Basis

Sending mail from SAP

Sep 29th

Posted by johanvz in Basis

4 comments

The ability to send and receive e-mail is critical to any CRM system. Sending e-mail from SAP is really simple, but battling the network administrators can sometimes be challenge.

In this post I want to show how to technically configure sending of mail from a SAP Server running Linux with Postfix. I have not used Microsoft Exchange(so won’t try to describe here), but the concept is the same. In future, I will describe the receiving of mail into SAP and the configuration required to send and receive CRM WebClient mail.

With WAS 6.10 the SAP system contains its own SMTP Server. In theory the SAP SMTP Server can be used to send and receive mail on the Internet, but in practice you probably don’t want to do this due to following reasons:

  • Exposing your SAP System directly to the Internet is a security risk.
  • Normally you only want 1 or 2 addresses to be used by SAP and these must use the corporate domain. You don’t want all your corporate mail to come into SAP.
  • The standard SMTP port required for sending Internet mail is 25. On Unix systems, root privileges is required to start services that listen on port 25. The SAP System runs with normal user rights, therefore it can’t start the SMTP server on port 25. Unless you use icmbnd.

The receiving of mail will be tackled later, but if you ever want to receive mail you must configure your sending addresses in such a way that receiving will be possible in future. Therefore, I need to create an internal mail domain(I don’t really need to do this for sending, but its the slick way).

The diagram below describes the end state we want to achieve.

Postfix Setup

Install Postfix or another SMTP Server on the SAP Server or another machine in the network. The SMTP server will run on Port 25 and will relay the mail from SAP to the world. Typically you would reuse your existing corporate SMTP server.

Importantly, you have to allow the SAP Server to relay mail via Postfix. This is done by adding the IP address(e.g. 10.20.30.40) of the SAP Server to the mynetworks spefication in the main.cf file(located in /etc/postfix on suse).
mynetworks = 10.20.30.40, [rest of what was there before]

Also, SAP will send the mail from crm@sap.company.local, but we want to change that to crm@company.com. You achieve this by maintaining a mapping in the sender_canonical file in /etc/postfix. The line below shows the entry to be maintained.

@sap.company.local @company.com

Once the above change has been made the postmap command below must be run in configuration directory to create the lookup file./etc/postfix> postmap sender_canonical

SAP Setup

Here all the setup is done in transaction /nSCOT. You must point the SMTP node to the Postfix server and activate it. Double click on the smtp node as shown below.

SCOT

The 2 important settings to maintain is Mail Host(the IP address of your Postfix server) and the node in use tick.

You must also maintain the Default Mail domain(very important) under Settings->Default Domain to crm@sap.company.local. The nasty way to configure this is to simply send mail from crm@company.com, in which case you don’t need the Postfix sender mapping.

Default Domain

You must now schedule a periodic job to send e-mail from SAP. This can be done by going to Settings->Send Jobs. In the popup select “Schedule Job for INT”, the pop up below will allow you to schedule this job. E-mails will be sent periodically every time this job runs.

SCOT Jobs

Finally, make sure that you have an e-mail address maintained(e.g. user@sap.company.local) in transaction SU01 for your user.

You can now goto system->short message and test sending an e-mail to an external address.

, , , ,

Logon Popup in the WebClient

Jun 9th

Posted by johanvz in Basis

No comments

We recently experienced a problem at a customer that drove everyone up the wall. Between 15:00 and 17:00 in the afternoon the user would get a spontaneous Java login popup. Once this happened the ITS would also require the user to log in again.

These login screens aren’t unknown. You normally get them at every customer the first time you log into the WebClient. In order to enable the sending of real time notifications to the client(i.e Broadcasts, Alerts and Telephony) a Java Applet is used to continuously poll the ICF(BC->Notify->Polling Service). This applet requires a login to SAP. The ITS also requires the user to log in again.

So you fix this by sending your local basis consultant a mail telling him to please set the parameters below and restart the instance:

  • login/create_sso2_ticket = 2
  • login/accept_sso2_ticket = 1

Problem solved, no multiple logins required, that is until 3 O’Clock in the afternoon…

We searched for notes, interrogated Desktop Support, logged the problem with SAP, sniffed the network, checked java versions, moved users, reinstalled machines, etc… We can’t figure out what happens 8 hours after a user has logged in?

By the way, below is a couple of notes you may find helpful:

Eventually, SAP responds on the note after 2 months, that we should check our Single Sign On configuration and they provide the link below.

http://help.sap.com/saphelp_nw04/helpdata/en/88/4b353a03e5494ce10000000a114084/frameset.htm

And there it is!!!

login/ticket_expiration_time  => Default = 60 hours

Turns out the default is not 60 hours, but 8 hours. 8 Hours after the user logged in, the ticket expires, requiring them to reauthenticate. I still can’t believe I didn’t think of/find it/RTFM’d this earlier.

, , ,

Quick Guide to Patching your SAP System

Jun 1st

Posted by johanvz in Basis

No comments

I need to upgrade our internal demo systems every once in a while. Now, as I don’t unleash my Basis skills on customers everyday I tend to forget how its done. I decided to record the steps here to save me a bit of time next time around. Please treat any advice given here with care(I’m no expert at this) and read the official guides and help files.

Applying patches to an SAP system is not as simple as, say updating your Windows PC. There is no auto update or one click upgrade process. I will be surprised if there ever will be. The thing is, SAP actually allows you a lot of freedom and flexibility in changing the way it works(Windows doesn’t). The price you pay is a slightly complex upgrade process.

Doing a full Support Pack update of an SAP system broadly involves the following:

1. Log in to the Service Market Place and select the packages to be downloaded. Admittedly, this is a bit easier now with SP Stacks.

2. Log on to your Solution Manager System(Maintenance Optimizer) to confirm your download basket. If you don’t do this you can’t download your Patches. I must still figure out what the benefit of this is.

3. Download the files using the SAP Download Manager.

4. Use sapcar to extract the patches. You can use the command sapcar -xvf <filename.car> from command line to do this. An easy way to extract these files in Windows is to register the extensions .CAR or .SAR to open automatically in Explorer.

You can do this by opening Windows Explorer and going to Tools->Folder Options and clicking on the File Types Tab.

Create a new type for the .CAR/.SAR file types and create a default action as shown in the screen shot below( Copy SAPCAR.EXE to your C:\Windows directory first).

You can now “mass extract” all your patches at once by selecting all 50+ files in Windows Explorer and hitting enter on them. If you do this on a laptop now would be a good time for a coffee break.

5. Now the real upgrade can start. Always update your kernel to the latest release first. This involves the following:

  • Determine your global kernel directory. Goto transaction AL11 and look for directory mapped to DIR_CT_RUN. In my case(on Linux) this is /usr/sap/<SID>/SYS/exe/run.
  • Log in with your <sid>adm user. This will ensure you preserve the correct rights to your files.
  • Backup this directory by copying it to somewhere safe.
  • Overwrite the files in your DIR_CT_RUN directory with the new kernel files extracted in step 4. These files aren’t used by the SAP System, so you can safely overwrite them while the system is still running.
  • On Windows I would recommend rebooting the box, on Unix environments you only need to stop and start the instance.
  • During the startup of the instance a program called sapcpe will copy the new kernel files in DIR_CT_RUN to DIR_EXE_ROOT(usr/sap/<SID>/exe).

6. Now, do a full off line database backup and keep in a safe place.

7. Copy the ABAP Support Pack files extracted in Step 4 to the following location on the SAP Server: /usr/sap/trans/EPS/in.

8. Log on to the SAP System in client 000 with your own user(not SAP* or DDIC).

9. Execute transaction SPAM(what a name…).

10. Load the Support Packages. On the SPAM main menu goto Support Package->Load Packages->From Application Server.

11. Now we hit the stage where P.P.P.P.P.P. You have to read all the notes on all the patches for all the components you want to upgrade. There are many dependencies here and it is easy to stuff up. But a few points:

  • Make sure TMS is configured properly and actually working(i.e. test with a transport). This is important on new installs and has burned me in the past.
  • Always upgrade SPAM to the latest version first. Always!
  • Read the notes on optimal queue definitions, make them as long as possible, but keep the next point in mind…
  • Don’t overshoot(see note 70228 for explanation). This is critical if you have add-ons such as XRPM, WFM or even CRM 2007(which now requires a CRT(Conflict Resolution Transport) after every ABAP support pack).
  • Write down all the steps you took and queues you used as this will help in the upgrade of downstream systems.

12. If you read the plethora of notes before hand and manage to follow them correctly everything should go fine.

13. If you do it Cowboy style(and ignore point 12 like I do :grin: ), SPAM failure is likely. You could try the following, in order:

  • Restart the Process. Always do this 2 or 3 times before proceeding, especially with BASIS/ABAP support packs.
  • Search for notes on the Service Market Place. You are probably not the first one to mess up. Also, sometimes the support packs contain errors.
  • Try to reset the queue and process again.
  • If you absolutely have to back out and SPAM does not allow you to reset the queue, you can do the following if you are brave. Run Function Module OCS_RESET_QUEUE in SE37 with the parameters IV_TOOL=SPAM and IV_FORCE=X. Just realize that this will leave your system in an inconsistent state. You may need to do some significant manual fixing.
  • Log it with SAP.
  • Restore your backup and try again.

Eventually you should have an up-to-date, everything recompiling, SAP System.

Oh, and if you are unlucky enough to use a J2EE stack as well. Good Luck…

, ,