SAPControl connections

PreviousAppendix A: Troubleshooting Satellite System connection issues NextDatabase connection

Last updated 2 years ago

Was this helpful?

SAPControl connections

SAPcontrol connections are used to execute checks on Operating System level. In case of issues involving a specific SAPcontrol connection please check the following items:

Check:

The
SAP OSS Note
SAP OSS Note
Make sure the SAP kernel of the satellite system has a recent patch level, especially for old kernels 6.40 or 7.00
Make sure that the ownership of the SAP kernel executable sapuxuserchk is correct for ALL sapususerchk file in all exe-subdirectories.
For access to privileged OS Commands, the user configured must be added to the host profile of sapstartsrv (often in this location: /usr/sap/hostctrl/exe/host_profile) using SAP parameter service/admin_users
On Windows (in Unix by default) the values for parameter service/admin_users in the host_profile are case sensitive and need to be defined exactly as the user running the service. For example service running as "domain\SAPServiceDAA" cannot be defined as "domain\SAPservicedaA" in the host_profile
Multiple value for parameter service/admin_users is possible. Use space as separator for multiple value. e.g. service/admin_users = SAPServiceDAA user1 sidadm user2

The upper and the lower case letters must match.

Add the SAP parameter parameter service/admin_users to the Start- or Instance profile of the SAP satellite system.
On Windows, the error “Start service runs with administrative privileges, OSExecute disabled” might occur: the SAPService<SID> user must not be part of the Administrators group. See also:

SAP Note

On Linux: in case the error "FAIL: HTTP error, HTTP/1.1 401 Unauthorized" occurs: remove old .sapstream* files from directory /tmp . See also:
SAP OSS Note
Whenever you have made changes to the file: /usr/sap/hostctrl/exe/host_profile , you must restart sapcontrol with the command: saphostexec –restart in order to activate these changes.

!!! General remark: Additional information can be obtained from the log in SMICM or when addding the "-debug" option on the OS command line when testing with sapcontrol.

E.g.:

sapcontrol -nr <NN> -host <a remote server> -function <any method> -debug

WAF / Firewall / IDS / IPS

In modern networks connections from the central Protect4S system to remote systems might be blocked by network devices like (Web Application) Firewalls or IDS/IPS devices. Make sure that these devices do not interfere with the connections and if needed add these connections or source- and target IP-addresses to the allow-list.

PreviousAppendix A: Troubleshooting Satellite System connection issues NextDatabase connection

Last updated 2 years ago

Was this helpful?

SAPcontrol connections are used to execute checks on Operating System level. In case of issues involving a specific SAPcontrol connection please check the following items:

Check:

The
SAP OSS Note
SAP OSS Note
Make sure the SAP kernel of the satellite system has a recent patch level, especially for old kernels 6.40 or 7.00
Make sure that the ownership of the SAP kernel executable sapuxuserchk is correct for ALL sapususerchk file in all exe-subdirectories.
For access to privileged OS Commands, the user configured must be added to the host profile of sapstartsrv (often in this location: /usr/sap/hostctrl/exe/host_profile) using SAP parameter service/admin_users
On Windows (in Unix by default) the values for parameter service/admin_users in the host_profile are case sensitive and need to be defined exactly as the user running the service. For example service running as "domain\SAPServiceDAA" cannot be defined as "domain\SAPservicedaA" in the host_profile
Multiple value for parameter service/admin_users is possible. Use space as separator for multiple value. e.g. service/admin_users = SAPServiceDAA user1 sidadm user2

The upper and the lower case letters must match.

Add the SAP parameter parameter service/admin_users to the Start- or Instance profile of the SAP satellite system.
On Windows, the error “Start service runs with administrative privileges, OSExecute disabled” might occur: the SAPService<SID> user must not be part of the Administrators group. See also:

SAP Note

On Linux: in case the error "FAIL: HTTP error, HTTP/1.1 401 Unauthorized" occurs: remove old .sapstream* files from directory /tmp . See also:
SAP OSS Note
Whenever you have made changes to the file: /usr/sap/hostctrl/exe/host_profile , you must restart sapcontrol with the command: saphostexec –restart in order to activate these changes.

!!! General remark: Additional information can be obtained from the log in SMICM or when addding the "-debug" option on the OS command line when testing with sapcontrol.

E.g.:

sapcontrol -nr <NN> -host <a remote server> -function <any method> -debug

If you get the error "Connection reset by peer" with "bind (99: Cannot assign requested address)" then see SAP Security note .

General network related issues can be troubleshooted with the help of SAP note .

WAF / Firewall / IDS / IPS