RFC Connectivity With New SAP Support Backbone - Support Portal And Note Download

Starting from Jan 1 2020, SAP has implemented the new Support Backbone infrastructure and hence, your ABAP systems must be prepared to get connected with the new SAP support backbone.

This is required for at least downloading the digitally signed SAP notes in the ABAP systems and maintaining the connectivity related to Early Watch reports of your SAP systems.


Pre-requisites and Preparation


1. Prepare ABAP systems SNOTE for Digitally Signed SAP Notes


Below is the step-by-step guide for enabling SNOTE for digitally signed SAP notes. It is recommended to go through the below blog before proceeding with the next steps.


Enabling SNOTE For Digitally Signed Notes and TCI - Step by Step Guide


2. Required Plug-in version of your SAP systems


a) If your SAP system doesn't directly connect to SAP Support Backbone

This will be your case mostly as almost every SAP system is generally connected to SAP Support backbone through SAP Solution manager to generate the Early Watch Alert reports. You can check in SDCCN of your ABAP system if there is a master BACK RFC pointing to any solution manager. Go to Settings->Task Specific->RFC destination


In this case, you don't have to worry about the ST-PI and ST-A/PI versions of your ABAP systems, however it is generally recommended to update them at the latest level. So I would suggest you to include the update of ST-PI and ST-A/PI in your plan if possible.


b) If your SAP system connects directly to SAP Support Backbone


If ST-PI 2008_1_7xx : At least SP20

If ST-PI 740: At least SP10


ST-A/PI : At least 01T* SP01


3. Technical Communication SUSER


You have already requested a technical communication SUSER to be maintained in the new RFCs. Check the Step 1 of this blog for requesting it.



Read Also: SAP extends Mainstream maintenance of Business Suite 7 (ERP,SCM,SRM,CRM) till 2027


Creating RFC Connections for New Support Backbone


1. For system with SAP_BASIS < 740


You just need to replace the users in the SAP OSS related RFCs with the technical communication SUSER requested in the pre-requisite steps. The RFCs in the systems could be SAPOSS, SAPNET_RFC, SAPNET_RTCC and SDCC_OSS.


Example:


2. For Systems with SAP_BASIS >= 740


If your system has SAP_BASIS release 740 Patch Level (SP00 to SP07) < SP08, follow the manual steps in the document attached to SAP Note 2827658.


Else if your system has SAP_BASIS release 7.40 >=SP08 // 7.50, 7.51, 752, 7.53 >=SP00 ,implement the TCI note 2827658 following the below steps to get the automated task list for RFC related steps.


You might need to plan for the system restart for completing some of the steps in the task list e.g change of parameter ssl/client_ciphersuites.

1. Check SPAM version:

It should be at least on patch level 71 for implementing the TCI note 2827658. I would recommend updating SPAM to the latest patch level available on SAP support portal.


2. Implement SAP TCI Note 2827658

a) Download the correction instructions of this note from SAP support portal





b) Upload the downloaded TCI correction through SNOTE





c) Download SAP Note 2827658 in SNOTE


d) Implement TCI Note 2827658 through SNOTE






Create a new transport request and lock this TCI note 2827658 in the transport request in your development system, which can then be transported to the QA and Prod systems.



You may get the system dump LOAD_PROGRAM_TABLE_MISMATCH while implementing this SAP note.


Resolution: Go to SE11 and check the database object and runtime object of the table mentioned in the above system dump in section Error Analysis. For example, in our case it was database table "PAT05"

If the database and runtime objects are found to be consistent, then re-implement the TCI note 2827658 through SNOTE, else follow SAP note 2559989 to resolve the inconsistency issues.



Release the transport request once the note is implemented.


3. Execute the automated Task List SAP_BASIS_CONFIG_OSS_COMM


Once the SAP note is implemented, you will get the task list SAP_BASIS_CONFIG_OSS_COMM in your SAP system to perform the automated tasks for setting up the new HTTP RFC connections for the new SAP support backbone.


Go to T-code STC01 , enter task list name and press the highlighted button to generate the task list.



Enter the parameters for HTTPS connection for new Support Backbone by clicking on below icon.

Enter the technical communication Suser and password as requested in pre-requisites

You can enter the Router string similar to the one mentioned in the old SAPOSS connection.



Click on Save and go back to task list.


Execute the task list.


The task list will be executed until one of the step fails. You can check the document against each step for details or can check the document attached to SAP Note 2827658 for each step details.

In the first step, it will check the SAPCRYPTOLIB version. If it is < 8.4.48, follow the steps mentioned in the document against this step.


It will then check the TLS version related profile parameters and will stop if it fails on this step.



The default value of the parameter ssl/client_ciphersuites is below. You can check it in RZ11 of your system.

Change it to the recommended value 150:PFS:HIGH::EC_P256:EC:HIGH in the default profile of the system.


Restart the SAP system.


Re-execute the task list using t-code STC02



Execute the task list, it will then stop at Check certificates for SSL client (STRUST).


If you check the documentation, you will need to download the below 4 certificates and install them in the SSL Client SSL Client (Standard) in STRUST of the system.


https://www.digicert.com/digicert-root-certificates.htm


DigiCert Global Root CA

DigiCert Global Root G2

DigiCert High Assurance EV Root CA


https://www.websecurity.symantec.com/theme/roots


VeriSign Class 3 Public Primary Certification Authority - G5


Open Strust and upload these certificates as below






Re-execute the task list

Once the task list is completed, the below HTTP RFC destinations are generated in your SAP system and tested as well.


  • SAP Support Portal (SAP-SUPPORT_PORTAL - Type H)

  • SAP Parcel Download (SAP-SUPPORT_PARCELBOX - Type G)

  • SAP Note Download (SAP-SUPPORT_NOTE_DOWNLOAD - Type G)

If the task list fails for your system on step test HTTPS connection, this could be due to the incorrect router string passed to RFC destinations by the task list due to the below restriction


For releases < 7.40 SP16 / < 7.50 SP6 the router string length is limited to 45 digits (i.e. when you enter in the UI of the task a router string longer than 45 digits, it is not completely passed to the destination). In this case either correct the router string in RFC destinations (sm59) manually (router string + host)


4. Save HTTP destinations for Note download procedure


Execute report RCWB_SNOTE_DWNLD_PROC_CONFIG from SE38/SA38 in your system as mentioned in SAP Note 2836996.



Select HTTP Protocol and RFC SAP-SUPPORT_PORTAL and SAP-SUPPORT_NOTE_DOWNLOAD as shown above and save it.


How to test Digitally Signed Notes download


Download test SAP Note 2755640 through SNOTE.


Check the logs of SAP note.

You should see the log as "Digitally signed SAP Note downloaded in version using HTTPS"


This will complete the steps required to enable the digitally signed SAP notes in your SAP ABAP systems.



Solution Manager Related Steps For SAP Support Backbone


Don't forget to complete the steps in your SAP Solution manager for the new support backbone as your SAP systems are mostly connected to Support backbone through SAP Solution manager. Follow the SAP Support Backbone Checklists for Solution manager to complete the connectivity for Solution manager related tasks including the service content updates, Early Watch Alert content, landscape synchronisation with SAP etc.



981 views

Trending Posts

SIGN UP AND STAY UPDATED!
  • Facebook
  • YouTube

©2019 by BlogApt