‘sapstartsrv’ service not started

‘sapstartsrv’ service not started error after SAP HANA installation:

sapstartsrv1

Check if the service is started on the server:

sapstartsrv2

With netstat you know which port the process is using:

Try to telnet to the port (50213 in this case) from outside of server. If you are able to reach you will have to reach out to your Infrastructure team to get the port open on firewall.

Or if you you are on cloud, you need to add this to the inbound rule of your secuirty group.

sapstartsrv3

 

AWS Certified Solution Architect – Points to remember (EC2)

  1. Uptime SLA for EC2 and EBS within a region is 99.99%
  2. Default cooling period of a Autoscaling group is 5 mins.
  3. Cooling period can be adjusted based on requirement.
  4. AWS lambda scales automatically. No end-user actions required.
  5. User Lambda Environment variables to pass parameters to function. For sensitive information you can use encrypted environment variables.
  6. Remember that both EBS and EFS does not scale automatically.
  7. EFS to expensive compared to EBS. So EBS is cost effective compared to EFS.
  8. EBS volumes cannot be shared between different instances.
  9. Since EFS is network file system, a latency is expected.
  10. Use Lambda instead of EC2 where ever possible. Example there are simple computations to be done which does not need a big EC2 instance or a scenario where your computations should scale to millions of requests automatically.
  11. Regional Reserved Instances do not provide a capacity reservation.
  12. Standard and Convertible Reserved Instances provide a capacity reservation in a specific availability zone.
  13. Application Load Balancer is the most comprehensive ELB available and most cost effective.

Install SSL certificates – STRUSTSSO2

Problem:

You are receiving following error while applying SSL certificate to you SAP Web application server:

CA certificate missing in database (or is not unique) Message no. TRUST057.

Cannot import certificate response.

Steps to Troubleshoot:

  • Verify your certificate request.

You can do this by using any of the CA’s websites. For example Symantec below:

https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp

Generate Request from SAP (STRUSTSSO2):

Generate CSR

Paste the CSR into the checker:

CSR check

Main thing to check here is the Common Name. This should exactly correspond to the portal url being used by the end users.

In this example certificate will only work if used with portal example.com. It will not work if it is http://www.example.com or media.example.com.

If you are getting any other Common Name then the required one, delete the Server PSE and create new one with correct CN.

Make sure that SSL Server’s own certificate contains CN as the portal name you connect to and the hostname (Unless both are same).

User following guidelines:

  • Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
  • State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California
  • Locality or City (L): The Locality field is the city or town name
  • Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.
  • Organizational Unit (OU): This field is the name of the department or organization unit making the request.
  • Common Name (CN): The Common Name is the Host + Domain Name. It looks like “www.example.com” or “example.com”
  • Get the right certificate chain

Most of the times, Signed certificates sent by CA will not include the complete chain, i.e. root and intermediate certificates.

These are generic certificates and are not specific to your application.

You can check this by opening the certificate using a notepad.

If you dont have the root and intermediate certificate, you can directly download these from CA’s website.

For example, Symantec certificates can be downloaded with below url:

https://knowledge.digicert.com/generalinformation/INFO4033.html#links

  • Import the certificate into SAP

Now combine all three certificates into one file in any order and save it as a .CER file.

combined cert

Import certificate into SAP. You can either use the file created or just copy paste into the window.

import cert

  • Restart ICM

For these changes to take effect, you must restart your ICM.

restart ICM

  • verify the certificate:

The HTTPS connection can now be verified by using vendor portal or third-party checkers. Symantec is used below:

https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp

verify cert