cancel
Showing results for 
Search instead for 
Did you mean: 

SAPRouter problem ERROR: sapserv2a: route permission denied

Former Member
0 Kudos

Hello Gurus,

we have a problem with connection with SAPOSS, when we test the connection present the following message:

Connection Error

Error when opening an RFC connection

ERROR: sapserv2a: route permission denied (200.30.70.220 to oss001, sapmsOSS)

LOCATION: SAProuter 37.15 on sapserv2a

COMPONENT: NI (network interface)

COUNTER: 5

MODULE:

LINE:

RETURN CODE: -93

SUBRC: 0

RELEASE: 640

TIME: Fri Apr 11 23:54:16 2008

VERSION: 37

-


In the Tx OSS1 we have:

saprouter1

name: server name where saprouter is installed

IP address: LAN IP address where saprouter is installed (is locally intalled)

Instance no. 99

Saprouter at SAP

Name sapserv2

IP Address 194.39.131.34 (ping to this IP response)

instance 99

name oss001

db name o01

instance 01

-


In Tx ST11, dev_lg log file contains:

RSTR0006: Display Developer Traces

trc file: "dev_lg", trc level: 1, release: "700"

[Thr 4780] Fri Apr 11 16:41:16 2008

[Thr 4780] *** ERROR => NiBufIProcMsg: hdl 0 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp 2125]

[Thr 4780] *** ERROR => MsINiWrite: NiBufSend (rc=NIEROUT_INTERN) [msxxi.c 2480]

[Thr 4780] *** ERROR => MsIAttachEx: MsINiWrite (rc=NIEROUT_INTERN) [msxxi.c 734]

[Thr 4780] *** ERROR => LgIAttach: MsAttach (rc=NIEROUT_INTERN) [lgxx.c 3980]

[Thr 4780] *** ERROR => LgApplSrvInfo: LgIAttach(rc=LGEMSLAYER) [lgxx.c 1272]

[Thr 4780]

*****************************************************************************

*

[Thr 4780] * LOCATION SAProuter 37.15 on sapserv2a

[Thr 4780] * ERROR sapserv2a: route permission denied (200.30.70.220 to oss001,

  • sapmsO01)

[Thr 4780] *

  • TIME Fri Apr 11 23:32:17 2008

[Thr 4780] * RELEASE 640

[Thr 4780] * COMPONENT NI (network interface)

[Thr 4780] * VERSION 37

[Thr 4780] * RC -93

[Thr 4780] * COUNTER 3

[Thr 4780] *

[Thr 4780] *****************************************************************************

-


dev_rout file in /usr/sap/saprouter contains:

-


trc file: "dev_rout", trc level: 1, release: "700"

-


Fri Apr 11 17:02:21 2008

SAP Network Interface Router, Version 38.10

command line arg 0: saprouter

command line arg 1: -r

command line arg 2: -R

command line arg 3: ./saprouttab

main: pid = 5504, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)

reading routtab: './saprouttab'

Fri Apr 11 17:02:36 2008

      • ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2125]

Fri Apr 11 17:03:15 2008

      • ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2125]

Thanks,

HEPC

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member

the problem was the saprouter file, add the correct stings to connect to SAP

Former Member
0 Kudos

Hi Hernando,

I am also facing the same problem.

Can you please let me know what do you mean by correct settingin saprouttab file.

What are the settings that you have set.

Please suggest me.

thank you

Suresh Kumar

Former Member
0 Kudos

Hi, I think that is not a problem of route table, i think that your user S000XXXXX has no privileges, talk with your basis consultant and ask him about it.-

Former Member
0 Kudos

Is the error resolved, If yes pls let us know

What version SAP router

Pls provide the command used to install sap router

& pls provide start command used to start the SAP router service.

& dev_rout.log after start up.

Former Member
0 Kudos

Hi Hernando,

I am also facing the same problem.

Can you please let me know what do you mean by correct settingin saprouttab file.

What are the settings that you have set.

Please suggest me.

thank you

Kaushik

Former Member
0 Kudos

Hi Kaushik,

make following entries into ur saprouttab file

#SNC-connection to SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

  1. SNC-connection from SAP to local R/3-System for Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <Your Public IP> 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <Your Public IP> 3389

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <Your Local IP> 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <Your Local IP> 3389

#Permission entries to check if the connection is allowed at all

P sapserv2 <Your Local IP> 3200

P sapserv2 <Your Public IP> 3200

P * sapserv2 3299

P * <Your Local IP> 3200

P * <Your Local IP> 3299

P * * *

Regards

Chandra

if its help u award points

Former Member
0 Kudos

Hello Kaushik,

the problem was solved adding the following line in the saprouttab file, this line must be the firts line in the file:

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

the file continue with:

  1. inbound connections MUST use SNC

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3299

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3299

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3200

  1. outbound connections to <sapserv2> will use SNC

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server with saprouter> 3299

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299

  1. permission entries to check if connection is allowed at all

P <IP server 1> 194.39.131.34 *

P <IP server 2> 194.39.131.34 *

I hope this solve your problem,

Hernando Polania

Colombia

Former Member
0 Kudos

Dear Hernando Polania Cadena,

I face the same problem, in the last your reply in this topic, what do you mean <IP Server1>, <IP Server 2>?

That mean <IP server with saprouter>, right?

Please help me,

Thanks.

Former Member
0 Kudos

Hi Hernando Polania Cadena,

Could you tell me what do <IP server 1>, <IP server 2> and < IP server with saprouter> stand for? Do they are <public IP > and <local IP> as Chandra B. posted in above reply ?

Thanks for your concern.

Former Member
0 Kudos

hello, the <IP server 1>, <IP server 2> were my IP local and public addresses. I couldn't publish my real IP for security.

the solution was solved adding the following line in the saprouttab file, this line must be the firts line in the saprouttab file:

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

Hope this help

Hernando

Former Member
0 Kudos

This worked for me, thanks!

Diggeshhjoshi
Contributor
0 Kudos

Worked for me too.

Former Member
0 Kudos

I was with same problem, I could not open the HTTP connection to access SAP.

Add the * after the IP 194.39.131.34, I solved my problem.

The line looked like this:

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

Saved my life.

Former Member
0 Kudos

Hi,

Add this entry in our saprouttab file.

P * 194.39.131.34 3299

Save saprouttab without any extension. Hope this will solve your issue, bcoz I have faced it

Regards,

Nageshwar

Former Member
0 Kudos

Hello, my saprouter file contain a minimal configuration:

  1. Allows connections from the entire customer network to sapservX

  2. and therefore to the Online Service System via SAProuter port 3299.

P * sapserv2 sapdp99 *

  1. Allows connections from sapserv3 to the entire customer network,

  2. for example for EarlyWatch or First Level Support.

P sapserv2 * * *

P * 194.39.131.34 3299

in saprouttab we must define the hostname file?like hosts file (my OS is Win 2003 server)

in dev_rout file=

Sat Apr 12 10:49:16 2008

      • ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2125]

The connection test in Tx SM59 does not work

Thanks,

Hernando

Former Member
0 Kudos

Hi Hernando,

Did you defined the host name in your saprouttab file, on saprouter? Frequently this configuration missing by system administrators.

Best regards,

Orkun Gedik

Former Member
0 Kudos

Hello, my saprouter file contain a minimal configuration:

1. Allows connections from the entire customer network to sapservX

2. and therefore to the Online Service System via SAProuter port 3299.

P * sapserv2 sapdp99 *

1. Allows connections from sapserv3 to the entire customer network,

2. for example for EarlyWatch or First Level Support.

P sapserv2 * * *

P * 194.39.131.34 3299

in saprouttab we must define the hostname file?like hosts file (my OS is Win 2003 server)

in dev_rout file=

Sat Apr 12 10:49:16 2008

*

o

+ ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer http://nibuf.cpp 2125

The connection test in Tx SM59 does not work

Thanks,

Hernando

Former Member
0 Kudos

Hi Hernando Polania Cadena.

Are you read and provide -->

"Provide SAP with the data it needs to set up the connection between your SAProuter system and the SAP support server using the Remote Connection Data Sheet (SAP Note 0028976)." -->

http:
service.sap.com\~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700001656441997E

Also read about SNC -->

sapserv2: SNC encryption certificate: Internet (no FTP !)

for customers global --> Note 598265 - Different connection variants, sapservX list

Read in SAPROUTER documentation --> http:
service.sap.com\saprouter

Regards. Award if helpful.

Edited by: Sergo Beradze on Apr 14, 2008 10:18 AM

Former Member
0 Kudos

Hello Sergio, thansk for the info, now the SAPOSS RFC present this error

Error Details Name or password is incorrect

we delete the connection and recreate in Tx OSS1 but present the same error message

Thanks

Hernando