Find in this Blog

Tuesday, June 23, 2015

Create SAP Router Certificate 23-Jun-2015

Creating the certificate request

  1. As user <snc_adm> set the environment variables SNC_LIB and SECUDIR:
    UNIX
    SECUDIR = <directory_of_SAProuter>
    SNC_LIB = <path_to_libsecude>/<name_of_sapcrypto_library>
    Windows NT, 2000, XP or higher
    SECUDIR = <directory_of_SAProuter>
    SNC_LIB = <drive>:\<path_to_libsecude>\ntia64\sapcrypto.dll or
    SNC_LIB = <drive>:\<path_to_libsecude>\ntintel\sapcrypto.dll or
    SNC_LIB = <drive>:\<path_to_libsecude>\nt-x86_64\sapcrypto.dll
    NoteAfter configuring the variables in Windows, you have to reboot this server before you continue.
  2. Change to http://service.sap.com/saprouter-sncadd. From the list of SAProuters registered to your installation, choose the relevant "Distinguished Name".
  3. Generate the certificate Request with the command:
    sapgenpse get_pse -v -r certreq -p local.pse "<Distinguished Name>"
    Example:
    sapgenpse get_pse -v -r certreq -p local.pse "CN=example, OU=0000123456, OU=SAProuter, O=SAP, C=DE"
    Alternatively use the two commands:
    sapgenpse get_pse -v -noreq -p local.pse "<Distinguished Name>"
    sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
    You will be asked twice for a PIN here. Please choose a PIN and document it, you have to enter it identically both times. Then you will have to enter the same PIN every time you want to use this PSE.
  4. Display the output file "certreq" and with copy & paste (including the BEGIN and END statement) insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
  5. In response you will receive the certificate signed by the CA in the Service Marketplace. Copy & paste the text to a new local file named "srcert", which must be created in the same directory as the sapgenpse executable.
  6. With this in turn you can install the certificate in your SAProuter by calling:
    sapgenpse import_own_cert -c srcert -p local.pse
  7. Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user_for_SAProuter>, the credentials are created for the logged in user account).
    sapgenpse seclogin -p local.pse -O <user_for _SAProuter>
    Note: The account of the service user should always be entered in full <domainname>\<username>
  8. This will create a file called "cred_v2" in the same directory as "local.pse"
    For increased security please check that the file can only be accessed by the user running the SAProuter.
    Do not allow any other access (not even from the same group)!
    On UNIX this will mean permissions being set to 600 or even 400!
    On Windows check that the permissions are granted only to the user the service is running as!
  9. Check if the certificate has been imported successfully with the following command:
    sapgenpse get_my_name -v -n Issuer
    The name of the Issuer should be:
    CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
  10. If this is not the case, delete the files "cred_v2"and "local.pse" and start over at item 3. If the output still does not match please open a customer message at component XX-SER-NET stating the actions you have taken so far and the output of the commands 3.,6.,7. and 9.
 
 
========================================
 
Please do the following:
- Follow the steps in SAP Note 2131531 - New Root Certification
Authority for saprouter certificates
- Download the latest SAP Crypto COMMONLIB 8 and SAProuter version as
720 as described under
https://support.sap.com/remote-support/help/installing-saprouter.html
-> Downloading necessary software components from SAP Support Portal
- On your SAProuter, delete your existing PSE file and old certificate
file (local.pse, cred_v2)
- Go to the
https://support.sap.com/remote-support/saprouter/saprouter-certificates.html
- Click on "Apply Now!"
- Follow the steps detailed in the documentation
https://support.sap.com/remote-support/help/installing-saprouter.html
-> Creating the certificate request
 
====================================================================================
 
 
c:\usr\sap\saprouter>sapgenpse get_pse -v -r certreq -p local.pse
Got absolute PSE path "C:\usr\sap\saprouter\local.pse".
Please enter PSE PIN/Passphrase: ****
Please reenter PSE PIN/Passphrase: ****
!!! WARNING: For security reasons it is recommended to use a PIN/passphrase
!!! WARNING: which is at least 8 characters long and contains characters in
!!! WARNING: upper and lower case, numbers and non-alphanumeric symbols.
get_pse: Distinguished name of PSE owner: CN=SAPROUTER, OU=000011111, OU=SAProu
ter, O=SAP, C=DE
 Supplied distinguished name: "CN=SAPROUTER, OU=000011111, OU=SAProuter, O=SAP,
 C=DE"
 Creating PSE with format v2 (default)
 succeeded.
 certificate creation... ok
 PSE update... ok
 PKRoot... ok
Generating certificate request... ok.


c:\usr\sap\saprouter>sapgenpse import_own_cert -c srcert -p local.pse
Please enter PSE PIN/Passphrase: ****
CA-Response successfully imported into PSE "C:\usr\sap\saprouter\local.pse"


c:\usr\sap\saprouter>
C:\usr\sap\saprouter>sapgenpse seclogin -p local.pse -O livenews
 running seclogin with USER="livenews"
 creating credentials for user "SAPROUTER\livenews" (yourself)...
Please enter PSE PIN/Passphrase: ****
 Adjusting credentials and PSE ACLs to include "SAPROUTER\livenews"...
 Oh, you supplied your own name explicitly ... ok.
   C:\usr\sap\saprouter\cred_v2  ... ok.
   C:\usr\sap\saprouter\local.pse  ... ok.
 Added SSO-credentials for PSE "C:\usr\sap\saprouter\local.pse"

C:\usr\sap\saprouter>sapgenpse get_my_name -v -n Issuer
 Opening PSE "C:\usr\sap\saprouter\local.pse"...
 PSE (v2) open ok.
 Retrieving my certificate... ok.
 Getting requested information... ok.
SSO for USER "livenews"
  with PSE file "C:\usr\sap\saprouter\local.pse"
Issuer     : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
 
Posted by at No comments:
Labels: ,

Thursday, June 18, 2015

HP DATA PROTECTOR SQL> SQL> SQL> ERROR: ORA-01031: insufficient privileges

hp DATA PROTECTOR INTEGRATION ERROR
 
 
 
BR0002I BRARCHIVE 7.10 (39)
BR0006I Start of offline redolog processing: aeqtjfza.sve 2015-06-18 10.44.38
BR0484I BRARCHIVE log file: G:\oracle\GPQ\saparch\aeqtjfza.sve
BR0280I BRARCHIVE time stamp: 2015-06-18 10.44.43
BR0301W SQL error -1017 at location BrDbConnect-2, SQL statement:
'CONNECT system/*********'
ORA-01017: invalid username/password; logon denied
BR0310W Connect to database instance GPQ failed
BR0101I Parameters
Name                           Value
oracle_sid                     GPQ
oracle_home                    D:\oracle\GPQ\11203
oracle_profile                 D:\oracle\GPQ\11203\database\initGPQ.ora
sapdata_home                   G:\oracle\GPQ
sap_profile                    D:\oracle\GPQ\11203\database\initGPQ.sap
backup_dev_type                util_file
system_info                    SYSTEM TEST-SERVERWindows 6.0 Build 6001 Service Pack 1 AMD64
oracle_info                    GPQ 11.2.0.3.0 8192 0 0    0
make_info                      NTAMD64 OCI_10201_SHARE May 17 2011
command_line                   D:\usr\sap\GPQ\SYS\exe\uc\NTAMD64\brarchive.exe -c -u system/*********
BR0280I BRARCHIVE time stamp: 2015-06-18 10.44.49
BR0301W SQL error -1017 at location BrDbConnect-2, SQL statement:
'CONNECT system/*********'
ORA-01017: invalid username/password; logon denied
BR0310W Connect to database instance GPQ failed
BR0278W Command output of 'D:\oracle\GPQ\11203\BIN\sqlplus /nolog < G:\oracle\GPQ\saparch\.aeqtjfza.spi':
SQL*Plus: Release 11.2.0.3.0 Production on Thu Jun 18 10:44:49 2015
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
SQL> SQL> SQL> ERROR:
ORA-01031: insufficient privileges

SQL>
SQL> ORA-01012: not logged on
SQL>
BR0280I BRARCHIVE time stamp: 2015-06-18 10.44.49
BR0279W Return code from 'D:\oracle\GPQ\11203\BIN\sqlplus /nolog < G:\oracle\GPQ\saparch\.aeqtjfza.spi': 0
BR0302W SQLPLUS call for database instance GPQ failed
BR0323W 'Archive log list' for database instance GPQ failed
BR0545W Database reset logs ID not found
BR0013W No offline redolog files found for processing
BR0280I BRARCHIVE time stamp: 2015-06-18 10.44.59
BR0301W SQL error -1017 at location BrDbConnect-2, SQL statement:
'CONNECT system/*********'
ORA-01017: invalid username/password; logon denied
BR0310W Connect to database instance GPQ failed

BR0007I End of offline redolog processing: aeqtjfza.sve 2015-06-18 10.44.52
BR0280I BRARCHIVE time stamp: 2015-06-18 10.44.59
BR0004I BRARCHIVE completed successfully with warnings
 
 
Solution:
 
 Either re install or update the Client from Data protector.
 
[Normal]  Starting installation session on Thursday, June 18, 2015, 10:58:41 AM...
[Normal]  Getting list of clients for installation...
[Normal]  Done.
[Normal]  Expanding and checking clients to be installed...
[Normal]  Data Protector is already installed on the remote computer, updating it...
[Normal]  Starting installation on client test-server at Thursday, June 18, 2015, 10:58:41 AM...
[Normal] <test-server>   Reinstalling Core...
[Normal] <test-server>   Reinstall of Core succeeded.
[Normal] <test-server>   Reinstalling Core Technology Stack...
[Normal] <test-server>   Reinstall of Core Technology Stack succeeded.
[Normal] <test-server>   Reinstalling Integrations...
[Normal] <test-server>   Reinstall of Integrations succeeded.
[Normal] <test-server>   Reinstalling Automatic Disaster Recovery...
[Normal] <test-server>   Reinstall of Automatic Disaster Recovery succeeded.
[Normal] <test-server>   Reinstalling User Interface...
[Normal] <test-server>   Reinstall of User Interface succeeded.
[Normal] <test-server>   Reinstalling Disk Agent...
[Normal] <test-server>   Reinstall of Disk Agent succeeded.
[Normal] <test-server>   Reinstalling English Documentation (Guides, Help)...
[Normal] <test-server>   Reinstall of English Documentation (Guides, Help) succeeded.
[Normal] <test-server>   Reinstalling General Media Agent...
[Normal] <test-server>   Reinstall of General Media Agent succeeded.
[Normal] <test-server>   Reinstalling Manager-of-Managers User Interface...
[Normal] <test-server>   Reinstall of Manager-of-Managers User Interface succeeded.
[Normal] <test-server>   Reinstalling Oracle Integration...
[Normal] <test-server>   Reinstall of Oracle Integration succeeded.
[Normal] <test-server>   Reinstalling SAP R/3 Integration...
[Normal] <test-server>   Reinstall of SAP R/3 Integration succeeded.
[Normal]  Starting installation/update for client system test-server at TEST.TEST.local.
[Normal]  Update of client system test-server completed.
[Normal]  Installation session finished on Thursday, June 18, 2015, 11:06:20 AM.


============================================================================
                      Session completed successfully!
============================================================================

  1.  Check the backing.exe is existing in kernel directory
/usr/sap/sid/SYS/exe/NTAMD64/baclint.exe 
 
Check the system user status.
if its locked status unlock it.
 
SQL> alter user system account unlock;
User altered.
SQL> commit;
 
2. Check the sqlnet.ora file in both directory
 
 /usr/sap/sid/SYS/profile/oracle
%ORACLE_HOME%network/admin/
 
3. keep the same sqlnet file on both location as well as listener file also should be the same configuration.

4. Check the OS level permission for above files and the folders.
 
Thanks
Yoonus
 
 
Posted by at No comments:
Labels: ,

Thursday, June 4, 2015

DDIC_TYPELENG_INCONSISTENT

Implement the note  610716

And run the prechek: then run repair

NOTE1610716_20150602180535

 I1 I2 I3 ED Log Text
             Program start============================================================
             Report RUT_NOTE_1610716
             =========================================================================
             Process..................: TESTPIDEV_**
             User.....................: BASISE
             Date, time...............: 06/02/2015, 18:05:35
             Platform.................: CUSTOMER-GPD(711)/ORACLE/WindowsNT/TESTPIDEV
             Tool.....................: SA38/RUT_NOTE_1610716
             Log......................: T, NOTE1610716_20150602180535
             Program parameters:
             Task.....................: Check and correct nametab alignment
             PCHECK...................: X
             REPAIR...................: space
             =========================================================================
             SWNCAGGEXTSYSTEM: Include .INCLUDE_2 has wrong alignment.
             SWNCAGGEXTSYSTEMX: Include .INCLUDE_2 has wrong alignment.
             SWNCAGGTASKTIMES: Include .INCLUDE_1 has wrong alignment.
             SWNCAGGTASKTYPE: Include .INCLUDE_4 has wrong alignment.
             SWNCAGGTCDET: Include .INCLUDE_1 has wrong alignment.
             SWNCAGGUSERTCODE: Include .INCLUDE_2 has wrong alignment.
             SWNCGLAGGEXTSYSTEM: Include .INCLUDE_2 has wrong alignment.
             SWNCGLAGGTASKTIMES: Include .INCLUDE_1 has wrong alignment.
             SWNCGLAGGTASKTYPE: Include .INCLUDE_4 has wrong alignment.
             SWNCGLAGGTCDET: Include .INCLUDE_1 has wrong alignment.
             SWNCGLAGGUSERTCODE: Include .INCLUDE_2 has wrong alignment.
             SWNCGLHITLIST: Include .INCLUDE_1 has wrong alignment.
             SWNCHITLIST: Include .INCLUDE_1 has wrong alignment.
             SWNCSYSLOAD: Include .INCLUDE_5 has wrong alignment.
             Summary of the checks:
             82164 types checked.
             14 errors found.

REPAIR


NOTE1610716_20150602180634

 I1 I2 I3 ED Log Text
             *************************************************************************
                   Object Activation
             End phase  001 ***********************************************************
             Start phase 002 **********************************************************
                   Final log
             *************************************************************************
             Following objects not activated/deleted or activated/deleted w. warning:
             Table SWNCAGGEXTSYSTEM was activated (warning for the dependent tables)
             Table SWNCAGGEXTSYSTEMX was activated (warning for the dependent tables)
             Table SWNCAGGTASKTIMES was activated (warning for the dependent tables)
             Table SWNCAGGTASKTYPE was activated (warning for the dependent tables)
             Table SWNCAGGTCDET was activated (warning for the dependent tables)
             Table SWNCAGGUSERTCODE was activated (warning for the dependent tables)
             Table SWNCGLAGGEXTSYSTEM was activated (warning for the dependent tables)
             Table SWNCGLAGGTASKTIMES was activated (warning for the dependent tables)
             Table SWNCGLAGGTASKTYPE was activated (warning for the dependent tables)
             Table SWNCGLAGGTCDET was activated (warning for the dependent tables)
             Table SWNCGLAGGUSERTCODE was activated (warning for the dependent tables)
             Table SWNCSYSLOAD was activated (warning for the dependent tables)
             Table SWNCSYSLOAD was activated (warning for the dependent tables)
             *************************************************************************
                   Final log
             End phase  002 ***********************************************************
             Start phase 003 **********************************************************
                   Statistics on Activated and Deleted Objects
             *************************************************************************
             Number of objects to be activated............:  30
             Objects not activated........................:  0
       *************************************************************************
         Final log
   End phase  002 ***********************************************************
   Start phase 003 **********************************************************
         Statistics on Activated and Deleted Objects
   *************************************************************************
   Number of objects to be activated............:  30
   Objects not activated........................:  0
   Activated objects with errors in dependencies:  0
   Objects activated with warning...............:  13
   Successfully activated objects...............:  17
   Number of objects to be deleted..............:  0
   Objects not successfully deleted.............:  0
   Successfully deleted objects.................:  0
   Tables/views with DROP/CREATE................:  0
   No. of them marked for DROP/CREATE: 0
   Not marked for DROP/CREATE: 0
   Number of nametabs to be deleted.............:  0
   Successfully deleted nametabs................:  0
   Nametabs that were not successfully deleted..:  0
   *************************************************************************
         Statistics on Activated and Deleted Objects
   End phase  003 ***********************************************************
   =========================================================================
   End of mass activation.
   Return code..............: 4
   Date, time...............: 06/02/2015, 18:48:12
   =========================================================================
   06/02/2015 18:48:12 SWNCAGGEXTSYSTEM: 20041112142911 <> 20150602183230, no touch needed.
   06/02/2015 18:48:12 SWNCAGGEXTSYSTEMX: 20080905163931 <> 20150602183315, no touch needed.
   06/02/2015 18:48:12 SWNCAGGTASKTIMES: 20041112142911 <> 20150602183615, no touch needed.
   06/02/2015 18:48:12 SWNCAGGTASKTYPE: 20050409112517 <> 20150602183758, no touch needed.
   06/02/2015 18:48:12 SWNCAGGTCDET: 20041112142911 <> 20150602183055, no touch needed.
   06/02/2015 18:48:12 SWNCAGGUSERTCODE: 20060412152123 <> 20150602183406, no touch needed.
06/02/2015 18:48:12 SWNCGLAGGEXTSYSTEM: 20041112142911 <> 20150602183534, no touch needed.
06/02/2015 18:48:12 SWNCGLAGGTASKTIMES: 20041112142912 <> 20150602183007, no touch needed.
06/02/2015 18:48:12 SWNCGLAGGTASKTYPE: 20050409112518 <> 20150602183139, no touch needed.
06/02/2015 18:48:12 SWNCGLAGGTCDET: 20041112142912 <> 20150602183314, no touch needed.
06/02/2015 18:48:12 SWNCGLAGGUSERTCODE: 20050409112518 <> 20150602183450, no touch needed.
06/02/2015 18:48:12 SWNCGLHITLIST: 20050409112518 <> 20150602183707, no touch needed.
06/02/2015 18:48:12 SWNCHITLIST: 20050409112518 <> 20150602183839, no touch needed.
06/02/2015 18:48:12 SWNCSYSLOAD: 20050615143931 <> 20150602183944, no touch needed.
=========================================================================
All inconsistencies repaired.
Return code..............: 0
Date, time...............: 06/02/2015, 18:48:12
Program end==============================================================
 
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)