Protect4S - VM User Guide
  • Protect4S - VM User Guide
  • Introduction
    • Quick setup
    • Support
    • Protect4S VM place in SAP system landscape
  • Pre-conditions and installation
    • Supported operating system and database types
    • Software version requirements
    • Recommendations
    • Heterogeneous database connections
  • Protect4S VM Software Installation
    • Add-On Installation, import support packages and upgrade
    • Installation post-processing
  • Create Protect4S VM users and roles
    • Distribution of satellite roles
    • satellite system ABAP RFC user using wizard
    • satellite system ABAP RFC user MANUAL SETUP
    • satellite system JAVA user
    • satellite system database user
    • satellite system operating system user
    • Operating system user other than <sid>adm
    • Satellite system BusinessObjects user
  • Check and set Application settings
  • Protect4S VM Menu
  • Execute the Quick setup
    • Company
    • Systems
      • Creating an ABAP system
      • Creating a JAVA system
      • Creating a BusinessObjects BI system
      • Creating a HANA standalone system
      • Creating a SAP Web Dispatcher system
      • Creating a SAProuter system
      • Creating a SAP Cloud Connector system
      • SAPControl security settings
  • Create a project
    • New project
    • New Scan
  • Check Template
  • Contact persons and Scan subscription
    • Contact persons
    • Scan subscriptions
  • Reports
    • Scan result
    • Scan results information
    • System tab
    • Company tab
    • Scan statistics tab
    • Check overview
    • Risk history
    • Scan statistics
    • Scan export
    • Mitigation report
    • Scan comparison
    • Management overview
    • Connection map
  • Mitigation of Vulnerabilities
    • Mitigation menu
  • Check exemptions
  • SIEM Interface
  • Integration
    • Incident Management
  • Information and support
    • Welcome menu
    • Product information
    • Check information
    • Change log
    • User Guide
    • Report a software defect
    • Feature request
  • Deinstallation
  • Appendix A: Troubleshooting Satellite System connection issues
    • SAPControl connections
    • Database connection
    • JAVA connection
    • HTTPS certificate errors
  • Appendix B: Installation database libraries
    • IBM DB2
    • MSSQL
    • MaxDB
    • Oracle
    • SAP Sybase
    • SAP HANA
  • Appendix C: satellite system Communication Ports
  • Appendix D: Protect4S VM SICF Services
  • Appendix E: using a server group
  • Appendix F System context
  • Appendix G DNS resolving
  • Appendix H Dump in Scan subsciptions
  • Appendix I HTTPURLLOC table
  • Appendix J - Risk Matrix
  • Appendix K - Short dump function module "PFL_GET_SINGLE_PARAMETER" not found
  • FAQs
    • General
    • Installation
    • Configuration
    • Projects and scans
  • Contact us
Powered by GitBook
On this page

Was this helpful?

  1. Appendix A: Troubleshooting Satellite System connection issues

SAPControl connections

PreviousAppendix A: Troubleshooting Satellite System connection issuesNextDatabase connection

Last updated 2 years ago

Was this helpful?

SAPcontrol connections are used to execute checks on Operating System level. In case of issues involving a specific SAPcontrol connection please check the following items:

Check:

  • The

  • SAP OSS Note

  • SAP OSS Note

  • Make sure the SAP kernel of the satellite system has a recent patch level, especially for old kernels 6.40 or 7.00

  • Make sure that the ownership of the SAP kernel executable sapuxuserchk is correct for ALL sapususerchk file in all exe-subdirectories.

  • For access to privileged OS Commands, the user configured must be added to the host profile of sapstartsrv (often in this location: /usr/sap/hostctrl/exe/host_profile) using SAP parameter service/admin_users

  • On Windows (in Unix by default) the values for parameter service/admin_users in the host_profile are case sensitive and need to be defined exactly as the user running the service. For example service running as "domain\SAPServiceDAA" cannot be defined as "domain\SAPservicedaA" in the host_profile

  • Multiple value for parameter service/admin_users is possible. Use space as separator for multiple value. e.g. service/admin_users = SAPServiceDAA user1 sidadm user2

The upper and the lower case letters must match.

  • Add the SAP parameter parameter service/admin_users to the Start- or Instance profile of the SAP satellite system.

  • On Windows, the error “Start service runs with administrative privileges, OSExecute disabled” might occur: the SAPService<SID> user must not be part of the Administrators group. See also:

SAP Note

  • On Linux: in case the error "FAIL: HTTP error, HTTP/1.1 401 Unauthorized" occurs: remove old .sapstream* files from directory /tmp . See also:

  • SAP OSS Note

  • Whenever you have made changes to the file: /usr/sap/hostctrl/exe/host_profile , you must restart sapcontrol with the command: saphostexec –restart in order to activate these changes.

!!! General remark: Additional information can be obtained from the log in SMICM or when addding the "-debug" option on the OS command line when testing with sapcontrol.

E.g.:

  • sapcontrol -nr <NN> -host <a remote server> -function <any method> -debug

WAF / Firewall / IDS / IPS

In modern networks connections from the central Protect4S system to remote systems might be blocked by network devices like (Web Application) Firewalls or IDS/IPS devices. Make sure that these devices do not interfere with the connections and if needed add these connections or source- and target IP-addresses to the allow-list.

If you get the error "Connection reset by peer" with "bind (99: Cannot assign requested address)" then see SAP Security note .

General network related issues can be troubleshooted with the help of SAP note .

WIKI FAQ
1563660 - sapcontrol, user authorization issues (SUM)
927637 - Web service authentication in sapstartsrv as of Release 7.00
2480903 - "FAIL: Start Serv. runs with admin**.** priv., OSExecute disabled"
1565645 - SAP composite note: sapcontrol
2396062
3099550