Skip to Content
User Experience Insights
Author's profile photo Roland Kramer

SAP MacGyver – Installing SAP SolMan 7.2

Last Changed: 21st of June 2022

SAP MacGyver – Installing SAP SolMan 7.2

Blog Content


Motivation 

Why SAP MacGyver? Ok, that is obvious. There is no SAP Product like the SAP Solution Manager 7.x which needs more creativity with a skillful set of knowledge and capabilities about the Complete Range of SAP (NetWeaver) Technology with the Challenge of a Software Release which is out of Maintenance like SAP NetWeaver 7.40 and the usage of SAP BI-JAVA 7.50
Like Angus MacGyver and his tools: the Swiss Army Knife, Duck Tape, Paper Clip, Matches and a lot of SAP Background Knowledge plus Creativity is necessary to finalize the Task successfully.

Blog – SAP Solution Manager 7.2 SPS13 is Released, What’s In It for Me?
Blog – SAP Solution Manager 7.2 SPS14 Just Dropped. What’s in it for You?

Since 2007, as the Solution Manger 7.1 was mandantory for the NetWeaver Upgrade to 7.3x and higher, I have implemented several times the SAP SolMan 7.x with different SP Levels and Releases. No Installation was the same as the first one, but the main Challenges/Problem remain the same even after almost 1 1/2 decades. I even succeeded a 7.1 Systemcopy which was impossible to do, but with the BW Postcopy Automation is was and is also today.


Installation – SolMan ABAP and JAVA Instances 

You start with the creation of the ABAP and JAVA Instance in the Maintenance Planner and select the needed usages types and for ABAP 7.40 the SAP_UI Frontend 7.54. Please Note, the assigned SAP JAVA Version is now 7.50, where already the first Challenge begins.

Blog – Updates to enhanced Maintenance Planner

The good news: There is now the Service Release 2 (SR2) for SolMan 7.2 based on SP12 available, and the delta to apply is now marginal, if you imagine that SR1 was based on SP04. However this Delta hast to be applied after the initial Installation with SAINT for ABAP and SUM for JAVA.

separate%20Download%20of%20SR2%20for%20SolMan%207.2

separate Download of SR2 for SolMan 7.2

For the current SolMan 7.2 Installation based on SR2, you still have to unzip the four Files in it’s own Directory to the Download Folder to be able to recognized by the SWPM 1.0 which is still be used. (e.g. SWPM10SP32_6-20009701.SAR)

ABAP%20Instance%20SM9%20for%20SolMan%207.2

ABAP Instance SM9 for SolMan 7.2

As the Add-On Focus Build 2.0 is not Part of the SR2 Export, you have to install this after the technical ABAP Installation with tx. SAINT including the rest of the Support Packages.
Automated Initial Setup of ABAP Systems Based on SAP NetWeaver

Installed%20Software%20on%20SM9

Installed Software on SM9

Calling sapinst for the ABAP Instance with the stack.xml

./sapinst SAPINST_STACK_XML=/software/SolMan/MP_Stack_1001276584_20210924_SM9_server.xml

For JAVA this will not work, as otherwise the error Message “The content has been tampered” will occur. in the second Step, you can use the stack.xml to apply SP13 and the JAVA Patches.

JAVA%20Instance%20SJ9%20for%20SolMan%207.2

Note 2449282 – The integrity check for [TOC.XML, usages_data.xml, pv_descriptor.xml] of Java Component NW740 SR2 (folder JAVA_J2EE_OSINDEP_UT) failed!
Note 2498029 – Solman installation Error: requested package Java Component NW740 SPS12 or NW750 (folder JAVA_J2EE_OSINDEP_UT) using standard installation option with or without STACK XML


Installation – (correctly) Diagnostic Agent 

as this topic becomes more complex, an additional Blog is available now
Blog – another Mystery solved – connect Diagnostic Agent properly

 


If possible, correct the settings in the connected host and check the availability of the Diagnostic Agents, as an incorrect configuration will interfere in several steps later.

Assign%20the%20Diagnostic%20Agent%20to%20the%20host%20-%20SolMan%20Secure%20Setup

Assign the Diagnostic Agent to the host – SolMan Secure Setup

Nevertheless, the Information of a SAP HANA Database always shows incomplete in several occasions, despite of the time you spend in the investigation of the missing data.

Error Messages during the Managed System Configuration on SAP HANA

The definition of Technical System 'SJ9~JAVA' is not correct: 'SJ9~JAVA': Database 'HM9' must have at least oneHost.
The definition of Technical System 'H4S~HANADB' is not correct: 'H4S~HANADB': Database 'H4S' must have one Software Component Version.
The definition of Technical System 'H4S~HANADB' is not correct: 'H4S~HANADB': Installed Technical System 'H4S~HANADB~server' must have at least one Server
No instances could be loaded from landscape for H4S/HANADB
No Content supplied to EFWK Setup. Nothing to Configure. Please check PPMS Information in Landscape.

Note 2537063 – Kernel component of NetWeaver ABAP system is missing in SLD

This is an Example during the the Managed System Configuration.
Make sure that you cascade the Managed System Configuration for the components as follows:

  • (1) the host where the SAP Components are Installed
  • (2) the SAP HANA database where the ABAP/JAVA Instances are Installed
  • (3) the ABAP Instance which installed on SAP HANA
  • (4) optional: the JAVA Instance which is connected to ABAP

switch

switch the Status to “Manually Performed”

as the SolMan has several “Self healing capabilities” and a lot of Job’s are executed in Background, the status of the configuration changes from red to green.

Managed%20System%20Configuration%20-%20Overview

Managed System Configuration – Overview


Preparation – SolMan 7.2 Configuration

First Thing is beside the correct System Parameters, is the Checklist for Support Backbone Update
The Document – SAP First Guidance – SEM/BW Modelling in SolMan 7.x with MOPz/MP also contains additional Information for this Step.

Details about the correct SAP Parameters can be found also in the Document – SAP First Guidance – SAP BW on HANA – Edition 2021

Details about the Diagnostic Registration can be found in the Document – SAP First Guidance – SEM/BW Modelling in SolMan 7.x with MOPz/MP

Note 2113602 – SOLMAN_SETUP in Solution Manager 7.2 – Responsibility of individual steps and helpful notes or KBAs

### >>> these following Parameters are added to the Instance Profile <<<
SETENV_06 = SECUDIR=$(DIR_INSTANCE)$(DIR_SEP)sec
SETENV_16 = SAPSSL_CLIENT_SNI_ENABLED=TRUE
SETENV_17 = SAPSSL_CIPHERSUITES=545:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
SETENV_18 = SAPSSL_CLIENT_CIPHERSUITES=918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
csi/enable = 0
icm/min_threads = 16
icm/max_threads = 32
icm/max_conn = 512
icm/keep_alive_timeout = 180
icm/conn_timeout = 50000
icm/host_name_full = $(SAPLOCALHOST).$(SAPFQDN)
icm/HTTP/logging_0 = PREFIX=/, LOGFILE=icmhttph.log, FILTER=SAPSMD, LOGFORMAT=SAPSMD2, MAXSIZEKB=10240,FILEWRAP=on, SWITCHTF=month
icm/HTTP/logging_client_0 = PREFIX=/, LOGFILE=http_client_log, LOGFORMAT=%t %H %a - %r %s %b %{Content-Length}i %L, MAXSIZEKB=102400, FILEWRAP=on
### >>> these following Parameters must reside in the DEFAULT.pfl <<<
icf/cors_enabled = 1
icf/set_HTTPonly_flag_on_cookies = 1
icf/user_recheck = 1
icf/reject_expired_passwd = 1
icm/HTTP/file_access_1 = PREFIX=/clientaccesspolicy.xml,DOCROOT=$(DIR_INSTANCE)/sec, DIRINDEX=clientaccesspolicy.xml
icm/HTTP/file_access_2 = PREFIX=/crossdomain.xml,DOCROOT=$(DIR_INSTANCE)/sec, DIRINDEX=crossdomain.xml
icm/server_port_0 = PROT=HTTP,PORT=80$(SAPSYSTEM),PROCTIMEOUT=180,TIMEOUT=3600
icm/server_port_1 = PROT=HTTPS,PORT=81$(SAPSYSTEM),PROCTIMEOUT=180,TIMEOUT=3600,SSLCONFIG=ssl_config_1
icm/ssl_config_1 = CRED=SAPSSLS.pse,VCLIENT=1
icm/server_port_2 = PROT=SMTP,PORT=25$(SAPSYSTEM),PROCTIMEOUT=180,TIMEOUT=2000
icm/HTTP/server_cache_0 = PREFIX=/, CACHEDIR=$(DIR_DATA)/cache
icm/HTTP/server_cache_0/size_MB = 100
icm/HTTP/max_request_size_KB = 1024000
is/HTTP/show_detailed_errors = TRUE
icm/HTTPS/client_sni_enabled = TRUE
icm/HTTPS/verify_client = 1
is/SMTP/virt_host_0 = *:25$(SAPSYSTEM)
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 3
mpi/total_size_MB = 64
ms/server_port_0 = PROT=HTTP,PORT=82$(SAPSYSTEM)
ms/server_port_1 = PROT=HTTPS,PORT=83$(SAPSYSTEM)
ms/urlmap_secure = 1
ms/urlprefix_secure = 1
sec/rsakeylengthdefault = 4096
ssl/client_sni_enabled = TRUE
ssl/ciphersuites = 545:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
ssl/client_ciphersuites = 918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH

SSL Parameter in ABAP Instance – SM9

 

You can check your Cipher Configuration as follows (Client/Server):

lt5087:sm9adm > sapgenpse tlsinfo -v -c 918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
lt5087:sm9adm > sapgenpse tlsinfo -v -p /usr/sap/SM9/DVEBMGS16/sec/SAPSSLS.pse 545:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH

 

If you are uncertain, which Ports are available you can call the Message Server URL as follows: http://server.domain.ext:<MSG-Port>/msgserver/text/logon

### >>> these following Parameters are added to the Instance Profile <<<
SETENV_05 = PATH=$(DIR_EXECUTABLE):%(PATH)
SETENV_06 = SECUDIR=$(DIR_INSTANCE)$(DIR_SEP)sec
SETENV_16 = SAPSSL_CLIENT_SNI_ENABLED=TRUE
SETENV_17 = SAPSSL_CIPHERSUITES=903:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
SETENV_18 = SAPSSL_CLIENT_CIPHERSUITES=918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
icm/host_name_full = $(SAPLOCALHOST).$(SAPFQDN)
icm/keep_alive_timeout = 180
icm/server_port_0 = PROT=P4SEC, PORT=51805, TIMEOUT=240, PROCTIMEOUT=900, SSLCONFIG=ssl_config_0
icm/server_port_1 = PROT=P4, PORT=51804, TIMEOUT=240, PROCTIMEOUT=900
icm/server_port_2 = PROT=IIOP, PORT=51807, TIMEOUT=240, PROCTIMEOUT=900
icm/server_port_3 = PROT=IIOPSEC, PORT=51806, TIMEOUT=240, PROCTIMEOUT=900, SSLCONFIG=ssl_config_3
icm/server_port_4 = PROT=TELNET, PORT=51808, TIMEOUT=240, PROCTIMEOUT=900
icm/server_port_5 = PROT=HTTPS, PORT=51801, TIMEOUT=240, PROCTIMEOUT=900, SSLCONFIG=ssl_config_5
icm/server_port_6 = PROT=HTTP, PORT=51800, TIMEOUT=240, PROCTIMEOUT=900
icm/ssl_config_0 = VCLIENT=0, CRED=/hanamnt/data/data2/SJ9/J18/sec/SAPSSLS_51805.pse
icm/ssl_config_3 = VCLIENT=0, CRED=/hanamnt/data/data2/SJ9/J18/sec/SAPSSLS_51806.pse
icm/ssl_config_5 = VCLIENT=0, CRED=/hanamnt/data/data2/SJ9/J18/sec/SAPSSLS_51801.pse
igs/listener/rfc/disable = 1
j2ee/dbdriver = /usr/sap/SJ9/hdbclient/ngdbc.jar
j2ee/instance_id = ID1899919
jstartup/max_caches = 500
jstartup/service_acl = *
jstartup/trimming_properties = off
jstartup/vm/home = $(DIR_SAPJVM)
jstartup/vm/parameters = -Dsap.runtime.vm.allow=*;SAP*;*;*
### >>> these following Parameters must reside in the DEFAULT.pfl <<<
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 3
ms/server_port_0 = PROT=HTTP,PORT=80$(SAPSYSTEM)
ms/server_port_1 = PROT=HTTPS,PORT=81$(SAPSYSTEM)
# ms/server_port_1 = PROT=HTTPS,PORT=444$(SAPSYSTEM)
icm/HTTPS/client_sni_enabled = TRUE
sec/rsakeylengthdefault = 4096
service/protectedwebmethods = SDEFAULT -GetVersionInfo -ListLogFiles -ReadLogFile -ParameterValue -J2EEGetProcessList -PerfRead -MtGetTidByName
ssl/client_sni_enabled = TRUE
ssl/client_ciphersuites = 918:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
ssl/ciphersuites = 903:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
ssl/pse_provider = JAVA
system/secure_communication = OFF
install/umask=002
service/umask=002

SSL Parameter on JAVA Instance – SJ9

 

Typical Error Message to this Topic:

ERROR => IcmHandleMonitorMessage: MpiGetInbuf failed (rc = 14) [icxxmsg.c    1027]
ERROR => IcmConnInitServerSSL: SapSSLSessionStartNB returned (-58): SSSLERR_SSL_READ [icxxconn.c   2002]
ERROR => MsHttpLBThread: SapSSLSessionStart (rc=-102) SSSLERR_PEER_CERT_UNTRUSTED [msxxhttp.c   9808]
ERROR => NiISSLReadPending: hdl 44 SapSSLReadNB(0) rc=-108, SSSLERR_UNSUPP_PROTOCOL_VERSION
ERROR => illegal path specified {00000041} [http_plg.c 4844]
ERROR => NiISSLReadPending: hdl 40 SapSSLReadNB(0) rc=-100, SSSLERR_NO_COMMON_CIPHERSUITE
ERROR: SapSSLSessionStart(sssl_hdl=7f4ef0006500)==SSSLERR_NO_COMMON_CIPHERSUITE
ERROR => MsSSLThread: SapSSLSessionStart (rc=-100) SSSLERR_NO_COMMON_CIPHERSUITE
ERROR => HttpPlugInHandleNetData: HttpParseRequestHeader failed (rc=701)
ERROR => IctHttpOpenMessage: illegal HTTP version request
ERROR => IcmHandleMonitorMessage: MpiGetInbuf failed (rc = 14) [icxxmsg.c    1027]
ERROR => IcmReadFromPartner(id=1/242): No data from server received, role: Server, (rc=MPI_EBROKEN: pipe broken/canceled/7)
received a fatal TLS certificate unknown alert message from the peer
secussl_read: SSL_read() failed => "Unsupported SSL/TLS protocol version in ClientHello."

SAP Notes assign to the Task/Topic:

Checklist for Support Backbone Update – SP 10
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523996872
Note 2110020 – Enabling TLS or disabling SSLv3 protocol versions on SAP WebDispatcher, or SAP WebAS (AS ABAP 6xx, 7xx or AS Java >= 710)
Note 2174416 – Creation and activation of Technical Communication Users – SAP ONE Support Launchpad
Note 2180024 – HANA & ABAP: New Option to Enable/Disable FIPS 140-2 Certified Crypto Kernel
Note 2359837 – Troubleshooting for “Support Hub Connectivity” in Solution Manager 7.2 up to SP04
Note 2384243 – NetWeaver Application Server: How to configure strict TLS 1.2
Note 2384290 – SapSSL update to facilitate TLSv1.2-only configurations, TLSext SNI for 721+722 clients
Note 2384243 – NetWeaver Application Server: How to configure strict TLS 1.2
Note 2392700 – ICM: Error in HTTP Request: Invalid request line(9)
Note 2454045 – SAP Support Backbone Connectivity Troubleshooting in Solution Manager 7.2 – Guided Answer
Note 2500061 – Support Hub Connectivity: Configuration Steps in SAP Solution Manager 7.2 as of SP05
Note 2502646 – This site can’t be reached – error to access URL of GUI (SL Common GUI – web-based GUI)
Note 2506964 – Log Viewer displays error messages
Note 2522789 – How to check error ‘ Web service ping failed for logical port LP_SISE_SUPPORTHUB ‘ in Solution Manager 7.2 as of SP05
Note 2593926 – Incompatible ICM / SAP Web Dispatcher Parameter Changes in 773 – Deprecated, Obsolete and Changed Parameters
Note 2620715 – 503 Service not available error due to ICMERUNLEVELSTOPPED
Note 2665893 – LOG Q0I=> NiPConnect: /tmp/.sapicmXXXXX: connect (13: Permission denied)
Note 2880840 – Known issues in SAP Solution Manager 7.2 after the change in Support Backbone starting January 2020
Note 2806747 – Support of TCP/IP keepalive for ICM client connections
Note 2833948 – ICM – Potential Deadlock and Hanging Situation
Note 2854431 – ICM – HTTP Client Connections Hang for POST Requests via HTTP/2
Note 2907312 – receive method failed with return code SY_SUBRC 1 in job SAP_LMDB_DOWNLOAD_CONTENT
Note 2948210 – SAML does not work after setting parameter spnego/enable = 1
Note 2962555 – SSSLERR_SSL_CONNECT error when using SAP MMC
Note 3010412 – SAP Support Backbone – Configuration Overview, Responsibilities and Troubleshooting
Note 3096731 – Browser shows logon pop-up after configuring Kerberos SSO for SAPGUI on ABAP system
Note 3112136 – SAPLHTTP – System User, Wait inline for
Note 3115847 – CLM: SSF_CERT_RENEW cannot renew certificates where subject and SANs extend 255 characters
Note 3195039 – HTTP modification rules cannot be displayed properly in web admin UI and SMICM


Note 1668882 – Note Assistant: Important notes for SAP_BASIS 730,731,740,750
Note 2827658 – Automated Configuration of new Support Backbone Communication – Update 02
Note 2869143 – Composite note for handling of Digitally Signed SAP Notes in Note Assistant (SNOTE tx)

Patching SolMan 7.2 SPS 14 will be requested by the SolMan Setup anywhere.
Support Package: SAPK-72014INSTMAIN
Components: SV-SMG-INS-CFG, SV-SMG-LDB
Category: Program error

Patching SAP_UI 7.54 is also mandantory. See the Document – SAP First Guidance – complete functional scope (CFS) for SAP BW/4HANA

Update%20tx.%20SNOTE

Update tx. SNOTE

In the ABAP Instance you should first run the Task Lists/Program in this Order as the two Task Lists might check for different Technical Users and provoke that the S-User(s) are locked in the SAP OSS Backend.

  • SAP_SUPPORT_HUB_CONFIG
  • SAP_BASIS_CONFIG_OSS_COMM
  • RCWB_TCI_DIGITSIGN_AUTOMATION

task%20list

task list SAP_SUPPORT_HUB_CONFIG

tx.%20SRT_ADMIN%20in%20Client%20000

tx. SRT_ADMIN in Client 000

task%20list

task list SAP_BASIS_CONFIG_OSS_COMM

Program

Program RCWB_TCI_DIGITSIGN_AUTOMATION

Program

Program RCWB_SNOTE_DWNLD_PROC_CONFIG

 

Until here, a lot of Problems can happen, for Example:

  • locked technical User(s)
  • wrong credentials or User
  • missing Certificates
  • missing SAP Corrections
  • missing Parameters and Configurations
  • etc.

Please Note: for SolMan 7.x and the activation of the SAP Backbone you will need two different kind of technical communication users:

  • a technical User “Administrator”
  • the technical User(s) itself

https%3A//launchpad.support.sap.com/%23/techuser

https://launchpad.support.sap.com/#/techuser


Update Certificates in ABAP and JAVA

Before starting with the SolMan configuration, you should renew all necessary Certificates on the ABAP and JAVA Instances, to avoid any follow up Problems (which will occur definitely … ;-))

SAP Help – SAP Support Backbone Update Checklists

Important SAP Notes:

Note 2500061 – Support Hub Connectivity: Configuration Steps in SAP Solution Manager 7.2 as of SP05
Note 2631190 – Download location of SSL certificates required for Support Hub Connectivity configuration
Note 2716729 – SAP backbone connectivity – SAP Parcel Box configuration
Note 2827658 – Automated Configuration of new Support Backbone Communication – Update 02
Note 2820957 – Destinations SAP-SUPPORT_PARCELBOX and SAP-SUPPORT_NOTE_DOWNLOAD giving error 401 Unauthorized
Note 2836302 – Automated guided steps for enabling Note Assistant for TCI and Digitally Signed SAP Notes
Note 2911301 – SAP Support Portal connection – Renew client certificate of technical S-user
Note 2946444 – SAP Support Portal connection – Renew client certificate of technical S-user according to KBA 2911301
Note 3053425 – Download test note 2424539, “HTTP request for SAP-SUPPORT_PORTAL failed: Unauthorized”
Note 3079094 – In tx. STC01: Task list SAP_BASIS_CONFIG_OSS_COMM is missing on systems with Basis release 7.31 or lower

tx. STRUSTSSO2 – SSL Server Standard

tx.%20STRUSTSSO2

tx. STRUSTSSO2 on the ABAP Instance – SM9

Program%20RSUPPORT_HUB_CERT_RENEWAL

Program RSUPPORT_HUB_CERT_RENEWAL

check%20the%20ICM%20log%20for%20errors

check the ICM log for errors

Import the Root Certificate to the SSL Server Standard (SAPSSLS.pse)

solve all issues in the SMMS/SMICM log to avoid follow up errors

ssl/ciphersuites = 903:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_ciphersuites = 918:PFS:HIGH::EC_P256:EC_HIGH

NWA%20Security%20overview%20in%20SJ9

NWA Security overview in the JAVA Instance – SJ9

update%20Certificates%20and%20create%20SSL%20access%20Points

update Certificates and create SSL access Points

all%20SSL%20access%20Points%20active

all SSL access Points on the JAVA Instance are active

 


Don’t underestimate this preparation steps, without the correct Setup here several Activities in the SolMan Activation will have inconsistencies or even fail. As I have checked a lot of Customer Incidents pointing always to the same kind of problems, this is really crucial.

Now it is a good time to run a Backup of the System, as you don’t want to do this again in case you have to restart the configuration … 😉


SolMan 7.2 – System Configuration

SAP Help – Security Guide – Secure Configuration

You should create the user SOLMAN_ADMIN to run the Secure Configuration to avoid the usage of the Profil SAP_ALL. Furthermore the SMUA (Solution Manager User Administration) should be setup in a different Client or System, e.g. where also the FRUN 2.0 Add-On can be reside.

But running the Setup without the SAP_ALL Profile, the Secure Configuration might fail several times. If the User has SAP_ALL, the User will get always this annoying message above.

check%20table%20PRGN_CUST%20in%20Advance

check table PRGN_CUST in Advance

SAP Notes related to the Topic/Task:

Note 2250709 – Solution Manager 7.2: End-User Roles and Authorizations Corrections as of SP01 and higher
Note 2257213 – Authorizations for RFC users for SAP Solution Manager 7.2 SP02 and higher
Note 2512575 – Check User Management Engine Settings activity in SAP Solution Manager 7.2 as of SP03
Note 3070170 – Diagnostics agent cannot establish a P4 connection to the managed system

 

as the SLD is still used in the Background somewhere run the SLD setup first

https://server.domain.ext:<HTTPS-Port>/sld/fun/index.jsp

 

Setup%20of%20the%20SLD%20on%20the%20JAVA%20Instance%20-%20SLD

Setup of the SLD on the JAVA Instance – SLD

a%20new%20SLD%20object%20server%20will%20be%20created%20-%20SJ9

as you already updated some Roles from the mentioned SAP Note, you can also run tx. SU25 in advance to save some time later like the creation of the local SLD.

Initial Load January 2021 – Initial Full Import for SAP CR Content 2021
Delta Load September 2021 – cimSAP-09.2021CRDelta-09.2021
Delta Load October 2021 – cimSAP-10.2021CRDelta-10.2021

Update the local SLD with the Data from the ABAP (SM9) and the JAVA (SJ9) Instance like described in the Document – SAP First Guidance – complete functional scope (CFS) for SAP BW 7.50

 

tx.%20SU25

tx. SU25

 

Here we have now the “Chicken – Egg Problem”. At this Stage, the ABAP Instance SM9 has no Information about the assigned JAVA Instance SJ9. So calling tx. SOLMAN_SETUP will not start due the missing entries in Table HTTPURLLOC

 

https://server.domain.ext:<HTTPS-Port>/sap/bc/webdynpro/sap/wd_sise_main_app?sap-client=001&sap-language=EN#

table%20HTTPURLLOC%20%28tx.%20HTTPURLLOC%29

table HTTPURLLOC (tx. HTTPURLLOC)

 

Calling tx. SOLMAN_SETUP for the first time should be a User with enough Permission as the created User SOLMAN_ADMIN doesn’t have all authorizations at this time.

tx.%20SOLMAN_SETUP

tx. SOLMAN_SETUP

Check%20Prerequisites%20successfully%20done

Check Prerequisites successfully done

 

Always read carefully the Documentation, as I missed already some settings here
SM30 => DNOC_USERCFG
tx. AISUSER => User/Customer Nr./S-User

Note 1483276 – Use of Customizing Parameters in DNO_CUST04, AGS_WORK_CUSTOM, and ICT_CUSTOM

URL_DISPLAY_NOTE
Will be replaced after ST 710 – SP16 and ST720 – SP06. Refer to  IM_SAP_NOTE_DISPLAY_URL.
URL_SEARCH_NOTE
Will be replaced after ST 710 – SP16 and ST720 – SP06. Refer to  IM_SAP_NOTE_SEARCH_URL.

 

Set%20Up%20Connection%20to%20SAP%20successfully%20done

Set Up Connection to SAP successfully done

All%20Essential%20Corrections%20already%20applied%20before

All Essential Corrections already applied before

Maintain%20carefully%20the%20Technical%20ABAP%20User

Maintain carefully the Technical ABAP User

SAP Help – Automatic User Creation Options Using Transaction SOLMAN_SETUP

 

Tipp: use tx. SU10 and switch the Users from System to Service, in case you miss additional logon Messages.

tx.%20SU10%20-%20Switch%20the%20Users%20to%20Type%20Service

tx. SU10 – Switch the Users to Type “Service”

System%20Preparation%20successfully%20done

System Preparation successfully done

 

Be aware, that the System Preparation must be execute successfully and every Step appears as green. Every shaky decision here and you will pay for it in the upcoming steps.

SAP Notes related to the Task:

Note 1886567 – SSO wizard fails when configuring template evaluate_assertion_ticket
Note 2068872 – HttpOnly and Secure cookie attributes
Note 2182476 – Batch Job REFRESH_ADMIN_DATA_FROM_SUPPORT in Solution Manager 7.2 as of SP05
Note 2250709 – Solution Manager 7.2: End-User Roles and Authorizations Corrections as of SP01 and higher
Note 2257213 – Authorizations for RFC users for SAP Solution Manager 7.2 SP02 and higher
Note 2461900 – SSSLERR_PEER_CERT_UNTRUSTED error in dev_icm trace
Note 2512575 – Check User Management Engine Settings activity in SAP Solution Manager 7.2 as of SP03
Note 2573231 – Trying to generate the diagnostics agent certificate on step 2.3 “Diagnostics Agent Authentication” fails with error: “[SMDSetupAuthenticationVi.generateAndExportRootCertificate] Access Forbidden”
Note 2728600 – SSSLERR_ when accessing HCI/(S)CPI/NEO/CF servers under *.hana.ondemand.com
Note 2966538 – SSSLERR_PEER_CERT_UNTRUSTED shows in AS Java ICM trace after importing trusted certificates into keystore views
Note 3070170 – Diagnostics agent cannot establish a P4 connection to the managed system


SolMan 7.2 – Infrastructure Preparation

Now the crucial part of the SolMan 7.2 Configuration begins.
the setup of the System Landscape Directory (SLD based on JAVA) and it’s Connection to the Lifecycle Management Database (LMDB based on ABAP) is complex and time intensive Task. the HTTP Destination Naming needs LMDB_* at the beginning and correct and unlocked Connection Users.

 

choose

choose – Automatic Import into SLD

create%20two

create two HTTP Destinations to the local SLD on SJ9

wait

wait until the LMDB Synchronization is finished

make%20sure

make sure the SolMan ABAP/JAVA Instances are detected now

 

If you not properly set the SSL Access Points and System Parameters for the JAVA Instance and/or you have mismatches in the ABAP SSL configuration, you might see no entries or only the server host values and ports without the Domain Extension.
Nevertheless, you will nee the full qualified Domain Name URL to your ABAP and JAVA SolMan Instance. It makes no sense to continue here, if this is not fulfilled.
the Parameter login/ticket_only_https = 1 should be removed or use the Kernel default (0)

 

Typical Errors during this Task

Error; exception of type 'CX_LMDB_SM_SELF_REGISTRATION' occurred, message: AS ABAP of SAP Solution Manager not in LMDB, see long text
L3 - Could not reach test WS through system settings (ICM/HTTPURLLOC)
CX_AI_SOAP_FAULT
CX_LMDB_SM_SELF_REGISTRATION
CX_LMDB_JOB_RETRY_INTOLERABLE
CX_LMDB_FILE_DOWNLOADER_ERR
LP_WS_JAVA_UPGRADE_AGENT_PORTS
CX_GENERATE_AND_EXPORT_ROOT_CE : Application Error

 

SAP Notes related to the Task:

Note 2204859 – L3-Failed to reach test WS through System Settings (ICM/HTTPURLLOC)
Note 3058713 – End Points or Logical Ports are not created in step Create Logical Ports in SAP Solution Manager 7.2
Note 2573231 – Trying to generate the diagnostics agent certificate on step 2.3 “Diagnostics Agent Authentication” fails with error: “[SMDSetupAuthenticationVi.generateAndExportRootCertificate] Access Forbidden”

 

check%20the%20access

check the correct Update the SolMan ABAP/JAVA Instances to the local SLD

check%20the

check the JCo Destinations WEBADMIN/SOLMANDIAG manually

 

errorthe Step: Create RFC Connectivity is not correct. Go to the RFC Destination and modify the entries and add the ABAP Message Server Details and ensure that the JCo Providers in the JAVA Instance are correctly started. Furthermore the assigned Users should have correct Roles and are not locked

 

check%20the

modify the RFC Destination and add the message server details

Details%20of%20the%20RFC

Details of the RFC Destination SOLMANDIAG

Connect%20at%20least%20the%20Diagnostic%20Agent%20on%20the%20SolMan%20System

Connect at least the Diagnostic Agent on the SolMan System

 

Call the SAP Diagnostic Agent Administration as follows:

https://server.domain.ext:51801/smd/AgentAdmin

details%20of%20the%20Diagnostic

SAP Diagnostic Agent Administration 1-2

SAP%20Diagnostic%20Agent%20Administration

SAP Diagnostic Agent Administration 2-2

In case you already installed the SAP Diagnostic Agent, but the connection without success, you can run the following commands to fix the connection with the tool smdsetup.sh

SAP Help – connection to the SolMan via P4S Socket

Note 1907909 – How to connect Diagnostics Agent to Solution Manager system directly by using smdsetup script

Error Message:

[SMDManager.registerAgent] Receive registration for an already existing entry. Registration REJECTED

Note 1907891 – How to change the server name of Diagnostics Agent – Solution Manager

server:dasadm 90> pwd
/usr/sap/DAS/SMDA98/SMDAgent/log
server:dasadm 87> stopsap r3
server:dasadm 87> ../../script/smdsetup.sh changeservername servername:"server"
server:dasadm 87> pwd
/usr/sap/DAS/SMDA98/SMDAgent/log
server:dasadm 88>../../smdsetup.sh managingconf hostname:"sapms://server.domain.ext" port:"<P4S-Port>" user:"SMD_RFC" pwd:"<password>"
server:dasadm 88> vi ../configuration/runtime.properties
# replace sapms\://server.domain.ext\:<P4S-Port>/P4S with p4s\://server.domain.ext\:<P4S-Port>
server:dasadm 87> startsap r3
server:dasadm 89> 

 

SAP%20Diagnostic%20Agents%20are%20available%20in%20the%20Administration

SAP Diagnostic Agents are available in the Administration

details

Enable the SAP BW Instance in the ABAP SolMan System

 

Please Note: Without a correctly Configured SAP Diagnostic Agent on the SolMan Host, the existing CA Introscope Installation cannot be detected and ignoring this, would again end up in follow up Errors in the SolMan Configuration. Make sure that everything is correctly activated here.

Note 1579474 – Management Modules for Introscope delivered by SAP
Note 2909673 – Introscope 10.7 Release Notes
Enable HTTPS for Introscope Enterprise Manager

CA Application Performance Management Version 10.7 can be called with the following URL:

http://server.domain.ext:8081/sapdashboard/
# start the EM as follows:
server:dasadm >/usr/sap/ccms/apmintroscope/bin/EMCtrl.sh start | stop | status

 

admin

CA Introscope – SAP Dashboard

admin

Define CA Introscope – Details

optional

optional: Set Up E-Mail Communication

End

Configure CRM Basics – End of the Infrastructure Preparation

successfully%20finished

SolMan Infrastructure Preparation successfully finished


SolMan 7.2 – Mandantory Configuration 

 

the SolMan 7.2 Mandantory Configuration contains additional Basic Configuration Steps which are necessary to finalize the Configuration. 

Configure%20Basis%20Functions

Configure Basis Functions

Schedule%20Jobs%20in%20SM9

Schedule Jobs in SM9

Configure%20manually%20Functions%20in%20SM9

Configure manually Functions in SM9

Basis%20Configuration%20-%20Manual%20Activities

Basis Configuration – Manual Activities

Rapid%20Content%20Delivery%20Configuration

Rapid Content Delivery – Configuration

tx.%20AGS_UPDATE

tx. SDS_CONFIGURATION

tx.%20FILE%20-

tx. FILE – destination DOWNLOAD_SERVICE_PATH

tx.

Rapid Content Delivery – Activation via Fiori Launchpad

tx.%20AGS_UPDATE

tx. AGS_UPDATE

Create/Check%20Basic%20Dialog%20User

Create/Check Basic Dialog User

Basis%20Configuration%20successfully%20completed

SolMan 7.2 – Basis Configuration successfully completed

SAP Notes assigned to the Task

Note 2820089 – Dump CX_EEM_EXCEPTION in method GET_JOB_DETAILS in ABAP Program CL_EEM_UTILITIES==============CP
Note 2453296 – RCD: Directory CSU_DOWNLOAD_SERVICE_DIR does not exist, or user has insufficient priv. to write files
Note 2583996 – Exception ‘CX_SDS_FILE_ERROR’ in RCD job SM:RCD_CHECK_UPDATES /CSU_DOWNLOAD_DELIVERY


SolMan 7.2 – the System is configured

wow, really? the Solution Manger 7.2 is fully functional (at least for the basic tasks)

successfully%20finished

Solution Manager Configuration successfully finished

Setup%20-%20Fiori%20Launchpad%20for%20SM9

Setup – Fiori Launchpad for SM9

Setup%20-%20Focus%20Build%202.0%20on%20SM9

Setup – Focus Build 2.0 on SM9

Blog – SAP ChaRM My Inbox setup on SAP SolMan 7.2 SP12+

Blog – All About Focused Build in SAP Solution Manager 7.2

Focused Insights for SAP Solution Manager

Note 1809231 – SAP CRM Logon is not possible because you have not been assigned to a business role (add the Role SAP_SM_CRM_UIU_SOLMANPRO to your User)


For this complex Blog the following resource were used:

  • 38,2 GB SAP Data were downloaded for Installation (w/o HANA update)
  • app. 60 PPT slides were created from different screenshots
  • almost 100 jpegs were created
  • app. 50 SAP KBA Notes were analyzed several times
  • at least 5 Wikis consulted
  • at least 100 SAP Note corrections were applied in advance
  • at least 10 inconsistencies found
  • at least 7-10 errors found and and accepted with “manual Executed”
  • no animals were harmed
  • one Swiss Army Knife available on the Desk
  • app. 20l coffee consumed
  • time effort unpayable

If the SAP TechEd Cat would knew this earlier …

 


Roland Kramer, SAP Platform Architect for Intelligent Data & Analytics, SAP SE
@SAPFirstGuidance

 

“I have no special talent, I am only passionately curious.”

 

Assigned Tags

      9 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Marco Krapf
      Marco Krapf

      Fantastic Blog Post! Special thanks for all the SAP Notes and the other hyperlinks 🙂

      Author's profile photo Roland Kramer
      Roland Kramer
      Blog Post Author

      🙂

      Author's profile photo Peter Monaghan
      Peter Monaghan

      Never let it be said that Solution Manager isn't nothing short of an adventure. 🙂

      Author's profile photo Bill Buder
      Bill Buder

      Dear Roland please be informed the tasklist SAP_BASIS_CONFIG_OSS_COMM doesn't need to be executed in a SAP Solution Manager 7.2
      therefore you had execute the tasklist SAP_SUPPORT_HUB_CONFIG

      Author's profile photo Juan Manuel Naranjo
      Juan Manuel Naranjo

      Roland:

       

      Excelent  psot. We would likr to know if in a  SOLMAN 7.2 distributed layaout, we need two databases ( one  for ABAP and  one for JAVA Stack ) owr we can use the same DB for both instances

       

      Regards

       

      Juan

      Author's profile photo Roland Kramer
      Roland Kramer
      Blog Post Author

      Hello Juan Manuel Naranjo

      of course you can use one Database with two tenants, e.g. SM9 (ABAP) and SJ9 (JAVA)
      to name the Java tenant SAPSJ9 or SAPSJ9DB makes no difference

      See also the Blog - SAP BW Installation/Configuration on/for HANA

      Best Regards Roland

      Author's profile photo IT Mainroad
      IT Mainroad

      This blog is a complete course on installing a Solution Manager.

      Awesome job!

      Author's profile photo Roland Kramer
      Roland Kramer
      Blog Post Author

      Thanks

      If I would look for an SAP Basis Employee, that task would be such an Installation finalized ... 😉

      Best regards Roland

      Author's profile photo Arun Nagendran
      Arun Nagendran

      Dear Roland,

      Thank you for this blog , it's really helpful.

      Best Regards

      Arun