on 04-11-2008 11:13 PM
Hello Gurus,
we have a problem with connection with SAPOSS, when we test the connection present the following message:
Connection Error
Error when opening an RFC connection
ERROR: sapserv2a: route permission denied (200.30.70.220 to oss001, sapmsOSS)
LOCATION: SAProuter 37.15 on sapserv2a
COMPONENT: NI (network interface)
COUNTER: 5
MODULE:
LINE:
RETURN CODE: -93
SUBRC: 0
RELEASE: 640
TIME: Fri Apr 11 23:54:16 2008
VERSION: 37
-
In the Tx OSS1 we have:
saprouter1
name: server name where saprouter is installed
IP address: LAN IP address where saprouter is installed (is locally intalled)
Instance no. 99
Saprouter at SAP
Name sapserv2
IP Address 194.39.131.34 (ping to this IP response)
instance 99
name oss001
db name o01
instance 01
-
In Tx ST11, dev_lg log file contains:
RSTR0006: Display Developer Traces
trc file: "dev_lg", trc level: 1, release: "700"
[Thr 4780] Fri Apr 11 16:41:16 2008
[Thr 4780] *** ERROR => NiBufIProcMsg: hdl 0 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp 2125]
[Thr 4780] *** ERROR => MsINiWrite: NiBufSend (rc=NIEROUT_INTERN) [msxxi.c 2480]
[Thr 4780] *** ERROR => MsIAttachEx: MsINiWrite (rc=NIEROUT_INTERN) [msxxi.c 734]
[Thr 4780] *** ERROR => LgIAttach: MsAttach (rc=NIEROUT_INTERN) [lgxx.c 3980]
[Thr 4780] *** ERROR => LgApplSrvInfo: LgIAttach(rc=LGEMSLAYER) [lgxx.c 1272]
[Thr 4780]
*****************************************************************************
*
[Thr 4780] * LOCATION SAProuter 37.15 on sapserv2a
[Thr 4780] * ERROR sapserv2a: route permission denied (200.30.70.220 to oss001,
sapmsO01)
[Thr 4780] *
TIME Fri Apr 11 23:32:17 2008
[Thr 4780] * RELEASE 640
[Thr 4780] * COMPONENT NI (network interface)
[Thr 4780] * VERSION 37
[Thr 4780] * RC -93
[Thr 4780] * COUNTER 3
[Thr 4780] *
[Thr 4780] *****************************************************************************
-
dev_rout file in /usr/sap/saprouter contains:
-
trc file: "dev_rout", trc level: 1, release: "700"
-
Fri Apr 11 17:02:21 2008
SAP Network Interface Router, Version 38.10
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -R
command line arg 3: ./saprouttab
main: pid = 5504, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
Fri Apr 11 17:02:36 2008
ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2125]
Fri Apr 11 17:03:15 2008
ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2125]
Thanks,
HEPC
the problem was the saprouter file, add the correct stings to connect to SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is the error resolved, If yes pls let us know
What version SAP router
Pls provide the command used to install sap router
& pls provide start command used to start the SAP router service.
& dev_rout.log after start up.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Hernando,
I am also facing the same problem.
Can you please let me know what do you mean by correct settingin saprouttab file.
What are the settings that you have set.
Please suggest me.
thank you
Kaushik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kaushik,
make following entries into ur saprouttab file
#SNC-connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <Your Public IP> 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <Your Public IP> 3389
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <Your Local IP> 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <Your Local IP> 3389
#Permission entries to check if the connection is allowed at all
P sapserv2 <Your Local IP> 3200
P sapserv2 <Your Public IP> 3200
P * sapserv2 3299
P * <Your Local IP> 3200
P * <Your Local IP> 3299
P * * *
Regards
Chandra
if its help u award points
Hello Kaushik,
the problem was solved adding the following line in the saprouttab file, this line must be the firts line in the file:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
the file continue with:
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3200
outbound connections to <sapserv2> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server with saprouter> 3299
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
permission entries to check if connection is allowed at all
P <IP server 1> 194.39.131.34 *
P <IP server 2> 194.39.131.34 *
I hope this solve your problem,
Hernando Polania
Colombia
hello, the <IP server 1>, <IP server 2> were my IP local and public addresses. I couldn't publish my real IP for security.
the solution was solved adding the following line in the saprouttab file, this line must be the firts line in the saprouttab file:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
Hope this help
Hernando
Hi,
Add this entry in our saprouttab file.
P * 194.39.131.34 3299
Save saprouttab without any extension. Hope this will solve your issue, bcoz I have faced it
Regards,
Nageshwar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello, my saprouter file contain a minimal configuration:
Allows connections from the entire customer network to sapservX
and therefore to the Online Service System via SAProuter port 3299.
P * sapserv2 sapdp99 *
Allows connections from sapserv3 to the entire customer network,
for example for EarlyWatch or First Level Support.
P sapserv2 * * *
P * 194.39.131.34 3299
in saprouttab we must define the hostname file?like hosts file (my OS is Win 2003 server)
in dev_rout file=
Sat Apr 12 10:49:16 2008
ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp 2125]
The connection test in Tx SM59 does not work
Thanks,
Hernando
Hi Hernando,
Did you defined the host name in your saprouttab file, on saprouter? Frequently this configuration missing by system administrators.
Best regards,
Orkun Gedik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello, my saprouter file contain a minimal configuration:
1. Allows connections from the entire customer network to sapservX
2. and therefore to the Online Service System via SAProuter port 3299.
P * sapserv2 sapdp99 *
1. Allows connections from sapserv3 to the entire customer network,
2. for example for EarlyWatch or First Level Support.
P sapserv2 * * *
P * 194.39.131.34 3299
in saprouttab we must define the hostname file?like hosts file (my OS is Win 2003 server)
in dev_rout file=
Sat Apr 12 10:49:16 2008
*
o
+ ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer http://nibuf.cpp 2125
The connection test in Tx SM59 does not work
Thanks,
Hernando
Hi Hernando Polania Cadena.
Are you read and provide -->
"Provide SAP with the data it needs to set up the connection between your SAProuter system and the SAP support server using the Remote Connection Data Sheet (SAP Note 0028976)." -->
http:
service.sap.com\~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700001656441997E
Also read about SNC -->
sapserv2: SNC encryption certificate: Internet (no FTP !)
for customers global --> Note 598265 - Different connection variants, sapservX list
Read in SAPROUTER documentation --> http:
service.sap.com\saprouter
Regards. Award if helpful.
Edited by: Sergo Beradze on Apr 14, 2008 10:18 AM
User | Count |
---|---|
80 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.