Skip to end of metadata
Go to start of metadata


To create a trusted connection between the SAP Host Agent and the Diagnostics Agent, enter the respective user. This is needed as the web services provided by the SAP Host Agent are protected and can only be used by an authenticated caller.
To create a trusted relationship between the Diagnostics Agent and the SAP Host Agent, the following manual activities need to be performed on all systems:

Trusted connection between the SAPHostAgent and the Managed System

On all hosts of the SAP Solution Manager infrastructure (SAP Solution Manager system itself, Introscope Enterprise Managers, standalone databases, managed systems hosts), do the following:

  1. Open the following file:
    Under Linux: /usr/sap/hostctrl/exe/host_profile
    Under Microsoft Windows:C:\Program Files\SAP\hostctrl\exe\host_profile
  2. Add the following parameter: service/admin_users
  3. Add admin users as parameter values separated by a blank space (for example service/admin_users = <user1> <user2> <user3>): For all Diagnostics Agents installed on the various logical hosts of the physical hosts on which the SAP Host Agent is running, add the <sid>adm user as parameter, like in the example below.

    On Unix : service/admin_users = <DASID>adm <DASID2>adm
    On Windows : service/admin_users = domain\SAPService<DASID> domain\SAPService<DASID2>

    with <DASID> and <DASID2> being the Diagnostics Agent system IDs of two Diagnostics Agents installed on the same physical host. The list of OS users has to be separated by a <space> character.
  4. Save. 
  5. Restart SAP Host Agent with "/usr/sap/hostctrl/exe/saphostexec -restart" or rather "C:\Program Files\SAP\hostctrl\exe\saphostexec.exe -restart".


Assuming that one Diagnostics Agent uses the admin user "daadm", another Diagnostics Agent uses the admin user "dabadm", enter the following parameter values: service/admin_users = daadm dabadm


Trusted connection between the Diagnostics Agent and the Managed System

The Diagnostics Agent also establishes some direct connections to the Managed Systems (ABAP and Java) namely to call the functions: J2EEGetProcessList, ReadLogFile, ABAPReadSyslog and ListLogFiles. Those Webservices may be protected → SAP Note 927637 

Therefore a Trusted Connection should be configured between the Diagnostics Agent and the Managed System

1. Add a Trusted Connection from the Diagnostics Agent to the Managed System

For both ABAP and Java systems add the Diagnostics Agent user <DASID>adm admin (where <DASID> is the SID of the Diagnostics Agent) to their respective system profiles.For more information, please see the SAP Note 927637

2 Restart the sapstartsrv process of the affected system by running the following command:

sapcontrol -nr <NR> -function RestartService

<NR> is the Instance Number of the affected system/instance: example 0

  • No labels