RFC connection to SAPnet is not working

symon_braunbaer · ‎2020 Mar 12

Dear Experts,

I am in quite a desperate situation... I am configuring an older landscape, based on NetWeaver 7.3
for using the digitally signed SAP notes.
For 7.3, the process isn't very complex - after implementing a few notes, it is necessary to replace
the RFC_OSS user with the technical SUSER in SM59 for the SAPOSS destination. For this version,
according to SAP, the SAPOSS destination is still supported.
About 3 weeks ago, I have successfully configured the DEV and QAS systems. Now I was going to setup
the PRD system as well, but I just figured out, that NONE of the system works anymore !!! When doing
a connection test in SM59, the following errors pops up:

Anmeldung Verbindungsfehler
Fehlerdetails Fehler beim Öffnen einer RFC-Verbindung (LB: Hostname or service of the message
Fehlerdetails ERROR: The connection to the specified message server (/H/<saprouter IP>/S/sapdp9
Fehlerdetails LOCATION: SAP-Server <hostname>_<SID>_00 on host <hostname> (wp 15)
Fehlerdetails COMPONENT: MS (message handling interface, multithreaded)
Fehlerdetails COUNTER: 11
Fehlerdetails MODULE: msxxi.c
Fehlerdetails LINE: 2787
Fehlerdetails RETURN CODE: -35
Fehlerdetails SUBRC: 0
Fehlerdetails RELEASE: 722
Fehlerdetails TIME: Thu Mar 12 15:32:03 2020
Fehlerdetails VERSION: 4

Well, I scratched out google and the SAP marketplace, but I couldn't find any viable solution. I also
tried note 24177. I am getting the following error, which could barely be more general:

[Thr 3620] *** ERROR => MsIAttachEx: MsINiWrite (rc=-35) [msxxi.c 884]
[Thr 3620] *** ERROR => LgIAttach: MsAttach (rc=-35) [lgxx.c 5189]
[Thr 3620] *** ERROR => LgApplSrvInfo: LgIAttach(rc=LGEMSLAYER) [lgxx.c 1897]
[Thr 3620]
[Thr 3620] *****************************************************************************
[Thr 3620] *
[Thr 3620] * ERROR The connection to the specified message server
[Thr 3620] * (/H/<saprouter IP>/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001/S/
[Thr 3620] * sapmsO01 / x) failed. Please check the trace file
[Thr 3620] * of the message server. If a network filter has
[Thr 3620] * been activated (see message server parameters
[Thr 3620] * ms/acl_file_...) please check the configuration
[Thr 3620] *
[Thr 3620] * TIME Thu Mar 12 15:26:19 2020
[Thr 3620] * RELEASE 722
[Thr 3620] * COMPONENT MS (message handling interface, multithreaded)
[Thr 3620] * VERSION 4
[Thr 3620] * RC -35
[Thr 3620] * MODULE msxxi.c
[Thr 3620] * LINE 2787
[Thr 3620] * COUNTER 1
[Thr 3620] *
[Thr 3620] *****************************************************************************

check the trace file of WHICH message server ?
- of course the saprouter is running
- I can successfully ping 194.39.131.34 from the saprouter host
- saprouttab allows connections for the whole network segment, on which the SAP
systems reside, so this is certainly not an issue
- No hostnames in the saprouter string, so nothing to maintain in /etc/hosts
On some forums, there were suggestions, that the certificate of the saprouter might be
expired, but nobody said how to check that.
I am really our of ideas... 😞 Please kindly advise !! Many thanks !!

symon_braunbaer · ‎2020 Mar 14

OK, I'm gonna end this now. I finally found the solution myself, after a long long hassle !!! 😞
saprouter is using SNC. It has to be started also with the -K option, which wasn't the case !!

A pity noone thought to suggest this to me 😞

symon_braunbaer · ‎2020 Mar 14

@amarnath - many thanks !! Checking with niping is a great idea!
However, it looks like this is not the right command:

# ./niping -c -H /H/<saprouter_IP>/S/sapdp99/H/194.39.131.34/S/sapdp99

Sat Mar 14 10:26:13 2020
connect to server o.k.
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp 2023]
*** ERROR => NiTClientLoop: NiTReadLoop (rc=-93) [nixxtst.cpp 3363]

*****************************************************************************
*
* LOCATION SAProuter 40.4 on 'spwdfvml1101'
* ERROR internal error
*
* TIME Sat Mar 14 10:26:13 2020
* RELEASE 753
* COMPONENT NI (network interface)
* VERSION 40
* RC -93
* MODULE /bas/753_REL/src/base/ni/nirout.cpp
* LINE 3579
* DETAIL NiRClientHandle: route expected
* COUNTER 76731016
*
*****************************************************************************

From the SAP system's host it's the same problem:

>niping -c -H /H/10.22.1.32/S/sapdp99/H/194.39.131.34/S/sapdp99

Sat Mar 14 10:47:38 2020
connect to server o.k.
*** ERROR => NiBufIProcMsg: hdl 1 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp 2146]
*** ERROR => NiTClientLoop: NiTReadLoop (rc=-93) [nixxtst.cpp 2883]

*****************************************************************************
*
* LOCATION SAProuter 40.4 on 'spwdfvml1101'
* ERROR internal error
*
* TIME Sat Mar 14 10:47:38 2020
* RELEASE 753
* COMPONENT NI (network interface)
* VERSION 40
* RC -93
* MODULE /bas/753_REL/src/base/ni/nirout.cpp
* LINE 3579
* DETAIL NiRClientHandle: route expected
* COUNTER 123299152
*
*****************************************************************************

Regarding your other recommendations - I had already configured this system and it worked
FINE 2 or 3 weeks ago !! This means:

1. Yes, the technical user is valid. It works properly on other systems
2. Yes. the certificates in STRUST are ok.
3. ssl/client_siphersuites is not relevant for NetWeaver 7.3 based systems
4. The destination SAPOSS already has the technical user in place.
5. Meanwhile I also found how to check the certificate on the saprouter. It is NOT expired, it still has a long way to go...

PLEASE help me to solve this !!!

S_Sriram · ‎2020 Mar 13

Hi Symon.

1. SAPOSS will not work from Jan 2020 onwards.

2. SAP Support backbone RFC connection changed to SDCC_OSS, If your backbone configuration are correct it might have created the new RFC in the name of SDCC_OSS

Regards

SS

former_member665780 · ‎2020 Mar 13

Hi Symon,

You can perform a quick check for connectivity from SAP Router using NIPING -c -H /H/<SAPROUTER IP>/S/3299/H/<Destination IP>/S/<destination port> outcome of this run should CONNECT to server ok

Could you also recheck below points as you services are running >740

1. Is the technical user at SAP Support still Valid

2. Check certificate in STRUST

VeriSign Class 3 Public Primary Certification Authority - G5
DigiCert Global Root CA
DigiCert Global Root G2
DigiCert High Assurance EV Root CA

3.ssl/client_ciphersuites parameter in RZ11 transaction

4. Check RFC's SAPOSS etc., RFC using technical user instead of OSS_RFC etc.,

Thanks,

Amar

symon_braunbaer · ‎2020 Mar 12

Hi Sriram,

many thanks for replying. Yes, I tried restarting the saprouter but it still does not work.
How do you suggest I can check if it is "working fine" ? When SAPOSS connections
suddenly stopped working...

S_Sriram · ‎2020 Mar 12

Hi Symon.

Your SAP router working fine? if possible restart the SAP router and then check the same connection.

Regards

SS

RFC connection to SAPnet is not working

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (6)

Answers (6)