We as Basis administrators are often tasked with setting up new SAPRouter during the migration of SAP workloads from on-pre to cloud. Recently I too was involved in such an activity and found the steps a bit all over the place but finally managed to do the configuration successfully so I have tried to summarise the steps, I hope it is of help.
Installation Procedure:
- Follow these steps to install SAPRouter:
- Step 1: Download SAPROUTER, SAPCAR, and SAPCRYPTOLIB files from the SAP Marketplace.
- Step 2: Create the required directory structure.
- Step 3: Install SAPRouter using the downloaded SAPCAR and SAPROUTER files.
- Step 4: Set environmental variables for SECUDIR and SNC_LIB.
- Step 5: Generate a certificate using sapgenpse get_pse.
- Step 6: Create an srcert file and import your certificate.
- Step 7: Create credentials for your user ID using sapgenpse seclogin.
- Step 8: Check the issuer name with sapgenpse get_my_name -v -n Issuer.
- Step 9: Start the SAPRouter service by creating it with the sc.exe command.
- Step 10: Test the new SAPRouter setup by changing IP and hostname in the system and checking SM59 and SAPOSS connections.
Setting Up SAPRouter on a New Server
- Server Information:
SAP Server : sapserv2 (194.39.131.34)
-
- SAPRouter will be running on port 3299.
- Open Necessary Ports:
To enable SAPRouter to function correctly, open the following ports on your SAPRouter server:
-
- 32nn: R3 Support Connection
- 23: Telnet
- 1503: Net-meeting
- 5601: PC-Anywhere
- 3389: Windows Terminal Server (WTS)
- Register with SAP:
-
- Register your new SAPRouter’s public IP and hostname with SAP.
- You can raise an OSS (Online Service System) request under the component “XX-SER-NET-NEW.”
- Receive Distinguished Name:
-
- After SAP registers the new IP, you will receive the new distinguished name for your SAPRouter.
- Update Host and Services Files:
-
- Update the host file on the SAPRouter server with all server details.
- Update the services file entry in the system, usually found at C:\Windows\System32\drivers\etc.
- Configure saprouttab:
-
- Create a saprouttab file with the necessary definitions. Here’s a sample saprouttab for SNC:
Copy code
# SNC is used to sapserv2 because of the following line for each protocol
KT “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” 194.39.131.34 *
# Access from all locations in the customer Network to the
# SAPNet – R/3 Frontend (SAP Support System) via sapserv2
KP * “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” 3299
# SNC-connection from SAP to the customer R/3-System for Support
# (one line of these per each system or app-server)
KP “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” <R/3-Server> <R/3-Instance> <pwd>
# SNC-connection from SAP to the customer R/3-System for NetMeeting
# (set this up ONLY if needed)
KP “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” <R/3-Server> 1503 <pwd>
# SNC-connection from SAP to the customer R/3-System for telnet
# (set this up ONLY if needed)
KP “p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE” <R/3-Server> 23 <pwd>
# Deny all other connections
D * * *
- SAPRouter Commands:
You can use the following SAPRouter commands:
-
- Start router: saprouter -r
- Stop router: saprouter -s
- Soft shutdown: saprouter -p
- Router info: saprouter -l (-L)
- Create a new routtab: saprouter -n
- Toggle trace: saprouter -t
- Cancel route: saprouter -c id
- Dump buffers: saprouter -d
- Flush: saprouter -f
- Start router with a third-party library: saprouter -a library
For Windows please follow the following
- Removing a Previously Defined SAProuter Service: If you have already set up the Saprouter as a service using srvany.exe, you should follow these steps:
- First, remove the service definition from the Windows registry. You can do this by navigating to the following path: HKEY_LOCAL_MACHINE -> System -> CurrentControlSet -> Services -> SAPRouter.
- After removing the registry entry, reboot your machine.
- Defining a New SAProuter Service from the Command Line: To define a new SAProuter service from the command line, use the following command. Make sure to replace <path> with the actual path to saprouter.exe and <your_distinguished_name> with the “Distinguished Name” registered for your installation from the Trust Center Service – Download Area. Ensure that all parameters are enclosed in double quotes (“):
- sqlCopy code: (This will register the service SAPRouter and assign the local user mentioned)
sc.exe create SAPRouter binPath= “<path>\saprouter.exe service -r -W 60000 -R <path>\saprouttab -K ^p:<your_distinguished_name>^” start= auto obj= “NT AUTHORITY\LocalService”
- Specifying a Route Permission Table File (SAPROUTTAB): Starting from version 25 (3.0E), you must specify a route permission table file (SAPROUTTAB) for SAProuter. You can find more information in Note 30289.
- Editing the Registry String: Modify the string in the Windows registry under HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> saprouter by replacing ^ with double quotes (“) in the ImagePath.
- Making SAPCRYPTOLIB Credentials Available to a Service Process: Perform the following steps to make SAPCRYPTOLIB credentials available to a process running as an NT service:
- Run the command: sapgenpse seclogin -p <path>\<psefile> -O <SNC_admin> (Ensure that the account of the service user is entered in the format <domainname><username>)
- Check if the certificate has been imported correctly by running the command: sapgenpse get_my_name -v -n Issuer The Issuer should have the name: CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
- Check if the environment variables SNC_LIB and SECUDIR have been set under the user account that SAProuter is running under by running the command: sapgenpse
- Verify that your Distinguished Name and the validity date are correct by running the command: sapgenpse get_my_name
- Maintaining General Attributes of the Service: After installation, follow these steps to maintain the general attributes of the SAProuter service:
- Go to ‘Control Panel -> Services,’ find ‘SAPRouter,’ and click on ‘Startup.’
- Set the startup type to ‘Automatic’ and enter the user <SNC_admin>. It’s essential not to run SAPRouter under the system account.
- Avoiding Error Messages in NT Event Viewer: To prevent the error message ‘The description for Event ID (0) …’ in the NT Event Viewer, make the following entries in the Registry:
- Navigate to HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> Eventlog -> Application.
- Create the following key: SAPRouter.
- Define the two following values within the SAPRouter key:
- EventMessageFile (REG_SZ): <local_path>\sapevents.dll
- TypesSupported (REG_DWORD): 0x7
- All the required files (exe and sapevents.dll) can be found in the usr\sap\<SID>\sys\exe\run directory. You can also find the corresponding DLL in the file sapevents.car attached to this note.
Reference: https://help.sap.com/doc/saphelp_nw75/7.5.5/en-US/3e/17526b086d4ed29e174dcd7a275c34/content.htm?no_cache=true
Conclusion: I hope this documentation will help you install/configure the SAPRouter from scratch and will save you time.
Please share your feedback if you go through this and follow my page as I will be producing such technical documentation in future as well.
文章来源: https://blogs.sap.com/2023/11/08/sap-router-installation-and-configuration/
如有侵权请联系:admin#unsafe.sh