Learn how to install the SNC SAPRouter as an NT service with our comprehensive step-by-step guide. Simplify your SAP system administration and enhance security
Symptom
Setting up the SNC SAProuter as a Windows NT service.
Reason and Prerequisites
Minimum: Saprouter version 31
Solution
If the Saprouter has already been entered as a service with srvany.exe, the definition of the service from the registry (path: HKLM -> System -> CurrentControlSet -> Services -> SAPRouter) should first be removed and then the machine should be rebooted.
With the following command you can newly define the service from the command line:
sc.exe create SAPRouter binPath= "<path>\saprouter.exe service -r -W 60000 -R <path>\saprouttab -K ^p:<your_distinguished_name>^" start= auto obj= "NT AUTHORITY\LocalService"- Replace <path> with the corresponding path to saprouter.exe and <your_distinguished_name> with the “Distinguished Name” registered for your installation from the Trust Center Service – Download Area. It is important that all parameters be in a character string delimited by “.
- As of version 25 (3.0E) a route permission table file (SAPROUTTAB) must be specified for the Saprouter (see also Note 30289 or goto the following link at https://support.sap.com/remote-support/help/installing-saprouter.html).
- Edit the string in the registry under MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ saprouter
and change ^ to ” under ImagePath.
D:\usr\sap\saprouter\saprouter.exe service -r -W 60000 -R D:\usr\sap\saprouter\saprouttab -K "p:CN=aiplcom, OU=0001334760, OU=SAProuter, O=SAP, C=DE"- Additionally you’ll have to do the following steps to make SAPCRYPTOLIB credentials available to a process that runs as an NT service
Run the command:
sapgenpse seclogin -p <path>\<psefile> -O <SNC_admin>
Note:
The account of the service user should always be entered in full <domainname>\<username> - Check if the certificate has been imported correctly
Run the command:
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE - Check if the environment variables SNC_LIB and SECUDIR has been set under the user account SAProuter is running under
Run the command:
sapgenpse- Check if your Distinguished Name and the validity date is correct
Run the command:
sapgenpse get_my_name
Proceed as follows after the installation to maintain the general attributes of the service:
- Go to ‘Control Panel -> Services: SAPRouter -> Button: Startup’, set the startup type to ‘Automatic’ and enter the user <SNC_admin>. The SAPRouter should NOT run under the system account.
- To avoid the error message ‘The description for Event ID (0) …’ in the NT Eventviewer you must make the following entries in the Registry. Under:
HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> Eventlog -> Application
enter the following key: SAPRouter
Under this, define the two following values:
EventMessageFile (REG_SZ) : <local_path>\sapevents.dll
TypesSupported (REG_DWORD) : 0x7
All required files (saprouter.exe, sapevents.dll) can be found in your usr\sap\<SID>\sys\exe\run directory. As an attachment to this note, you can find the corresponding DLL in file sapevents.car.
Important: These adjustments are not obligatory for running SAProuter on Windows. They serve only to provide detailed error messages in the event log.