5087:sm9adm > sapgenpse tlsinfo -v -p /usr/sap/SM9/DVEBMGS16/sec/SAPSSLS.pse 545:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH### >>> these following Parameters are added to the Instance Profile <<<
SETENV_05 = PATH=$(DIR_EXECUTABLE):%(PATH)
SETENV_06 = SECUDIR=$(DIR_INSTANCE)$(DIR_SEP)sec
SETENV_16 = SAPSSL_CLIENT_SNI_ENABLED=TRUE
SETENV_17 = SAPSSL_CIPHERSUITES=903:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
SETENV_18 = SAPSSL_CLIENT_CIPHERSUITES=918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
icm/host_name_full = $(SAPLOCALHOST).$(SAPFQDN)
icm/keep_alive_timeout = 180
icm/HTTP/ASJava/disable_url_session_tracking = FALSE
icm/server_port_0 = PROT=P4SEC, PORT=51805, TIMEOUT=240, PROCTIMEOUT=900, SSLCONFIG=ssl_config_0
icm/server_port_1 = PROT=P4, PORT=51804, TIMEOUT=240, PROCTIMEOUT=900
icm/server_port_2 = PROT=IIOP, PORT=51807, TIMEOUT=240, PROCTIMEOUT=900
icm/server_port_3 = PROT=IIOPSEC, PORT=51806, TIMEOUT=240, PROCTIMEOUT=900, SSLCONFIG=ssl_config_3
icm/server_port_4 = PROT=TELNET, PORT=51808, TIMEOUT=240, PROCTIMEOUT=900
icm/server_port_5 = PROT=HTTPS, PORT=51801, TIMEOUT=240, PROCTIMEOUT=900, SSLCONFIG=ssl_config_5
icm/server_port_6 = PROT=HTTP, PORT=51800, TIMEOUT=240, PROCTIMEOUT=900
icm/ssl_config_0 = VCLIENT=0, CRED=/hanamnt/data/data2/SJ9/J18/sec/SAPSSLS_51805.pse
icm/ssl_config_3 = VCLIENT=0, CRED=/hanamnt/data/data2/SJ9/J18/sec/SAPSSLS_51806.pse
icm/ssl_config_5 = VCLIENT=0, CRED=/hanamnt/data/data2/SJ9/J18/sec/SAPSSLS_51801.pse
igs/listener/rfc/disable = 1
j2ee/dbdriver = /usr/sap/SJ9/hdbclient/ngdbc.jar
j2ee/instance_id = ID1899919
jstartup/max_caches = 500
jstartup/service_acl = *
jstartup/trimming_properties = off
jstartup/vm/home = $(DIR_SAPJVM)
jstartup/vm/parameters = -Dsap.runtime.vm.allow=*;SAP*;*;*
### >>> these following Parameters must reside in the DEFAULT.pfl <<<
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 3
ms/server_port_0 = PROT=HTTP,PORT=80$(SAPSYSTEM)
ms/server_port_1 = PROT=HTTPS,PORT=81$(SAPSYSTEM)
# ms/server_port_1 = PROT=HTTPS,PORT=444$(SAPSYSTEM)
icm/HTTPS/client_sni_enabled = TRUE
sec/rsakeylengthdefault = 4096
service/protectedwebmethods = SDEFAULT -GetVersionInfo -ListLogFiles -ReadLogFile -ParameterValue -J2EEGetProcessList -PerfRead -MtGetTidByName
ssl/client_sni_enabled = TRUE
ssl/client_ciphersuites = 918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
ssl/ciphersuites = 903:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
ssl/pse_provider = JAVA
system/secure_communication = OFF
install/umask=002
service/umask=002SSL Parameter on JAVA Instance - SJ9
Typical Error Message to this Topic:
ERROR => IcmHandleMonitorMessage: MpiGetInbuf failed (rc = 14) [icxxmsg.c 1027]
ERROR => IcmConnInitServerSSL: SapSSLSessionStartNB returned (-58): SSSLERR_SSL_READ [icxxconn.c 2002]
ERROR => MsHttpLBThread: SapSSLSessionStart (rc=-102) SSSLERR_PEER_CERT_UNTRUSTED [msxxhttp.c 9808]
ERROR => NiISSLReadPending: hdl 44 SapSSLReadNB(0) rc=-108, SSSLERR_UNSUPP_PROTOCOL_VERSION
ERROR => illegal path specified {00000041} [http_plg.c 4844]
ERROR => NiISSLReadPending: hdl 40 SapSSLReadNB(0) rc=-100, SSSLERR_NO_COMMON_CIPHERSUITE
ERROR: SapSSLSessionStart(sssl_hdl=7f4ef0006500)==SSSLERR_NO_COMMON_CIPHERSUITE
ERROR => MsSSLThread: SapSSLSessionStart (rc=-100) SSSLERR_NO_COMMON_CIPHERSUITE
ERROR => HttpPlugInHandleNetData: HttpParseRequestHeader failed (rc=701)
ERROR => IctHttpOpenMessage: illegal HTTP version request
ERROR => IcmHandleMonitorMessage: MpiGetInbuf failed (rc = 14) [icxxmsg.c 1027]
ERROR => IcmReadFromPartner(id=1/242): No data from server received, role: Server, (rc=MPI_EBROKEN: pipe broken/canceled/7)
received a fatal TLS certificate unknown alert message from the peer
secussl_read: SSL_read() failed => "Unsupported SSL/TLS protocol version in ClientHello."
SAP Notes assign to the Task/Topic:
Checklist for Support Backbone Update - SP 10
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523996872
Note 2110020 - Enabling TLS or disabling SSLv3 protocol versions on SAP WebDispatcher, or SAP WebAS ...
Note 2174416 - Creation and activation of Technical Communication Users - SAP ONE Support Launchpad
Note 2180024 - HANA & ABAP: New Option to Enable/Disable FIPS 140-2 Certified Crypto Kernel
Note 2359837 - Troubleshooting for "Support Hub Connectivity" in Solution Manager 7.2 up to SP04
Note 2384243 - NetWeaver Application Server: How to configure strict TLS 1.2
Note 2384290 - SapSSL update to facilitate TLSv1.2-only configurations, TLSext SNI for 721+722 clien...
Note 2384243 – NetWeaver Application Server: How to configure strict TLS 1.2
Note 2392700 - ICM: Error in HTTP Request: Invalid request line(9)
Note 2454045 - SAP Support Backbone Connectivity Troubleshooting in Solution Manager 7.2 - Guided An...
Note 2500061 - Support Hub Connectivity: Configuration Steps in SAP Solution Manager 7.2 as of SP05
Note 2502646 - This site can’t be reached - error to access URL of GUI (SL Common GUI - web-based GU...
Note 2506964 - Log Viewer displays error messages
Note 2522789 - How to check error ' Web service ping failed for logical port LP_SISE_SUPPORTHUB ' in...
Note 2593926 - Incompatible ICM / SAP Web Dispatcher Parameter Changes in 773 - Deprecated, Obsolete...
Note 2620715 - 503 Service not available error due to ICMERUNLEVELSTOPPED
Note 2665893 - LOG Q0I=> NiPConnect: /tmp/.sapicmXXXXX: connect (13: Permission denied)
Note 2880840 - Known issues in SAP Solution Manager 7.2 after the change in Support Backbone startin...
Note 2806747 - Support of TCP/IP keepalive for ICM client connections
Note 2833948 - ICM - Potential Deadlock and Hanging Situation
Note 2854431 - ICM - HTTP Client Connections Hang for POST Requests via HTTP/2
Note 2907312 - receive method failed with return code SY_SUBRC 1 in job SAP_LMDB_DOWNLOAD_CONTENT
Note 2948210 - SAML does not work after setting parameter spnego/enable = 1
Note 2962555 - SSSLERR_SSL_CONNECT error when using SAP MMC
Note 3010412 - SAP Support Backbone - Configuration Overview, Responsibilities and Troubleshooting
Note 3096731 - Browser shows logon pop-up after configuring Kerberos SSO for SAPGUI on ABAP system
Note 3112136 - SAPLHTTP - System User, Wait inline for
Note 3115847 - CLM: SSF_CERT_RENEW cannot renew certificates where subject and SANs extend 255 chara...
Note 3195039 - HTTP modification rules cannot be displayed properly in web admin UI and SMICM
Note 1668882 - Note Assistant: Important notes for SAP_BASIS 730,731,740,750
Note 2827658 - Automated Configuration of new Support Backbone Communication - Update 02
Note 2869143 - Composite note for handling of Digitally Signed SAP Notes in Note Assistant (SNOTE tx...
Patching SolMan 7.2 SPS 14 will be requested by the SolMan Setup anywhere.
Support Package: SAPK-72014INSTMAIN
Components: SV-SMG-INS-CFG, SV-SMG-LDB
Category: Program error
Patching SAP_UI 7.54 is also mandantory. See the Document - SAP First Guidance – complete functional scope (CFS) for SAP BW/4HANA
Update tx. SNOTE
- SAP_SUPPORT_HUB_CONFIG
- SAP_BASIS_CONFIG_OSS_COMM
- RCWB_TCI_DIGITSIGN_AUTOMATION
task list SAP_SUPPORT_HUB_CONFIG
tx. SRT_ADMIN in Client 000
task list SAP_BASIS_CONFIG_OSS_COMM
Program RCWB_TCI_DIGITSIGN_AUTOMATION
Program RCWB_SNOTE_DWNLD_PROC_CONFIG
- locked technical User(s)
- wrong credentials or User
- missing Certificates
- missing SAP Corrections
- missing Parameters and Configurations
- etc.
Please Note: for SolMan 7.x and the activation of the SAP Backbone you will need two different kind of technical communication users:
- a technical User "Administrator"
- the technical User(s) itself
https://launchpad.support.sap.com/#/techuser
Update Certificates in ABAP and JAVA
Before starting with the SolMan configuration, you should renew all necessary Certificates on the ABAP and JAVA Instances, to avoid any follow up Problems (which will occur definitely ... ;-))
SAP Help - SAP Support Backbone Update Checklists
Important SAP Notes:
Note 2500061 - Support Hub Connectivity: Configuration Steps in SAP Solution Manager 7.2 as of SP05
Note 2631190 - Download location of SSL certificates required for Support Hub Connectivity configura...
Note 2716729 - SAP backbone connectivity - SAP Parcel Box configuration
Note 2827658 - Automated Configuration of new Support Backbone Communication - Update 02
Note 2820957 - Destinations SAP-SUPPORT_PARCELBOX and SAP-SUPPORT_NOTE_DOWNLOAD giving error 401 Una...
Note 2836302 - Automated guided steps for enabling Note Assistant for TCI and Digitally Signed SAP N...
Note 2911301 - SAP Support Portal connection - Renew client certificate of technical S-user
Note 2946444 - SAP Support Portal connection - Renew client certificate of technical S-user accordin...
Note 3053425 - Download test note 2424539, "HTTP request for SAP-SUPPORT_PORTAL failed: Unauthorized...
Note 3079094 - In tx. STC01: Task list SAP_BASIS_CONFIG_OSS_COMM is missing on systems with Basis re...
tx. STRUSTSSO2 - SSL Server Standard
tx. STRUSTSSO2 on the ABAP Instance - SM9
Program RSUPPORT_HUB_CERT_RENEWAL
check the ICM log for errors
Import the Root Certificate to the SSL Server Standard (SAPSSLS.pse)
solve all issues in the SMMS/SMICM log to avoid follow up errors
ssl/ciphersuites = 903:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_ciphersuites = 918:PFS:HIGH::EC_P256:EC_HIGHNWA Security overview in the JAVA Instance - SJ9
update Certificates and create SSL access Points
all SSL access Points on the JAVA Instance are active
Don't underestimate this preparation steps, without the correct Setup here several Activities in the SolMan Activation will have inconsistencies or even fail. As I have checked a lot of Customer Incidents pointing always to the same kind of problems, this is really crucial.
Now it is a good time to run a Backup of the System, as you don't want to do this again in case you have to restart the configuration ... 😉
SolMan 7.2 - System Configuration
SAP Help - Security Guide - Secure Configuration
You should create the user SOLMAN_ADMIN to run the Secure Configuration to avoid the usage of the Profil SAP_ALL. Furthermore the SMUA (Solution Manager User Administration) should be setup in a different Client or System, e.g. where also the FRUN 2.0 Add-On can be reside.
But running the Setup without the SAP_ALL Profile, the Secure Configuration might fail several times. If the User has SAP_ALL, the User will get always this annoying message above.
check table PRGN_CUST in Advance
SAP Notes related to the Topic/Task:
Note 2250709 - Solution Manager 7.2: End-User Roles and Authorizations Corrections as of SP01 and hi...
Note 2257213 - Authorizations for RFC users for SAP Solution Manager 7.2 SP02 and higher
Note 2512575 - Check User Management Engine Settings activity in SAP Solution Manager 7.2 as of SP03
Note 3070170 - Diagnostics agent cannot establish a P4 connection to the managed system
as the SLD is still used in the Background somewhere run the SLD setup first
https://server.domain.ext:<HTTPS-Port>/sld/fun/index.jspSetup of the SLD on the JAVA Instance - SLD
as you already updated some Roles from the mentioned SAP Note, you can also run tx. SU25 in advance to save some time later like the creation of the local SLD.
Initial Load January 2021 - Initial Full Import for SAP CR Content 2021
Delta Load September 2021 - cimSAP-09.2021 - CRDelta-09.2021
Delta Load October 2021 - cimSAP-10.2021 - CRDelta-10.2021
Update the local SLD with the Data from the ABAP (SM9) and the JAVA (SJ9) Instance like described in the Document - SAP First Guidance – complete functional scope (CFS) for SAP BW 7.50
tx. SU25
https://server.domain.ext:<HTTPS-Port>/sap/bc/webdynpro/sap/wd_sise_main_app?sap-client=001&sap-lang...table HTTPURLLOC (tx. HTTPURLLOC)
Calling tx. SOLMAN_SETUP for the first time should be a User with enough Permission as the created User SOLMAN_ADMIN doesn't have all authorizations at this time.
tx. SOLMAN_SETUP
Check Prerequisites successfully done
Note 1483276 - Use of Customizing Parameters in DNO_CUST04, AGS_WORK_CUSTOM, and ICT_CUSTOM
URL_DISPLAY_NOTE
Will be replaced after ST 710 - SP16 and ST720 - SP06. Refer to IM_SAP_NOTE_DISPLAY_URL.
URL_SEARCH_NOTE
Will be replaced after ST 710 - SP16 and ST720 - SP06. Refer to IM_SAP_NOTE_SEARCH_URL.
Set Up Connection to SAP successfully done
All Essential Corrections already applied before
Maintain carefully the Technical ABAP User
SAP Help - Automatic User Creation Options Using Transaction SOLMAN_SETUP
tx. SU10 - Switch the Users to Type "Service"
System Preparation successfully done
SAP Notes related to the Task:
Note 1886567 - SSO wizard fails when configuring template evaluate_assertion_ticket
Note 2068872 - HttpOnly and Secure cookie attributes
Note 2182476 - Batch Job REFRESH_ADMIN_DATA_FROM_SUPPORT in Solution Manager 7.2 as of SP05
Note 2250709 - Solution Manager 7.2: End-User Roles and Authorizations Corrections as of SP01 and hi...
Note 2257213 - Authorizations for RFC users for SAP Solution Manager 7.2 SP02 and higher
Note 2461900 - SSSLERR_PEER_CERT_UNTRUSTED error in dev_icm trace
Note 2512575 - Check User Management Engine Settings activity in SAP Solution Manager 7.2 as of SP03
Note 2573231 - Trying to generate the diagnostics agent certificate on step 2.3 "Diagnostics Agent A...
Note 2728600 - SSSLERR_ when accessing HCI/(S)CPI/NEO/CF servers under *.hana.ondemand.com
Note 2966538 - SSSLERR_PEER_CERT_UNTRUSTED shows in AS Java ICM trace after importing trusted certif...
Note 3070170 - Diagnostics agent cannot establish a P4 connection to the managed system
SolMan 7.2 - Infrastructure Preparation
Now the crucial part of the SolMan 7.2 Configuration begins.
the setup of the System Landscape Directory (SLD based on JAVA) and it's Connection to the Lifecycle Management Database (LMDB based on ABAP) is complex and time intensive Task. the HTTP Destination Naming needs LMDB_* at the beginning and correct and unlocked Connection Users.
choose - Automatic Import into SLD
create two HTTP Destinations to the local SLD on SJ9
wait until the LMDB Synchronization is finished
make sure the SolMan ABAP/JAVA Instances are detected now
Typical Errors during this Task
Error; exception of type 'CX_LMDB_SM_SELF_REGISTRATION' occurred, message: AS ABAP of SAP Solution Manager not in LMDB, see long text
L3 - Could not reach test WS through system settings (ICM/HTTPURLLOC)
CX_AI_SOAP_FAULT
CX_LMDB_SM_SELF_REGISTRATION
CX_LMDB_JOB_RETRY_INTOLERABLE
CX_LMDB_FILE_DOWNLOADER_ERR
LP_WS_JAVA_UPGRADE_AGENT_PORTS
CX_GENERATE_AND_EXPORT_ROOT_CE : Application ErrorSAP Notes related to the Task:
Note 2204859 - L3-Failed to reach test WS through System Settings (ICM/HTTPURLLOC)
Note 3058713 - End Points or Logical Ports are not created in step Create Logical Ports in SAP Solut...
Note 2573231 - Trying to generate the diagnostics agent certificate on step 2.3 "Diagnostics Agent A...
check the correct Update the SolMan ABAP/JAVA Instances to the local SLD
check the JCo Destinations WEBADMIN/SOLMANDIAG manually
modify the RFC Destination and add the message server details
Details of the RFC Destination SOLMANDIAG
Connect at least the Diagnostic Agent on the SolMan System
Call the SAP Diagnostic Agent Administration as follows:
https://server.domain.ext:51801/smd/AgentAdminSAP Diagnostic Agent Administration 1-2
SAP Diagnostic Agent Administration 2-2
In case you already installed the SAP Diagnostic Agent, but the connection without success, you can run the following commands to fix the connection with the tool smdsetup.sh
SAP Help - connection to the SolMan via P4S Socket
Note 1907909 – How to connect Diagnostics Agent to Solution Manager system directly by using smdsetu...
Error Message:
[SMDManager.registerAgent] Receive registration for an already existing entry. Registration REJECTEDNote 1907891 - How to change the server name of Diagnostics Agent - Solution Manager
server:dasadm 90> pwd
/usr/sap/DAS/SMDA98/SMDAgent/log
server:dasadm 87> stopsap r3
server:dasadm 87> ../../script/smdsetup.sh changeservername servername:"server"
server:dasadm 87> pwd
/usr/sap/DAS/SMDA98/SMDAgent/log
server:dasadm 88>../../smdsetup.sh managingconf hostname:"sapms://server.domain.ext" port:"<P4S-Port>" user:"SMD_RFC" pwd:"<password>"
server:dasadm 88> vi ../configuration/runtime.properties
# replace sapms\://server.domain.ext\:<P4S-Port>/P4S with p4s\://server.domain.ext\:<P4S-Port>
server:dasadm 87> startsap r3
server:dasadm 89> SAP Diagnostic Agents are available in the Administration
Enable the SAP BW Instance in the ABAP SolMan System
Note 1579474 - Management Modules for Introscope delivered by SAP
Note 2909673 - Introscope 10.7 Release Notes
Enable HTTPS for Introscope Enterprise Manager
CA Application Performance Management Version 10.7 can be called with the following URL:
http://server.domain.ext:8081/sapdashboard/
# start the EM as follows:
server:dasadm >/usr/sap/ccms/apmintroscope/bin/EMCtrl.sh start | stop | statusCA Introscope - SAP Dashboard
Define CA Introscope - Details
optional: Set Up E-Mail Communication
Configure CRM Basics - End of the Infrastructure Preparation
SolMan Infrastructure Preparation successfully finished
SolMan 7.2 - Mandantory Configuration
the SolMan 7.2 Mandantory Configuration contains additional Basic Configuration Steps which are necessary to finalize the Configuration.
Configure Basis Functions
Schedule Jobs in SM9
Configure manually Functions in SM9
Basis Configuration - Manual Activities
Rapid Content Delivery - Configuration
tx. SDS_CONFIGURATION
tx. FILE - destination DOWNLOAD_SERVICE_PATH
Rapid Content Delivery - Activation via Fiori Launchpad
tx. AGS_UPDATE
Create/Check Basic Dialog User
SolMan 7.2 - Basis Configuration successfully completed
SAP Notes assigned to the Task
Note 2820089 - Dump CX_EEM_EXCEPTION in method GET_JOB_DETAILS in ABAP Program CL_EEM_UTILITIES=====...
Note 2453296 - RCD: Directory CSU_DOWNLOAD_SERVICE_DIR does not exist, or user has insufficient priv...
Note 2583996 - Exception 'CX_SDS_FILE_ERROR' in RCD job SM:RCD_CHECK_UPDATES /CSU_DOWNLOAD_DELIVERY
SolMan 7.2 - the System is configured
wow, really? the Solution Manger 7.2 is fully functional (at least for the basic tasks)
Solution Manager Configuration successfully finished
Setup - Fiori Launchpad for SM9
Setup - Focus Build 2.0 on SM9
Blog - SAP ChaRM My Inbox setup on SAP SolMan 7.2 SP12+
Blog - All About Focused Build in SAP Solution Manager 7.2
Focused Insights for SAP Solution Manager
Note 1809231 - SAP CRM Logon is not possible because you have not been assigned to a business role (add the Role SAP_SM_CRM_UIU_SOLMANPRO to your User)
For this complex Blog the following resource were used:
- 38,2 GB SAP Data were downloaded for Installation (w/o HANA update)
- app. 60 PPT slides were created from different screenshots
- almost 100 jpegs were created
- app. 50 SAP KBA Notes were analyzed several times
- at least 5 Wikis consulted
- at least 100 SAP Note corrections were applied in advance
- at least 10 inconsistencies found
- at least 7-10 errors found and and accepted with "manual Executed"
- no animals were harmed
- one Swiss Army Knife available on the Desk
- app. 20l coffee consumed
- time effort unpayable
If the SAP TechEd Cat would knew this earlier ...
Roland Kramer, SAP Platform Architect for Intelligent Data & Analytics, SAP SE
@SAPFirstGuidance
“I have no special talent, I am only passionately curious.”
- SAP Managed Tags:
12 Comments
