Saprouter Download

Posted : admin | On 19-04-2021



By using the STechno.net website you agree to our use of cookies as described in our cookie policy. How to download the latest version? SAProuter online help with all supported command line options and further examples; SAProuter in a SAP System. This tool SAProuter is designed, to connect different IP Networks even when the IP adresses are in conflict as it does a network adress translation itself.

SAP Router configuration and renew of the SAP router Certificate

The first thing needs to do, is to send a customer message to SAP
Support (component XX-SER-NET-OSS-NEW) and tell them to register the
hostname and IP of your new SAProuter.

You have to register it with a official IP address (no internal IPs
allowed), but it’s allowed to use NAT in the firewall/router.

After you’ve received a confirmation from SAP that your SAProuter has
been registered, you are ready to configure your SAProuter.

If your SAProuter directory is C:usrsapsaprouter, these are the steps
to follow.

1. Set two environment variables: SECUDIR and SNC_LIB

C:usrsapsaprouter

The environment variable SNC_LIB needs to be set for the user account
SAProuter is running under.

variable Name : SNC_LIB
Variable Value : D:usrsapsaprouterntintelsapcrypto.dll

Set the environment SECUDIR = <directory_of_saprouter>

variable Name : SECUDIR
Variable Value : D:usrsapsaprouter

2. Download the SAP Crypto Library from service market place.

Create folder d:usrsapsaprouter – on system where you are installing
unpack the downloaded softwere into folder

Copy these files to saprouter folder
saprouter.exe
niping.exe
sapgen.exe

Then copy these files to saprouter folder
LEGAL.TXT
Ticket
LICENSE.txt
Saprouttab

Copy ntintel this folder to saprouter folder

3. To generate a certificate request, run the command:

sapgenpse get_pse -v -r certreq -p local.pse “CN=SOLMAN, OU=0000491517, OU=SAProuter, O=SAP, C=DE”

Note: You will be asked for a PIN code. Just pick your own 4 numbers, but
you’ll have to use the same PIN every time you’re asked to enter one.

Please enter PIN:
Please reenter PIN:

Supplied distinguished name: “CN=SOLMAN, OU=0000491517, OU=SAProuter, O=SAP, C=DE”
Generating key (RSA, 1024-bits) … succeeded.
certificate creation… ok
PSE update… ok
PKRoot… ok
Generating certificate request… ok.

Saprouter

4. Then you have to follow the guide and request the certificate from
http://service.sap.com/tcs -> Download Area -> SAProuter Certificate

Go to http://service.sap.com/saprouter-sncadd

Request certificate for SAP Router

which will give the certifcate like below.

Saprouter.exe Download

5. Create a file C:usrsapsaproutersrcert and copy the requested
certificate into this file and save

The run the command:
sapgenpse import_own_cert -c C:usrsapsaproutersrcert -p local.pse

6. To generate credentials for the user that’s running the SAProuter
service, run command:
sapgenpse seclogin -p local.pse

running seclogin with USER=”XXXadm”
Please enter PIN:
Added SSO-credentials for PSE “C:usrsapsaprouterlocal.pse”
“CN=SOLMAN, OU=0000491517, OU=SAProuter, O=SAP, C=DE”

7. Check the configuration by running command:

sapgenpse get_my_name -v -n Issuer
(This should always give the answer “CN=SAProuter CA, OU=SAProuter,
O=SAP, C=DE”)

C:usrsapsaprouter>sapgenpse get_my_name -v -n Issuer
Opening PSE “D:usrsapsaprouterlocal.pse”…
PSE open ok.
ok.
Retrieving my certificate… ok.
Getting requested information… ok.
SSO for USER “wr1adm”
with PSE file “D:usrsapsaprouterlocal.pse”

Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

8,run command saprouter -r -K “p:CN=SOLMAN, OU=0000491517, OU=SAProuter, O=SAP, C=DE” -V 2

9. Create SAProuter service on Windows with the command:
ntscmgr install SAProuter -b C:usrsapsaproutersaprouter.exe -p
“service -r C:usrsapsaproutersaprouttab”

9. Edit the Windows Registry key as follows:

MyComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSAProute
rImagePath –> Change both ^ to “

10. Start the SAProuter service

11. Enter the required parameters in OSS1 -> Technical Settings


How to troubleshoot the SAP router connectivity issue and the way to renew the SAP router certificate.

1) Issue: SAP global support unable to connect into the SAP system.

Steps to verify the SAP router connectivity at the SAP systems level

a) Execute TCODE: SM59 -> “ABAP Connections” -> double click “SAPOSS”

b) Click “Connection Test”

c) Sample error on the SAP router connectivity

Some times can be password for user OSS_RFC default password “CPIC” or network issues
check and fix it.

2) Steps to check the SAP router validity and how to renew the certificate

Steps to check the SAP router certificate validity

a) Login to the system where the sap router been install with the <SID>adm account
Execute: sapgense get_my_name -v -n Issuer, sapgenpse get_my_name
Expired certificate that cause the SAP system connectivity failed

3) ERROR: The connection to the specified message server (/H/XXX.XXX.X.XX/S/sapd

24177 – OSS1: Message S1452: Connection to Message Server

Steps to renew the SAP router certificate

1) Login to the SAP support portal -> Maintenance & Services -> SAP Trust Center Services -> SAProuter certificates

2) Click “Apply Now”

3) Ensure the SAP router details been created and click “Continue”

4) Copy the “Distinguished name” to be use for certificate creation process later.

5) Login to the system where the sap router been install with the <SID>adm account
Backup these files: certreq, cred_v2, local.pse, srcert

6) Stop the SAP router service

7) Execute: sapgenpse get_pse -v -r certreq1 -p local.pse
Create a new PIN when prompt that will be use later in the certificate creation process
Paste the distinguished name that copy from the SAP support portal previously

8) Examine that the “certreq1” file that been created. Copy all the contents of the file.

9) Paste the “certreq1” file contents into the SAP portal text box and click “Request Certificate”

10) Again copy all the contents generated from the portal.

11) Paste the copied contents into notepad and save in as “srcert” file in the SAP router folder

12) Install the certificate, execute: sapgenpse.exe import_own_cert -c srcert -p local.pse

13) Create the “cred_v2” file, execute: sapgenpse seclogin -p local.pse with the PIN created earlier (Step 7)

14) Check the newly created certificate and the validity date been updated
Execute: sapgense get_my_name -v -n Issuer, sapgenpse get_my_name

15) Start the SAP router service

Saprouter download path

16) Test the connectivity with TCODE: SM59

SAProuter - How to setup the saprouter ? What is the saprouter ?

The program SAProuter is the router (software) for the connection from customers to SAP and vice versa.

  • SAProuter in a SAP System
  • What ports to open for a SAProuter ?
  • How to setup the SAProuter for an SNC Internet-Connection ?
  • How to setup the SAProuter for an VPN-Internet-Connection ?
  • How to setup the SAProuter for NON-Internet-Connection ?
  • How to download the latest version ?
  • SAProuter online help with all supported command line options and further examples

SAProuter in a SAP System

This tool SAProuter is designed, to connect different IP Networks even when the IP adresses are in conflict as it does a network adress translation itself. So, this is always used in order to connect SAP with the customer's systems. This is the case for the way from SAP to the customers and mostly the case as well for logging on into the SAP systems from customer's site as well. If the customer uses the SAPNet R/3 Frontend, he has to use the SAProuter on his site.

Further information is available in the very good note 30289.

What ports to open for a SAProuter ?

From external to the SAProuter (mostly from Internet to DMZ)

The SAProuter is running (listening) on port 3299 by default. When you change this with the option '-S' you have to open a different service. But, by default it is just the port 3299 inbound that needs to be available from external partners. The SAProuter now changes the ports to the 'original' ones on the computer where the SAProuter is running. So, it looks like for the target system, as if the request would always come from the computer where the SAProuter is running.

From the SAProuter to the internal systems (mostly from DMZ to intranet)

The SAProuter rerouts all requests from the port 3299 where it is receiving the data to the original ports. Therefore, it is necessary, that you open all ports from the SAProuter to your intranet, that are used in your environment.
This is normally at least the SAP system. The SAP systems dispatcher is running on port 32nn where nn is the system number. So, you might have to open port 3200 - keep in mind, that 3299 to the intranet normally is NOT necessary.
Overview of a few typical applications and their port needs (especially for the access from SAP to your system):

  • 32nn: R3 Support Connection
  • 23: Telnet
  • 1503: Netmeeting
  • 5601: PC-Anywhere
  • 3389: Windows Terminal Server (WTS)

Saprouter Download Path

How to setup the SAProuter for an VPN-Internet-Connection ?

Even when VPN often sounds horrible complicated this is pretty easy in this scenario ...

You just grap the 'Remote Connection Data Sheet' from note 28976 and return it filled in to SAP either via Fax or via SAPNet R/3 Frontend (OSS) with componente XX-SER-NET-OSS-NEW (The short text for that message must be 'Remote Connection Data Sheet').
In this 'Remote Connection Data Sheet' you mainly have to let SAP know the official IP adress of your VPN Server and the second official IP adress of your SAProuter. You then forward this second IP to the server of your choice where you want to run the SAProuter.
SAP will setup the VPN access for you and will return the necessary preshared key with the official SAP IP adresses in a few days to you. You then setup your end of the VPN and everything is fine.
Installation of the SAProuter itself for VPN works identically to the way via a private line for non internet connections as described below.

How to setup the SAProuter for NON-Internet-Connection ?

The following description is designed for Windows, but for other platforms, there is documentation available as well in the SAP Help Portal.

  • First you have to setup a physically direct connection to SAP. This can be an ISDN-, Frame-Relay or similar connection. If a direct connection from your site is not feasable, you can have a look to some service providers, if they can offer you a 'OSS-Connection' to SAP for a useful fee.
    Then you receive a special official IP-Adress from SAP (mostly 2 IPs). One of the IP adresses has to become attached to the server you want to run SAProuter on. This means, that this server can receive several IP adresses (at least your normal local one and the official one from SAP).
  • Create the subdirectory saprouter in the directory <drive>:usrsap.
  • Copy the SAProuter.exe either from <drive>:usrsap<SID>SYSexerun or get the latest one as described below from the SAP Service Marketplace.
  • Install the SAProuter as service as follows:
    ntscmgr install SAProuter -b <drive>:usrsapsaproutersaprouter.exe -p 'service -r <parameter>'
    (The 'parameter' has to become replaced with the additional parameters you are using. This is mostly not necessary at all)
  • Define the general attributes of the service:
    In Control Panel->Services, set the startup type to “automatic” and enter a user. SAProuter should not run under the SystemAccount.
  • To avoid the error message “The description for Event ID (0)” in the Windows NT event log, you must enter the following in the registry: Under HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Eventlog->Application, create the key saprouter and define the following values under it:
    EventMessageFile (REG_SZ): <drive>:usrsapsaproutersaprouter.exe
    TypesSupported (REG_DWORD): 0x7
  • Every SAProuter needs a file called 'saprouttab'. This is normally expected in the same directory as saprouter.exe is located. You should have a look at the end of this web-site or to the SAP Help Portal how to setup this for productive use.
    Right for the moment for tests, the following line in the file <drive>:usrsapsaproutersaprouttab is sufficient:
    P * * *
    (Please change this as soon as your tests are done, as this file opens all ports and all of your systems!)
  • Now, have fun with your SAProuter after starting it via the Windows Service Manager!

How to download the latest version ?

You can download the latest version of all the SAP Executables in the SAP Service Marketplace. As the binaries are different for each platform, you should have a look at the following link:
Download Executable Patches on the SAP Service Marketplace

SAProuter online help with all supported command line options and further examples

If you have some more ideas to this topic, please let us know via the Feedback Area.

Saprouter Download Linux

[ go to top ]

back 12/11/2020, 03:48:41