The COMMONCRYPTOLIB and OPENSSL (If you are using self signed certificate) are required on the HANA server. This is normally already installed along with your HANA installation.
CommonCryptoLib (libsapcrypto.so) is installed by default as part of SAP HANA server installation at $DIR_EXECUTABLE.
Certificates stored in the file system are contained in database-specific personal security environments or PSEs (default $SECUDIR/sapsrv.pse).
Navigate to $SECUDIR
This ensures all the prerequisites are met and all environment variables are properly set.
- Create the PSE and Server Certificate Requests Using SAPGENPSEImportant Note:
- Do not enter password when requested for PSE PIN/paraphrase as it is not supported!
- Also, to secure internal communication, canonical name should be host specific, eg CN=”<hostname_with_domain>”. So when creating private CA on each host, parameter CN will be unique.
This creates two files:
- Create root the certificate for this hostHere you can use the pass phrase that you want.
You now have two more files in the directory:
- Sign the certificate request.You can get the certificate signed by CA. But since this is just for demo, we will sign the certificate using openssl.
A new file with name sapsrv.pem will be created in the same directory, $SECURDIR
With this step you have the certificate ready that can be used on Client machines.
In the next blog we will see how to use this certificate to login to HANA Database via HANA Studio using SSL.
- Import the server certificate into pse.Note that the pse file has a new timestamp with certificate added.
Import SAP Notes:
In continuation to my previous blog cannot load tile – SAP Fiori, I continue discussion the other error we faced after the upgrade of S/4HANA system from 1511 to 1610.
“Could not open app. Please try again later”.
Ensure that the following steps are taken care off after the upgrade:
- Review OSS note 2346431 – SAP S/4HANA 1610: Release Information Note (https://launchpad.support.sap.com/#/notes/0002346431) and apply all the recommended notes mentioned for the target FPS/SPS level you just upgraded to. As a suggestion, apply all SAP_ABA, SAP_BW, and SAP_BASIS to both Frontend and Backend. While S4Core are only for backend.
- Ensure the scheduling of report /UI5/APP_INDEX_CALCULATE is running and if not, please schedule and run the job.
- Ensure the scheduling of report /UI2/GET_APP_DESCR_REMOTE is running and if not, please schedule and run the job.
- Ensure the following reports are also run in the Frontend Server:
If this does not solve your issue, jump to next steps:
Create RFC destinations as per SAP note SAP Note 2269272 and Replicate App Descriptors from Back-End System.
Check again if your app works. If not continue with next steps:
Compare the App details from the app launcher with the details on the SAP Fiori App Reference Library.
App launcher url looks like:
On app launcher, you should find the Odata (/n/iwfnd/maint_service) and ICF service (SICF) details for the app that should be active on the front end server:
Ensure that the SICF services are active and you are able to test it successfully and also the odata service is active and mapped to right System Alias.
Note: Service here points to local system alias as I have my front end and back end configured on the same application. Please check correctness of your alias to be used.
If you are not able to find the services for the app, its time for an incident towards SAP.
Please let me know if this solves your issues or if you have any questions in the comments below.
After upgrade of S/4HANA application from 1511 to 1610, we had few of our SAP standard Fiori apps choking.
Errors were different. Below are the steps we followed to fix “Cannot load tile”.
Edit home page:
Delete the tile:
Open app finder from the same screen:
Now you jump to the screen from where you can add the tiles you need.
Pin the tiles which you need.
Now go back to the home screen and see if you have the apps you need back on the screen.
2425949 – Analytical apps cannot be loaded.
2485294 – Cannot load tile after transporting from client to a client on the same system
2503862 – Cannot load tile Schedule Billing Apps
2471599 – Cannot load Fiori Analytical Applications
2594655 – Fiori Launchpad – Cannot Load Tile error on some tiles
In this blog i will try to note some issues I faced during configuration of Business Process Operations. Issues are peculiar and might not be relevant for everyone.
A. Issue with Solman_setup -> Basic Configuration -> Activation of BW content (For UPL, RCA…)
During this i faced issue activating BW content. Error is as below. No other logs in SLG1 or ST22 in the system.
Solution: I had to restore the logical BW system from RSA1 to fix the issue.
RSA1 -> Modeling -> Source System -> BW -> Logical System
Ran activation again from Solman_Setup and everything went fine.
Probable Cause: We did a client copy to create a new client and something went wrong while running BDLS.
B. Issue with Solman_Setup -> Basic BPO Configuration -> Configure Solution Manager -> Configure Automatically
Activity “Activate BW Cubes” runs into error “BW content not activated”
Solution: Activated the related cubes ( 0SM_BPM, 0SM_BPMRH, OSM_BPMRD) manually from RSA1 as suggested by SAP Note 2434326.
C. Business process monitoring tile is not visible in Solman_workcenter.
Follow the below SAP Note:
2338589 – Troubleshooting for Blank Business Process Monitoring workcenter applications in SAP Solution Manager 7.2
- Check and ensure that the user profile used has the following roles applied:
i. Run transaction SU01 and display the user profile.
ii. Navigate to the Roles tab and confirm that the following roles have been applied:
- Check and confirm that the necessary UI5 services are active:
i. Run transaction SICF.
ii. Enter /sap/bc/ui5_ui5 within the service path field and select Execute.
iii. Confirm that the following services are active:
- Clear the system cache and internet browser cache:
i. Complete all steps contained in the following SAP KBA:
2319491 – How to clean up the cache after applying changes that affect SAP Fiori apps.
ii. Delete the browsing history of the workstation’s internet browser.
2320230 – How to Confirm “Activate BPMon Services” in Solution Manager 7.2’s BPO Configuration
2491759 – Migration for Business Process Monitoring from Solution Manager 7.1 to 7.2
Everyone keeping track of GDPR Clock should be already gearing up for compliance. Because the consequences of non-compliance could be damaging.
Under the new law, Personal data of your customers can only be gathered legally under strict conditions. Processing/handling/archiving/deleting this data should also be handled under strict rules.
We are part of Brexit! We do not have offices in EU countries! I do not know if this applies to us! By when should we be compliant!
You can find the answers to these questions at FAQ’s and Timelines.
It applies to everyone who is processing/using any data for customers from EU.
So even if you do not have a office in EU but do business with EU customers, you are in purview of GDPR.
When it comes to SAP, you should be thinking of but not limited to following aspects of Data.
- Any personal data of your customers should be secured. This includes from their official title (CEO/CFO/Director etc..) to their postal code. Make informed decisions.
- Be prepared to secure the data in you system already. Prevent unauthorized access to this information. Many might think this only applies to production systems, which is incorrect. Personal data in your Pre-Prod, Test, Development etc.. all are considered sensitive.
- Data should be archived/deleted unless it is absolutely required. Archived data should be safeguarded from unauthorized access.
This of course is a complicated and time taking process. But the great thing is there are already multiple tools readily available in the market which can completely automate this process.
Since we are talking about SAP, I would like to bring some of these tools to your notice which can help you make your SAP systems compliant.
- Lets start with Basics and the most crucial aspect. Check your authorization matrix. Ensure that only people who need access to personal data has access. Use tools like SAP GRC to control authorizations, manage/mitigate/document risks.
- Protect the data in your non-production systems. Strict authorization controls on your non-production SAP system. Use tools that scramble test data in non-production systems. Some examples include, SAP TDMS and DATA Secure by EPI-USE. Another interesting tool could be SAP Field Masking Solution.
- Handle the data in your production system wisely. Archive or delete your data that is not necessary. Use tools like SAP ILM to manage the life cycle of your data.
Above are just some actions for compliance. There is much more to this than just using the tools like, appointing a Data Protection Officer (DPO), Legal advise etc..
Please share your experience regarding GDPR under comments.
Important SAP Notes:
2616471 – Data Protection and Privacy Features for SuccessFactors Reporting & Analytics
2649596 – GDPR Technical Basic Check
2579631 – GDPR (General Data Protection Regulation) in HCM