March 29, 2010

Instalando SAPRouter en Windows via conexión SNC

Esta es una guia para instalar SAPRouter con conexión SNC:

Secure Network Communications:

1. Register SAProuter at service marketplace. Send an oss-message with component XX-SER-NET-NEW to SAP. You have to attach "Remote Connection Data Sheet" to this oss-message (note 28976).

2. Download SAPSECULIB and SAPCRYPTO from service marketplace.

You'll find SAPSECULIB underDownload - SAP support Packages - Entry by application group - SAP Technology Components.

3. Download SAPROUTER from service marketplace.
You'll find it under Download - SAP support Packages - Entry by application group - SAP Technology Components.

4. Create directory "saprouter" at your saprouter-host. In this example I created \usr\sap\saprouter.
5. Uncar your saprouter-file and copy saprouter.exe andniping.exeinto your saprouter-folder (\usr\sap\saprouter).
6. Check if you can findntscmgr.exe in thewindows\system32-folder. If it's not there - find it and copy.
7. Create saprouter as an service.
Example: ntscmgr install SAProuter -b E:\usr\sap\saprouter\saprouter.exe -p "service -r -R E:\usr\sap\saprouter\saprouttab -S 3299"
8. Set saprouter-service to "Automatic" and user "adm".
9. Create key "saprouter" under
HKEY_LOCAL_MACHINE → SYSTEM → CurrentControlSet → Services → Event Log → Application
Then this values:
EventMessageFile (REG_SZ): ....\saprouter\saprouter.exe
TypesSupported (REG_DWORD): 0x7

10. Check if you can find MSVCR71.DLL and MSVCP71.dll in yoursystem32-folder.
11. Download MS Runtime DLL attached to note 684106 ( Unzip and run R3DLLINS.EXE from \NTPATCH - restart if necessary.
12. Uncar SECULIB and copy files from nt-i386 (if 32-bit windows) into \usr\sap\saprouter folder.
Uncar SAPCRYPTOLIB and copy files from \ntintel into\usr\sap\saprouter. You also have to copy files directly from the uncared SAPCRYPTOLIB-folder (files as ticket) into\usr\sap\saprouter.
13. Create environment variables for user:
SECUDIR = E:\usr\sap\saprouter
PATH = E:\usr\sap\saprouter
SNC_LIB = E:\sap\saprouter\sapcrypto.dll
Go to service marketplace:

Press Apply Now!
You'll receive some data. Save it and copy the Distinguished Name.
Press Continue.
15. Open dos-command at your saprouter-host and type:
sapgenpse get_pse -v -r certreq -p local.pse ""
Just press "Enter" twice if you have to enter PIN.
16. Files local.pse and certreq is now created in saprouter-folder.
Open file certreq in notepad and copy the content.
17. Go back to service marketplace (window from nr. 14) and paste the content from certreq there. Press Request Certificate.
You will then receive your certificate.
18. Copy your certificate into notepad at your saprouter-host. Save this notepad-file as srcert in your saprouter-folder.
19. Open dos-command and import the certificate:
sapgenpse import_own_cert -c srcert -p local.pse
20. Create credentials. Open dos-command and type:
sapgenpse seclogin -p local.pse
21. Verify the import of the certificate. Open dos-command and type:
sapgenpse get_my_name -v -n Issuer
Everything should be ok.
22. Create a file called saprouttab in your saprouter-folder and enter thise entries:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" *
P 3299
23. Go into registry at your saprouter-host.
HKEY_LOCAL_MACHINE - SYSTEM - ControlSet001 - Services - SAProuter
Modify string ImagePath.
It should look like this:
E:\usr\sap\saprouter\saprouter.exe service -r -R E:\usr\sap\saprouter\saprouttab -S 3299 -K "p:"
24. Start saprouter-service
25. Open port 3299, 3200 between SAP and your saprouter.