Skip to Content
Technical Articles

Focused Run own Simple Diagnostics Agents show MAI error after upgrade to FRUN SPS2

Introduction

As architect of our central SAP Focused Run installation I had been facing with the issue, that after the upgrade from Focused Run 2.0 SPS 0 to SPS2 I saw the Simple Diagnostics Agents of its own landscape in status “RED” and the configuration status as “up do date”.

First some words to our implementation

We wanted to enable strong data separation at date collection time. For that i used our SAP Web Dispatcher installed in front of the SAP Focused Run system as reverse proxy.

 

To implement the data separation I used the rewriting rules from the Security Guide Chapter 3.1.1.1 SAP Webdispatcher

merged the systems using the IP addresses belonging to a Customer and used the Admin Request Parameter (AdmReqParam) defined during the creation of the Customer ID as identifier:

Tracing the error

This has been the picture I found for the systems belonging to the Focused Run system

The analysis of the logfiles showed me the following error message:

Security HTTP status code 403 from https://….:xxx//sap/srsm_mai/push_metrics

All the other systems connected to the Focused Run showed the regular information – it was only found on all the Focused Run systems.

The situation was not easy to understand, as all other information from the Focused Run systems have been send successfully via the SAP Web Dispatcher to the Focused Run backend systems.

Comparing the Agent Internals of an agent without error

with an agent with the error

guided us to the solution.

All the customer systems are using their own customer network but the systems for the Focused Run are placed per default in the network LOCALNETWORK and this has to be excluded from the rewriting rules.

But with Focused Run 2 SPS2 the security guidelines for the MAI metrics must have been adapted with the result that now the Rewrite Rule:

RegIRewriteRawUrl ^/sap/srsm_mai/push_metrics/$ /sap/srsm_mai/push_metrics?smgwa=%{HEADER:AdmReqParam} [qsreplace,break]

was also used for MAI data of the Focused Run system instead of bypassing the traffic.

Solution

I solved the issue with entering the line

RegIRewriteRawUrl ^/sap/srsm_mai/push_metrics /sap/srsm_mai/push_metrics [qsreplace,break]

after the rule

RegIRewriteRawUrl ^/sap/srsm_mai/push_metrics/$ /sap/srsm_mai/push_metrics?smgwa=%{HEADER:AdmReqParam} [qsreplace,break]

I first entered the rule in front of the rule, but that will show you the following error message in every system, where you will start to configure the Simple Diagnostics Agent:

Unexpected push response: RC=1;Request processing for agent …  failed, reason: Network Segment mismatch, expected: ***, actual: ..

Conclusion

Updating a system can change the behaviour of rules in a way you have not expected and it is not allways obvious why some data flows are affected and some are not. And using the wrong order in the URL mapping rules can lead to unwanted effects, which do not show up immediately and are not obviously linked to the rules.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.