This website is not affiliated with, sponsored by, or approved by SAP AG.

sap login problem

Basis (Basis Technology Modules: Basis Component/System Administration, GUIs)

Moderators: Snowy, thx4allthefish

sap login problem

Postby rajaforlani on Wed Sep 19, 2007 6:02 am

I have problem with my users over remore area who can't connect to SAP. I have checked by using ping, and I got 100% OK and quick reply from SAP server.
SAPGui properties also has been set to correct port and instance.
Previously those users were able to connect to our SAP server , but now i have installed domain controller and ISA server 2000 and configured all the clients through isa now they can't login.

Error message those users get:
---------------------------------
Connection to partner broken
WSAECONNRESET: connection reset by peer
---------------------------------
partner ‘mas-sap:sapdp10’ not reached
Time Mon May 07 19:12:39 2007
component : NI(network interface)
Release :710
Version : 39
Module : nbiuf.cpp
Line : 4640
Method : NlBufIconnect :Connection pending after 10000ms
Return Code : -10
System Call Connect
Error No : 10035
Error Text : WSAEWOULDBLOCK: Resource temporarily unavailable

--------------------------------
The instance number is '10'
SO the port should be 3210?
So can any body tell me how to resolve this issue,and how to open ports in ISA without disabling the firewall


Please help in this issue,

regards,
Rajasekahr

Last edited by rajaforlani on Wed Sep 19, 2007 9:13 am, edited 1 time in total.
rajaforlani
 
Posts: 7
Joined: Wed Sep 19, 2007 4:52 am

Postby snmsee on Wed Sep 19, 2007 7:03 am

SO the port should be 3210?

Is this the only port that is openend on the firewall?
snmsee
 
Posts: 3583
Joined: Thu Mar 09, 2006 9:09 am

Postby rajaforlani on Wed Sep 19, 2007 8:40 am

No i mean that ports should be open are 3210,3610 and 3910
Is that required to open these ports in ISA as i have added the sap servers IP addresss in allow rules and
by the way how to open these ports if required in ISA firewall?
IS it necessary to open these ports in ISA as i have already mentioned the IPaddress of SAP server in trusted and allow rules
Thanks&Regards,
Rajasekhar
rajaforlani
 
Posts: 7
Joined: Wed Sep 19, 2007 4:52 am

Postby snmsee on Wed Sep 19, 2007 11:16 am

Don't forget 3310 & 3410. What version of ISA?
snmsee
 
Posts: 3583
Joined: Thu Mar 09, 2006 9:09 am

Postby Tinuviel on Wed Sep 19, 2007 3:39 pm

Let's assume that system number 10 is open to the internet. So let's test it just to make sure.

Open a DOS-window and type:

telnet mas-sap 3610

What happens? Does the screen roll and go blank? Good, that means you are reaching port 3610. Now make sure 3210 and 3310 pass this test too.

Does the screen display a "Connecting to Mas-sap..." before erroring out with a "Could not open connection to the host" error? If so, you aren't reaching port 3610 for reasons unknown. Hunt down and eliminate these reasons and test again to make sure you have resolved the problem.
Tinuviel
 
Posts: 1069
Joined: Fri Sep 09, 2005 8:05 pm

Postby rajaforlani on Thu Sep 20, 2007 4:49 am

Hi
I have checked using the telnet command and the error is below
C:\>telnet 10.0.0.0 3610
Connecting To 10.0.0.0...Could not open connection to the host, on port 3610: Connect failed
This is the error i got so it means the port is not open?by the way my iam using ISA 2000 standard edition .
Is that not enough to just add the SAP servers IP address in my ACL's
Thanks
RajaSekhar
rajaforlani
 
Posts: 7
Joined: Wed Sep 19, 2007 4:52 am

Postby Snowy on Thu Sep 20, 2007 9:02 am

an IP address that ends with a zero? don't remember seeing that in the past.
SapFans Moderator

Search: http://www.sapfans.com/forums/search.php
Notes: http://service.sap.com/notes
Help: http://help.sap.com
Rules: http://www.sapfans.com/forums/viewtopic.php?t=344127
Snowy
 
Posts: 28692
Joined: Mon Oct 21, 2002 2:33 pm
Location: 3.1415926535

Postby rajaforlani on Thu Sep 20, 2007 9:15 am

Oh my god that was just a dummy IP address
I just put it as a exampl thats all
its not the isssue
I have also tried to scan all the ports which are open on SAP server with NMAP command
Thanks
Rajasekhar
rajaforlani
 
Posts: 7
Joined: Wed Sep 19, 2007 4:52 am

Postby Snowy on Thu Sep 20, 2007 9:34 am

rajaforlani wrote:Oh my god that was just a dummy IP address



yes, that IP address was really dummy! :lol:
SapFans Moderator

Search: http://www.sapfans.com/forums/search.php
Notes: http://service.sap.com/notes
Help: http://help.sap.com
Rules: http://www.sapfans.com/forums/viewtopic.php?t=344127
Snowy
 
Posts: 28692
Joined: Mon Oct 21, 2002 2:33 pm
Location: 3.1415926535

Postby Tinuviel on Thu Sep 20, 2007 11:42 am

It does not mean that the port is not open - it means that you cannot reach that port from the workstation on which you are testing. This is usually due to some kind of firewall.
Tinuviel
 
Posts: 1069
Joined: Fri Sep 09, 2005 8:05 pm

Postby rajaforlani on Thu Sep 20, 2007 12:57 pm

SO is there any possibility to solve this problem without disabling the firwall
Thanks,
Rajasekahr
rajaforlani
 
Posts: 7
Joined: Wed Sep 19, 2007 4:52 am

Postby Snowy on Thu Sep 20, 2007 1:04 pm

rajaforlani wrote:SO is there any possibility to solve this problem without disabling the firwall
Thanks,
Rajasekahr



yes, just create rules in your firewall, open ports.
SapFans Moderator

Search: http://www.sapfans.com/forums/search.php
Notes: http://service.sap.com/notes
Help: http://help.sap.com
Rules: http://www.sapfans.com/forums/viewtopic.php?t=344127
Snowy
 
Posts: 28692
Joined: Mon Oct 21, 2002 2:33 pm
Location: 3.1415926535

Postby Tinuviel on Fri Sep 21, 2007 1:14 pm

Since we open our SAP systems to our consultants via the internet, we always close up all our ports with the exception of the appropriate 32xx, 33xx, and 36xx ranges.

We even shut down the port that asks a ping so the servers can't be.
Tinuviel
 
Posts: 1069
Joined: Fri Sep 09, 2005 8:05 pm

Postby snmsee on Sat Sep 22, 2007 2:31 pm

Tinuviel,

You do not use NAT on the firewall? That is much more secure.
snmsee
 
Posts: 3583
Joined: Thu Mar 09, 2006 9:09 am

Postby Tinuviel on Sat Sep 22, 2007 5:50 pm

I am not an IT person, I am a Basis person so I have no idea. Personally, I disable my workstation firewall as soon as I get a new laptop,
Tinuviel
 
Posts: 1069
Joined: Fri Sep 09, 2005 8:05 pm

Next

Return to Basis

Who is online

Users browsing this forum: Google [Bot] and 9 guests



This website is not affiliated with, sponsored by, or approved by SAP AG.