Restart the system after adding/changing parameter.
X2 = IP address of sapservX
As you are already aware by now, SAP has updated the support backbone infrastructure, to ensure that its critical infrastructure is up to date and secure, and will switch off the legacy infrastructure on January 1st, 2020.
Create 3rd TR for implementing digitally signed note TCI (*which will be explained in next section below) and finally release the 3rd TR. Notes are downloaded automatically, For example, assume you have an SAP Note and that SAP Note has around 20 prerequisite SAP Notes. Now I am SHOCKED to determine, that there are about 12 (!!!!!!!!!!!) 2.1 Update to Support Package Manager (SPAM) version 70 or higher. The following information describes how to configure the SAP NetWeaver download service to your needs.
Note: Warnings about objects without directory entry can be ignored, since TCIs can contain deletions. If you are on the SPS level where the feature is delivered or implemented the TCI 2576306, this activity can be performed through IMG customization (IMG > SAP NetWeaver Implementation Guide > Application server > Basis Services > SNOTE ). that !!!!!!!!! Task 2: We need to set parameter ssl/client_ciphersuites and parameter value for enabling highest TLS protocol version with BEST-OPTION. If you choose below option, the system uses the HTTPS protocol to download the digitally signed SAP Note.
For manual step follow Digital Signature.pdf attached to SAP Note 2576306, In our scenario we will see automatic setup.SNOTE 2738426 for Automated Configuration of new Support Backbone CommunicationHTTPS prerequisites can be configured in ABAP Task Manager (STC01) by executing automated Task List SAP_BASIS_CONFIG_OSS_COMM.This task list contains common configuration steps for the ABAP task manager, and automatically creates the required connections to the support backbone.Technical Communication User and SAP Router string needs to be prepared before execution. > This procedure will be the default option for SAP_BASIS releases 700 to 731 only. Defining File Type for Downloading SAP Note (RCWB_UNSIGNED_NOTE _CONFIG) Note. If the verification of digital signature for an SAP Note fails, theNote Assistanttool logs the security event in theapplication server using log object (CWBDS). When you try to download the SAP Note, the 20 prerequisite SAP Notes also get downloaded automatically. For more information on relevant bootstrap SAP Notes, refer to the above TCI notes table.
In this case, you first download the SAP Note from the SAP Support Portal and upload SAP Note xxxxxxx (for example, SAP Note 2446868 for 700 release) using the Note Assistant tool and then confirm the queue. All Focused Run customers need to. I resolved my issue but just requesting a different technical user. Enter here the respective values for your configuration. Adapting settings for a local proxy server. > There is no change in logon group, you can use 1_PUBLIC, 2_JAPANESE, EWA. Technical communication users can be requested viathis app. 1.Call transaction FILE and select the DOWNLOAD_SERVICE_PATH entry in the Create a logical file path table. If a system is in any of the following SPs or above SPs, then, implementing the bootstrap is not needed: In our scenario below we are in Basis level 740. a) Search and open the relevant bootstrap SAP Note xxxxxxx from SAP One Support Launchpad. are getting connected ok, but get an error "SAP service point ping error Note: Import client certificate in SSL Client (Standard) or SSL Client (Anonymous), but relative option needs to selected while running task list otherwise you will get error while running task list. I found some solutions, including implementing note
Once the prerequisite step of implementing 2576306 Transport-Based Correction Instruction (TCI) for Download of Digitally Signed SAP Notes is completed, follow below connection setup based on your system version. Tried to download one SNOTE and check the logs. > As system kernel version is below 742, we can use SAPOSS connection but we need to make below changes.
Logs will now contain Digitally Signed SAP note is downloaded using HTTPS as below. This is a one time set up. SAP_SUPPORT_HUB_CONFIG - step 7 "Check connectivity and credentials to SAP Support Portal". b) Choose Correction Instructions and select the relevant software component. 1. Before Configuration of parameter: value of ssl/client_ciphersuites parameter is not set. The SAP Note can get modified maliciously and the customer can upload unknowingly the maliciously modified SAP Note into their landscape. This restarts ICM services and reloads all certificates in your system. Note 2576306 has 8 (!!!!!!) After applying all the prerequisite SAP notes as per your system release apply the bootstrap SAP note to enable TCI in your system. Wondering how is that even possible Do you know if the report RCWB_TCI_DIGITSIGN_AUTOMATION is doing most of the manual actions automatically ? 1. I have a question here, if i am running SAP_BASIS 740 SP19, i know that i need to implement notes 2536585, 2606986, 2615270 & 2569813 (if valid) do i need to implement also the bootstrap for note 1995550? The TCI enablement in SNOTE are available in the following Support Packages of their respective SAP_BASIS releases. Step 2: You set up the download directory.
If the SAP NetWeaver download service fails during the download from these locations, see SAP Note2456654.
Information on upgrading Focused Run can be found in theFocused Run Expert Portal. Set the Hirarchy Type to SERVICE and choose Execute. You can also adjust the directory to which the logical path DOWNLOAD_SERVICE_PATHis pointing to your target directory, or you can create your own logical file paths, assignments of physical paths to logical paths and logical file names.
It is advisable to go through the whole blog before starting the implementation and open the SAP notes and guides referred in this blog as SAP updates the notes on regular basis. On the Execution Parameters tab page, choose Create Entry. If errors occur, restart the ICM Monitor using transactionSMICM. Expand the nodes under default_host and navigate to the following service trees: SL protocol:
A technical communication user handles the data transfer instead of generic users. To carry out the following configuration tasks and to use the SAP NetWeaver download service, you require specific authorizations and roles. PKG 400. Enabling Note Assistant for Transport Based Correction Instructions, 2. To get a list of all systems in your landscape which are not yet ready and need to be switched to the new support backbone connectivity refer link. While uploading the TCI package if there is a failure in signature verification please refer to the SAP Note2520826 for solution.
SSL_read SSL API errorFailed to verify peer certificate. Continue to implement the TCI note 2576306, If you get error message: 2258238 snote data not available, apply Snote 2258238 and continue to implement 2576306. Choose the default or instance profile entry and create a new parameter entry icm/server_port_
This path is specified in the definition of the logical pathDOWNLOAD_SERVICE_PATH. WHO can ever manage to do SDCCN direct connectivity/ Indirect connectivity update, ANST update, SAP RFC destinations update. Select HTTPS and save configuration. Any ABAP system having download service can be used as download system. Below is automatic option we get to migrate tasks in SDCCN. The bootstrapping of SNOTE is not transportable.
On the Execution Parameters tab page, select the entry that you want to delete and choose Delete Entry. Strongly recommended that you upgrade your SAP Solution Managersystems to Release 7.2, Support Package Stack 8 or higher. Verify the SAP Note Status: Verify if the status of the SAP Note xxxxxxx (for example, SAP Note 2446868 for 700 release) is set to Completely Implemented. 1. Once the SNOTE isbootstrapped, any SAP Note containing TCI can be implemented in the same way as implementing anyother SAP Note.
Changing an existing execution parameter. Go to Assignment of Physical Paths to Logical Path and adapt the physical path according to your target directory or operating system, respectively. You configure the client certificates.
Try to download one SNOTE and check the logs. If you are mentioning about the warning message in SAP Service marketplace notes download section, it will be available till January 2020, as it is an alert message to all customers to make necessary changes prior. It points to the /usr/sap/trans/EPS/indirectory in UNIX nomenclature. Move these TRs in sequence to Quality and Production.
In below scenario we explain how to manually make configuration changes in SDCCN, Add destination SAP-SUPPORT_PORTAL and Remove destination SDCC_OSS. Note: Refer below snotes if you face any issues while downloading SNOTE with download service. Below note has been released for Bootstrapping system for TCI and Digitally signed ennoblement.
You then can drill down further to understand which action needs to be taken: Refer below landing page for details on support backbone connectivity update. Not sure why the existing one wouldn't work, but the new one worked fine. ->FAQ Digitally Signed SAP Notes 2537133, ->Cheat Sheetfor enabling SNOTE for Digitally Signed SAP Notes and for TCI. PAGES of manual prerequisites !!!!!!!!!!!!!!! e) Upload the TCI SAR file in the Note Assistant, Choose Goto > Upload TCI, Note: Alternatively, you can upload the TCI SAR archive (for example, K700005CPSAPBASIS.SAR) through Support Package Manager or SAINT from front end to your development system. All customers with ABAP based SAP systems need to react to the SAP Support Backbone update to ensure connectivity of their SAP systems to the SAP Support Backbone. To identify such an RFC connection to OSS, consider usingtransaction SE16in your ABAP system and table rfcdes. If the system to be prepared for SAPs Support Backbone Update is not directly connected to the backbone, no further action is required.