During an EHP7 upgrade of ERP6.0 system (Windows 2008 - Oracle 11G), an error occured during preparation phase (PREP_INPUT):
*** ERROR => Connect via SAPUSER not supported for kernel >= 740
According to the note 1904826 - Upgrade error "Connect via SAPUSER not supported for kernel >= 740" we've configured Oracle with the new securiyt concept. As described in that note, the reason is changing SAPUSER mechanism to SSFS.
Other useful notes for the troubleshooting:
1622837 - Secure connection of AS ABAP to Oracle via SSFS
1639578 - SSFS as password storage for primary database connect
Here are the steps for this configuration:
1) Create rsecssfs directory with 2 subdirectories data and key, with user <sid>adm:
F:\usr\sap\<SID>\SYS\global\security>mkdir rsecssfs
F:\usr\sap\<SID>\SYS\global\security>cd rsecssfs
F:\usr\sap\<SID>\SYS\global\security\rsecssfs>mkdir data
F:\usr\sap\<SID>\SYS\global\security\rsecssfs>mkdir key
2) Directoy authorizations should look like:
3) Those parameters are entered in DEFAULT.PFL profile file:
############1639578 - SSFS as password storage for primary database connect#######
rsec/ssfs_datapath = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)data
rsec/ssfs_keypath = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)key
rsdb/ssfs_connect = 1
############1639578 - SSFS as password storage for primary database connect#######
4) As <sid>adm, create these environment variables.
F:\usr\sap\<SID>\SYS\global\security\rsecssfs>setx RSEC_SSFS_DATAPATH F:\usr\sap\<SID>\SYS\global\security\rsecssfs\data
SUCCESS: Specified value was saved.
F:\usr\sap\<SID>\SYS\global\security\rsecssfs>setx RSEC_SSFS_KEYPATH F:\usr\sap\<SID>\SYS\global\security\rsecssfs\key
SUCCESS: Specified value was saved.
5) Create SSFS_<SID>.DAT file should be created under "data" folder, with these rsecssfx commands:
F:\usr\sap\<SID>\SYS\global\security\rsecssfs>rsecssfx put DB_CONNECT/DEFAULT_DB_USER SAPSR3 -plain pf=F:\usr\sap\<SID>\SYS\profile\DEFAULT.PFL
F:\usr\sap\<SID>\SYS\global\security\rsecssfs>rsecssfx put DB_CONNECT/DEFAULT_DB_PASSWORD ***** pf=F:\usr\sap\<SID>\SYS\profile\DEFAULT.PFL
6) Optionally, this extra security option can be activated as well. This ext_key encrypts the file.
rsecssfx changekey <ext_key> pf=F:\usr\sap\<SID>\SYS\profile\DEFAULT.PFL
7) Activate new SSFS securiyt concept as <sid>adm:
F:\usr\sap\<SID>\SYS\global\security\rsecssfs>setx rsdb_ssfs_connect 1
SUCCESS: Specified value was saved.
😎 Reboot Windows and of course SAP. Then you can test DB connection with "R3trans -d" command.
9) After being sure that SAP connects to DB with SSFS concept, you would delete old concept username and password with Brtools per note 1622837 (3rd step in that note).
Thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
10 | |
7 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 |