Search This Blog

Tuesday, May 20

Release Restrictions For SAP EP 6.0 on Web AS 6.40

Symptom
Information on release restrictions for SAP Enterprise Portal 6.0 on Web AS 6.40.
Reason and Prerequisites
The statements made here, especially those referring to availability dates, reflect current planning and can be changed without prior notice
Solution
Open Limitation(s)
EP-KM
Release with restrictions
Knowledge Management and Collaboration in external facing portals
Knowledge Management (KM) and Collaboration are released in a restricted way for scenarios where the external facing portal capabilities of NW'04 SP 14 are used (i.e. reducing the network load by using the 'light framework page' concept of the portal): - KM runs within the light framework page without erros (as from NW'04 SP14). Collaboration Rooms run within the light framework page as from NW'04 SP17. However, for both KM and Collaboration, the network load will not be decreased since the navigation within the KM and Collaboration iViews requires the full range of scripts to be downloaded from the portal. - Browser Back/Forward navigation within KM will not work in all cases - Indexing of KM content by external search engines (Google, etc.) will not work on all content In addition, the general usage of KM and Collaboration in scenarios where untrusted (e.g. with a self-registered user ID) or anonymous users are accessing an external facing portal is recommended in a restricted way only to avoid upload of malicious files or code (e.g. disable file upload or discussion forum entries). This recommendation is true even if the 'light framework page' concept of NW'04 SP14 is NOT used. For more information on how to enable KM (and Collaboration) for anonymous users, please refer to the following notes. SAP NetWeaver '04 SP11 and below: Note 728106. SAP NetWeaver '04 SP12 and higher: Note 837898.
Fixed with NW'04 SP14 (KM) and SP17 (Collaboration)
( Changed at 13.10.2006 )

No release
Taxonomies in combination with versioning and statemanagement are not supported
KM Taxonomies based on Query based Classfication on top of repositories where both the statemanagement service and versioning are activated and actively used at the same time is not supported currently. Using KM in this combination causes functional issues when browsing taxonomies. Files might not be shown in the taxonomy although being published, different versions of the same file might be listed in a category.
( Changed at 19.01.2009 )

EP-KM-COL-DSC

Release with approval of SAP or after consultation with SAP
Forums cannot be run productively on clustered installations with more than 8 server nodes
Forums cannot be run productively on clustered installations with more than 8 server nodes (Dialog instances) This will lead to scalability issues which might deteriorate the performance of the complete enterprise portal installation.
( Changed at 03.11.2008 )

EP-PIN-MIG

Release with approval of SAP or after consultation with SAP
Migration EP5 to NW04: Few types of URL iViews will not work after migration.
After migrating EP5 (Portal & KM) to NW04, few types of URL iviews will not work. (URL & iView catcher from EP5) iViews. Here is the list: - Delimiters supports only # (for personalization) - No support in personalization names with special characters. - - The URLIView supports only the following EP5 tags: , , , , - The other EP5tags are not supported - URLIViews with declaired 'EP5 system' that contains the following characters '<' and '>' as part of parameter will not work properly. - EP5.0 URL IView with Post method after migration will not work (to fix it edit the EP6 IView and change the Method to Post). -IView Catcher rendered IViews after migration will not work. - In case of EP5 tags in the iView (the .asp file returns html with TAGS) the tags will not get translated. Therfore the html content might be corrupted.
( Changed at 08.12.2008 )

Fixed Limitation(s)

EP-KM

No release
Accessing Windows file share (or any SMB share) via JCIFS on HP-UX 11.x
Scenario: The portal server runs on HP-UX 11.x (PA-RISC or IA64 Itanium) and a KM repository manager is used to connect a Windows file or any SMB (Server Message Block protocol) share via JCIFS. Problem: If the Windows file share is accessed via the repository manager with a high load (e.g. during indexing or massive user interaction) the communication between portal and file share might fail and cause error messages. Loss of document meta data (stored in the KM database) might also occur. Solution: SAP has validated a more recent version of JCIFS for SAP NetWeaver SPS 20 / SAP NetWeaver 7.0 SPS 12 and above, which fixes this problem.
This restriction is no longer valid.
Limitation is fixed
( Changed at 20.07.2007 )

For EP server running on UNIX: Connecting Windows file systems is not possible
Connecting Windows file systems directly via the repository framework of KM is not possible if the portal server is running on UNIX (!). A workaround via 3rd party or open source products might be applicable and would have to be done on project base. Even with a workaround in place, existing ACLs on the Windows file system will not be respected. This limitation is planned to be resolved with SAP NetWeaver support package stack 04.
This restriction is no longer valid.
Fixed with SP stack 4
( Changed at 10.06.2005 )

EP-KM-ADM-UPG

No release
KMC NW04 SPS10 not released on DB2 database
NW'04 SP stack 10 Knowledge Management & Collaboration (KMC) is not released on DB2 database platforms. The upgrade from NW04 SP9 (NW04 SR1) fails, sapinst returns the following error in the "Deploy patch files" phase: "SDM call of deploySDAlist ends with returncode 4 See output of logfile /tmp/install/KMC_SP10/logs/callSdmViaSapinst.log for details" Background information: There are two of KMC tables which cannot be converted. The reason is their definitions have been changed in SP10 but during the upgrade they contain some data that cannot be converted to the new structure on DB2. This problem will be fixed with NW'04 SP stack 11.
This restriction is no longer valid.
Refer to SAP Note 0000821801
( Changed at 10.06.2005 )

EP-KM-CM

No release
Upload of files > ~ 70 MB not possible on SQL Server
Upload of files larger ~ 70 MB not possible on SQL Server
This restriction is no longer valid.
Refer to SAP Note 0000739263
( Changed at 10.06.2005 )

EP-KM-COL

Release with restrictions
'Who Is Who' iView & LDAP Search Size Limit
The number of users indexed by TREX is limited by the LDAP search size limit parameter set on the LDAP server. This means that only the number of users specified in this parameter are indexed and displayed in the Who's Who iView. Make sure that the value of the search size limit parameter is higher than the number of users defined in LDAP. If the search size limit of the LDAP cannot be increased, the WhoIsWho will not work correctly.
This restriction is no longer valid.
Fixed with NW'04 SP15
( Changed at 23.12.2005 )

EP-KM-RTC

No release
Real-time collaboration (RTC) does not work in a cluster failover situation
In a clustered EP environment, real-time collaboration will not be automatically restarted after the cluster has crashed and is starting up again. This limitation is fixed with SAP NetWeaver SP stack 10.
This restriction is no longer valid.
LImitation is fixed with SP stack 10
( Changed at 10.06.2005 )

EP-PCS-IVS

Release with restrictions
Limited Support for Business Packages
Business packages will not be available with the beginning of ramp-up. This restriction will probably no longer be valid with NW ’04 SP Stack 02. After release of business package, please check SAP note 642775. This note explains specific installation instructions that have to be followed.
This restriction is no longer valid.
Refer to SAP Note 0000709354
Fixed with SP Stack02
( Changed at 10.06.2005 )

EP-PIN

Release with restrictions
No Full Locking Mechanism Support for PCD Objects
With SAP Enterprise Portal 6.0 SP2 a locking mechanism was implemented to avoid that two administrators work on the same PCD objects in parallel. With SAP Enterprise Portal 6.0 on Web AS 6.40 this mechanism has not been implemented by the following editors: Rule editor , and Desktop editor. They are planned for the next NetWeaver release.
This restriction is no longer valid.
Refer to SAP Note 0000920332
( Changed at 07.10.2008 )

Release with restrictions
No Accessibility Support for the End User
SAP Enterprise Portal 6.0 on Web AS 6.40 Support Pack Stack 01 is not yet fully accessible. Accessibility support for the end user is planned to be available NetWeaver `04 Support Pack Stack 04.
This restriction is no longer valid.
Refer to SAP Note 0000709354
Fixed with SP Stack04
( Changed at 10.06.2005 )

Web Dynpro for Java and Portal: Style Sheet Support only When Running on the same SP Stack
The style sheets generated by SAP Enterprise Portal 6.0 on Web AS 6.40 are not yet downward compatible. To guarantee a consistent branding of Web Dynpro applications running in SAP Enterprise Portal, SAP Enterprise Portal 6.0 on Web AS 6.40 and Web Dynpro for Java (resp. Web AS 6.40) have to run on the same NetWeaver `04 Support Pack stack. With NetWeaver `04 Support Stack 03 and Stack 05, the portal branding does not work at all for Web Dynpro applications. This is planned for NetWeaver`04 Support Stack 09.
This restriction is no longer valid.
Fixed with SP Stack 09
( Changed at 10.06.2005 )

No release
No Cluster Support With NetWeaver '04 at begin of Ramp-Up
SAP Enterprise Portal 6.0 on Web AS 6.40 Ramp-up is to be installed as a single-node installation, only. As long as this restriction is valid, we neither recommend performance nor stress tests. SAP plans to release cluster functionality with SAP NetWeaver `04 Support Package Stack 04 (“feature pack”) Before that, a Cluster installation can be done on individual project request. In this case, please contact your SAP Ramp-Up contact.
This restriction is no longer valid.
Refer to SAP Note 0000709354
Refer to SAP Note 0000803018
Fixed with SP Stack04
( Changed at 06.09.2005 )

EP-PIN-MIG-R3

No release
No Role Upload from SAP Backend Systems Before Support Pack Stack 06
SAP Enterprise Portal 6.0 on Web AS 6.40 Support Pack Stack 01 does not support a role upload from SAP backend systems. Thus, roles have to be created manually in the portal and cannot be uploaded from the SAP system. This is planned for SAP NetWeaver'04 SP Stack04 (Feature Pack).
This restriction is no longer valid.
Refer to SAP Note 0000709354
Fixed with SP Stack04
( Changed at 10.06.2005 )

EP-PIN-USM

No release
Limitations in the User Persistence Stores (ABAP + LDAP)
SAP Enterprise Portal 6.0 uses the User Management Engine (UME 4.0) as user management system. UME supports LDAP directories, SAP systems and DB as user persistence stores. 1) Limitations when using LDAP directory as user persistence store: - Dynamic groups are not supported. - Security policies defines on the directory server are not reflected in the UME - Group assignment only read-only when using a deep hierachy. Please check note 673824 for details. 2) Limitations when using MS ADS as user persistence store: When accessing the ADS with the global catalogue, only read access is possible. Please check note 673824 for details. 3) Limitations when using SAP System as user persistence store: -As of 4.6D, UME XML-user replication to ABAP-Systems (specificially SRM) is limited to up to 3 systems and 5000 users.
This restriction is no longer valid.
Refer to SAP Note 0000673824
( Changed at 10.06.2005 )

Single Sign On Limitations
With SAP Enterprise Portal 6.0 on Web AS 6.40 Support Pack Stack 01 cross domain Single Sign-On is not supported. An official support is planned with Support Pack Stack 04. In the meantime a solution can be realized on a project base (How To Guide is under preparation; a How To Guide for SAP Enterprise Portal 6.0 SP2 is already available: http://service.sap.com/ep60howtoguides). SAP provides a Web server filter and a programming interface (ticket verification library/API) to enable non-SAP applications to work with SAP logon tickets. SAP Logon Ticket webserver plugins are available for selected platforms and web servers. For details please refer to note 723896.
This restriction is no longer valid.
Refer to SAP Note 0000709354
Fixed with SP Stack04
( Changed at 10.06.2005 )

EP-SYS

No release
No Support of Clustered Portal Database wiht NetWeaver `04
With SAP Enterprise Portal 6.0 on Web AS 6.40, DB Clustering will not be officially supported. This applies to Microsoft SQL, as well as to Oracle Database cluster implementations. The technical feasability of active/active DB-Cluster solutions (like ORACLE RAC or MS SQL in active/active cluster mode) in conjuction with SAP Enterprise Portal 6.0 on Web AS 6.40 Support Pack Stack 01 is under investigation. But there are currently no plans to release it within the NetWeaver '04 timeframe. Since some customer projects have shown that EP 6.0 SP2 (!) is able work on top of an active/passive DB-Cluster-Solution SAP is willing to help customers on a project to get DB-Cluster related problems solved (in case of Oracle this is true for Fail Over mechanisms, but not for Real Application Clustering (RAC)). If you are interested in setting up DB-clustering on your own risk and on a project base, please contact SAP NetWeaver Product Management via your SAP contact in sales or consulting. This is solved with SAP NetWeaver 2004 SP Stack13.
This restriction is no longer valid.
Refer to SAP Note 0000709354
( Changed at 22.02.2006 )

EP-SYS-UPG

No release
Migration to SAP EP 6.0 on Web AS 6.40 not yet available
The following migrations are planned: - from EP 5.0 SP6 to NW'04 SP Stack 04 (FP): Oct 2004 (NOT SUPPORTED ANYMORE!!!) - from EP 5.0 SP6 to NW'04 Support Release 1: Released on Jan 26th, 2005 - from EP 6.0 SP2 to NW'04 Support Release 1: Release in March 2005 Please check http://sercice.sap. com/~form/sapnet?_SHORTKEY=01100035870000499845&_OBJECT=0110003587000057 04272003E for details. Please note that customers can of course manually export SAP Enterprise Portal 6.0 SP2 content and import it into SAP NW04 Enterprise Portal 6.0 on Web AS 6.40 Support Pack Stack 03-09.After the import please verify that the content is running.(personalization will not work) No upgrade from SAP Enterprise Portal 5.0 to SR is possible.
This restriction is no longer valid.
Refer to SAP Note 0000732461
( Changed at 10.06.2005 )

EP-UNI

No release
Unification Support only With NetWeaver '04 Unrestricted Shipment
SAP is currently porting the C++ based 5.0 Unification to a Java based 6.0 Unification. For customers this will have the advantage that unifiers will run as portal services on the portal server. Thus, no separate unification server will be required anymore. The C++ 5.0 unifiers have not been qualified for running in a SAP Enterprise Portal 6.0 on Web AS 6.40 Ramp-up (=NetWeaver Support Stack 01) environment and are therefore not released. The new java based 6.0 unifiers are planned to be release with NetWeaver '04 Support Pack Stack 05. See note 749643 for further details.
This restriction is no longer valid.
Refer to SAP Note 0000749643
Fixed with SP Stack05
( Changed at 10.06.2005 )

External-Facing Portal (NW04)

Symptom
This note is intended as a central entry point for all information and notes (consulting and bug fixes) related to the implementation of SAP NetWeaver Portal 2004 as an external-facing portal.
Reason and Prerequisites
The features for implementing an external-facing portal were introduced in SAP NetWeaver 2004 SPS14.
Solution
=====================================================================
I GENERAL INFORMATION
=====================================================================

Implementing an external-facing portal extends the capabilities of the SAP NetWeaver Portal by enabling large companies to provide information, services and applications to customers, vendors and partners in a public web portal that performs well over the Internet and operates in a manner similar to standard, customizable web sites.

To enable and ease the implementation of a Web portal, the SAP NetWeaver Portal includes tools for creating an external-facing portal. The portal offers support of standard Web-like behavior, quickly putting casual and first-time portal visitors at ease. It provides the means for customizing the portal look and feel to provide a fresh and updated Web site look for a public audience. And it reduces the number of resources transmitted over the web, increasing the performance for Internet users, which is especially important for users who access the portal over low-bandwidth connections and dial-up networks.

Although not always appropriate for certain applications that require a large number of resources and support of the SAP NetWeaver client framework, an external-facing portal using the SAP NetWeaver Portal can help companies boost their portal project ROI by using the same platform for the company's Internet and Intranet implementations.

For more information, see the external-facing portal documentation on the Help Portal at http://help.sap.com/saphelp_nw04/helpdata/en/04/e5b7c3de384515afeafa0dab8e44e0/frameset.htm.

=====================================================================
II LIMITATIONS
=====================================================================

For information on any portal limitations in SAP Netweaver 2004, including any limitations on implementing an external-facing portal, see SAP Note 709354.

=====================================================================
III RESTRICTIONS
=====================================================================

The following are restrictions when implementing an external-facing portal:
  • Session Termination Not Supported: Applications that use the EPCM's session termination feature may not work properly. The feature enables applications to sign up to be notified if the user tries to exit the application or the portal, in order for the application to save data or take other steps.
  • WorkProtect Mode Not Supported: Applications that use the EPCM's WorkProtect Mode feature may not work properly. The feature automatically tracks whether data entered into an application was saved and, if the user tries to navigate to another location, either displays a dialog for saving the data or opens the new page in a new window.
  • Unsupported Content: The following content makes use of the Session Termination or WorkProtect Mode and, therefore, is not supported in an external-facing portal:
    • Web Dynpro applications
    • SAP business packages
    • SAP transactional iViews
  • Knowledge Management (KM) Restrictions: For more information on restrictions on the use of KM within an external-facing portal, see SAP Note 709354.
  • Related Links and Dynamic Navigation Not Supported
    • Related Links: The Related Links iView uses HTMLB and EPCM, so any page with a Related Links iView will not be light.
The Related Links iView is not part of the out-of-the-box light framework page, so related links will not be displayed. You can add the iView to the light framework page, in order to display related links, but the external-facing portal will no longer be light.
    • Dynamic Navigation: Any Dynamic Navigation iView that uses HTMLB or EPCM causes pages on which they appear not to be light.
  • Application Integrator: The use of the browser's Back button is not supported when using Application Integrator iViews.
  • Anonymous Users and Hashed URLS: If an anonymous user is the first to navigate to a page in a portal with short URLs, the navigation will fail. For more information, see SAP Note 913367.
  • Named Anonymous Users: There is a general restriction when using named anonymous users in the portal. See SAP Note 870247.
  • Safari/Opera and HTMLB Browsers: Safari and Opera browsers are not supported by HTMLB and, therefore, HTMLB-based iViews are not supported in these browsers, including the following:
    • Portal and page personalization iViews
    • Related Links iView
  • Personalization iViews: Personalization iViews use HTMLB and, therefore, are considered heavy content.
  • Behavior of Light Navigation iViews: The following is a list of special behaviors of light navigation iViews:
    • Navigation Panel: After a user resizes the navigation panel and then navigates to another page, the light navigation panel returns to its default size.
    • Page Title Bar: The light page title bar does not display the name of the current page or iView.
    • Top-Level Navigation iView:There is no hovering option in the light top-level navigation iView.

KM search iView does not work correctly in External Facing Portal

Symptom
  • KM iview (e.g search function in Portal masterhead) does not work correctly when the portal is used as External Facing Portal (EFP).
  • The search URL is different from the URL through non-external accessing, like:
    irj/portal/servlet... - EFP
    irj/servlet... - non-external
  • Authentication screen appears.
Environment

SAP NetWeaver Java


Reproducing the Issue
  1. Portal was configured external.
  2. Users access from Portal from external. (e.g a anonymous user access portal from internet)
  3. Execute search function in masterhead.
  4. Authenticate screen appears.
Cause
  • In External Facing Portal, all iViews are embedded which will create a plain html without IFRAMES or FRAMES.
    So all the link, buttons, events and navigation performed in this EFP portal will be reflected in the browser URL.
  • The search label in masthead area is a reference to the search iView and therefore when the customer clicks on it the result is a URL.
    Basically it is a href or action to a navigation target (in general all the navigations in EFP trigger this kind of URLs.)
  • However the KM iView is htmlb based, it is not EFP compatible and the search button is a htmlb component that triggers a server event. This event is passed to the server with a URL similar to this URL:
    [http://ep.app.com.cn:50000/irj/servlet/prt/portal/prtroot/pcd!
    3aportal_content!2fevery_user!2fgeneral!2feu_role!2fcom.sap.km.home_ws!
    2fcom.sap.km.hidden!2fcom.sap.km.urlaccess!2fcom.sap.km.basicsearch?
    layoutSetMode=exclusive&ResourceListType=com.sapportals.wcm.SearchResult
    List&SearchType=quick&QueryString=test]
    There are a bunch of parameters processing in the server and according to them the portal is refreshed, the navigation is performed.
Resolution
  • User has to create own search iview which uses standard html components.
  • Make this html elements call KM search.

How to configure anonymous CM access

Symptom
A logon window appears when KM iViews are accessed by an anonymous user.
CM is currently designed to support these basic anonymous scenarios:
  • Browse
  • Search
  • Document download/viewing

Consider the following restrictions / recommendations:
1. Not supported for anonymous users due to technical reasons (e.g. all users share the same user ID) are:
- Editing (document, properties) -as locking is based on user ID.
- Action inbox
- Personal documents / favorites
- Rating
- Personal notes
- Customized presentation settings
- Subscription
- Review
- Feedback
- Send-to
    2. Not recommended scenarios for anonymous users are:
- Creation/Upload of documents. As anonymous users have low trust level there is a risk of cross site scripting.
- Presentation settings dialog
- Approval activation/deactivation
- Manual ordering activation/deactivation
- Time dependent publishing activation/deactivation
- Versioning activation/deactivation
- Permission dialog
- Service permission dialog
- Index information
    3. Restrictions for all users if anonymous users are used:
- WebDAV Clients (e.g. MS Web Folders) will only display anonymous content. It is no more possible to authenticate and see more documents.
When using the portal drive together with setting the KM docs iView to anonymous, the default guest user will be used for accessing documents and folders. The user and password that are set when mounting a KM folder as a portal drive is ignored in this case.
Workaround: The servlet path /irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs is not affected by the changes of this note. Knowing this servlet path as a way for accessing KM documents via WebDAV clients allows authentication via basic authentication. The complete URL for the WebDAV root folder would look as follows: :/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs. Example: http://localhost:50000/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents.
- Document links in e.g. notification mails will only work for documents that anonymous users are allowed to see. As an alternative action inbox channel / UWL could be used instead of mails.

    4. Recommendations if anonymous users are used:
- Strict ACL settings; only group 'Authenticated users' hould have write permission to KM repositories
- Remove all permissions for anonymous users for /userhome/ and /entrypoints/recent
- Restrict access for UI commands that should not be visible for anonymous users (see restrictions and recommendations for anonymous users)
- UI commands such as the permissions dialog are displayed to anonymous users with read access. Also services that are not supported (subscription) for anonymous users might be displayed.

How to restrict UI commands to authenticated Users
a) Create a new role 'AuthenticatedUsersRole'
b) Assign this role the group 'AuthenticatedUsers'
c) Assign the role ID to all UI commands (and UI screenflows (User Interface > Mapping > Screenflow)) that should not be visible for anonymous users
Reason and Prerequisites
  • KM iViews are deployed at default with authentication schemes -> basic authentication and form based logon.
  • Check wether the file web.xml in the irj web application (/j2ee/cluster/server/apps/sap.com/irj/servlet_jsp/irj/root
    /WEB-INF) contains the following mapping:

prt
/go/*

Add the mapping if it is missing.
Solution
    1. Go to CM Configuration as System Administrator: Choose System Administration > System Configuration > KM Configuration > Content Management Configuration > Global Services > URL Generator Service (visible in advanced mode). Change URL generator settings as follows:
a) Replace prefix #/irj/servlet/prt/portal/prtroot/com.sap.km. cm.docs# inside the parameters "Image Path", "Viewer", "XML Forms CSS URL", "Content Access Path" with #/irj/go/km/docs#
The value for the parameter "Image Path" must look as follows: /irj/go/km/docs/etc/public/mimes/images
The value for the parameter "Viewer" must look as follows: /irj/go/km/docs
The value for the parameter "XML Forms CSS URL" must look as follows: /irj/go/km/docs/etc/xmlforms
The value for the parameter "Content Access Path" must look as follows: /irj/go/km/docs
b) Replace
#/irj/servlet/prt/portal/prtroot/com.sap.km.cm. uidetails# inside the parameters "Resource Properties Page" and "New Resource Properties Page" with #/irj/go/km/details#
The value for the parameters "Resource Properties Page" and "New Resource Properties Page" must look as follows: /irj/go/km/details
c) Replace
#/irj/servlet/prt/portal/prtroot/com.sap.km.cm. navigation# inside the parameters "Explorer Servlet" and "Navigation Servlet" with #/irj/go/km/navigation#
d) Replace
#/irj/servlet/prt/portal/prtroot/com.sap.km.cm. highlightedcontent# inside the parameter "Highlighted Content" with #/irj/go/km/highlightedcontent#
e) Replace
#/irj/servlet/prt/portal/prtroot/com.sap.km.cm. basicsearch# inside the parameter "Basic Search Servlet" with #/irj/go/km/basicsearch#
f) Save the changes.
    2. Open the PCD Editor as Content Administrator: Content Administration > Portal Content > Portal Content > Portal Users > Standard Portal Users > Standard User Role > Open > Object
a) Navigate to Home (note the tooltip "com.sap.km. home_ws") > Hidden > URL Access.
b) Open all contained iViews (Basic Search, Details, Document, Highlighted Content) for editing
c) Select the property category "Advanced"
d) Change the property "Authentication Scheme" to "anonymous"
e) Save the changes.

Server node fails to start during deployment

Symptom
Server node fails to start during deployment

A typical indicator of this problem is an entry similar to the follwing in the default trace file:

Caused by: javax.naming.CommunicationException: : [Root exception is java.lang.ClassNotFoundException: com.sap.security.core.server.https.SecureConnectionFactory
------------------------- Loader Info -------------------------
ClassLoader name: [service:naming]
Living status: alive
Direct parent loaders:
[system:Frame]
[library:com.sap.security.api.sda]
[library:tc~jmx]
[library:tc~je~mmodel~lib]
[service:p4]
[interface:appcontext]
[interface:naming]
Resources:
D:\\usr\\sap\\KM1\\J00\\j2ee\\cluster\\bin\\services\\naming\\sap.com~tc~je~naming~impl.jar
---------------------------------------------------------------]
at com.sun.jndi.ldap.Connection.(Connection.java:204)
at com.sun.jndi.ldap.LdapClient.(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at com.sap.engine.system.naming.provider.DefaultInitialContext._getDefaultInitCtxt(DefaultInitialContext.java:64)
at com.sap.engine.system.naming.provider.DefaultInitialContext.(DefaultInitialContext.java:45)
at com.sap.engine.system.naming.provider.DefaultInitialContextFactory.getInitialContext(DefaultInitialContextFactory.java:41)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.(InitialDirContext.java:82)
at com.sap.security.core.persistence.datasource.imp.LDAPDataSourceConnectionPool$1.run(LDAPDataSourceConnectionPool.java:887)
... 27 more
Reason and Prerequisites
Due to a classloader problem, the server node does not start during deployment, if the UME is configured to use an SSL connection to a directory server.
Solution
The problem has been fixed with SAP NetWeaver 7.1 SPS7.
As workaround you can configure the UME not to use an SSL connection for the directory server during deployment. After the deployment is finished, switch back to the secure connection.
To change the UME configuration when the server node is down, use the config tool.
To find the UME configuration, switch to the configuration editor mode , navigate to Configurations -> cluster_config -> system -> custom_global -> cfg -> services -> com.sap.security.core.ume.service
    1. Change the property sheet or the data source configuration file, depending where you connection data is maintained. Change the following properties:
  • ume.ldap.access.ssl to false
  • ume.ldap.access.server_port to your non-SSL port
    2. Save the changes and restart the server node.
    3. Finish the deployment and switch back to your original configuration.

Start of UME Service Failed with error

Error:
Start of UME Service Failed with error: "Parameter ume.persistence.data_source_configuration
cannot be read from the properties file.
 
Symptom
  • The security service fails to start. In the std_server0.out trace file, you will see the following error
service com.sap.security.core.ume.service ================= ERROR=================
Core service com.sap.security.core.ume.service failed. J2EE Engine cannot be started. com.sap.engine.frame.ServiceException: Start of UME service failed.
Check help topic "Start of UME Service Failed". Technical details: Parameter ume.persistence.data_source_configuration cannot be read from the properties file
#at com.sap.security.core.server.ume.service.UMEServiceFrame.start (UMEServiceFrame.java:398)


Environment
  • SAP Netweaver Application Server 7.0x/7.1x/7.2x/7.3x/7.4
Reproducing the Issue
Try to start the AS Java
Cause
Incorrect configuration of UME data source. The wrong UME datasource xml file has been chosen for the current configuration of your User store which is one of ABAP, LDAP, or Local UME.
Resolution
You need to locate and edit the UME parameter ume.persistence.data_source_configuration. To do so, please do the following:
For 7.0x:
  1. Open the Config tool
  2. Navigate to Global server configuration -> services -> com.sap.security.core.ume.service.
  3. Locate the parameter "ume.persistence.data_source_configuration"
  4. Enter the correct data source.
  5. Press "Set"
  6. Save the changes and restart the AS Java
For 7.1x and above:
  1. Open the Config tool
  2. Switch to configuration mode
  3. In the display Configuration tab, navigate to cluster_config -> system -> custom_global -> cfg -> services -> com.sap.security.core.ume.service -> Propertysheet properties.
  4. Switch to edit mode
  5. click on the property "ume.persistence.data_source_configuration"
  6. Enter the correct data source
  7. Apply the changes and restart the AS Java


See Also