Hi,

 

To segregate the developments in the phases of project deployments/ BU implementations, you can create a local project and assign the transports.


different Phases like

  • Development phase
  • Break fix phase etc.

 

     Go to t code SPROJECT_ADMIN


1.png
  Click on create
 
  2.png

Give the project name

3.png

Fill the required details

6.png

 

Once you fill the details go to transport requests tab

5.png

Click on Activate CTS functionality as below, to enable the

transport functionality.

 

Then the CTS functionality will activated.
        

Thanks

Seshu

Hi,

 

I tried local client copy after installation while scheduling the client copy the below error came and solved as below.

 

Local client copy
error:  FINBTR@<SID>CLNT<client> destination not exist error

 

 

When I tried to
perform a client copy I got the above error in new system (after installation).

 

 

Create entry in SCC4 for new client

 

And logged in the target client

 

T Code: SCC4

 

Source 001

 

Target is 100

 

1.png

  •      Clicked on schedule as background job and next screen as
    below

 

2.png

 

 

After this click on schedule job.

 

  • Then it gave an error with a pop up of FINBTR@<SID>CLNT<client>
    destination not exist

 

 

Solution:  Create the above destination by clicking on WIZARD option in the pop up (once the
error came)

 

 

  • It will open new screen and continue with RFC creation and
    give a password and proceed next.
  • Then the RFC will be created successfully and the actions as
    below.

 

3.png


  

Click on tick mark and check sm59 ….FINBTR* RFC will be
created.

 

 

Now you can proceed with client copy without any error.

4.png

and continue

5.png

 

successfully completed.

 

 

 

Thanks

Seshu


Hi Experts,

 

I will explain the procedure for changing released TR into unrelased TR. i.e; modifiable state. There is no option given explicitly for chaning the released TR into unreleased TR in STMS or SE01 Transactions. we have to follow the below steps.

 

1. Go to SE38

2. execute the report RDDIT076

 

To_Blog_1.JPG

 

3. now, we will get the below screen which asks for TR/Tasks . give the released TR number and execute (F8)

 

To_blog_2.JPG

4. Once executed, you will get the below window,

To_blog_3.jpg

 

5. first we need to change the task to unreleased. double click on the task number. now, click on the pencil button to enter edit mode.then click on input help on the filed "Status"

 

To_Blog_4.jpg

6. change the status from "R" to "D" and save

To_blog_5.jpg

7. now repeat the steps 5 and 6 for Transport request. finally the status column should be in "D" as shown in below. To_blog_6.jpg

 

8. now goto SE01 or SE09, type the TR number and check. it will be in modifiable state.

 

Cheers,

Pradeep

[symptom]

  • When you access NetWeaver java for example NWA, portal,
  • You see script error relevant to messagebundle_xx_XX.properties. e.g. messagebundle_ja_JP.properties
  • Or in httpwatch trace, you see the 404 request like:404 messagebundle_ja_JP.properties.PNG

 

[reason and prequist]

This 404 JS error is not real error and can be ignored.

The user has been assigned the locale as "ja_JP" and the resourcebundle for Japanese is with "_jp" and not with "ja_JP".

So first it tries to look for the locale specific file if not found it loads the language based file which will works.

 

[Solution]

None

The SAP Net Weaver Application Server is a web application server defined for SAP solutions. The Web AS is the base on which most of SAP products operate. The SAP application server consists of five layers including presentation layer, business layer, integration layer, connectivity layer, and persistence layer. However, the SAP Net Weaver Application Server supports HTTPS for encrypted communication. In this article, we will reveal about installation of SSL certificate into SAP Web Application server 6.10+.


Before going through the installation of SSL certificate, we have to aware about SSL Server PSE (Personal Security Environment). It contains the application server’s security information that is being used while SSL communication. It is a certificate list used by the server for the authentication purpose. The application server makes use of this list to decide which CAs the server believes. Now let us go through the procedure of SSL installation into SAP server.


Generate CSR:


To install SSL certificate, you must create a certificate request (CSR) that uses an SSL server PSE. Check individual SSL server PSE in Trust Manager by elaborating SSL server PSE node and click on the server, it appears the server’s name and for which you have to generate the CSR.


Procedure


  • Browse Trust Manager and expand the SSL server PSE node.
  • Select the application server, in the PSE maintenance section it shows the application server’s certificate.
  • Select “Create Certificate Request” from the PSE maintenance section, and a dialogue box will be there showing the certificate request.
  • Select the content shown in the certificate request and copy or save the content to a local file (<file name>.P10).

 

Installation of SSL certificate on SAP Net Weaver Application Server 6.10+:


  • Download the Intermediate Certificate and save as it as "intermediate.crt" on your server.
  • Open the Trust Manager and click to elaborate the SSL server PSE node.
  • To assign an individual Certificate to each application, you should follow the below steps.
    • Click on the desired application server, you will see SSL server PSE in the PSE maintenance section.
    • Import Cert. Response. You will find a dialog box for the certificate request response.
    • In the dialogue box, paste the content of Certificate Request Response or select the local file from the system.
    • Now, you can see in the PSE maintenance section a signed public key certificate that is imported into the SSL server PSE.
    • To view information about the imported certificate, click on it. The details of the certificate will be shown in the certificate maintenance section.
    • Finally, save the complete data.

 

Importing the CA's Root Certificates if Not Located in the Certificate Database


  • Go to Certificate section and select “Import Certificate”, it will show a certificate dialogue.
  • Choose the Database tab.
  • Choose the certificate from the certificate database and select Enter.
    You can see the certificate in the certificate section.
  • Now, select “Add to Certificate List”.
    The certificate will be added to the certificate list, which you can see in the PSE maintenance section.
  • Save the data.

 

Importing the CA's root certificate from the File System:

  • Go to Certificate section and select “Import Certificate”, it will show a certificate dialogue.
  • From the file system, enter the suitable file name and choose the file format. In case, if you are not sure about the certificate’s file format, then open the certificate in a Notepad. If the content of the certificate is readable then it is a Base 64 format.
  • You can see the certificate in the certificate maintenance section.
  • Now select “Add to Certificate List”. The certificate will be added to the certificate list, which you can see in the PSE maintenance section.
  • Save your data.

 

Importing the CA's root certificate from Different PSE:

  • Click on SSL Server PSE node to choose the application server. Check PSE maintenance section where PSE and the certificate list will be shown.
  • You can see the certificate in the certificate maintenance section. Click on the certificate.
  • In the SSL server PSE node, choose a single application server with a double click.
  • Now select “Add to Certificate List”. The certificate will be added to the certificate list, which you can see in the PSE maintenance section.
  • Save your data.
Samuli Kaski

HTTPURLLOC demystified

Posted by Samuli Kaski Jun 4, 2014

Recently I had to configure table HTTPURLLOC in order to support a scenario where users were either accessing the system externally through a hardware reverse proxy connected to SAP Web Dispatcher or the SAP system directly. In this blog I want to share my experience with SCN members.

 

The first take away from this blog is that HTTPURLLOC can't be used for switching from one protocol to another nor rewriting URLs, that happens elsewhere (e.g. Web Dispatcher modification rules, portal configuration, ICF node settings, etc). HTTPURLLOC has values with valid protocol, host and port combinations that can be used to generate URLs, otherwise the generic URL generation of the system is used. That is why HTTPURLLOC is called an exception table, not a URL generation table.

 

So now how does it work? Basically the system looks at the request object and tries to determine the requested host, this is usually the virtual host name, DNS alias, etc. which was requested by the client, e.g. the browser. This is the second take away. The host as requested by the client should be preserved throughout the request, even if there are other proxies, load balancers, etc. in the loop. If the client browser requests abc.company.com, this host should be visible in the request object of the SAP system. The only way to guarantee it is that all appliances/programs are instructed to preserve the host that was requested by the client. Apache has the PreserveProxyHost directive for it, Web Dispatcher does it automatically, others might require further configuration.

 

The third take away is that as with the host requested by the client, the protocol used by the client must be preserved as well. This is especially important if HTTPS is terminated before the request hits the SAP system. Again, configuration directives might be required to insure this. Apache has the RequestHeader directive which can be used to set variable clientprotocol to either HTTPS or HTTP depending on the scenario. Web Dispatcher does it automatically assuming wdisp/add_client_protocol_header is set to true, others might require further configuration.

 

The fourth take away is to understand how entries in HTTPURLLOC are matched against the request. The most important variable is the protocol, second most important variable is the host, third most important variable is the application and last one is the domain. If the client requested abc.company.com with protocol HTTPS and assuming that the host and protocol are preserved meaning the SAP system sees the original values, the HTTPURLLOC table is queried first for all entries that have the protocol HTTPS. Next the requested application is checked, then the domain and finally the host. There are several rules which will affect the end result meaning whether the entry in HTTPURLLOC will be used or not, the best way is to figure it out yourself by debugging method IF_HTTP_SERVER~GET_LOCATION_EXCEPTION of ABAP class CL_HTTP_SERVER.

 

The fifth take away is to understand that HTTPURLLOC is client specific and especially if you are using System Logon, you will have to configure HTTPURLLOC for client 000 as well as the clients you use.

 

The sixth and last take away is to understand that in case the requested host is unknown (it is possible in some scenarios), HTTPURLLOC will be queried based on the protocol and the first match will be used (in ascending order, based on SORT_KEY).

 

I hope this blog will save others time and headaches trying to figure out the mysteries of HTTPURLLOC. See also the official documentation on URL Generation in an AS-ABAP - Web Dispatcher Configuration.

Introduction

 

 

The upgrade of our BI 7.01 (ABAP+JAVA Dualstack) was requested by our BW-team. They wanted
to use the new features of NW 7.3. The better integration of the BO tools was
also a benefit of an upgrade. The upgrade was divided into two parts:

 

 

Part 1: The Dual Stack Split.

 

This procedure separates the JAVA stack from the ABAP stack.  Before the dual stack split the JAVA and ABAP runs under one SID. After the split you have two SIDs (the old SID for ABAP and one new SID for JAVA).

 

Part 2: The Upgrade

 

This was an usual upgrade.

 

 

The Problem

 

Before the split we had this topology:

blog1.png

After the split and the upgrade the HA features didn't work anymore In a dualstack system the sap gateway service is addressed by sapgw$$. $$ is substituted by the actual system number.

 

The following picture shows the topology after the split:

blog2.png

The problem is the Gateway service.  sapgw00 isconfigured in several destinations, in the UME and the JCO.

It was quite plain to me. The gateway service is HA critical!

 

A little shame on SAP

 

This is what you find about "high availability" in the documentation of the Dual stack split:

blog3.png

In the installation documentation of a java stack you find the HA configuration of a "normal" java stack! But what is the difference between a "normal" java stack and a split java stack? It is the UME! In a split java stack the UME is in ABAP!  I'm very glad to know that nobody heard my comments when doing the HA cluster test on our production system!!!

blog4.png

In this picture you see the topology of a HA java stack (found in the installation guide).  But what is to do,  when using the java stack in a BI system with HA? I know somewhere in the paper jungle of SAP you can find something. But sap gives no hint in the standard documentation

 

The solution


The following configuration needs to be changed:

 

1. separate the gateway service
2. logon groups in ABAP
3. the UME Backend Connection
4. JCo RFC-Provider
5. SLD

 

Separate the gateway service. OSS note 1010990 " Configuring a Standalone Gateway in an HA ASCS instance" explains how to configure the gateway service.

 

Step 1:
*Changes to the exe-directory
sidadm> cdexe                

*gives you the path <exe_path> of exe-directory
sidadm> pwd                    

*edit the sapcpe config file
sidadm> vi <exe_path>/scs.lst       

*add this line to the file      
gwrd                        


Step 2:
*Changes to the profile-directory
sidadm> cdpro                  

*gives you the path <pro_path> of profile-dir.
sidadm> pwd                    

*edit ASCS instance profile
sidadm> vi <pro_path>/<SID>_ASCS<Sys.Nr.>_<hostname>

*add this line to the profile
gw/netstat_once = 0          

Step 3:
*edit the start profile of ASCS

sidadm> vi <pro_path>/START_ASCS<Sys.Nr.>_<hostname>

*Search the first Start_Program_<xx>-entry in the profil, then enter
_GW=gwrd$(FT_EXE)


*earch the Start_Program_<xx>-entry with the highest value of <xx>, then enter:

Start_Program_<xx+1> = local $(DIR_EXECUTABLE)/$(_GW) pf=$(DIR_PROFILE)/<SID>_ASCS<Sys.Nr.>_<hostname> -no_abap

 

Step 4:
*check in /etc/services the entries:
sapgw<Sys.Nr.>
sapgw<Sys.Nr.>s

 

restart system

The new gateway service is sapgw<Sys.Nr.> because of the system number of ASCS.

 

logon groups in ABAP

 

Logon to the ABAP system and enter transaction SMLT. Configure for each Instance a logon group (in the picture it is PUBLIC)

blog5.png

 

UME Backend Connection

 

Comment

You can determine the hostname of

- message server (1)

- gateway server (2)

(1) The name of the Instance Profile of ASCS is <SID>_ASCS<Nr.>_<hostname>

(2) Same hostname as hostname of ASCS

 

http://<hostname>:50<Sys.Nr. of java>0/nwa

  ->Configuration

  ->Infrastructure

  ->Destinations

blog6.png

blog7.png

blog8.pngblog9.png

 

JCo RFC-Provider

 

http://<hostname>:50<Sys.Nr. of java>0/nwa

  ->Configuration

  ->Infrastructure

  ->Destinations

blog10.png

blog11.png

blog12.pngblog13.png

blog14.png

 

http://<hostname>:50<Sys.Nr. of java>0/nwa

  ->Configuration

  ->Infrastructure

  ->Jco RFC Provider

blog15.png

blog16.png

blog17.pngblog18.png

 

Login to the ABAP BI system. Go to Transaction SE16 -table-> RSPOR_T_PORTAL

blog19.png

In field RFCDEST you can find the JCo RFC-Destination in ABAP. Go to transaction SM59 and find the RFC destination.

blog20.png

Enter the gateway configuration

 

SLD


http://<hostname>:50<Sys.Nr. of java>0/sld
  ->Administration
  ->Settings

blog21.png

blog22.png

Logon to ABAP BI system and go to transaction SM59. Enter the gateway configuration (like in RFC destination of JCo) in the following  RFC destinations:


blog23.png

 

EPILOG

 

Be aware: You get no hint in the documentation of the dual stack split or the installation about the correct HA settings.

 

 

 

Best regards

Willi Eimler

I noticed that recently many of you have problems implementing this note, while in transaction SNOTE  the following error message is displayed when downloading SAP note 1900200 - "Directory traversal in BC-SRV-ARL":


SAP Note 0001900200 incomplete

     Message no. SCWN106

Diagnosis

     SAP Note 0001900200 is incomplete.

System Response

     This SAP Note cannot be imported.

 

Follow the (general procedure from) SAP KBA 1939285 - "SCWN106 - SAP Note incomplete in transaction SNOTE or SPAU" in order to implement the note.

I would like to share with you that I'm currently engaged in one of my personal projects creating the Generic Object Services (GOS) Troubleshooting Guide.

Please check it and update me with your feedback in a direct message on SCN. More information about GOS can be found in the online help documentation.

The GOS FAQ (created in 2009 and updated frequently) can also provide helpful information regarding the most common questions in GOS, but I decided to create this troubleshooting guide to provide step-by-step guides for errors and questions on the behavior in different scenarios.

When you using GOS toolbox menu in some transactions the Attachment list service is active, but when you opened it there are no attachments in it. Previously this was the designed behavior when the application published GOS with more than one business object. Recently an enhancement was released in SAP note 1966453 in order to give the control to the customers to decide:

 

  • have a consistent behavior of the active / inactive status of the Attachment list, so when no attachment exists make the service always inactive or as usual active when there is least one attachment in it, but in this case some delays may occur when the GOS toolbox menu is opened

OR

  • have the standard behavior, so when the application publishes GOS with more then one business object the Attachment list stays always active and in this case no performance problems can happen

 

You can find more information about this in the GOS Troubleshooting guide under the section The Attachment list is active, but no attachment displayed in it and in SAP note 1966453.

What's new in SAP NetWeaver 7.3 - A Basis perspective Part-I

Posted by Ishteyaque Ahmad in SAP NetWeaver Administrator on May 22, 2012 11:41:22 AM

 

 

There are various materials present about features of SAP NetWeaver 7.3 but not all of them are directly useful for Basis people like us. So I thought to collect some of differences/features which I noticed.

I know some folks will say that not all features are introduced in 7.3 some of them were introduced in 7.1 and 7.2, but I am a greedy man and I wanted to increase number of features in this blog so I included them as well. Beside it will be helpful to those who haven't got chance to work with 7.1 or 7.2 and directly started working with 7.3.

So lets begin...

 

1. SAP NetWeaver 7.3 Goes Green

 

With NW7.3 you can save more energy from architectural perspective, you can get details of it here, I find it interesting.

http://scn.sap.com/community/sustainability/green-it/blog/2011/06/06/sap-netweaver-73-goes-green

 

2. SAP NetWeaver 7.3 – Lean Avatar

  • In the process integration, a Java-only, lightweight advanced adapter engine is now available for NetWeaver 7.3, eliminating the need to run SAP NetWeaver Process Integration (SAP NetWeaver PI) as a dual stack.
  • From SAP NetWeaver 7.30, customers can reduce their hardware needs as a result of common deployment options for all Java usage types, including enterprise portals, SAP NetWeaver BW, and SAP NetWeaver Composition Environment (SAP NetWeaver CE), with one unified Java application server.
  • NetWeaver Portal 7.3 uses half as much memory on average to execute navigations.
  • NetWeaver Portal 7.3 server node starts up much faster than 7.01, with improvement of 33% in average.

 

3. Instances Naming convention

As of SAP NetWeaver 7.1, the concept and naming of SAP system instances has changed. The terms “central instance” and “dialog instance” are no longer used. Instead, the SAP system consists of the following instances:

  • Application server instances

Application server instances can be installed as “primary application server instance” (PAS) or “additional application server instances” (AAS).

  • Central services instance
  • Database instance

 

4. The Central Services Instance ABAP - ASCS

The central services instance for ABAP (ASCS instance) is now installed with every SAP ABAP system distribution option: Standard System      Distributed System      High-Availability SystemThe enqueue replication server instance (ERS instance) can now be installed  together with the central services instance for every installation :

  • Standard System (optional)
  • Distributed System (optional)
  • High-Availability System (mandatory)

ERS.pngAt the time of SCS installation if we can select the above option it will install ERS instance as well.Though I am such a naive person who is failed to understand the purpose of having ERS instance on same host where we are having Enqueue server.

5. The Central Services Instance ABAP - ASCS

With new Installation Master for ABAP+Java, SAPInst does not provide option for separate ASCS and SCS Instance.  Though it can be separated manually after installation on different host.ASCS.png

6. Split Off ASCS Instance

SAPInst now has an option to "Split Off ASCS Instance"With the option Split Off ASCS Instance from Existing Primary Application Server Instance, you can split off an central services instance for ABAP (ASCS instance) from the primary application server instance of an existing ABAP system or ABAP+Java (dual-stack) system.ASCSsplit.png

7. Solution Manager Key

As of SAP NetWeaver 7.3, Solution-Manager-Key at the time of Installation is not asked/required by SAPInst.Even in previous installation people found out the way to generate the Solution Manager Key out of SolMan System.http://kohanov.com/tmp/sap_keys.vbs

8. Start Profile Merged

As of SAP NetWeaver 7.3, Start Profile has been removed as separate file.In earlier versions of NetWeaver there were 1 Default profile per SAP system, 1 Start profile per Instance and 1 Instance profile per instance.Now the Start profile contents are merged with Instance profile. With help of new Instance profile SAP processes are started and at the same time instance specific parameters are read.This removed total number of profile files. 1 Default profile per SAP System, 1 instance profile per instance. Now Profile Directory will look neater !!

9. JSPM (Java Support Package Manager) Initial credential requirement changed

  • While starting JSPM – SDM password is not being prompted, Instead you need to provide Java Admin User ID and password.

jspm.jpg

  • While deploying and upgrading components it needs restart of just Java and sometime complete SAP restart, for which Admin User ID at OS level and its password is asked.

jspm2.jpg

  • SDM is replaced with JSPM and directory SDM is altogether removed.

jspm3.jpg

  • Un-deployment of SCA’s/EAR files are not possible using JSPM. You have to use NWDI for this purpose.
  • No support for PAR files. All portal applications are now EAR (Enterprise Archive) based, PAR migration tool for converting PAR files to EAR files

10. JCMON changed menu

 

jcmon.jpg

After NetWeaver 7.01 JCMON menu 20: Local Administration Menu is non functional.

jcmon2.png

Select opton Solid Rock ....  name is funny I mean Rocks are solid anyway

and you will able to see which state of different components/nodes. Unlike previous version I didn't find refresh option here, so go back and come to this menu again for recent view.

 

11. Visual Admin Vs NWA

 

As of SAP NetWeaver 7.1, Visual Admin has been replaced with NWA

VA&NWA.png

 

12. Support Pack Stack

 

NW7.0SPLevel.png

Earlier in NetWeaver 7.0, For a Support Pack Stack the  release level of BW component was generally  2 release ahead of the ABAP and Basis component.

Now all components are  released on same level.

NW7.3SPLevel.png

Please continue with second part of this blog.

What's new in SAP NetWeaver 7.3 - A Basis perspective Part-II

Are you experiencing a strange behavior in GOS? Icons for services not displayed as expected? Some functions are inactive or hidden which should not be? First check the possible custom modifications in GOS (tables SGOSATTR and SGOSCUST or the BAdI implementations etc.) using the GOS check report from note 1873544.

 

For more information check the GOS online help documentation here and the GOS FAQ here.

Before using the functionality delivered with SAP note 1851646 please make sure that the prerequisites regarding: SAP BASIS Support Package, Kernel and SAP GUI version and patch levels are fulfilled from SAP note 1415647.

The code corrections delivered with 1851646 are created for older SAP BASIS Support Package levels too due to sustainability and code maintenance reasons. This doesn't mean, that the functionality can be used without fulfilling the requirements of note 1415647.

(If dump raised in class CL_GOS_STARTER implement SAP note 1892609 too.)

Upgrading a kernel was an easy move. But the growing complexity of SAP-systems, makes an
upgrade of the kernel more difficult than it was in the past.

 

I was motivated to change the kernel by the PAM on the SAP service marketplace. I checked the "lifetime" of the kernel by:

 

http://service.sap.com/pam

b1.jpg

  PAM-page

b2.jpg

 

searching my sap product

b3.jpg

Hmm bad news A System without supported kernel? No way !

I needed a new kernel and the newest was 7.21 EXT I looked at the PAM and found:

b4.jpg

In order to be able to do the kernel upgrade in a proper way, I searched for the necessary
notes. I found 3 essential notes for the kernel upgrade.

 

1716826  - Usage of the downward compatible kernel 721 (EXT)            

1728283  - SAP Kernel 721: General Information            

1713986  - Installation von Kernel 7.21 (EXT)            

 

Now I had all the information I needed. The next task was to download the new kernel.

http://service.sap.com/patches -> Support Packages and Patches -> A - Z Index -> ....

 

And now a little happy question time:

Question: When I search the kernel for a SAP PI 7.1 EHP 1 system, where do I have to search?

1. S for SAP?

2. P for PI?

3. Z for Zorro?

Answer: No,  it's N for Netweaver -> 1 hour lost for the answer of this question

 

http://service.sap.com/patches -> Support Packages and Patches -> A - Z Index -> SAP NETWEAVER PI 7.1X -> SAP EHP1 FOR SAP NW PI 7.1 -> Entry by Component -> Application Server ABAP

 

I downloaded the following archives:

 

SAPCAR_315-20010445.EXE                 SAPCAR
DBATL720O10_31-20006704.SAR             DBATOOLS Package for Oracle 10g and 11g
SAPEXE_100-10011322.SAR                 Kernel Part I (database independent)
SAPEXEDB_100-10011323.SAR               Kernel Part II (database specific)
igsexe_5-20007786.sar                   Internet Graphic Server (IGS)
igshelper_3-10010245.sar                IGS Helper
sapwebdisp_421-20008606.sar             SAP Webdispatcher
SAPCRYPTOLIB_34-10010842.SAR            SAP Kryptolib
SAPHOSTAGENT147_147-20005726.SAR        SAPhostagent 7.20

SAP_112035_201303_HPUXIA64.zip          SAP Bundle Patch

 

After analyzing the 3 notes, I identified the next tasks:

 

1. ) check Note 1610716 - Correcting runtime objects with incorrect alignment
2.) update SAPJVM 5.1.047 to 5.1.084
3.) implement the latest SBP (SAP bundle patch)
4.) Upgrade the kernel

 

ok 4 tasks to do. Let's do it:

 

Task 1: check Note 1610716 - Correcting runtime objects with incorrect alignment

 

I had to implement Note 1610716 with the transaction SNOTE and I got the report RUT_NOTE_1610716. I started the report first with option check and after that with option repair. It ran several minutes. Task was done.

 

Task 2:  update SAPJVM 5.1.047 to 5.1.084


Ok, now I need to search all relevant notes for patching a SAPJVM. I found:

1683392 - SAP JVM 5.1 Patch-Collection 58 (Build 5.1.074)
1434916 - How to find out the SAP JVM build version
1367498 - Installationsvoraussetzungen für SAP JVM
1025085 - How to manually patch the SAPJVM
1133020 - Importieren eines SAP-JVM-Patchs in Application Server Java

 

With note 1434916 I was able to identify the SAPJVM-Version. I was not able to identify the version of sapjvm on the system information page:( In my opinion the system information page of NW 7.0 is much better than on NW 7.1! The system information page of NW 7.0 is more simple, but the information is well-arranged.

Note 1025085 states:
"Patching the SAP JVM on an SAP NetWeaver system is only supported using the Software Update Manager (SUM) or the Java Support Package Manager (JSPM)."
I chose the JSPM.

After patching sapjvm I started the system and... it started without any error and... no java page could be displayed

I posted my problem and a guru (big thanx to Reagan Benjamin) found the solution see:
http://scn.sap.com/thread/3388835 (No http page available after upgrade of SAPJVM)
After implementing Note 1625051 - "Wily Introscope agent: IllegalAccessError" the system runs fine again

ok next step:

 

 

 

Task 3) implement the latest SBP (SAP bundle patch)


Where can I find the SBP?
http://service.sap.com/patches -> Database and Database Patches (from other vendors) -> Oracle -> Oracle Patches 11.2.0.2.0

a) Checks
orasid> cd /oracle/SID/11203; bdf .
orasid> cd /oracle/stage/11203/database/SAP; bdf .
both filesystems should be 1GB free

 

b) Patche Opatch and MOPatch
orasid> setenv IHRDBMS /oracle/SID/11203; setenv OHRDBMS /oracle/SID/112_64; setenv ORACLE_HOME /oracle/SID/11203
orasid> cd /oracle/stage/11203/database/SAP
orasid> cp -p /inst_cd_sap/IA64/Oracle110203/updates/SAP_112035_201303/SAP_112035_201303_HPUXIA64.zip .
orasid> unzip -qd $IHRDBMS/sapbundle SAP_112035_201303_HPUXIA64.zip 'SBP_112035_201303/OPatch/*'
orasid> mv $IHRDBMS/OPatch $IHRDBMS/OPatch-pre-SBP_112035_201303
orasid> mv $IHRDBMS/sapbundle/SBP_112035_201303/OPatch $IHRDBMS/OPatch
orasid> unzip -qd $IHRDBMS/sapbundle SAP_112035_201303_HPUXIA64.zip 'SBP_112035_201303/MOPatch/*'
orasid> test -d $IHRDBMS/MOPatch && mv $IHRDBMS/MOPatch $IHRDBMS/MOPatch-pre-SBP_112035_201303
orasid> mv $IHRDBMS/sapbundle/SBP_112035_201303/MOPatch $IHRDBMS/MOPatch

orasid> $ORACLE_HOME/OPatch/opatch version

b5.jpg

  orasid> $ORACLE_HOME/MOPatch/mopatch.sh -h

 

b6.jpg

The following versinos should be displayed:
OPatch version 11.2.0.3.1
MOPatch version 2.1.13

 

c) stop the system
sidadm> stopsap
orasid> lsnrctl stop
orasid> ps -efax | grep ora
no ora process should run!

 

d) install SBP

orasid> setenv ORACLE_HOME /oracle/SID/11203
orasid> cd /oracle/stage/11203/database/SAP
orasid> /bin/sh $ORACLE_HOME/MOPatch/mopatch.sh -v -s SAP_112035_201303_HPUXIA64.zip

b7.jpg

orasid> lsnrctl start

 

<open a new session>
oraSID> sqlplus "/as sysdba"
SQL> startup

 

<old session>
oraSID> cd $OHRDBMS/rdbms/admin
oraSID> env ORACLE_HOME=$OHRDBMS $OHRDBMS/bin/sqlplus "/as sysdba"

SQL> @?/sapbundle/SBP_112035_201303/catsbp.sql

b8.jpg

Hmmmm, INCOMPLETE. This is a word sap administrators don't like! After reading Note 1509324 I did as it was recommended in the note.

SQL> select action_time from registry$history group by action_time having count(*) > 1;

If rows appear then read OSS-Note: 1508602.

b9.jpg

no rows, great.


SQL> @?/rdbms/admin/utlrp.sql;

 

b10.jpg

SQL> shutdown

SQL> startup

SQL> @?/sapbundle/SBP_112035_201303/catsbp.sql

b11.jpg

No errors and two COMPLETEs. That was good.

I had to set two parameters ->

SQL> ALTER SYSTEM SET "_FIX_CONTROL"=
     '5099019:ON','5705630:ON','6055658:OFF','6399597:ON','6430500:ON',
     '6440977:ON','6626018:ON','6972291:ON','7168184:OFF','8937971:ON',
     '9196440:ON','9495669:ON','13077335:ON','13627489:ON','14255600:OFF',
     '14595273:ON' COMMENT='SAP_112035_201302 RECOMMENDED SETTINGS' SCOPE=SPFILE;

SQL> ALTER SYSTEM SET EVENT=
     '10027',
     '10028',
     '10142',
     '10183',
     '10191',
     '10995 level 2',
     '31991',
     '38068 level 100',
     '38085',
     '38087',
     '44951 level 1024'
     COMMENT='SAP_112035_201302 RECOMMENDED SETTINGS' SCOPE=SPFILE;

SQL> shutdown immediate
SQL> startup
SQL> shutdown immediate
SBP is installed, Task done!

 

Task 4: Upgrade the kernel

 

This is not as easy as it was in the good old days! Now you have to do some more steps. In the good old  days (when SAP ERP was R/3) you patched the system between 12:00 and 12:30 when users were at lunch! (Is it lunch or dinner? Hmm I don't know. Please excuse my bad English!) But today you have to do it on weekend.

So let's start.

 

Step 1: saphostagent upgrade

 

root> cd /tmp

root> mkdir saphostagent; cd saphostagent

root> /sapmnt/SID/SAPCAR -xvf /inst_cd_sap/IA64/kernel/PI_721_EXT_100/SAPHOSTAGENT147_147-20005726.SAR

root> ./saphostexec -upgrade

 

b12.jpg

 

Step 2: stop the system

 

Stopping the saphostagent:
root> /usr/sap/hostctrl/exe/saphostexec -stop
root> /usr/sap/hostctrl/exe/saposcol -k

b13.jpg

 

Stopping the sapwebdisp:

<user of sapwebdisp> stopsap all W90

b14.jpg

Stopping sapstartsrv:

 

sidadm> sapcontrol -nr <Systemnummer Instanz z.B. 00> -prot NI_HTTP -function StopService;

sidadm> sapcontrol -nr <Systemnummer ASCS> -prot NI_HTTP -function StopService;

sidadm> sapcontrol -nr <Systemnummer SCS> -prot NI_HTTP -function StopService;

sidadm> sapcontrol -nr <Systemnummer ERS> -prot NI_HTTP -function StopService;

b15.jpg

Deregister and stop CCMS-Agenten:

 

sidadm> cd /usr/sap/SID/SYS/exe/run/
sidadm> ./sapccm4x -u pf=/usr/sap/SID/SYS/profile/SID_DVEBMGS<Sy.Nr.>_<host>
sidadm> ./ccmsping -u pf=/usr/sap/SID/SYS/profile/SID_DVEBMGS<Sy.Nr.>_<host> -push -n<Sy.Nr>

 

stop Diagnosticagent
<D-Agentuser> stopsap SMDA90

b16.jpg

 

 

Step 3: Clear shared memory

 

sidadm> /usr/sap/SID/SYS/exe/run/showipc all
Shows all shared memorys of all systems.

 

sidadm> /usr/sap/SID/SYS/exe/run/cleanipc <SystemNrIPC> remove
Now check for open shared memory segments. There should be no segment
sidadm> /usr/sap/SID/SYS/exe/run/showipc all

b17.jpg

 

Step 4: get SAPCAR

 

sidadm> mkdir /tmp/sapcar
sidadm> cd /tmp/sapcar
sidadm> SAPCAR -xfv /<directory of sar-files>/SAPEXE_100-10011322.SAR
sidadm> cp SAPCAR /sapmnt/SID/

 

Step 5: removing the old kernel

 

root> cd /usr/sap/SID/SYS/exe/run/
root> rm -rf *

 

Step 6: implement the new kernel

 

sidadm> cd /usr/sap/SID/SYS/exe/run/
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/SAPEXE_100-10011322.SAR
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/SAPEXEDB_100-10011323.SAR
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/DBATL720O10_31-20006704.SAR
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/igsexe_5-20007786.sar

b18.jpg

 

Step 7: implement sapcryprtolib

 

sidadm> mkdir /tmp/sapcrypto
sidadm> cd /tmp/sapcrypto
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/SAPCRYPTOLIB_34-10010842.SAR
sidadm> cp -p hpia64-11.31-64/* /usr/sap/SID/SYS/exe/run/
sidadm> cp -p hpia64-11.31-64/ticket /usr/sap/SID/DVEBMGS<Sy.Nr>/sec

 

Step 8: start saproot

 

root> cd /usr/sap/SID/SYS/exe/run/
root> ./saproot.sh SID

b19.jpg

 

Step 9: install igshelper


sidadm> cd /usr/sap/SID/DVEBMGS<Sy.Nr.>; mv igs igs_old;
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/igshelper_3-10010245.sar

 

 

Step 10: new kernel for sapwebdisp

 

<user of sapwebdisp> cd /usr/sap/SWP_SID/SYS/exe/run
<user of sapwebdisp> rm -rf *
<user of sapwebdisp> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/sapwebdisp_421-20008606.sar

 

 

Step 11: delete the exe-directories of all instances

root> cd /usr/sap/SID/DVEBMGS<Sy.Nr. of instance>/exe
root> rm -rf *

root> cd /usr/sap/SID/ASCS<Sy.Nr. of ASCS>/exe
root> rm -rf *

root> cd /usr/sap/SID/SCS<Sy.Nr. of SCS/exe
root> rm -rf *

root> cd /usr/sap/SID/ERS<Sy.Nr.of ERS>/exe
root> rm -rf *

 

 

Step 12: execute SAPCPE

It is recommended by sap to start sapcpe for every instance. Be aware to use the scs.lst file for the central services and the ERS!

For the central instance:

sidadm> cd /usr/sap/SID/DVEBMGS<Sy.Nr. instance>/work
sidadm> sapcpe pf=/usr/sap/SID/SYS/profile/SID_DVEBMGS<Sy.Nr. instance>_<host>

 

For the central services:

sidadm> cd /usr/sap/SID/SCS<Sy.Nr. SCS>/work
sidadm> sapcpe pf=/usr/sap/SID/SYS/profile/SID_SCS<Sy.Nr. SCS>_<host> list:/usr/sap/SID/SYS/exe/run/scs.lst

sidadm> cd /usr/sap/SID/ASCS<Sy.Nr. ASCS>/work
sidadm> sapcpe pf=/usr/sap/SID/SYS/profile/SID_ASCS<Sy.Nr. ASCS>_<host> list:/usr/sap/SID/SYS/exe/run/scs.lst

 

And for the Enhanced Replication Services (I only show it for one ERS because I'm too lazy;))

sidadm> cd /usr/sap/SID/ERS<Sy.Nr. ERS>/work
sidadm> sapcpe pf=/usr/sap/SID/SYS/profile/SID_ERS<Sy.Nr. ERS>_<host> list:/usr/sap/SID/SYS/exe/run/scs.lst

 

Last but not least the jvm needs it's binaries too:

sidadm> sapcpe /usr/sap/SID/SYS/profile/SID_DVEBMGS<Sy.Nr. instance>_<host> source:/sapmnt/SID/exe/jvm/hpia64/sapjvm_5.1.084 list:/sapmnt/SID/exe/jvm/hpia64/sapjvm_5.1.084/sapjvm_5.lst

 

Step 12:  post activities

Enter line 
rslg/new_layout = 9
in file /usr/sap/SIS/SYS/profile/DEFAULT.PFL
Then you have to delete the files of the syslog.

 

 

Final Step (13):  startsap


Puhhh 13 steps…I entered

 

sidam> startsap

b20.jpg

Sometimes startsap is a liar, so verified it:

 

sidadm> ps -efax | grep sap

b21.jpg

ok. ABAP was running, but J2EE is a diva. I took a look at the dev_server0 and…

b22.jpg

Thanx god java (the beast) is up and running

 

That was my adventure kernel patching a PI system. Finally I leaved the office and tried to relax at the rest of Sunday .

 

Best regards

Willi Eimler

ICM is the web server for NetWeaver Java >= 7.1. Request directed to the NetWeaver server pass first through ICM. ICM therefore is an additional layer between your application and the end user. From time to time a change to the ICM configuration may be needed to adjust the parameters or enable new access methods.

 

As an example, the access to port 50008 shall serve to show how to configure ICM and make the change effective.

 

In a default configuration, access to port 50008 is not enabled. The telnet port itself is active on NW AS Java, but not reachable for external request:

icm1.jpg

ICM configuration

 

To be able to reach port 50008, ICM needs to be configured to allow remote access to this port. To achieve this, just add the telnet port in the ICM configuration file.

  • File location: /usr/sap/<INST>/SYS/prfiles/<SYS>_J00_<name>
  • Parameter: icm/server_port_3 = PROT=TELNET,PORT=50008

PSMON

 

To make this change effective, ICM needs to be restarted. This is done using jsmon with the correct profile as parameter:

 

jmson pf=/usr/sap/<INST>/SYS/profile/<INST>_J00_<name>

 

The process related task explains how to restart ICM.

icm2.jpg

The command is: process restart <idx>. To get the ID of ICM, take a look at the process list. Issue the command: process view

icm3.jpg

The ID for ICM is 1 and the current state is running. To trigger a restart: process restart 1

icm4.jpg

Now the new configuration is effective and the telnet server of NW Java can be accessed.

icm5.jpg

Why does ICM not re-read the configuration when it was changed and applies the change on the fly? Don't ask me why SAP enforces a shutdown for a parameter change. Even worse that ICM is in front of your NetWeaver, so all current HTTP connections get lost and the end-user gets an error message. Hopefully the connection is only for a few seconds down, so the session data should still be valid and the users can continue with their work.

 

 

 

Why use psmon

 

Do not kill and restart the process like this:

 

Find the process ID.

icm6.jpg

Kill the icman process: kill -9 <processed>.

 

Then restart the process with the above shown parameters.

icm7.jpg

This will result in a 503 error message from ICM

icm8.jpg

Actions

Filter Blog

By author:
By date:
By tag: