Search This Blog

Thursday, February 20, 2020

Edit INTEGRATION_SERVER Business



This document allows us to understand the procedure of editing Integration server business in SAP PI/PO system.

Procedure:
Edit Business system INTEGRATION_SERVER_<SOURCE_SID> in the SLD and adjust to use the <TARGET_PI> technical system

Access the SLD in <TARGET_PI> and select Business systems


Locate the entry  INTEGRATION_SERVER_<SOURCE_SID>


Go to the small print screen and choose the integration tab


For the technical system line, click on Change

Change the system to <TARGET_PI> and select the correct client in <TARGET_PI>


Click on the save button


Fix the pipeline URL and the configuration URL to point to <TARGET_PI>.  don't make any changes to the Group to be updated by the PI Apps team

Click on the associate with XI button then click save


On the installed software tab, make sure that the installed checkbox for SAP Netweaver PI product is ticked and click on save




Restore the JAVA system connections and destinations as PI refresh post action



This procedure is one among the post refresh action of SAP PI/PO system.
It explains on the way to restore the Java system connections (JCO) and destinations post refresh.

Run the NWA and access “Jco RFC Destinations” (Menu path à Configuration Management--&gt; Connectivity--&gt; Jco RFC provider).

For every connection, set the configuration details from details taken before;


Delete all the Jco connections for the <SOURCE_PI> System (*_<SOURCE_SID>), replacing them with connections for <TARGET_PI>.


Access “SLD Data Supplier Destinations” (Netweaver admin: Configuration Management--&gt;Connectivity--&gt;Destinations). 

Update all connections with the data saved prior to the refresh.  Use the ping option to test each connection

Check the connections in the ABAP engine using transaction SMGW (Goto --&gt; Logged on Clients)

All connections should be for <TARGET_SID>



Change all spool servers to the new one

Spool server is the one in which all the network printers are assigned. it has to be reassigned in below cases.

system refresh
migrations
If spool server is changed

Below is the procedure to change the spool server assignment to new one.

Run Transaction SPAD and from the menu àutilities->for output devices->assign server.
Enter the following;
Output device *
Old spool server *
New spool server <click on the drop down box and select>
Display list

Reconfigure the transport system as post refresh task

Below procedure shows us on the way to re configure TMS within the refreshed system.

With user DDIC, logon to STMS Domain Controller in client 000 
Choose System Overview
Delete from the transport domain

Logon to 000 client with DDIC user
Run transaction STMS
Enter details as appropriate
Save

On STMS Domain Controller

Run transaction STMS again
Select and approve back into the transport system.

Choose System Overview – Select , Extras -> Distribute & Activate Configuration

Also, check and correct the transport routes

Now TMS configuration is prepared within the refreshed system.

Secure store Key Phrase

Below command is required to see secure store key phrase during Java export.
If we don’t have the key phrase, the export taken is of no use.
This is the most pre-requisite for Java migration (export/import) procedure.

Check the key phrase as follows;

Login to <SOURCE_PI> as user <s_sidadm>
cd <Global directory>

Execute below command from the global directory

/sltools/checkKeyPhrase.sh -f /security/data/SecStore.properties

Enter the phrase when prompted and you ought to get the message "The key phrase is correct." if you've got entered the right value

This will be essential during the system copy phase


Note: If Keyphrase is not correct, we need to solve it before exporting Java DB.



Tuesday, February 18, 2020

SAP Host agent auto upgrade procedure



We should maintain latest version of saphostagent in sap environment as solman gets the info from satellite systems wit the assistance of saphostagent.

This topic is to point out the feature to upgrade saphost agent automatically without manual intervention.
Only thing is we'd like to form sure the SAR file is downloaded and staged within the auto_upgrade directory.

Procedure to enable Auto-Upgrade feature for SAP Hostagent

SAP Hostagent has an auto upgrade feature which may be enabled as per note 1473974.


Please add the subsequent Parameters to SAP Hostagent Profile file for Linux (/usr/sap/hostctrl/exe/host_profile).


hostexec/autoupgrade_delay = 1440

DIR_NEW = //SAP/SAPHOSTAGENT/Linux/auto_upgrade

service/EnableRemoteDeployment = true

service/protectedwebmethods = NONE


1440 in hostexec/autoupgrade_delay is mentioned in minutes which translates to 24 hours (24*60 = 1440)


For Windows and HP-UX, use below paths present.

*DIR_NEW=//SAP/SAPHOSTAGENT/HP-UX/auto_upgrade

*DIR_NEW=//SAP/SAPHOSTAGENT/Windows/auto_upgrade


Note: Please restart Hostagent with below command for the parameters to require effect.


As root

Change to below dir

/usr/sap/hostcontrol/exe

./saphostexec -restart


If these parameters are activated, Hostagent automatically takes care of the upgrade by checking the trail mentioned in DIR_NEW and initiated an upgrade automatically when there's a replacement version available in this directory.



SAP GUI SNC Configuration

Below mentioned configuration is essential to enable the secure network communications (SNC) between SAP GUI and SAP ABAP systems.

Prerequisites:

Along with SAP BASIS related transcations, we'd like below additional transactions.

SNCCONFIG

SNCWIZARD


We also need below details

SAP System ID

Fully qualified message server hostname

Installation number

CommonCryptoLib version must be at least CommonCryptoLib 8.5.2.

snapshots of SAP instance, default profiles,SNCCONFIG and STRUST settings.

Transaction RZ10 > Import the most recent version of profiles

Take backup of profiles at OS level


Procedure:

Configure SNC

Transaction RZ10 > Import the newest version of profiles

Transaction SNCWIZARD


Continue

Copy and paste the details like  SNC identity parameter generated by the wizard here:

p:CN=, OU=, OU=SAP Web AS, O=SAP Trust Community, C=DE


Replace the parameter value with the subsequent format, per your client CA requirement:

p:CN=, OU=, L=, O=, SP=, C=, EMAIL=<email>


Please note:

The message server host is defined within the SAP Logon pad. 

The installation number, OU=, is unique to each SAP environment. 


Continue

Continue

Continue


If you are prompted to configure Kerberos Credentials, click on Skip.

Continue


Transaction STRUST opens in a separate window.

Expand folder and double-click on SNC SAPCryptolib

The self-signed SNC SAPCryptolib certificate created via SNCWIZARD earlier occurs here.

Click on to Create Certificate request

Select all and replica the certificate (without empty lines)

Paste in Notepad (without empty lines) and reserve it as “_SNC.csr”.
Exit transaction STRUST and return to SNCWIZARD

Complete

Request client signed certificate

Update DEFAULT.PFL

While expecting the signed certificate, update the subsequent parameters in DEFAULT.PFL.


Verify the file libsapcrypto.so exists on the OS level, in /usr/sap//SYS/exe/run directory.

Transaction RZ10

Parameter Required value

snc/gssapi_lib usr/sap//SYS/exe/run/libsapcrypto.so

spnego/enable 0

Save changes.

Need to restart SAP application once parameter changes are done.. 

Import client signed certificates (*.p7b file)

Double-click to open the *.p7b file


Expand certificates

It contains 3 certificates - Issuing, Root & Server.


All 3 certificates must be exported and combined in a single text file. Here is how …

Right click on the server certificate “<host>.<domain>.com” > All Tasks > Export in Base-64 encoded X.509 format, save each *.cer to your desktop location.


Next

Select “Base-64 encoded X.509 (.CER)” > Next

File name = Next

Finish

OK


Repeat an equivalent steps above to export "root" and "issuing" certificates

Close the certmgr screen.

Open each *.cer file with Notepad, combine all 3 certificates into 1 document , during this specific order - server, root and issuing.

Delete any extra empty lines or carriage returns.

Then, save as a text file. For example: __signed.txt



Login to SAP system

Execute transaction STRUST

Click on to switch to change mode


Expand folder and double-click on SNC SAPCryptolib

Under Own Certificate, select "Import certificate response"


Copy and insert the certificate chain - server, root & issuing, confirm there are not any empty lines at the start and end of the file.


Continue

SNC certificate is now signed.


Click on to save changes.


Restart SAP after succesful  SNC configuration, Update the GUI entry and test SNC connection.





BW on HANA migration procedure

BW on HANA important SAP links


Below Links are considerably useful to urge the complete information on preparation, execution and post processing. Please undergo the links and obtain an summary on BW on Hana migration.

















Tuesday, August 7, 2018

Connection to partner 'sapserver:sapdp00' broken (NIPING); WSAECONNRESET: Connection reset by peer

Below info is used for troubleshooting intermittent connection issues with in SAP system.
In general, intermittent connection loss occurs with below two reasons

1.      If there is a crash in the dispatcher process of the instance to which the client was connected.
2.      Network Problems (Firewall idle timeout, Black Hole Router, VPN, WAN problems)

For first case, if there is a crash with dispatcher process, This triggers a TCP package with an activated RST flag, which is sent to all connected communication partners and triggers the error message described above in the SAP GUI, among others. All connections will then automatically broken.

For second case, regarding network problems, we need to perform checks with NIPING which tests the performace of packet transmission in TCP layer.

NIPING generally checks the packet transmission in TCP layer of the network where all SAP transactions takes place.
we may not see any packet loss while we ping the servers from terminal and  vice-versa. but if you see errors in NIPING trace, you need to fix it based on the error. Mostly it will be of network issue and some times it may be due to OS.

To check the connectivity using NIPING tool, We need to start NIPING server at SAP level and trigger the NIPING packet transmission from the frontend terminal.

Use below commands

To do this test, it is required to start NIPING as a server in one host:
> niping -s -I 0 -T NIPING_SERVER_TRACE

In the remote host is is required to start NIPING as a client:
> niping -c -H <SAP HOST NAME> -X3 -B 10 -D 30 -T NIPING_CLIENT_TRACE

Also check dispatcher logs of all the application servers.

we need to get below details from the user
  • SAP GUI version and patch level
  • Windows version and patch level
  •  If they had done any upgrades at frontend like windows and sapgui
  •  If they are facing issue with any particular transactions or for every transactions
  •  If they are facing issue during particular time
  •  How are they connected to SAP system, using any VPN or direct client network
  •  Are they facing issue with SAP only or with any other applications are also crashing
  •  If they are using wired connection or wireless.



Tuesday, March 13, 2012

Incorrect SLD security role assignments after upgrade

If you experience SLD permission issues after an upgrade for users that worked fine before the upgrade, confirm that each one SLD roles are configured properly. This can be done in the following manner:

 1. Log on to http://:/useradmin of the AS Java hosting your SLD.

2. within the search criteria select the entry "Role" from the dropdown menu and enter "SAP_SLD_*" as a filter.

3. Perform the subsequent steps to see the configuration of every SLD role consistent with the small print within the attached Word document:

 a) Select a role.

 b) within the details pane, select tab strip "Assigned Actions".

 c) Compare the assigned actions with the list of actions defined in the Word document.

 d) If one or more actions are absent, click button "Modify" and add the missing actions.

 e) Save any changes you made.

 4. Log on to http://:/sld,

navigate to "Administration" - "Settings" and click on the button "Perform Role Mapping".

This will refresh the mapping of SLD UME roles to SLD user groups to make sure that this mapping is correct, too.

Friday, February 24, 2012

PI service users locked

PI service users comes default with the installation and exists along side the password within the client of Integration server and exchange profile.
They are utilized in the PI environment for dialog free communication between central components of Netweaver usage type PI and also between app servers and PI

Below are the roles assigned to them
Service User
Description
Assigned Role
PILSADMIN
User for the Change Management Server
SAP_XI_CMS_SERV_USER
PIREPUSER
User for the Enterprise Services Repository
SAP_XI_IR_SERV_USER_MAIN
PIDIRUSER
User for the Integration Directory
SAP_XI_ID_SERV_USER_MAIN
PILDUSER
User for the System Landscape Directory (SLD)
SAP_BC_AI_LANDSCAPE_DB_RFC
PIAPPLUSER
User for sender applications
SAP_XI_APPL_SERV_USER
PIRWBUSER
User for the Runtime Workbench
SAP_XI_RWB_SERV_USER_MAIN
PIAFUSER
User for the Advanced Adapter Engine
SAP_XI_AF_SERV_USER_MAIN
PIISUSER
User for the Integration Server
SAP_XI_IS_SERV_USER_MAIN
PIPPUSER
User for principal propagation
SAP_XI_APPL_SERV_USER

These users will be maintained in different connections and transactions. Inorder to change the passwords, we need to change them in all those connections and transactions.

There is a typical procedure to vary the passwords of those users provided by SAP.


We need to follow the procedure from below notes for changing the passwords supported your PI version.

999962 - PI 7.10 and higher: Change passwords of PI service users
2474153 - How to change passwords of PI service users in Java Only PI system
936093 - PI: Change to passwords of PI service users
721548 - XI 3.0: Changing the passwords of the XI service users



Thursday, February 23, 2012

Client deletion procedure

Client is a business unit in SAP system. we can see three standard clients which usually comes with the installation of SAP system. 000,001 and 066

066 is early watch client and now a days it's of no use as solman is mandatory.
So in such cases, we may have to delete the clients 066 and 001.
Below is the procedure for deleting client.

Client deletion through scc5

First log within the client you'd wish to delete with username as SAP* and password as pass if you're logging into that client for the primary time.

Use transaction code SCC5 and select the check box which says Delete entry from T000 and click on start immediately... you will get the prompt if you can continue, click continue and wait till it deletes the client.

 Once the client is deleted, login to 000 Client and issue the transaction code SCC4 to see if the deleted
client is listed within the list or not... If it's unlisted then you've got successfully deleted a client.

Client deletion through R3trans

1)logon to system as SAP Admin

2)goto /user/sap/trans/bin dir

3)use standard editor to create a control file
 with ctl ext(eg. delcli.ctl) with following text
 clientremove
 client=xxx
 select*

4) run the commnd on command field
 r3trans -w delcli.log -u1delcli.ctl

Notes regarding client deletion
Note 70643 - CC-TOPIC: Client Deletion (SCC5)
Note 35952 - Client deleted, space still filled in database


Friday, February 17, 2012

Reprocessing and Deletion of IDOC

IDOCs are Intermediate Documents which are used for the communication between two SAP systems which can be having the encoded data which SAP system only can read.

IDOCs will be getting transferred between SAP systems and will sometime fails due to the lack of resources or due to queue stuck etc.

In such situations, we'd like to reprocess the idocs. Below are the steps which shows us to re-process/flag the IDOCs in SAP system.

How to reprocess an Idoc:

1. Go to transaction BD87

2. Enter Idoc number, and make sure the dates are correct

3. Click the Execute button or press F8

4. To reprocess, select the Idoc status within the "IDOC in inbound processing" tree.

5. Click the Process button

6. the subsequent screen will give the status of the IDOC and wheter it processed sucessfully

How to flag an Idoc to be deleted:

1. Go to transaction BD87

2. Enter Idoc number, and make sure the dates are correct

3. Click the Execute button or press F8

4. To delete, select the Idoc status within the tree and click on EDIT -> RESTRICT AND PROCESS

5. Click the Execute button

6. Un-check the Bkgd Processing checkbox.

7. Click the Execute button

8. Click the Delete Flag button.