Technical Operations
Page tree
Skip to end of metadata
Go to start of metadata

 

 

This page is part of the Application Operations Wiki. Notice that Application Operations itself is a use-case of SAP Solution Manager

Welcome to the Documentation and Help Area of Rapid Content Delivery

Starting SAP Solution Manager 7.1 SP12, a new infrastructure has been introduced to deliver new contents for Solution Manager applications. This is called Rapid content delivery (also known as  RCD). We continue to use this infrastructure in SOlution Manager 7.2.

This infrastructure downloads the content (Support Packages of software component ST-CONT) from Service Market Place and then allows the customer to import/ apply the necessary content within the individual Solution Manager applications.

Content list:

The updated content from the below application will be available for download via RCD. Customers are requested to check the latest content available for the release and the corresponding SP. The latest content details available at : Details on Solution Manager's Content Delivered (Software Component: ST-CONT)

Solution Manager 7.1: 

          1. Monitoring and Alerting Infrastructure

          2. Guided Procedure

          3. Customer Usage Provisioning

Solution Manager 7.2:

  1. Monitoring and Alerting Infrastructure

  2. Guided Procedure

  3. Customer Usage Provisioning

 

 

Navigation

SAP Solution Manager 7.1

SAP Solution Manager 7.2

 

 

Technical Support

You can raise an incident in this component (SV-SMG-RCD) if you face any issues with this infrastructure.

Customers are requested to provide the below details while creating the incidents.

  1. The current Release and SP level
  2. The content file name which you are trying to upload
  3. Please provide the ICM logs under the transaction : SMICM
  4. You can also use the logs section in Rapid Content Delivery application to share more information on the issues.

 



14 Comments

  1. Former Member

    Hello  Venkatesh R & Ambika Ragini R,

     

    followed your instructions here, works fine!

    Customers following this guide, please don't forget to maintain your <full qualified solution manager hostname> as entry within:
    'No Proxy for the Following Addresses'

    otherwise no other webservice communication will work, as soon as you switch on proxy communication.

     

    BR,
    Mat 

  2. Michael Schmidt

    Hello,

    the VeriSign Class 3 Public Primary Certification Authority can also be downloaded from  https://www.globaltrustpoint.com/trustcenter-list.jsp is not valid after 19.01.2015 (this is in few days). Do someone know, where a new certificate can be downloaded?

    Thanks!

    Kind regards

    Michael

    1. Venkatesh R

      Hi Michael,

      The certificate list is updated in the above WIKI. Hope this helps.

      Regards,

      Venkatesh 

  3. Sharib Tasneem

    Hi Team,

    While importing certificate, it is asking password.

    Any clue on the password.

    Thanks,

    Sharib Tasneem

  4. Former Member

    [Thr 2828] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
    [Thr 2828] session uses PSE file "/usr/sap/SSM/DVEBMGS01/sec/SAPSSLC.pse"
    [Thr 2828] SecudeSSL_SessionStart: SSL_connect() failed --
    [Thr 2828] secude_error 536872221 (0x2000051d) = "SSL API error"
    [Thr 2828] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
    [Thr 2828] 0x2000051d | SAPCRYPTOLIB | SSL_connect
    [Thr 2828] SSL API error
    [Thr 2828] Failed to verify peer certificate. Peer not trusted.
    [Thr 2828] 0xa0600203 | SSL | ssl_verify_peer_certificates
    [Thr 2828] Peer not trusted
    [Thr 2828] 0xa0600297 | SSL | ssl_cert_checker_verify_certificates
    [Thr 2828] peer certificate (chain) is not trusted
    [Thr 2828] PropertyBlock:
    [Thr 2828] Status :Not successful
    [Thr 2828] Profile :1.3.6.1.4.1.694.2.2.2.2
    [Thr 2828] SignerStatus:Not successful
    [Thr 2828] SignerVerificationResult:
    [Thr 2828] element#no="1":
    [Thr 2828] Status :Not successful
    [Thr 2828] Validity :Successful
    [Thr 2828] BasicConstraints:Successful
    [Thr 2828] KeyUsage :Successful
    [Thr 2828] ObjectStatus:Not successful
    [Thr 2828] SignerCert:
    [Thr 2828] Certificate:
    [Thr 2828] Subject :CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US
    [Thr 2828] Verification result:
    [Thr 2828] Status :Not successful
    [Thr 2828] Profile :1.3.6.1.4.1.694.2.2.2.2
    [Thr 2828] SignerStatus:Not successful
    [Thr 2828] BasicConstraintsPathLen:1
    [Thr 2828] SignerVerificationResult:
    [Thr 2828] element#no="1":
    [Thr 2828] Status :Not successful
    [Thr 2828] Validity :Successful
    [Thr 2828] BasicConstraints:Successful
    [Thr 2828] KeyUsage :Successful
    [Thr 2828] ObjectStatus:Not successful
    [Thr 2828] SignerCert:
    [Thr 2828] Certificate:
    [Thr 2828] Subject :CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    [Thr 2828] Verification result:
    [Thr 2828] Status :Not successful
    [Thr 2828] Profile :1.3.6.1.4.1.694.2.2.2.2
    [Thr 2828] SignerStatus:Not successful
    [Thr 2828] SignerVerificationResult: None
    [Thr 2828]
    [Thr 2828] << ---------- End of Secude-SSL Errorstack ----------
    [Thr 2828] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
    [Thr 2828] SSL NI-sock: local=172.16.130.221:52457 peer=172.16.143.101:80
    [Thr 2828] <<- ERROR: SapSSLSessionStart(sssl_hdl=116f6f4d0)==SSSLERR_PEER_CERT_UNTRUSTED
    [Thr 2828] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-102): SSSLERR_PEER_CERT_UNTRUSTED {000ef4ed} [icxxconn_mt.c 1957]

  5. Former Member

    The trace above has error related to SSSLERR_PEER_CERT_UNTRUSTED .

    After importing the certificates in STRUST, make sure that SSL configuration on the system is complete. Refer to note: 510007 for details on this.

    Also, check if HTTPS is active . Restart ICM if required.

    This should resolve the issue.


     

  6. Former Member

    http://scn.sap.com/thread/3681968

  7. Former Member

    Hello,

    is it really neccessary that we use a direct http connection to SAP or is it possible to use a Saprouter like in TA OSS1? 

    Thanks and regards

    Marco

    1. Venkatesh R

      Hi Marco,

      It is also possible to manually update the content in Solution Manager. Kindly have a look into the WIKI page below.

      How to support customers who don't have OSS and Service Market Place connections from Solution Manager

      Regards,

      Venkatesh

  8. Vamsi Krishna Srikanti

    Hi, I'm in process if setting up Automatic download, but stuck with certificate related errors..

    As advised here, imported all the three certificates into "System PSE", but when I tried to test the SMPAUDWNLD RFC, got ICM_HTTP_SSL_ERROR.

    Here is the ICM log for referece...

    ----------------------------------------------------

    [Thr 5436] Tue Jun 23 04:29:30 2015
    [Thr 5436] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
    [Thr 5436] session uses PSE file "F:\usr\sap\<SID>\DVEBMGS00\sec\SAPSSLC.pse"
    [Thr 5436] SecudeSSL_SessionStart: SSL_connect() failed
    [Thr 5436] secude_error 536872221 (0x2000051d) = "SSL API error"
    [Thr 5436] >> Begin of Secude-SSL Errorstack >>
    [Thr 5436] 0x2000051d SAPCRYPTOLIB SSL_connect
    [Thr 5436] SSL API error
    [Thr 5436] Failed to verify peer certificate. Peer not trusted.
    [Thr 5436] 0xa0600203 SSL ssl_verify_peer_certificates
    [Thr 5436] Peer not trusted
    [Thr 5436] 0xa0600297 SSL ssl_cert_checker_verify_certificates
    [Thr 5436] peer certificate (chain) is not trusted
    [Thr 5436] Certificate:
    [Thr 5436] Certificate:
    [Thr 5436] Subject :CN=smpdl.sap-ag.de, OU=SAP Managed Services, O=SAP SE, L=Walldorf, SP=Baden-Wuerttemberg, C=DE
    [Thr 5436] Issuer :CN=Verizon Akamai SureServer CA G14-SHA1, OU=Cybertrust, O=Verizon Enterprise Solutions, L=Amsterdam,
    [Thr 5436] Serial number:0x40b3354cc6333e44a57172879e435d86d76ec12e
    [Thr 5436] Validity:
    [Thr 5436] Not before :Fri Oct 17 12:12:00 2014
    [Thr 5436] Not after :Sat Oct 17 12:11:58 2015
    [Thr 5436] Key:
    [Thr 5436] Key type :rsaEncryption (1.2.840.113549.1.1.1)
    [Thr 5436] Key size :2048
    [Thr 5436] PK_Fingerprint_MD5:9C1E AFAC 0CBB 85F1 879B 5D9A E074 0BC2
    [Thr 5436] extensions:
    [Thr 5436] AuthorityKeyId:
    [Thr 5436] Significance:Non critical
    [Thr 5436] Value:
    [Thr 5436] Key identifier (size="20" ):DD6C807CBAB53217A5844140F0D20466132FA990
    [Thr 5436] SubjectKeyIdentifier:
    [Thr 5436] Significance:Non critical
    [Thr 5436] Value (size="20" ):B1C1E1DE48AE03875B9DF9FD0222D14FA70AE6B4
    [Thr 5436] Key usage:
    [Thr 5436] Significance:Critical
    [Thr 5436] Value:
    [Thr 5436] digitalSignature
    [Thr 5436] keyEncipherment
    [Thr 5436] Extended key usage:
    [Thr 5436] Significance:Non critical
    [Thr 5436] Value:
    [Thr 5436] element#no="1":ServerAuthentication (1.3.6.1.5.5.7.3.1)
    [Thr 5436] element#no="2":ClientAuthentication (1.3.6.1.5.5.7.3.2)
    [Thr 5436] Certificate policies:
    [Thr 5436] Significance:Non critical
    [Thr 5436] Value:
    [Thr 5436] element#no="1":
    [Thr 5436] policyIdentifier:Unknown (1.3.6.1.4.1.6334.1.50)
    [Thr 5436] policyQualifiers: None
    [Thr 5436] pkix_cps :https://secure.omniroot.com/repository
    [Thr 5436] pkix_unotice: None
    [Thr 5436] Alternative names:
    [Thr 5436] Significance:Non critical
    [Thr 5436] Value:
    [Thr 5436] element#no="1":
    [Thr 5436] GN-dNSName :smpdl.sap-ag.de
    [Thr 5436] Basic constraints:
    [Thr 5436] Significance:Critical
    [Thr 5436] Value:
    [Thr 5436] Allowed as cA:False
    [Thr 5436] CRL distribution points:
    [Thr 5436] Significance:Non critical
    [Thr 5436] Value:
    [Thr 5436] element#no="1":
    [Thr 5436] distribution point:
    [Thr 5436] full name:
    [Thr 5436] element#no="1":
    [Thr 5436] GN-uRI :http://vassg141.crl.omniroot.com/vassg141.crl
    [Thr 5436] Authority info access:
    [Thr 5436] Significance:Non critical
    [Thr 5436] Value:
    [Thr 5436] element#no="1":
    [Thr 5436] accessMethod:ocsp (1.3.6.1.5.5.7.48.1)
    [Thr 5436] accessLocation:
    [Thr 5436] GN-uRI :http://vassg141.ocsp.omniroot.com
    [Thr 5436] element#no="2":
    [Thr 5436] accessMethod:caIssuers (1.3.6.1.5.5.7.48.2)
    [Thr 5436] accessLocation:
    [Thr 5436] GN-uRI :https://cacert.a.omniroot.com/vassg141.crt
    [Thr 5436] element#no="3":
    [Thr 5436] accessMethod:caIssuers (1.3.6.1.5.5.7.48.2)
    [Thr 5436] accessLocation:
    [Thr 5436] GN-uRI :https://cacert.a.omniroot.com/vassg141.der
    [Thr 5436] Signature algorithm:sha1WithRsaEncryption (1.2.840.113549.1.1.5)
    [Thr 5436] Fingerprint_MD5:6D:65:B9:BD:E4:27:FD:BC:82:3F:3B:DB:BA:C5:93:32
    [Thr 5436] Fingerprint_SHA1:49AB 5B6F D564 5C58 FC64 DE98 97FA 7979 139A 3B45
    [Thr 5436] Verification result:
    [Thr 5436] Status :Not successful
    [Thr 5436] Profile :1.3.6.1.4.1.694.2.2.2.2
    [Thr 5436] SignerStatus:Not successful
    [Thr 5436] SignerVerificationResult:
    [Thr 5436] element#no="1":
    [Thr 5436] Status :Not successful
    [Thr 5436] Validity :Successful
    [Thr 5436] BasicConstraints:Successful
    [Thr 5436] KeyUsage :Successful
    [Thr 5436] ObjectStatus:Not successful
    [Thr 5436] SignerCert:
    [Thr 5436] Certificate:
    [Thr 5436] Subject :CN=Verizon Akamai SureServer CA G14-SHA1, OU=Cybertrust, O=Verizon Enterprise Solutions, L=Ams
    [Thr 5436] Issuer :CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
    [Thr 5436] Serial number:0x0727a46a
    [Thr 5436] Validity:
    [Thr 5436] Not before :Wed Apr 2 09:32:45 2014
    [Thr 5436] Not after :Fri Apr 2 09:31:39 2021
    [Thr 5436] Key:
    [Thr 5436] Key type :rsaEncryption (1.2.840.113549.1[Thr 5436] << End of Secude-SSL Errorstack
    [Thr 5436] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
    [Thr 5436] SSL NI-sock: local=147.185.19.146:63833 peer=147.185.252.68:80
    [Thr 5436] <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000001D9EDE0)==SSSLERR_PEER_CERT_UNTRUSTED
    [Thr 5436] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-102): SSSLERR_PEER_CERT_UNTRUSTED {00045223} [icxxconn.c 1

    ----------------------------------------------------

    Did I miss anything else here?

     

    Thanks... / Vamsi

     

  9. Former Member

    I have found a bug with Solman 7.1 SP13.. the background job to download/unpack the SAR file runs with switch -xVvf  which fails as below (debuged)

    F:\patch>D:\usr\sap\SOL\DVEBMGS21\exe\SAPCAR -R f:\patch\ -xVvf
    CPRXRPM500_702.SAR
    SAPCAR: processing archive CPRXRPM500_702.SAR (version 2.01)
    x EPS/in/CSN0120061532_0078955.PAT
    SAPCAR: Error category >LOGGABLE_WARNING<
    SAPCAR: Validation reason >CRL missing. Download and use CRL from
    https://tcs.mysap.com/crl/crlbag
    SAPCAR: Signature Subject >CN=CodeSigner004, OU=Code Signing, O=SAP
    Trust
    Community II, C=DE<
    SAPCAR: Signature Issuer >CN=SAP Code Signing CA, O=SAP Trust
    Community
    II, C=DE<
    SAPCAR: Signature Type >SAP software<
    SAPCAR: 1 file(s) extracted

     

    With the switch -xvf it works as below

    F:\patch>D:\usr\sap\SOL\DVEBMGS21\exe\SAPCAR -R f:\patch\ -xvf
    CPRXRPM500_702.SAR
    SAPCAR: processing archive CPRXRPM500_702.SAR (version 2.01)
    x EPS/in/CSN0120061532_0078955.PAT
    SAPCAR: 1 file(s) extracted

    I have a raised call with SAP and have been waiting nearly 2 months for a fix.

    Regards,

       Ryan

  10. Former Member

    Well looks like SAP released a note after I raised the call without informing me. ... note for the fix is 2253312 - RCD manual upload or download fails, SAPCAR error

    1. Venkatesh R

      Hello Ryan,

      Sorry for the situation. Can you write to me (venkatesh.r@sap.com) on the incident?

      Thanks for your cooperation.

      Regards,

      Venkatesh

      1. Former Member

        Hi Venkatesh,

                      I have sent you the incident number which is still open.

        Regards,

                Ryan