Friday, September 4, 2009

Installing SAProuter with SNC connection on Windows

Here is my guide to install SAProuter with SNC for connection to SAP.
Hopefully you'll find it helpful.

Secure Network Communications:

Figure is taken from service marketplace and the saprouter-guide.

1. Register SAProuter at service marketplace. Send an oss-message with component XX-SER-NET-NEW to SAP. You have to attach "Remote Connection Data Sheet" to this oss-message (note 28976).
2. Download SAPSECULIB and SAPCRYPTO from service marketplace.
You'll find SAPSECULIB under Download - SAP support Packages - Entry by application group - SAP Technology Components.
You'll find SAPCRYPTO here:
https://websmp203.sap-ag.de/~form/handler?_APP=00200682500000000917&_EVENT=I_AGREE&_SWFOLDER=
3. Download SAPROUTER from service marketplace.
You'll find it under Download - SAP support Packages - Entry by application group - SAP Technology Components.
In my case I had to download version 7.00 because I could not find 7.10 for 32-bit Windows.
4. Create directory "saprouter" at your saprouter-host. In this example I created \usr\sap\saprouter.
5. Uncar your saprouter-file and copy saprouter.exe and niping.exe into your saprouter-folder (\usr\sap\saprouter).
6. Check if you can find ntscmgr.exe in the windows\system32-folder. If it's not there - find it and copy.
7. Create saprouter as an service.
Example: ntscmgr install SAProuter -b E:\usr\sap\saprouter\saprouter.exe -p "service -r -R E:\usr\sap\saprouter\saprouttab -S 3299"
8. Set saprouter-service to "Automatic" and user "adm".
9. Create key "saprouter" under
HKEY_LOCAL_MACHINE → SYSTEM → CurrentControlSet → Services → Event Log → Application
Then this values:
EventMessageFile (REG_SZ): ....\saprouter\saprouter.exe
TypesSupported (REG_DWORD): 0x7
10. Check if you can find MSVCR71.DLL and MSVCP71.dll in your system32-folder.
11. Download MS Runtime DLL attached to note 684106 (r3dllinst.zip). Unzip and run R3DLLINS.EXE from \NTPATCH - restart if necessary.
12. Uncar SECULIB and copy files from nt-i386 (if 32-bit windows) into \usr\sap\saprouter folder.
Uncar SAPCRYPTOLIB and copy files from \ntintel into \usr\sap\saprouter. You also have to copy files directly from the uncared SAPCRYPTOLIB-folder (files as ticket) into \usr\sap\saprouter.
13. Create environment variables for user:
SECUDIR = E:\usr\sap\saprouter
PATH = E:\usr\sap\saprouter
SNC_LIB = E:\sap\saprouter\sapcrypto.dll
14. Go to service marketplace:
https://websmp201.sap-ag.de/SAPROUTER-SNCADD
Press Apply Now!
You'll receive some data. Save it and copy the Distinguished Name.
Press Continue.
15. Open dos-command at your saprouter-host and type:
sapgenpse get_pse -v -r certreq -p local.pse ""
Just press "Enter" twice if you have to enter PIN.
16. Files local.pse and certreq is now created in saprouter-folder.
Open file certreq in notepad and copy the content.
17. Go back to service marketplace (window from nr. 14) and paste the content from certreq there. Press Request Certificate.
You will then receive your certificate.
18. Copy your certificate into notepad at your saprouter-host. Save this notepad-file as srcert in your saprouter-folder.
19. Open dos-command and import the certificate:
sapgenpse import_own_cert -c srcert -p local.pse
20. Create credentials. Open dos-command and type:
sapgenpse seclogin -p local.pse
21. Verify the import of the certificate. Open dos-command and type:
sapgenpse get_my_name -v -n Issuer
Everything should be ok.
22. Create a file called saprouttab in your saprouter-folder and enter thise entries:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" *
P 194.39.131.34 3299
23. Go into registry at your saprouter-host.
HKEY_LOCAL_MACHINE - SYSTEM - ControlSet001 - Services - SAProuter
Modify string ImagePath.
It should look like this:
E:\usr\sap\saprouter\saprouter.exe service -r -R E:\usr\sap\saprouter\saprouttab -S 3299 -K "p:"
24. Start saprouter-service
25. Open port 3299, 3200 between SAP and your saprouter.
26. Create RFC in SM59. If you need some help with this let me know.

4 comments:

  1. Pls let me know about the config which the target host with saprouter string in SM59
    my mail: huang.ady@gmail.com

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Hi, Thanks for the wonderful info.

    May i know is it mandatory for saprouter to install on a machine with public IP?

    Is there any port i need to open for the public IP, 3299?

    Thanks,
    Nicholas Chang

    ReplyDelete
  4. Thanks very much for the guidelines... It was very helpful!

    Can yuo please provide more info re point 26:
    Create RFC in SM59. If you need some help with this let me

    Cheers :)

    Jonimatix

    ReplyDelete