Tuesday, November 9, 2010

SAP System Message: S...

Recently we were about to begin testing SAPGUI 7.20 on Windows 7 Enterprise for an upcoming roll-out, and we ran into a little trouble.  For some reason we could not get Single Sign-On (SSO) to work correctly. Whenever we tried to log onto the SAP system using SSO, we would get the following error:
"SAP System Message: S"
Not very descriptive, I know.  Apparently this is a fairly common error that will come up for various issues with GUI communication to the system.  When we finally traced the problem to the SAP instance (rather than the GUI itself) we were able to resolve it fairly quickly. The error comes up before being able to access the SAP system, so it is easy to assume the problem lies with the GUI or the network. But our trace showed that everything on the application and network side was working correctly.  SM21 showed multiple "Delete session 001 after error 044" errors. Error 044 is and error in the SNC layer.  So I looked at the instance profile for our system and noticed that the SNC_ENABLE parameter had been set with a value of 0, which disabled SNC for that instance.  All the other instances were still set to 1 based on the values in the Default profile.  Apparently this parameter lingered over from a previous upgrade, and we had just always used log on balancing in that system, so it was never noticed.
After commenting out the SNC_ENABLE parameter (so that the Default profile's values would be used) all of our troubles disappeared.
SAPGUI 7.20 patch 3 works great with Windows 7.

Hope this helps...
Posted by at
Labels:

Thursday, November 4, 2010

Client Copy ends with Error: FINB_TR_CC_EXIT_TARGET...

Okay, so we recently ran a client copy from a productive system to quality. The copy took over 21 hours, and when it was complete, an error was showing.  FINB_TR_CC_EXIT_TARGET was listed under the Table Name field, but obviously that was not a table.  Actually it is a function module, and it was being called at the time of the client copy error.
This ended up being a fairly easy fix.  Since it is apparently common for client copies to fail during the post-processing step, SAP released note 1235955.  If you follow the note it will walk you through completing the process. Worked great for us.

Hope this helps...
Posted by at
Labels:

Thursday, October 21, 2010

Recreate the SAPconnect Host in SICF...

If for some reason you have a new Basis guy who is looking at things in one of your systems, and he accidentally deletes your SAPconnect host in SICF, here is what you need to do to put it back:

First of all, DON'T PANIC (thank you Douglas Adams)

Go to SICF, hierarchy type "service" and execute
Click the "Create Host/Service" button
Name: SAPconnect
Server Type: SMTP

Host Data
Profile Parameter No.: 0
Host Configuration Information: :

Logon Data
You can leave all as default/blank

Handler List
1: CL_SMTP_EXT_SAPCONNECT

Save

This should get the host back for you to start working with. You will still need to configure SCOT, etc. Also, you should compare this to the way it is configured in one of your other systems to make sure all these settings are correct.

Hope this helps...
Posted by at
Labels:

Friday, October 1, 2010

SAP System Copy Procedure...

Here is a procedure I have put together over the years for SAP system copies.
Some of it is specific for the landscapes I setup. This one is for ECC 6.0 on SQL 2005 in Windows Server 2003, but I am sure the general procedure can be very helpful:

This document describes how to perform a homogeneous system copy of an MS SQL Server database by using the backup/restore method, or the detach/attach method in an SAP environment. The SAPinst installation tool supports both methods.

The backup/restore method and the detach/attach method have the following advantages compared to the R3load/database independent method:
  1. You can use an existing backup

  2. The process is much faster



Pre-Copy Requirements

• An SAP ECC 6.0 system, QAS, (similar to PRD in memory and disk configuration) should be installed with a valid SAP license key. (NOTE: Be certain that both the DNS name and NetBIOS name of the server are in all CAPITALS, 8 characters or less, and contain no special characters.)
• The source system should be backed up (Full Backup) and the media should be accessible from the target system.
• Perform a backup of the original QAS system to restore to in case of difficulties.
• Anything from the target that will need to be restored (user definitions, profiles, jobs, printers, RFC destinations, etc.) after the copy must be saved out. In addition, take a snapshot of the client change settings (SCC4), system change options (SE03), workbench organizer/transport system configuration (SE06), and any other setting that will need to be restored in the target system.
• Identify which transports exist in QAS but not in PRD and remind the owners that all transports which have not moved to PRD before the copy will no longer exist in QAS. Preferably, everything should be pushed through pre-copy (including LCP and CRT imports, Hot Packs, and other SAP transports associated with notes).
• Communicate to everyone that any spool data, datasets, master data, etc. which exist only in QAS will need to be moved elsewhere, printed out, or otherwise repositioned before the copy.
• Security profiles and user lists need to be repositioned so they can be recreated post-copy.
• Any external programs affected by the move (BSI, etc.) must be dealt with post-copy.

System Copy Steps

1. Create Java Export files from the source system:
  • a. Logon to the source server as an administrator

  • b. Execute sapinst.exe from the Installation Master media

  • c. Go to SAP ERP 6.0 > Software Life-Cycle Options > System Copy > MS SQL Server > Source System Export > Central System > Based on AS ABAP and AS Java > Database and Central Instance and click “Next”

  • d. Enter \PRD\SYS\profile in the Profile Directory field, and click “Next”

  • e. Enter the Administrative Password and click “Next”

  • f. Select Use database specific tools and click “Next”

  • g. Enter the backup directory you wish to use for the java migration data in the Export Location field and click “Next”

  • h. Verify the information in the Parameter Summary screen and click “Next”

  • i. The export should take 15 to 20 minutes

  • j. Copy the export directory to the Target Server for later use

2. Stop the target SAP system with the SAP Management Console
3. Make a copy of all the files in the \QAS\SYS\profile\ directory
4. Create a new backup of the source SAP system database
5. Restore the target SAP system database from the backup created in step 4. Depending on database size this can take several minutes or several hours.
6. Run the SAP-provided system copy tool:
  • a. Logon to the target server as an administrator

  • b. Execute sapinst.exe from the Installation Master media

  • c. Go to SAP ERP 6.0 > Software Life-Cycle Options > System Copy > MS SQL Server > Target System Installation > Central System > Based on AS ABAP and AS Java > Central System and click “Next”

  • d. Select Custom Parameter Mode and click “Next”

  • e. Browse to the Java Components installation media and click “Next”

  • f. Leave the default path for JDK Directory and click “Next”

  • g. Enter the target system ID (QAS) and click “Next”

  • h. Enter the Administrative Password in both fields and click “Next”

  • i. Enter the Administrative Password in both fields and click “Next”

  • j. Select Homogeneous System Copy and click “Next”

  • k. Leave the default Database Connection and click “Next”

  • l. Select Use Existing Database and click “Next”

  • m. Leave the default settings and click “Next”

  • n. Leave the default settings and click “Next”

  • o. Leave the default settings and click “Next”

  • p. Leave the default settings and click “Next”

  • q. Browse to the Migration Export copied in step 1-j and click “Next”

  • r. Enter J2EE_ADMIN in the Administrator User field, enter the Administrative Password in both password fields, and click “Next”

  • s. Leave the default settings and click “Next”

  • t. Enter the Administrative Password and click “Next”

  • u. Browse to the Kernel installation media and click “Next”

  • v. Verify the information in the Parameter Summary screen and click “Next”

  • w. Enter the Solution Manager Key and click “Next” *see appendix for generating the Solution Manager Key

  • x. Depending on system size, this may take several minutes or several hours

7. Stop the target SAP system using the SAP Management Console
8. Restore the files copied in step 3
9. Start the target SAP system
10. Cancel any production batch jobs:
  • a. Transaction SM37, enter job name, user “*”, and date range including the next day, job status “released” and click “execute”

  • b. Select the job, go to the Job menu and click “released->scheduled” 

11. Delete Source System profiles and Import the correct SAP profiles
  • a. Transaction RZ10

  • b. Go to Utilities > Import Profiles > Of Active Servers

12. Delete Source System Licenses and install the new Licenses
  • a. Transaction SLICENSE, click “New Licenses”

  • b. Select Each license and go to Edit > Delete License

  • c. Click Install and enter the path to the license key file provided by SAP in the browse field and click Open

  • d. If you are unable to install the permanent license key, it may be necessary to truncate the SAPLIKEY table first, then repeat 12-c

13. Reinitialize in the transport domain
  • a. Logon to client 000

  • b. Transaction STMS

14. (Optional) Change the login screen to reflect the correct system information
  • a. Transaction SE61

  • b. Select general text, ZLOGIN_SCREEN_INFO, change

  • c. Change the text and save

15. Change the Logical System
  • a. Transaction SCC4

  • b. Click the edit button

  • c. Double-click client 100

  • d. Change the Client Role to Test, and save

  • e. Then change the Logical System to the appropriate name, and save

16. If you are using workflow, you will need to reinitialize it 
  • a. Transaction SWU3

  • b. Execute the line items marked with a red ‘X’

17. If you are using BI, re-activate the system in RSA1 on the BI system
18. Check the BSI Tax Factory connection by executing report RPUBTCU0 from Transaction SE38. The results should show no errors. Warnings are okay.
19. Verify the Adobe Document Services connection
  • a. Transaction SM59

  • b. Edit the HTTP connection ADS

  • c. Go to the Logon & Security tab and enter the Administrative Password in the password field, and save

  • d. Transaction SE38

  • e. Execute program FP_TEST_00, print preview to test ADS connection

  • f. A simple adobe form with lines and numbers will be rendered if successful

20. Apply any necessary transports
21. Change the logical spool server to point to correct system:
  • a. Transaction SPAD

  • b. Select Display for Spool Servers

  • c. Double click SAP_PRINT SERVER

  • d. Click the change button

  • e. In the mapping field select the appropriate application server, and save

22. Lock/Unlock users as necessary, using Transaction SU01 
23. Stop and restart the SAP system 
24. Run SGEN to recompile programs and reports
25. Run BDLS to change logical system

Appendix:
- Generating a solution manager key
  • o Logon to any solution manager system

  • o Transaction SMSY

  • o Click the Other Object…

  • o In the System field, type in QAS

  • o Click the Generate Installation/Upgrade Key

  • o Verify the information is correct and click on Generate Key

  • o Copy the Installation/Upgrade Key for use in step 6-w

- The target system is installed using the exports from the source system - On the SAPinst screen SAP SystemDatabase make sure to select Homogeneous System Copy (MS SQL Server-specific: Detach/Attach or Backup).
- For more information about the system copy procedure, see also SAP Notes 193816 and 151603.

- With SQL Server, you can use backup images across the platforms I386, IA64, x64. That is, you can make a backup on one type of platform and use it on another type.

- You can only attach SQL Server 2000 files to SQL Server 2005 but not vice versa.





I hope this helps...
Posted by at
Labels:

Thursday, September 30, 2010

Front-End Printing and Adobe PDF Writer...

A little issue that I ran into today made me think that perhaps I should post about it. For several months now, a customer of mine has been having an issue with printing from SAP to the AdobePDF device on her desktop.  This was an outstanding issue before I came on site, and it had been handed from team to team within the IT Department for a while before I came across it.

Some background information (if you are not interested, skip to the end for the solution):

Way back in the mid 90's SAP introduced a method of printing that did not require a network device: Method F (Front-End Printing).  This was a little quirky, since it had to use another tool called SAPLPD to work, but it was effective.

Fast-forward a few years.  Windows-based document publishers (such as Adobe) began to allow for end users to create files using printing functionality that required user interaction during the printing process. The user would have to supply information like file name, location, etc.

The problem is, access method F does not allow for user interaction after the print command, so when a printout was sent to one of these devices it would not do anything.  SAP would think that the print was complete, because it successfully sent the information to the desktop, but the desktop didn't have everything it need to actually do something with it.

A few years ago, SAP created a solution for this. Access Method G was released.  It no longer uses SAPLPD, and it simply hands over the printing responsibility to the desktop, which allows a user to control the printout the same way they would with any other windows-based print job.  They get the windows printer dialog box where they can set the printer, print properties, etc.

However, as is common, this solution was not shouted from the rooftops. Most customers are still using access method F for front-end printing, and do not get the added functionality of access method G.

So, if you are experiencing the issue of not being able to print to AdobePDF or other front-end printing device that requires user interaction, or you just want the added functionality, simply change the LOCL printer to access method G and select device type SAPWIN.

Hope this helps...
Posted by at
Labels:

Monday, July 26, 2010

Setup SAProuter Certificate...

Just for grins this past week, SAP decided to perform some maintenance that resulted in invalidating many SAP customers' certificates. Three of my client sites lost connectivity to SAP via SAProuter immediately following this maintenance last week, and all three had valid certificate inside the 1-year period... nevertheless, I got to help brush some people up on how to renew these certificates.

So, here is the procedure for you, and I will go ahead and leave in the parts you will need of you are starting from scratch.

If you are just renewing your certificates, you can ignore the first part:

First, submit a customer message to SAP Support (component XX-SER-NET-OSS-NEW) and ask them to register the hostname and external IP address of your new SAProuter. You will have to get the firewall opened for communication between this IP address and the SAP network. NAT is okay.

After you’ve received a confirmation from SAP that your SAProuter has been registered, you are ready to configure your SAProuter.

In the following scenario, the SAProuter directory is D:\usr\sap\saprouter. The following SAProuter executables can be found in your kernel directory and should be copied over to the SAProuter directory:

niping.exe
ntscmgr.exe
saprouter.exe
SAPROUTTAB (this is the table you will need to setup for permitting/denying traffic)

1. Set 2 System Environment Variables:
a. SECUDIR = D:\usr\sap\saprouter\SNC
b. SNC_LIB = D:\usr\sap\saprouter\SNC\nt-x86_64\sapcrypto.dll

2. Download the SAP Crypto Library and unpack it into D:\usr\sap\saprouter\SNC (see path above)

3. To request the new certificate, go to http://service.sap.com/tcs > Download Area > SAProuter > Certificates > Apply Now. Take note of the Distinguished Name provided in the lower box.

4. To generate a certificate request, run the command
- “sapgenpse get_pse -v -r D:\usr\sap\saprouter\SNC\certreq -p D:\usr\sap\saprouter\SNC\local.pse”
- Enter a 4-digit PIN, or leave blank
- Repeat PIN, or blank
- Enter the Distinguished Name (Provided by SAP in Step 3), i.e. CN=, OU=, OU=SAProuter, O=SAP, C=DE

5. Create a text file D:\usr\sap\saprouter\SNC\srcert and copy the requested certificate into this file. Then run the command:
sapgenpse import_own_cert -c D:\usr\sap\saprouter\SNC\srcert -p D:\usr\sap\saprouter\SNC\local.pse

6. To generate credentials for the user that’s running the SAProuter service, run command:
sapgenpse seclogin -p D:\usr\sap\saprouter\SNC\local.pse -O [Domain\SAPServiceSID] (this will create the file “cred_v2”)

7. Check the configuration by running command:
sapgenpse get_my_name -v -n Issuer

8. Create SAProuter service on Windows with the command:
ntscmgr install SAProuter -b D:\usr\sap\saprouter\saprouter.exe -p "service -r -R D:\usr\sap\saprouter\saprouttab -W 60000 -K ^p:^"

9. Edit the Windows Registry key:
My Computer\ HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ SAProuter\ ImagePath –> Change both ^ to "

10. Start the SAProuter service

11. Enter the required parameters in OSS1 -> Technical Settings
 
Hope this helps...
Posted by at
Labels:

Tuesday, February 23, 2010

RSA1: You Can Only Work in Client 001...

For those of you setting up a BI system for the first time, you will likely encounter this error when trying to run transaction RSA1:

"You Can Only Work in Client 001"

This is because although you can have just about as many clients as you like in your BI system, you may only actively use one client for BI. By default, the working client is 001. If you are like most people, however, you would rather use your own numbering scheme for clients.

When you plan on using a client other than 001 for BI, all you need to do is the following:

1. Go to Transaction SE16, and enter table RSADMINA
2. Leave everything blank to show all entries (there should only be 1 entry)
3. Select the check box in front of the first (and only) row and hit the change button (pencil)
4. Change the BWMANDT field entry to the client number you wish to use

This should fix the problem. No shutdown required, just go straight to RSA1 to check if it worked.

Hope this helps...
Posted by at
Labels:

Thursday, January 28, 2010

Setup SSO between Portal and Target System...

Sometimes the SSO configuration between the Portal and an ABAP system can be pretty quirky, so I thought I would post a step-by-step guide here to help anyone out there who is having trouble with this.


1. Export certificate from the Portal (verify.der and verify.pse)
- a. Navigate to 'System Administration' >'System configuration' >'Keystore Administration'
- b. In 'Content' select "SAPLogonTicketKeypar-cert" and select and save both "Download verify.pse file" and "Download verify.der file"

2. Check SAPJSF user in target system
- a. Create if necessary using transaction SU01
- b. User should have two roles: SAP_BC_JSF_COMMUNICATION and SAP_BC_USR_CUA_CLIENT_RFC (if you have CUA in place)
- c. You may have to generate profiles for these roles in the target system (transaction PFCG)

3. Check profile parameters
- a. Open transaction RZ10 in target system
- b. Select the instance profile, choose 'extended maintenance', then 'Change'
- c. Verify "login/create_sso2_ticket" is set to "2" and "login/accept_sso2_ticket" set to "1"
- d. If these parameters are not set, you will need to set them and restart the target system

4. Export certificate from target system
- a. Open transaction STRUSTSSO2 in target system
- b. Double-click on "CN=..." in the "Own Certif." section, this will populate the center section fields with data
- c. Select "Export certificate" in the center section and provide file name and path to save certificate file

5. Import Portal certificate to target system
- a. Open transaction STRUSTSSO2 in target system
- b. Select "Import certificate" in the center section
- c. Browse to the *.der file created in step 1 and press "Enter"
- d. Select the “Add to certificate list” and then “Add to ACL” (most likely the Portal client needs to be 000)

6. Create a JCo RFC provider in the J2EE engine of the Portal system
- a. Logon to J2EE using J2EE Visual Admin tool (/j2ee/admin/go.bat)
- b. navigate to 'Server' >'JCo RFC provider'
- c. On the right side of the screen choose any entry in 'Available RFC destinations' area
- d. Enter information about new destination:
- - i. Program ID: name of the program (you will need it later) - sapj2ee_port, for example
- - ii. Gateway host - FQDN of target system - server.domain.com, for example
- - iii. Gateway service - sapgw00 for example
- e. In the 'Repository' section enter:
- - i. Application server host - FQDN of target system - server.domain.com, for example
- - ii. System number - 00, for example
- - iii. Client - 100, for example
- - iv. Logon language – EN
- - v. User - SAPJSF (from step 2)
- - vi. Password (from step 2)
- f. Press 'Set'

7. Add target system to Security providers list
- a. Open J2EE Visual Admin and navigate to 'Server' >'Services' >'Security Provider'. In components select 'Ticket'. Enter edit mode (button with pencil above)
- b. Select 'Login module' ’EvaluateTicketLoginModule" and press 'Modify'
- c. Ensure that "ume.configuration.active" is set to "true"
- d. Enter following info:
- - i. Name - 'trustedsysN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trustedsys1'). Enter , as a value (C11,100 for example)
- - ii. Name - 'trustedissN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trustediss1'). Enter CN= as a value (CN=C11 for example)
- - iii. Name - 'trusteddnN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trusteddn1'). Enter CN= as a value (CN=C11 for example)
- e. Press 'OK'
- f. Do substeps b,c,d,e in 'evaluate_assertion_ticket' view for "EvaluateAssertionTicketLoginModule" login module

8. Import target system certificate to J2EE of portal system (from step 4)
- a. Open J2EE Administrator and logon to portal instance
- b. Navigate to 'Server" >'Services' >'Key storage'
- c. In 'Ticket keystore' view press 'load' and select certificate of target system (exported in step 3)

9. Restart J2EE instance

10. Create RFC connection in target system
- a. Open transaction SM59 in the target system
- b. Select TCP/IP connections and press 'New'
- c. Enter name for new connection ("RFC_to_portal", for example), enter connection type "T", description, and select Save
- d. In 'Technical settings' choose "Registered server program" and enter application name (from step 6d) in "Program ID" field, provide 'Gateway host' and 'Gateway service' (same as in step 6d), save, and test the connection

Also, if you are running nto trouble testing the connection on the Portal side, the generic "Make sure SSO is setup correctly" error message is not very helpful. For a more detail error, scroll to the last entry in the dev_jrfc.trc file located in the /j2ee/cluster/serverX/ directory

I hope this helps...

Posted by at
Labels:

Wednesday, January 20, 2010

JSPM: All selected SDAs and SCAs have already been deployed before...

I am not exactly sure what caused this error, but while trying to apply Java support packages, I came up with the following error in JSPM:

All selected SDAs and SCAs have already been deployed before

This is a problem, because the Java system still shows to be on an older support package level, but a piece of functionality I need to use is dependent on a higher SP level.

The problem is that the SDM is no longer in sync with the Java stack. The solution is to re-synchronize them.

Here is the procedure:

1. Go to the /usr/sap///SDM/program

2. Run StopServer.bat

3. In the command line, execute the following commands:
- On a Microsoft Windows system:
-- sdm jstartup “mode=standalone”
-- sdm systemcomponentstate “mode=activate”
-- sdm jstartup “mode=integrated”

- On a UNIX system:
-- ./sdm.sh jstartup “mode=standalone”
-- ./sdm.sh systemcomponentstate “mode=activate”
-- ./sdm.sh jstartup “mode=integrated”

- On an IBM eServer iSeries system:
-- QSHcd /usr/sap///SDM/program
-- ./sdm.sh jstartup “mode=standalone”
-- ./sdm.sh systemcomponentstate “mode=activate”
-- ./sdm.sh jstartup “mode=integrated”

4. Run StartServer.bat

5. Restart JSPM

Your SDM should now be in sync with the database.

Hope this helps...
Posted by at
Labels:
Subscribe to: Posts (Atom)