SAP Router Installation and configuration
2023-11-9 06:52:44 Author: blogs.sap.com(查看原文) 阅读量:5 收藏

We as Basis administrators are often tasked with setting up new SAPRouter during the migration of SAP workloads from on-pre to cloud. Recently I too was involved in such an activity and found the steps a bit all over the place but finally managed to do the configuration successfully so I have tried to summarise the steps, I hope it is of help.

Installation Procedure:

  • Follow these steps to install SAPRouter:
    • Step 1: Download SAPROUTER, SAPCAR, and SAPCRYPTOLIB files from the SAP Marketplace.
    • Step 2: Create the required directory structure.
    • Step 3: Install SAPRouter using the downloaded SAPCAR and SAPROUTER files.
    • Step 4: Set environmental variables for SECUDIR and SNC_LIB.
    • Step 5: Generate a certificate using sapgenpse get_pse.
    • Step 6: Create an srcert file and import your certificate.
    • Step 7: Create credentials for your user ID using sapgenpse seclogin.
    • Step 8: Check the issuer name with sapgenpse get_my_name -v -n Issuer.
    • Step 9: Start the SAPRouter service by creating it with the sc.exe command.
    • Step 10: Test the new SAPRouter setup by changing IP and hostname in the system and checking SM59 and SAPOSS connections.

Setting Up SAPRouter on a New Server 

  1. Server Information:

 SAP Server : sapserv2 (194.39.131.34)

    • SAPRouter will be running on port 3299.
  1. Open Necessary Ports: 

To enable SAPRouter to function correctly, open the following ports on your SAPRouter server:

    • 32nn: R3 Support Connection
    • 23: Telnet
    • 1503: Net-meeting
    • 5601: PC-Anywhere
    • 3389: Windows Terminal Server (WTS)
  1. Register with SAP: 
    • Register your new SAPRouter’s public IP and hostname with SAP.
    • You can raise an OSS (Online Service System) request under the component “XX-SER-NET-NEW.”
  1. Receive Distinguished Name: 
    • After SAP registers the new IP, you will receive the new distinguished name for your SAPRouter.
  1. Update Host and Services Files: 
    • Update the host file on the SAPRouter server with all server details.
    • Update the services file entry in the system, usually found at C:\Windows\System32\drivers\etc.
  1. Configure saprouttab: 
    • Create a saprouttab file with the necessary definitions. Here’s a sample saprouttab for SNC:

Copy code

# SNC is used to sapserv2 because of the following line for each protocol

KT “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” 194.39.131.34 *

# Access from all locations in the customer Network to the

# SAPNet – R/3 Frontend (SAP Support System) via sapserv2

KP * “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” 3299

# SNC-connection from SAP to the customer R/3-System for Support

# (one line of these per each system or app-server)

KP “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” <R/3-Server> <R/3-Instance> <pwd>

# SNC-connection from SAP to the customer R/3-System for NetMeeting

# (set this up ONLY if needed)

KP “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” <R/3-Server> 1503 <pwd>

# SNC-connection from SAP to the customer R/3-System for telnet

# (set this up ONLY if needed)

KP “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” <R/3-Server> 23 <pwd>

# Deny all other connections

D * * *

  1. SAPRouter Commands:

You can use the following SAPRouter commands:

    • Start router: saprouter -r
    • Stop router: saprouter -s
    • Soft shutdown: saprouter -p
    • Router info: saprouter -l (-L)
    • Create a new routtab: saprouter -n
    • Toggle trace: saprouter -t
    • Cancel route: saprouter -c id
    • Dump buffers: saprouter -d
    • Flush: saprouter -f
    • Start router with a third-party library: saprouter -a library

For Windows please follow the following

  1. Removing a Previously Defined SAProuter Service: If you have already set up the Saprouter as a service using srvany.exe, you should follow these steps:
  • First, remove the service definition from the Windows registry. You can do this by navigating to the following path: HKEY_LOCAL_MACHINE -> System -> CurrentControlSet -> Services -> SAPRouter.
  • After removing the registry entry, reboot your machine.
  1. Defining a New SAProuter Service from the Command Line: To define a new SAProuter service from the command line, use the following command. Make sure to replace <path> with the actual path to saprouter.exe and <your_distinguished_name> with the “Distinguished Name” registered for your installation from the Trust Center Service – Download Area. Ensure that all parameters are enclosed in double quotes (“):
  • sqlCopy code: (This will register the service SAPRouter and assign the local user mentioned)

sc.exe create SAPRouter binPath= “<path>\saprouter.exe service -r -W 60000 -R <path>\saprouttab -K ^p:<your_distinguished_name>^” start= auto obj= “NT AUTHORITY\LocalService”

  1. Specifying a Route Permission Table File (SAPROUTTAB): Starting from version 25 (3.0E), you must specify a route permission table file (SAPROUTTAB) for SAProuter. You can find more information in Note 30289.
  2. Editing the Registry String: Modify the string in the Windows registry under HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> saprouter by replacing ^ with double quotes (“) in the ImagePath.
  3. Making SAPCRYPTOLIB Credentials Available to a Service Process: Perform the following steps to make SAPCRYPTOLIB credentials available to a process running as an NT service:
  • Run the command: sapgenpse seclogin -p <path>\<psefile> -O <SNC_admin> (Ensure that the account of the service user is entered in the format <domainname><username>)
  • Check if the certificate has been imported correctly by running the command: sapgenpse get_my_name -v -n Issuer The Issuer should have the name: CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
  • Check if the environment variables SNC_LIB and SECUDIR have been set under the user account that SAProuter is running under by running the command: sapgenpse
  • Verify that your Distinguished Name and the validity date are correct by running the command: sapgenpse get_my_name
  1. Maintaining General Attributes of the Service: After installation, follow these steps to maintain the general attributes of the SAProuter service:
  • Go to ‘Control Panel -> Services,’ find ‘SAPRouter,’ and click on ‘Startup.’
  • Set the startup type to ‘Automatic’ and enter the user <SNC_admin>. It’s essential not to run SAPRouter under the system account.
  1. Avoiding Error Messages in NT Event Viewer: To prevent the error message ‘The description for Event ID (0) …’ in the NT Event Viewer, make the following entries in the Registry:
  • Navigate to HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> Eventlog -> Application.
  • Create the following key: SAPRouter.
  • Define the two following values within the SAPRouter key:
    • EventMessageFile (REG_SZ): <local_path>\sapevents.dll
    • TypesSupported (REG_DWORD): 0x7
  • All the required files (exe and sapevents.dll) can be found in the usr\sap\<SID>\sys\exe\run directory. You can also find the corresponding DLL in the file sapevents.car attached to this note.

Reference: https://help.sap.com/doc/saphelp_nw75/7.5.5/en-US/3e/17526b086d4ed29e174dcd7a275c34/content.htm?no_cache=true

Conclusion: I hope this documentation will help you install/configure the SAPRouter from scratch and will save you time.

Please share your feedback if you go through this and follow my page as I will be producing such technical documentation in future as well.


文章来源: https://blogs.sap.com/2023/11/08/sap-router-installation-and-configuration/
如有侵权请联系:admin#unsafe.sh