Samuli Kaski

HTTPURLLOC demystified

Posted by Samuli Kaski Jun 4, 2014

Recently I had to configure table HTTPURLLOC in order to support a scenario where users were either accessing the system externally through a hardware reverse proxy connected to SAP Web Dispatcher or the SAP system directly. In this blog I want to share my experience with SCN members.


The first take away from this blog is that HTTPURLLOC can't be used for switching from one protocol to another nor rewriting URLs, that happens elsewhere (e.g. Web Dispatcher modification rules, portal configuration, ICF node settings, etc). HTTPURLLOC has values with valid protocol, host and port combinations that can be used to generate URLs, otherwise the generic URL generation of the system is used. That is why HTTPURLLOC is called an exception table, not a URL generation table.


So now how does it work? Basically the system looks at the request object and tries to determine the requested host, this is usually the virtual host name, DNS alias, etc. which was requested by the client, e.g. the browser. This is the second take away. The host as requested by the client should be preserved throughout the request, even if there are other proxies, load balancers, etc. in the loop. If the client browser requests, this host should be visible in the request object of the SAP system. The only way to guarantee it is that all appliances/programs are instructed to preserve the host that was requested by the client. Apache has the PreserveProxyHost directive for it, Web Dispatcher does it automatically, others might require further configuration.


The third take away is that as with the host requested by the client, the protocol used by the client must be preserved as well. This is especially important if HTTPS is terminated before the request hits the SAP system. Again, configuration directives might be required to insure this. Apache has the RequestHeader directive which can be used to set variable clientprotocol to either HTTPS or HTTP depending on the scenario. Web Dispatcher does it automatically assuming wdisp/add_client_protocol_header is set to true, others might require further configuration.


The fourth take away is to understand how entries in HTTPURLLOC are matched against the request. The most important variable is the protocol, second most important variable is the host, third most important variable is the application and last one is the domain. If the client requested with protocol HTTPS and assuming that the host and protocol are preserved meaning the SAP system sees the original values, the HTTPURLLOC table is queried first for all entries that have the protocol HTTPS. Next the requested application is checked, then the domain and finally the host. There are several rules which will affect the end result meaning whether the entry in HTTPURLLOC will be used or not, the best way is to figure it out yourself by debugging method IF_HTTP_SERVER~GET_LOCATION_EXCEPTION of ABAP class CL_HTTP_SERVER.


The fifth take away is to understand that HTTPURLLOC is client specific and especially if you are using System Logon, you will have to configure HTTPURLLOC for client 000 as well as the clients you use.


The sixth and last take away is to understand that in case the requested host is unknown (it is possible in some scenarios), HTTPURLLOC will be queried based on the protocol and the first match will be used (in ascending order, based on SORT_KEY).


I hope this blog will save others time and headaches trying to figure out the mysteries of HTTPURLLOC. See also the official documentation on URL Generation in an AS-ABAP - Web Dispatcher Configuration.




The upgrade of our BI 7.01 (ABAP+JAVA Dualstack) was requested by our BW-team. They wanted
to use the new features of NW 7.3. The better integration of the BO tools was
also a benefit of an upgrade. The upgrade was divided into two parts:



Part 1: The Dual Stack Split.


This procedure separates the JAVA stack from the ABAP stack.  Before the dual stack split the JAVA and ABAP runs under one SID. After the split you have two SIDs (the old SID for ABAP and one new SID for JAVA).


Part 2: The Upgrade


This was an usual upgrade.



The Problem


Before the split we had this topology:


After the split and the upgrade the HA features didn't work anymore In a dualstack system the sap gateway service is addressed by sapgw$$. $$ is substituted by the actual system number.


The following picture shows the topology after the split:


The problem is the Gateway service.  sapgw00 isconfigured in several destinations, in the UME and the JCO.

It was quite plain to me. The gateway service is HA critical!


A little shame on SAP


This is what you find about "high availability" in the documentation of the Dual stack split:


In the installation documentation of a java stack you find the HA configuration of a "normal" java stack! But what is the difference between a "normal" java stack and a split java stack? It is the UME! In a split java stack the UME is in ABAP!  I'm very glad to know that nobody heard my comments when doing the HA cluster test on our production system!!!


In this picture you see the topology of a HA java stack (found in the installation guide).  But what is to do,  when using the java stack in a BI system with HA? I know somewhere in the paper jungle of SAP you can find something. But sap gives no hint in the standard documentation


The solution

The following configuration needs to be changed:


1. separate the gateway service
2. logon groups in ABAP
3. the UME Backend Connection
4. JCo RFC-Provider
5. SLD


Separate the gateway service. OSS note 1010990 " Configuring a Standalone Gateway in an HA ASCS instance" explains how to configure the gateway service.


Step 1:
*Changes to the exe-directory
sidadm> cdexe                

*gives you the path <exe_path> of exe-directory
sidadm> pwd                    

*edit the sapcpe config file
sidadm> vi <exe_path>/scs.lst       

*add this line to the file      

Step 2:
*Changes to the profile-directory
sidadm> cdpro                  

*gives you the path <pro_path> of profile-dir.
sidadm> pwd                    

*edit ASCS instance profile
sidadm> vi <pro_path>/<SID>_ASCS<Sys.Nr.>_<hostname>

*add this line to the profile
gw/netstat_once = 0          

Step 3:
*edit the start profile of ASCS

sidadm> vi <pro_path>/START_ASCS<Sys.Nr.>_<hostname>

*Search the first Start_Program_<xx>-entry in the profil, then enter

*earch the Start_Program_<xx>-entry with the highest value of <xx>, then enter:

Start_Program_<xx+1> = local $(DIR_EXECUTABLE)/$(_GW) pf=$(DIR_PROFILE)/<SID>_ASCS<Sys.Nr.>_<hostname> -no_abap


Step 4:
*check in /etc/services the entries:


restart system

The new gateway service is sapgw<Sys.Nr.> because of the system number of ASCS.


logon groups in ABAP


Logon to the ABAP system and enter transaction SMLT. Configure for each Instance a logon group (in the picture it is PUBLIC)



UME Backend Connection



You can determine the hostname of

- message server (1)

- gateway server (2)

(1) The name of the Instance Profile of ASCS is <SID>_ASCS<Nr.>_<hostname>

(2) Same hostname as hostname of ASCS


http://<hostname>:50<Sys.Nr. of java>0/nwa








JCo RFC-Provider


http://<hostname>:50<Sys.Nr. of java>0/nwa









http://<hostname>:50<Sys.Nr. of java>0/nwa



  ->Jco RFC Provider





Login to the ABAP BI system. Go to Transaction SE16 -table-> RSPOR_T_PORTAL


In field RFCDEST you can find the JCo RFC-Destination in ABAP. Go to transaction SM59 and find the RFC destination.


Enter the gateway configuration



http://<hostname>:50<Sys.Nr. of java>0/sld



Logon to ABAP BI system and go to transaction SM59. Enter the gateway configuration (like in RFC destination of JCo) in the following  RFC destinations:





Be aware: You get no hint in the documentation of the dual stack split or the installation about the correct HA settings.




Best regards

Willi Eimler

As I currently faced the problem that I have to deploy patches for Java support packages and got stuck with SUM (although I put the correct patches in stack.xml using Maintenance Optimizer, nothing has been changed to the system except I lost all my ABAP loads), I want to share an alternative to JSPM (which isn't supported any more, see and SUM.


First, you need to know your instance number - let's say instance is running on 50. Then you need a shell where you can start telnet connections to port 5<instance number>08:



In this example I logged in to the server first and connected to localhost. Log in with your admin account, e. g. j2ee_admin for doublestack systems.


After login, you may see which commands are available using man:



Now the deployment can start. The best thing is to put all files in one directory and create a text file (e. g. /somedir/deploy.txt) containing all SCAs line by line:




In telnet, just enter this line:


deploy list=/somedir/deploy.txt version_rule=all on_prerequisite_error=stop


The J2EE instance will restart, so the telnet connection will be closed. When you re-login, you can check status with




If you want to know the syntax of a command, you may use <command> -help.

I noticed that recently many of you have problems implementing this note, while in transaction SNOTE  the following error message is displayed when downloading SAP note 1900200 - "Directory traversal in BC-SRV-ARL":

SAP Note 0001900200 incomplete

     Message no. SCWN106


     SAP Note 0001900200 is incomplete.

System Response

     This SAP Note cannot be imported.


Follow the (general procedure from) SAP KBA 1939285 - "SCWN106 - SAP Note incomplete in transaction SNOTE or SPAU" in order to implement the note.

I would like to share with you that I'm currently engaged in one of my personal projects creating the Generic Object Services (GOS) Troubleshooting Guide.

Please check it and update me with your feedback in a direct message on SCN. More information about GOS can be found in the online help documentation.

The GOS FAQ (created in 2009 and updated frequently) can also provide helpful information regarding the most common questions in GOS, but I decided to create this troubleshooting guide to provide step-by-step guides for errors and questions on the behavior in different scenarios.

When you using GOS toolbox menu in some transactions the Attachment list service is active, but when you opened it there are no attachments in it. Previously this was the designed behavior when the application published GOS with more than one business object. Recently an enhancement was released in SAP note 1966453 in order to give the control to the customers to decide:


  • have a consistent behavior of the active / inactive status of the Attachment list, so when no attachment exists make the service always inactive or as usual active when there is least one attachment in it, but in this case some delays may occur when the GOS toolbox menu is opened


  • have the standard behavior, so when the application publishes GOS with more then one business object the Attachment list stays always active and in this case no performance problems can happen


You can find more information about this in the GOS Troubleshooting guide under the section The Attachment list is active, but no attachment displayed in it and in SAP note 1966453.

What's new in SAP NetWeaver 7.3 - A Basis perspective Part-I

Posted by Ishteyaque Ahmad in SAP NetWeaver Administrator on May 22, 2012 11:41:22 AM



There are various materials present about features of SAP NetWeaver 7.3 but not all of them are directly useful for Basis people like us. So I thought to collect some of differences/features which I noticed.

I know some folks will say that not all features are introduced in 7.3 some of them were introduced in 7.1 and 7.2, but I am a greedy man and I wanted to increase number of features in this blog so I included them as well. Beside it will be helpful to those who haven't got chance to work with 7.1 or 7.2 and directly started working with 7.3.

So lets begin...


1. SAP NetWeaver 7.3 Goes Green


With NW7.3 you can save more energy from architectural perspective, you can get details of it here, I find it interesting.


2. SAP NetWeaver 7.3 – Lean Avatar

  • In the process integration, a Java-only, lightweight advanced adapter engine is now available for NetWeaver 7.3, eliminating the need to run SAP NetWeaver Process Integration (SAP NetWeaver PI) as a dual stack.
  • From SAP NetWeaver 7.30, customers can reduce their hardware needs as a result of common deployment options for all Java usage types, including enterprise portals, SAP NetWeaver BW, and SAP NetWeaver Composition Environment (SAP NetWeaver CE), with one unified Java application server.
  • NetWeaver Portal 7.3 uses half as much memory on average to execute navigations.
  • NetWeaver Portal 7.3 server node starts up much faster than 7.01, with improvement of 33% in average.


3. Instances Naming convention

As of SAP NetWeaver 7.1, the concept and naming of SAP system instances has changed. The terms “central instance” and “dialog instance” are no longer used. Instead, the SAP system consists of the following instances:

  • Application server instances

Application server instances can be installed as “primary application server instance” (PAS) or “additional application server instances” (AAS).

  • Central services instance
  • Database instance


4. The Central Services Instance ABAP - ASCS

The central services instance for ABAP (ASCS instance) is now installed with every SAP ABAP system distribution option: Standard System      Distributed System      High-Availability SystemThe enqueue replication server instance (ERS instance) can now be installed  together with the central services instance for every installation :

  • Standard System (optional)
  • Distributed System (optional)
  • High-Availability System (mandatory)

ERS.pngAt the time of SCS installation if we can select the above option it will install ERS instance as well.Though I am such a naive person who is failed to understand the purpose of having ERS instance on same host where we are having Enqueue server.

5. The Central Services Instance ABAP - ASCS

With new Installation Master for ABAP+Java, SAPInst does not provide option for separate ASCS and SCS Instance.  Though it can be separated manually after installation on different host.ASCS.png

6. Split Off ASCS Instance

SAPInst now has an option to "Split Off ASCS Instance"With the option Split Off ASCS Instance from Existing Primary Application Server Instance, you can split off an central services instance for ABAP (ASCS instance) from the primary application server instance of an existing ABAP system or ABAP+Java (dual-stack) system.ASCSsplit.png

7. Solution Manager Key

As of SAP NetWeaver 7.3, Solution-Manager-Key at the time of Installation is not asked/required by SAPInst.Even in previous installation people found out the way to generate the Solution Manager Key out of SolMan System.

8. Start Profile Merged

As of SAP NetWeaver 7.3, Start Profile has been removed as separate file.In earlier versions of NetWeaver there were 1 Default profile per SAP system, 1 Start profile per Instance and 1 Instance profile per instance.Now the Start profile contents are merged with Instance profile. With help of new Instance profile SAP processes are started and at the same time instance specific parameters are read.This removed total number of profile files. 1 Default profile per SAP System, 1 instance profile per instance. Now Profile Directory will look neater !!

9. JSPM (Java Support Package Manager) Initial credential requirement changed

  • While starting JSPM – SDM password is not being prompted, Instead you need to provide Java Admin User ID and password.


  • While deploying and upgrading components it needs restart of just Java and sometime complete SAP restart, for which Admin User ID at OS level and its password is asked.


  • SDM is replaced with JSPM and directory SDM is altogether removed.


  • Un-deployment of SCA’s/EAR files are not possible using JSPM. You have to use NWDI for this purpose.
  • No support for PAR files. All portal applications are now EAR (Enterprise Archive) based, PAR migration tool for converting PAR files to EAR files

10. JCMON changed menu



After NetWeaver 7.01 JCMON menu 20: Local Administration Menu is non functional.


Select opton Solid Rock ....  name is funny I mean Rocks are solid anyway

and you will able to see which state of different components/nodes. Unlike previous version I didn't find refresh option here, so go back and come to this menu again for recent view.


11. Visual Admin Vs NWA


As of SAP NetWeaver 7.1, Visual Admin has been replaced with NWA



12. Support Pack Stack



Earlier in NetWeaver 7.0, For a Support Pack Stack the  release level of BW component was generally  2 release ahead of the ABAP and Basis component.

Now all components are  released on same level.


Please continue with second part of this blog.

What's new in SAP NetWeaver 7.3 - A Basis perspective Part-II

Are you experiencing a strange behavior in GOS? Icons for services not displayed as expected? Some functions are inactive or hidden which should not be? First check the possible custom modifications in GOS (tables SGOSATTR and SGOSCUST or the BAdI implementations etc.) using the GOS check report from note 1873544.


For more information check the GOS online help documentation here and the GOS FAQ here.

Before using the functionality delivered with SAP note 1851646 please make sure that the prerequisites regarding: SAP BASIS Support Package, Kernel and SAP GUI version and patch levels are fulfilled from SAP note 1415647.

The code corrections delivered with 1851646 are created for older SAP BASIS Support Package levels too due to sustainability and code maintenance reasons. This doesn't mean, that the functionality can be used without fulfilling the requirements of note 1415647.

(If dump raised in class CL_GOS_STARTER implement SAP note 1892609 too.)

Upgrading a kernel was an easy move. But the growing complexity of SAP-systems, makes an
upgrade of the kernel more difficult than it was in the past.


I was motivated to change the kernel by the PAM on the SAP service marketplace. I checked the "lifetime" of the kernel by:





searching my sap product


Hmm bad news A System without supported kernel? No way !

I needed a new kernel and the newest was 7.21 EXT I looked at the PAM and found:


In order to be able to do the kernel upgrade in a proper way, I searched for the necessary
notes. I found 3 essential notes for the kernel upgrade.


Note 1716826 - Usage of the downward compatible kernel 721 (EXT)

Note 1728283 - SAP Kernel 721: General Information

Note 1713986 - Installation of kernel 721 (EXT)


Now I had all the information I needed. The next task was to download the new kernel. -> Support Packages and Patches -> A - Z Index -> ....


And now a little happy question time:

Question: When I search the kernel for a SAP PI 7.1 EHP 1 system, where do I have to search?

1. S for SAP?

2. P for PI?

3. Z for Zorro?

Answer: No,  it's N for Netweaver -> 1 hour lost for the answer of this question -> Support Packages and Patches -> A - Z Index -> SAP NETWEAVER PI 7.1X -> SAP EHP1 FOR SAP NW PI 7.1 -> Entry by Component -> Application Server ABAP


I downloaded the following archives:


SAPCAR_315-20010445.EXE                 SAPCAR
DBATL720O10_31-20006704.SAR             DBATOOLS Package for Oracle 10g and 11g
SAPEXE_100-10011322.SAR                 Kernel Part I (database independent)
SAPEXEDB_100-10011323.SAR               Kernel Part II (database specific)
igsexe_5-20007786.sar                   Internet Graphic Server (IGS)
igshelper_3-10010245.sar                IGS Helper
sapwebdisp_421-20008606.sar             SAP Webdispatcher
SAPCRYPTOLIB_34-10010842.SAR            SAP Kryptolib
SAPHOSTAGENT147_147-20005726.SAR        SAPhostagent 7.20



After analyzing the 3 notes, I identified the next tasks:


1. ) check Note 1610716 - Correcting runtime objects with incorrect alignment
2.) update SAPJVM 5.1.047 to 5.1.084
3.) implement the latest SBP (SAP bundle patch)
4.) Upgrade the kernel


ok 4 tasks to do. Let's do it:


Task 1: check Note 1610716 - Correcting runtime objects with incorrect alignment


I had to implement Note 1610716 with the transaction SNOTE and I got the report RUT_NOTE_1610716. I started the report first with option check and after that with option repair. It ran several minutes. Task was done.


Task 2:  update SAPJVM 5.1.047 to 5.1.084

Ok, now I need to search all relevant notes for patching a SAPJVM. I found:

1683392 - SAP JVM 5.1 Patch-Collection 58 (Build 5.1.074)
1434916 - How to find out the SAP JVM build version
1367498 - Installationsvoraussetzungen für SAP JVM
1025085 - How to manually patch the SAPJVM
1133020 - Importieren eines SAP-JVM-Patchs in Application Server Java


With note 1434916 I was able to identify the SAPJVM-Version. I was not able to identify the version of sapjvm on the system information page:( In my opinion the system information page of NW 7.0 is much better than on NW 7.1! The system information page of NW 7.0 is more simple, but the information is well-arranged.

Note 1025085 states:
"Patching the SAP JVM on an SAP NetWeaver system is only supported using the Software Update Manager (SUM) or the Java Support Package Manager (JSPM)."
I chose the JSPM.

After patching sapjvm I started the system and... it started without any error and... no java page could be displayed

I posted my problem and a guru (big thanx to Reagan Benjamin) found the solution see: (No http page available after upgrade of SAPJVM)
After implementing Note 1625051 - "Wily Introscope agent: IllegalAccessError" the system runs fine again

ok next step:




Task 3) implement the latest SBP (SAP bundle patch)

Where can I find the SBP? -> Database and Database Patches (from other vendors) -> Oracle -> Oracle Patches

a) Checks
orasid> cd /oracle/SID/11203; bdf .
orasid> cd /oracle/stage/11203/database/SAP; bdf .
both filesystems should be 1GB free


b) Patche Opatch and MOPatch
orasid> setenv IHRDBMS /oracle/SID/11203; setenv OHRDBMS /oracle/SID/112_64; setenv ORACLE_HOME /oracle/SID/11203
orasid> cd /oracle/stage/11203/database/SAP
orasid> cp -p /inst_cd_sap/IA64/Oracle110203/updates/SAP_112035_201303/ .
orasid> unzip -qd $IHRDBMS/sapbundle 'SBP_112035_201303/OPatch/*'
orasid> mv $IHRDBMS/OPatch $IHRDBMS/OPatch-pre-SBP_112035_201303
orasid> mv $IHRDBMS/sapbundle/SBP_112035_201303/OPatch $IHRDBMS/OPatch
orasid> unzip -qd $IHRDBMS/sapbundle 'SBP_112035_201303/MOPatch/*'
orasid> test -d $IHRDBMS/MOPatch && mv $IHRDBMS/MOPatch $IHRDBMS/MOPatch-pre-SBP_112035_201303
orasid> mv $IHRDBMS/sapbundle/SBP_112035_201303/MOPatch $IHRDBMS/MOPatch

orasid> $ORACLE_HOME/OPatch/opatch version


  orasid> $ORACLE_HOME/MOPatch/ -h



The following versinos should be displayed:
OPatch version
MOPatch version 2.1.13


c) stop the system
sidadm> stopsap
orasid> lsnrctl stop
orasid> ps -efax | grep ora
no ora process should run!


d) install SBP

orasid> setenv ORACLE_HOME /oracle/SID/11203
orasid> cd /oracle/stage/11203/database/SAP
orasid> /bin/sh $ORACLE_HOME/MOPatch/ -v -s


orasid> lsnrctl start


<open a new session>
oraSID> sqlplus "/as sysdba"
SQL> startup


<old session>
oraSID> cd $OHRDBMS/rdbms/admin
oraSID> env ORACLE_HOME=$OHRDBMS $OHRDBMS/bin/sqlplus "/as sysdba"

SQL> @?/sapbundle/SBP_112035_201303/catsbp.sql


Hmmmm, INCOMPLETE. This is a word sap administrators don't like! After reading Note 1509324 I did as it was recommended in the note.

SQL> select action_time from registry$history group by action_time having count(*) > 1;

If rows appear then read OSS-Note: 1508602.


no rows, great.

SQL> @?/rdbms/admin/utlrp.sql;



SQL> shutdown

SQL> startup

SQL> @?/sapbundle/SBP_112035_201303/catsbp.sql


No errors and two COMPLETEs. That was good.

I had to set two parameters ->


     '10995 level 2',
     '38068 level 100',
     '44951 level 1024'

SQL> shutdown immediate
SQL> startup
SQL> shutdown immediate
SBP is installed, Task done!


Task 4: Upgrade the kernel


This is not as easy as it was in the good old days! Now you have to do some more steps. In the good old  days (when SAP ERP was R/3) you patched the system between 12:00 and 12:30 when users were at lunch! (Is it lunch or dinner? Hmm I don't know. Please excuse my bad English!) But today you have to do it on weekend.

So let's start.


Step 1: saphostagent upgrade


root> cd /tmp

root> mkdir saphostagent; cd saphostagent

root> /sapmnt/SID/SAPCAR -xvf /inst_cd_sap/IA64/kernel/PI_721_EXT_100/SAPHOSTAGENT147_147-20005726.SAR

root> ./saphostexec -upgrade




Step 2: stop the system


Stopping the saphostagent:
root> /usr/sap/hostctrl/exe/saphostexec -stop
root> /usr/sap/hostctrl/exe/saposcol -k



Stopping the sapwebdisp:

<user of sapwebdisp> stopsap all W90


Stopping sapstartsrv:


sidadm> sapcontrol -nr <Systemnummer Instanz z.B. 00> -prot NI_HTTP -function StopService;

sidadm> sapcontrol -nr <Systemnummer ASCS> -prot NI_HTTP -function StopService;

sidadm> sapcontrol -nr <Systemnummer SCS> -prot NI_HTTP -function StopService;

sidadm> sapcontrol -nr <Systemnummer ERS> -prot NI_HTTP -function StopService;


Deregister and stop CCMS-Agenten:


sidadm> cd /usr/sap/SID/SYS/exe/run/
sidadm> ./sapccm4x -u pf=/usr/sap/SID/SYS/profile/SID_DVEBMGS<Sy.Nr.>_<host>
sidadm> ./ccmsping -u pf=/usr/sap/SID/SYS/profile/SID_DVEBMGS<Sy.Nr.>_<host> -push -n<Sy.Nr>


stop Diagnosticagent
<D-Agentuser> stopsap SMDA90




Step 3: Clear shared memory


sidadm> /usr/sap/SID/SYS/exe/run/showipc all
Shows all shared memorys of all systems.


sidadm> /usr/sap/SID/SYS/exe/run/cleanipc <SystemNrIPC> remove
Now check for open shared memory segments. There should be no segment
sidadm> /usr/sap/SID/SYS/exe/run/showipc all



Step 4: get SAPCAR


sidadm> mkdir /tmp/sapcar
sidadm> cd /tmp/sapcar
sidadm> SAPCAR -xfv /<directory of sar-files>/SAPEXE_100-10011322.SAR
sidadm> cp SAPCAR /sapmnt/SID/


Step 5: removing the old kernel


root> cd /usr/sap/SID/SYS/exe/run/
root> rm -rf *


Step 6: implement the new kernel


sidadm> cd /usr/sap/SID/SYS/exe/run/
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/SAPEXE_100-10011322.SAR
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/SAPEXEDB_100-10011323.SAR
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/DBATL720O10_31-20006704.SAR
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/igsexe_5-20007786.sar



Step 7: implement sapcryprtolib


sidadm> mkdir /tmp/sapcrypto
sidadm> cd /tmp/sapcrypto
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/SAPCRYPTOLIB_34-10010842.SAR
sidadm> cp -p hpia64-11.31-64/* /usr/sap/SID/SYS/exe/run/
sidadm> cp -p hpia64-11.31-64/ticket /usr/sap/SID/DVEBMGS<Sy.Nr>/sec


Step 8: start saproot


root> cd /usr/sap/SID/SYS/exe/run/
root> ./ SID



Step 9: install igshelper

sidadm> cd /usr/sap/SID/DVEBMGS<Sy.Nr.>; mv igs igs_old;
sidadm> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/igshelper_3-10010245.sar



Step 10: new kernel for sapwebdisp


<user of sapwebdisp> cd /usr/sap/SWP_SID/SYS/exe/run
<user of sapwebdisp> rm -rf *
<user of sapwebdisp> /sapmnt/SID/SAPCAR -xfv /<directory of sar-files>/sapwebdisp_421-20008606.sar



Step 11: delete the exe-directories of all instances

root> cd /usr/sap/SID/DVEBMGS<Sy.Nr. of instance>/exe
root> rm -rf *

root> cd /usr/sap/SID/ASCS<Sy.Nr. of ASCS>/exe
root> rm -rf *

root> cd /usr/sap/SID/SCS<Sy.Nr. of SCS/exe
root> rm -rf *

root> cd /usr/sap/SID/ERS<Sy.Nr.of ERS>/exe
root> rm -rf *



Step 12: execute SAPCPE

It is recommended by sap to start sapcpe for every instance. Be aware to use the scs.lst file for the central services and the ERS!

For the central instance:

sidadm> cd /usr/sap/SID/DVEBMGS<Sy.Nr. instance>/work
sidadm> sapcpe pf=/usr/sap/SID/SYS/profile/SID_DVEBMGS<Sy.Nr. instance>_<host>


For the central services:

sidadm> cd /usr/sap/SID/SCS<Sy.Nr. SCS>/work
sidadm> sapcpe pf=/usr/sap/SID/SYS/profile/SID_SCS<Sy.Nr. SCS>_<host> list:/usr/sap/SID/SYS/exe/run/scs.lst

sidadm> cd /usr/sap/SID/ASCS<Sy.Nr. ASCS>/work
sidadm> sapcpe pf=/usr/sap/SID/SYS/profile/SID_ASCS<Sy.Nr. ASCS>_<host> list:/usr/sap/SID/SYS/exe/run/scs.lst


And for the Enhanced Replication Services (I only show it for one ERS because I'm too lazy;))

sidadm> cd /usr/sap/SID/ERS<Sy.Nr. ERS>/work
sidadm> sapcpe pf=/usr/sap/SID/SYS/profile/SID_ERS<Sy.Nr. ERS>_<host> list:/usr/sap/SID/SYS/exe/run/scs.lst


Last but not least the jvm needs it's binaries too:

sidadm> sapcpe /usr/sap/SID/SYS/profile/SID_DVEBMGS<Sy.Nr. instance>_<host> source:/sapmnt/SID/exe/jvm/hpia64/sapjvm_5.1.084 list:/sapmnt/SID/exe/jvm/hpia64/sapjvm_5.1.084/sapjvm_5.lst


Step 12:  post activities

Enter line 
rslg/new_layout = 9
in file /usr/sap/SIS/SYS/profile/DEFAULT.PFL
Then you have to delete the files of the syslog.



Final Step (13):  startsap

Puhhh 13 steps…I entered


sidam> startsap


Sometimes startsap is a liar, so verified it:


sidadm> ps -efax | grep sap


ok. ABAP was running, but J2EE is a diva. I took a look at the dev_server0 and…


Thanx god java (the beast) is up and running


That was my adventure kernel patching a PI system. Finally I leaved the office and tried to relax at the rest of Sunday .


Best regards

Willi Eimler

ICM is the web server for NetWeaver Java >= 7.1. Request directed to the NetWeaver server pass first through ICM. ICM therefore is an additional layer between your application and the end user. From time to time a change to the ICM configuration may be needed to adjust the parameters or enable new access methods.


As an example, the access to port 50008 shall serve to show how to configure ICM and make the change effective.


In a default configuration, access to port 50008 is not enabled. The telnet port itself is active on NW AS Java, but not reachable for external request:


ICM configuration


To be able to reach port 50008, ICM needs to be configured to allow remote access to this port. To achieve this, just add the telnet port in the ICM configuration file.

  • File location: /usr/sap/<INST>/SYS/prfiles/<SYS>_J00_<name>
  • Parameter: icm/server_port_3 = PROT=TELNET,PORT=50008



To make this change effective, ICM needs to be restarted. This is done using jsmon with the correct profile as parameter:


jmson pf=/usr/sap/<INST>/SYS/profile/<INST>_J00_<name>


The process related task explains how to restart ICM.


The command is: process restart <idx>. To get the ID of ICM, take a look at the process list. Issue the command: process view


The ID for ICM is 1 and the current state is running. To trigger a restart: process restart 1


Now the new configuration is effective and the telnet server of NW Java can be accessed.


Why does ICM not re-read the configuration when it was changed and applies the change on the fly? Don't ask me why SAP enforces a shutdown for a parameter change. Even worse that ICM is in front of your NetWeaver, so all current HTTP connections get lost and the end-user gets an error message. Hopefully the connection is only for a few seconds down, so the session data should still be valid and the users can continue with their work.




Why use psmon


Do not kill and restart the process like this:


Find the process ID.


Kill the icman process: kill -9 <processed>.


Then restart the process with the above shown parameters.


This will result in a 503 error message from ICM


SAP note 1772839 (Potential disclosure of persisted data in BC-SRV-ADR), which is a prerequisite note for note 1884563 (Incorrect check for city field) will be released only on the next patch date (13.08.2013).


SAP note 1884563 is a correction for the error message AM560, which will be raised, when a city name is entered, that contains a period "." or brackets "(" and ")".

Do you know what the availability is for a single EC2 instance on AWS?

The availability is shown as 99,95%, but it is not guaranteed! That doesn’t sound good, but I will explain why this does not have to be an issue.


AWS delivers the tools and infrastructure so cheap that you can easily build a high available solution. You only have to remember that also for non-production SAP systems you need to create a basic high available solution.


For the non-production systems we can build a cheap high available solution based on an initial image and backup. After both SAP and the database is installed and the configuration is done you create an initial image called an Amazon Machine Image (AMI). This AMI can be stored in a different Availability Zone (this is a different datacenter in the same region) or even on a totally different Region. With this image you have a new instance up-and-running within 5 minutes. Besides this of course we need a restore of the data to be up-to-date. When you store your backups and archivelogs on AWS S3, it is automatically saved in multiple Availability Zones and the durability is 99,999999999%. So with this you have the cheapest solution for your non-production SAP systems.


For production systems lots of high available solution are possible, just like there are when you place your systems on-premise. The solution depends for example on the database vendor. But for production systems everyone is already aware. I just wanted to point out the risk and possible solution for the non-production systems.


Below is an example of a simple SAP architecture where the production system has a high available solution based on database replication to a second Availability Zone. For security reasons we use different subnets and different Security Groups (firewalls). The non-production systems are shown in one single Availability Zone, but we know to place the AMI’s and backups in the second Availability Zone. To be even more safe, you can not only use a second Availability Zone but even place it on another region. But this is more expensive and you have to think about laws and regulations for your data.

AWS SAP Architecture v0.1.jpg

Best regards,


One of the most sought after topic for a BASIS guy is to troubleshoot startup problems. Below is the list of some basic startup problems with solution. I am sure you will be find it very useful.



SAP System startup Problems:

Two places you need to check: Event Viewer (Application and System logs) and the SAP Management Console (MMC). Event Viewer can provide useful information and it may help you pinpoint where the problem resides. The SAP MMC gives you the ability to visually see the system status (green, yellow or red lights), view the work processes status and view the developer traces, which are stored in the "work" directory. Example: /usr/sap/TST/DVEBMGS00/work.

For a central SAP instance to start successfully, both the message server and the dispatcher need to start. If one of them or both fail to start, users cannot log in to the system. The following scenarios will illustrate possible causes of why an SAP instance might not start and the reason of the message:


Developer Traces:
dev_disp Dispatcher developer trace
dev_ms Message Server developer trace
dev_wp0 Work process 0 developer trace



The "services" file, which contains TCP and UDP services and their respective port numbers. This plain-text configuration file is located under winnt/system32/drivers/etc.Windows Task Manager (TASKMGR.exe), Event Viewer (EVENTVWR.exe).

Dispatcher Monitor (DPMON.exe), which is located under /usr/sap//sys/exe/run. Database logs.


1. Dispatcher does not start due to a port conflict

No work processes (disp+work.exe) exist in Task Manager.

Dispatcher shows status "stopped" in the SAP MMC.

Errors found in "dev_disp":

LOG Q0I=> NiPBind: bind (10048: WSAEADDRINUSE: Address already in use) [ninti.c 1488]
*** ERROR => NiIBind: service sapdp00 in use [nixxi.c 3936]
*** ERROR => NiIDgBind: NiBind (rc=-4) [nixxi.c 3505]
*** ERROR => DpCommInit: NiDgBind [dpxxdisp.c 7326]
*** DP_FATAL_ERROR => DpSapEnvInit: DpCommInit

Problem Analysis
I highlighted the keywords in the error messages above: Address already in use Service sapdp00 in use The TCP port number assigned in the "services" file is being occupied by another application. Due to the conflict, the dispatcher shuts down.

If your server has a firewall client, disable it and attempt to start the SAP instance again.
If the instance starts successfully you can enable the client firewall back again.
If there is no firewall client at all, or if disabling it did not resolve the problem, edit the "services" file and check what port the appropriate "sapdp" is using.
If the instance number is 00, look for sapdp00. If the instance number is 01 look for sapdp01 and so on. You can use the following OS command to help you resolve port conflicts:
netstat -p TCP There are also utilities on the Internet that can help you list all the TCP and UDP ports a system is using.

2: Dispatcher dies due to a database connection problem

No database connections.No work processes


SAP MMC -> WP Table shows all processes as "ended".

   Errors found in "dev_disp":
C setuser 'tst' failed -- connect terminated
C failed to establish conn. 0
M ***LOG R19=> tskh_init, db_connect (DB-Connect 000256) [thxxhead.c 1102]
M in_ThErrHandle: 1
M *** ERROR => tskh_init: db_connect (step 1, th_errno 13, action 3, level 1) [thxxhead.c 8437]
*** ERROR => W0 (pid 2460) died [dpxxdisp.c 11651]
*** ERROR => W1 (pid 2468) died [dpxxdisp.c 11651]
*** ERROR => W2 (pid 2476) died [dpxxdisp.c 11651]. . .
*** ERROR => W11 (pid 2552) died [dpxxdisp.c 11651]
*** ERROR => W12 (pid 2592) died [dpxxdisp.c 11651]
my types changed after wp death/restart 0xbf --> 0x80
*** DP_FATAL_ERROR => DpEnvCheck: no more work processes
DpModState: change server state from STARTING to SHUTDOWN

Problem Analysis
A connection to the database could not be established because either the SQL login specified in parameter "dbs/mss/schema" is set incorrectly or the SQL login was deleted from the database server. This parameter needs to be set in the DEFAULT.pfl system profile (under /usr/sap//sys/profile). In the messages above, we see that the SQL login 'tst' is expected but it does not exist at the database level.

Set the entry to the appropriate database owner. If the system is based on Basis <= 4.6 or if the system was upgraded from 4.x to 4.7 the database owner should be "dbo". But, if the system was installed from scratch and it's based on the Web AS 6.x the database owner should match the SID name in lower case. Example: if the SID is TST then the database owner should be "tst". If the parameter is set correctly in the DEFAULT.pfl profile check at the database level if the SQL login exists. If it doesn't, create it and give it database ownership to the .


3: SAP does not start at all: no message server and no dispatcher

The message server and the dispatcher do not start at all in the SAP MMC. The following error when trying to view the developer traces within the SAP MMC: The network path was not found. No new developer traces written to disk (under the "work" directory.)

Problem Analysis
The network shares "saploc" and "sapmnt" do not exist. That explains the "network path not found" message when attempting to view the developer traces within the SAP MMC.

Re-create the "saploc" and "sapmnt" network shares. Both need to be created on the /usr/sap directory

4: Users get "No logon possible" messages

Work processes start but no logins are possible.

Users get the login screen but the system does not log them in. Instead, they get this error: No logon possible (no hw ID received by mssg server).

In the SAP MMC, the message server (msg_server.exe) shows status "stopped".

The dev_ms file reports these errors:
[Thr 2548] *** ERROR => MsCommInit: NiBufListen(sapmsTST) (rc=NIESERV_UNKNOWN) [msxxserv.c 8163]
[Thr 2548] *** ERROR => MsSInit: MsSCommInit [msxxserv.c 1561]
[Thr 2548] *** ERROR => main: MsSInit [msxxserv.c 5023]
[Thr 2548] ***LOG Q02=> MsSHalt, MSStop (Msg Server 2900) [msxxserv.c 5078]

Problem Analysis
Work processes were able to start but the message server was not. The reason is because the "services" file is missing the SAP System Message Port entry. Example: SAPmsTST 3600/tcp

Edit the "services" file and add the entry. Then, re-start the instance. Make sure you specify the appropriate TCP port (e.g. 3600) for the message server.

5: The message server starts but the dispatcher doesn't

The dispatcher shows status "stopped" in the SAP MMC.

The "dev_disp" file shows these errors:
***LOG Q0A=> NiIServToNo, service_unknown (sapdp00) [nixxi.c 2580]
*** ERROR => DpCommInit: NiDgBind [dpxxdisp.c 7326]
*** DP_FATAL_ERROR => DpSapEnvInit: DpCommInit

Problem Analysis
The keyword in the messages above is "service unknown" followed by the entry name "sapdp00". The dispatcher entry "sapdp00" is missing in the "services" file. Example: sapdp00 3200/tcp

Add the necessary entry in the "services" file. Example: sapdp00 3200/tcp Then, re-start the instance.

6: Work processes die soon after they start

All work processes die right after the instance is started.

The SAP MMC shows work processes with status "ended".

Only one work process shows status "wait".

An ABAP dump saying "PXA_NO_SHARED_MEMORY" is generated as soon as a user logs in.

The SAP MMC Syslog shows the following error multiple times: "SAP-Basis System: Shared Memory for PXA buffer not available".

Problem Analysis
The instance profile contains mis configured memory-related parameters. Most likely the "abap/buffersize" instance profile parameter is set to high.

Edit the instance system profile at the OS level under /usr/sap//sys/profile and lower the value assigned to "abap/buffersize". Then, restart the instance. Also, it's important to find out if any other memory parameter were changed. If not, the system should start once the adequate memory allocation has been set to the the "abap/buffersize" parameter.




Happy Reading 



Thanks ,

Muhammad Siddique


Lets say you have a JAVA application server (EP or just Java app) connected to it's DB, and now you need to transfer the

DB to a different server (For consolidation purposes, hardware change, etc.)

The DBA exported the entire DB to a different server and gave you the new server name and DB port.


These are the steps* you need to do in order to connect your JAVA app server to the new DB:


* The backup of folders and files is only for reverting back in case it is needed



1. Create a backup of the entire profile folder by copying <drive>:\usr\sap\<SID>\sys\profile and renaming the copied folder to Profile_ORIG

2. In the original Profile folder go to oracle folder, edit tnsnames.ora file and replace the HOST with the remote DB Hostname and PORT with the remote port. (Details should be provided by DBA) SAVE.

3. In the original Profile folder edit DEFAULT.PFL file and replace SAPDBHOST = <REMOTE_DB_HOSTNAME> j2ee/dbhost = <REMOTE_DB_HOSTNAME>

4. Create a backup of the entire security folder by copying <drive>:\usr\sap\<SID>\SYS\global\security and renaming the copied folder to security_ORIG

5. Run configtool.bat from <drive>:\usr\sap\<SID>\JC##\j2ee\configtool

6. In the left pane select secure store

7. In the right pane, click on the line jdbc/pool/SID/Url

In the bottom edit the value "jdbc:oracle:thin:@<HOSTNAME>:<PORT>:<SID>" with the new server & port details ---> Press ADD !

8. Click on "Apply Changes" on the upper left corner

9. Click on "file" ----> "Reencrypt Secure Content"

10. Click on "Apply Changes" on the upper left corner (just to be on the safe side)

11. Exit the configtool.

12. Restart the JAVA app using MMC


If all is well - the JAVA app server will be connected to the new DB.


Important notes:


1. Troubleshoot problems after the DB change by inspecting dev_w0 log file in the work directory.

2. If the JAVA app server is a virutal machine - take a snapshot before you change anything. Reverting back is much easier this way.

3. After system copy / DB export the WebDynpro JCo's must be manually recreated. Refer to note 899144 for further details







Filter Blog

By author:
By date:
By tag: