23 June, 2015

SAP Transport import queue or transport import or refresh is hanging

1. Please verify if there are any active transports from STMS --> import monitor
2. If yes, please delete them 
3. Pls. verify if there are any active jobs causing the problems  AND  go to OS level and kill any tp  with IDX processes using the below command 

kill -9 `ps -ef | grep IDX | grep -v | cut -c10-15`

4. Please verify if there are tp temp files like  /usr/sap/trans/tmp/BIQ_U.BIQ ; it will be 0 in size ; move or delete them. 

5. try refresing the import queue now and proceed.

04 May, 2015

SNC configuration between SAP BW and BOBJ BI systems

After BW system refresh 

1. comment out snc/enable =1 profile parameterand you can leave other snc related parameters ; Restart BW application 
2. delete the SNC entry in STRUSTSS02 , make sure to save it - Do not replace - it may not work.  Once deleted ; you will notice the Source (Production) pse will be removed  eg:/usr/sap/BIQ/DVEBMGS23/sec/SAPSNCS.pse 
3. Enable the SNC profile parameters (if not)

First enable these parameters and restart the BW ABAP instance

sapcryptolib path can be /sapmnt/BIQ/exe/uc/linuxx86_64/libsapcrypto.so 
  
ssf/name SAPSECULIB

ssf/ssfapi_lib Full path to sapcrypto lib
sec/libsapsecu Full path to sapcrypto lib
snc/gssapi_lib Full path to sapcrypto lib
snc/identity/as Your SAP system's DN
 

Right-click the SNC node and click Create,

The identity you specified in RZ10 should now appear.



To assign a password to the SNC PSE, click the lock icon ; make sure to save the entry. 

Enable the remaining parameters:
snc/accept_insecure_rfc 1

snc/accept_insecure_r3int_rfc 1
snc/accept_insecure_gui 1
snc/accept_insecure_cpic 1
snc/permit_insecure_start 1
snc/data_protection/min 1
snc/data_protection/max 3
snc/enable 1

Restart the system. 


4. you can set the SNC password by clicking on the lock button in SNC STRUST body part. Import the own SNC certificate into the Certificates list.
5. Export the SNC BW certificate from STRUSTSS02 --> double click on the owner certificate and you will be able to export the certificate  and also you can verify the certificate list in BW system (Base 64)

tahoe.corp.intusurg.com:biqadm 84> cdexe
tahoe.corp.intusurg.com:biqadm 85> ./sapgenpse maintain_pk -l
 maintain_pk for PSE "/usr/sap/BIQ/DVEBMGS23/sec/SAPSNCS.pse"
PKList:
  element#no="1":
      Subject     :CN=BIQ, OU=BW, O=ISRG, C=US
      Issuer      :CN=BIQ, OU=BW, O=ISRG, C=US
      Serial number:0x20150503212001
      Validity:
        Not before  :Sun May  3 13:20:01 2015
        Not after   :Thu Dec 31 16:00:01 2037
      Key:
        Key type    :rsaEncryption (1.2.840.113549.1.1.1)
        Key size    :1024
      PK_Fingerprint_MD5:300C 6E15 3D83 F14A B04C 45A5 3FA1 E648
    Fingerprint_MD5:5F:94:C4:F6:4B:AC:3C:D7:B5:A4:8E:5C:DA:CB:66:47
    Fingerprint_SHA1:C01D A0D5 DA04 29A0 2E3B 6883 F6DE 6FF5 3D57 648A


6. go to BOXI server and list down the cerficates and remove any old certificates from BIQ system in BOXI QA system. 

sapgenpse.exe maintain_pk –d “CN=BIQ, OU=BW, O=ISRG, C=US”

list the certificates :
sapgenpse.exe maintain_pk –l 

7.  Place the exported BIQ certificate into the BOXI QA server and Add the new BIQ certificate (make sure to import the BIQ certificate into all the CMS node servers of the cluster):

/home/boxiadm:BOQ>env |grep -i sec
SECUDIR=/home/boxiadm/app/CRYPTO64/linux-x86_64-glibc2.3/sec

cd /home/boxiadm/app/CRYPTO64/linux-x86_64-glibc2.3/sec

/home/boxiadm:BOQ>./sapgenpse maintain_pk -v -a BW_BIQ_SNC_certificate.crt -p /home/boxiadm/app/CRYPTO64/linux-x86_64-glibc2.3/sec/BOE.pse
 Opening PSE "/home/boxiadm/app/CRYPTO64/linux-x86_64-glibc2.3/sec/BOE.pse"...
 PSE (v2) open ok.
 retrieving PKList
 Adding new certificate from file "BW_BIQ_SNC_certificate.crt"
----------
Subject : CN=BIQ, OU=BW, O=ISRG, C=US
Issuer  : CN=BIQ, OU=BW, O=ISRG, C=US
Serialno: 20:15:05:03:21:20:01
KeyInfo : RSA, 1024-bit
Validity  -  NotBefore:   Sun May  3 14:20:01 2015 (150503212001Z)
              NotAfter:   Thu Dec 31 16:00:01 2037 (380101000001Z)
----------------------------------------------------------------------------

 PKList updated (1 entries total, 1 newly added)


8. Export BOXI cerficate to import into BIQ system 

./sapgenpse export_own_cert -v -p /home/boxiadm/app/CRYPTO64/linux-x86_64-glibc2.3/sec/BOE.pse -o MyBOE_BOQ_Cert.crt


9. Import the MyBOE_BOQ_Cert.crt certificate in BIQ system using STRUSTSSO2 (Base 64) under SNC tree ; make sure to add to the certificates list. 

9. go to t-code SNC0 in BW system and delete the old (production) entry and add the corresponding non-production BOXI system entry. 

System ID: can be seen from the imported BOXI certificate from STRUSTSS02
eg: MyBOE01
SNC Name : can be seen from the imported BOXI certificate from STRUSTSS02

eg: p:CN=MyBOE01, OU=BO, O=ISRG, C=US 

and please make sure to select the checkboxes 
. entry for RFC activated
. entry for CPIC activated
. entry for ext.ID activated





22 April, 2015

Not able to stop SAP application, the error is FAIL: NIECONN_REFUSED (Connection refused), NiRawConnect failed in plugin_fopen()

When we stop using the command stopsap <hostname configured in profile> R3, the system is not able to stop the application with the error FAIL: NIECONN_REFUSED (Connection refused), NiRawConnect failed in plugin_fopen(). 

The solution:
There is no problem with the network instead it is about missing sapstartsrv process even though all the SAP services are running and application is stable. 

Start the sapstartsrv process manually using the command:
1. go to kernel directory- cdexe
2. start the sapstart srv  : ./sapstartsrv pf=/usr/sap/EPD/SYS/profile/EPD_DVEBMGS10_sapepd
3. while it is running in the dialog mode, open the new session and stop the system as usual. It will be able to connect to the instance and stop 
4. Once it is stopped and no other SAP processes are running, kill or stop the sapstartsrv process using 

sapcontrol -prot NI_HTTP -nr 10 -host sapepd -function StopService 

5. If you kill, it creates the core dump in work directory, be sure to delete it. 
6. do the cleanipc <instance no> remove 
7. start the system fresh.