Please do the following :

==> be sure to logon to the SAProuter-server with the correct

administrative account before you start
_
_
==> If the SAProuter-server O.S. = WINDOWS ==> Do not use the
WINDOWS Powershell for the below commands, but execute all commands in a
CMD-with-elevated-rights (aka: Run As Administrator)
_
_
_
A/ DELETE the files "srcert, certreq, local.pse and cred_v2"
==> if you do not find the files "srcert and certreq" just delete the other two
files "local.pse & cred_v2"
»» make a screenshot of Step-A
_
_
==> Only do this if you are not using the latest version of the required
software components "SAProuter" and "Cryptolibrary"
B/ download + install the latest SAProuter version and the latest CommonCryptoLib8
version » overwrite existing software
» Download the latest SAP Crypto COMMONLIB 8 as described under
https://launchpad.support.sap.com/#/softwarecenter ->Support Packages & Patches
→ By Alphabetical Index (A-Z) → S → SAPCryptolib → CommonCryptolib8 → select
OS from drop-down > select SAPCRYPTOLIBP_xxxx-xxxxxxxx.sar > Download
Basket button
____
» Download the latest SAProuter version as described under
https://launchpad.support.sap.com/#/softwarecenter → Support Packages & Patches
→ By Alphabetical Index (A-Z) → S → SAProuter → 7.53 → select OS from drop-
down > select SAProuter_XXX-XXXXXXXX.sar > Download Basket button

==> unpack both files in the dedicated SAProuter directory (as defined in the variable
SECUDIR)
»» make a screenshot of Step-B
_
_
==> Recommendation: the following Steps should be executed by a
certified expert of the O.S. that is installed on your SAProuter
_

C/ **now make sure that your SAProuter-server system variables are setup
EXACTLY set up as described on URL
"https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html"
in Para. 2 "Create the Credentials" - Step1
==> Warning: define these variables in WINDOWS as SYSTEM
VARIABLES
==> Remember: do not forget to REBOOT your SAProuter-server after
defining the variables, IF the O.S. = WINDOWS
»» make a screenshot of Step-C
_
_
D/ goto URL "https://support.sap.com/en/tools/connectivity-tools/saprouter/install-
saprouter.html" and start in Para. 2 "Create the Credentials" - Step2 >>> click on
GENERATE PSE (=Step3.1 from the installationguide) and follow the Steps
»» make a screenshot of Step-D
_
==> Warning: do not continue reading Step3.2 after executing Step3.1 ==>
after Step3.1 comes Step4.
_
E/ back to URL "https://support.sap.com/en/tools/connectivity-tools/saprouter/install-
saprouter.html" and now continue in Para. 2 "Create the Credentials" with Step4 and
follow Step6 to your new SNC certificate
==> If you type more commands than the only one required in Step 4 to
generate the new certificate you are not following my Recommendation.
»» make a screenshot of Step-E
_
_
note:
the command in Step6 in the installation-guide is *only* for verification.
_
_
==> now you have to finish the SNC setup as described in URL
"https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html"
Para. 3 "BEFORE STARTING"
_
_
F/ Once this all is done, do this:
==> stop the SAProuter service first <<
> stop the service for SAProuter (WINDOWS)
> SAProuter -s (LINUX)
»» make a screenshot of Step-F
_
_
G/ Double check if the SAProuter process is killed..if a process is still running, that
has to be killed first before we can continue:
> make use of the TASK MANAGER (WINDOWS)
> ps -efa | grep SAProuter (LINUX)
»» make a screenshot of Step-G
_
_
H/ start the SAProuter process temporarily from commandline using the following
parameters:
saprouter -r -V 2 -K "p:CN=HOSTNAME, OU=CUSTNR, OU=SAProuter, O=SAP,
C=DE"
==> be sure to logon to the SAProuter-server with the correct
administrative account before you start SAProuter from commandline
==> Warning: the start-parameter "-V 2" should ONLY be used in this case,
not for daily usage
==> Remember: you can gladly use the extra 'flags' "-T <tracefile>" and "-
G <logfile>" should this be required. I do not recommend to use "-W <waittime>"
during this test
»» make a screenshot of Step-H
_
If you are able to start SAProuter without fail it gives this output:
tracefile dev_rout
no logging active
_
_
==> Concerning the saprouttab-file: if you copy the Example saprouttab-file
without adjusting it to your own network, due to obvious reasons, no connection from
SAP to your network and no connection from your network to SAP is possible
_
==> Warning: Do not close this commandline because you will kill the
SAProuter process if you do
In LINUX, you can also start a foreground process as background process by adding
e.g. “&” at the end of the start-command-string and/or "nohup" at the beginning.
_
_
I/ Once SAProuter is started execute the below tests from a second commandline-
prompt:
test1# done from SAProuter-SAProuter-server commandline:
niping -c -O -H 194.39.131.34 -S sapdp99
»» if this test-1 fails, call your firewall team Download SAP notE 48243 and
forward this to the firewall team
_
test2# done from internal SAP system commandline:
niping -c -O -H LOCAL_IP_OF_SAProuter -S sapdp99
»» if this test-2 fails, double check if the SAProuter process is running
_
test3# done from SAProuter-SAProuter-server commandline:
niping -c -O -H /H/LOCAL_IP_OF_SAProuter/H/194.39.131.34 -S sapdp99
>>>>>>>(do not change "localhost" only change "LOCAL_IP_OF_SAProuter")
»» if this test-3 fails, call your firewall team and make sure you have this line in
saprouttab "P * 194.39.131.34 3299"
_
Test4# done from SAProuter-SAProuter-server commandline:
niping -c -H /H/LOCAL_IP_OF_SAProuter/H/194.39.131.34/H/localhost
>>>>>>>(do not change "localhost" only change "LOCAL_IP_OF_SAProuter")
»» if this test-4 fails, continue with Step-J/ [*Other tests*] and skip Test5
_
Test5# done from internal SAP system :
execute Tcode SA38 -> RSBDCOS0 ==> type the following command:
niping -c -H /H/localhost/H/194.39.131.34/H/localhost
>>>>>>>(do not change "localhost" only change "LOCAL_IP_OF_SAProuter")
»» if this test-5 fails, continue with Step-J/ [*Other tests*]
_
==> replace LOCAL_IP_OF_SAProuter with the appropriate LAN IP of your
SAProuter-host
» make screenshots of Step-I
_
_
If these NIPING & SA38 tests fails, continue with the next Steps -> J/ [*Other tests*]
_
_
J/ [*Other tests*]
***If the SA38 test fails, do the following other Steps & tests:
do all below tests and provide the output/hardcopies in order for us to troubleshoot
the connection problem:
o upload Output/hardcopy of the command: saprouter -V
o upload Output/hardcopy of the command: sapgenpse
o upload Output/hardcopy of the command: sapgenpse get_my_name -n all
o upload Output/hardcopy of the command: sapgenpse seclogin -l
o upload Output/hardcopy of the command: niping -c -O -H 194.39.131.34 -S
sapdp99
o upload Output/hardcopy of the command: niping -c -O -H
LOCAL_IP_OF_SAProuter -S sapdp99
o upload Output/hardcopy of the command: niping -c -O -H
/H/LOCAL_IP_OF_SAProuter/H/194.39.131.34 -S sapdp99
o upload Output/hardcopy of the command: niping -c -H
/H/LOCAL_IP_OF_SAProuter/H/194.39.131.34/H/localhost
>>>>>>>(do not change "localhost" only change "LOCAL_IP_OF_SAProuter")
o upload Output/hardcopy of the command: niping -i
o upload Output/hardcopy of the command: niping -v
o upload Output/hardcopy of the command: printenv [UNIX/LINUX]
o upload Hardcopy of the Environment Variables [WINDOWS]
o upload File dev_rout (make sure it is the file from right after you test access in
SA38 and with niping)
o upload File saprouttab
o upload Output/hardcopy of the directory listing of the dedicated SAProuter directory
==> please pack all screenshots/outputs/hardcopies into one archive-file
(*.rar, *.zip, *.7z) and upload it to this incident for reviewing.
==> out of security reasons, SAP does not allow to open embedded files
in documents, kindly pack saprouttab and dev_rout as separate files in the requested
archive-file
_
_
Please note that SAP can only ensure a working SNC connection if your setup
mirrors the proposed setup in the online installationguide, without any creative
sidesteps from this document.
_
_
_
Many thanks.

*take care, stay safe and stay healthy, please*

Kind Regards,
Jibin Thomas
External
On behalf of SAP Product Support

The original source language was detected automatically and can be changed
through the Translate > More Tools menu.