analyse Error Msg EGW 748 not found




 Purpose

The purpose of this page is to explain what the error:  "Msg EGW 748 not found" means, how to diagnose this issue and resolve it.

 Overview

The return code 748 means that the access of registered server is denied (TP_REG_ACCESS_DENIED). This is due to gateway security settings and the rules of reginfo file defined under parameter gw/reg_info is not correct.

Analysis and Resolution

Firstly, please review what is the security level enabled in the instance as per the configuration of parameter gw/reg_no_conn_info. This parameter will enable special settings that should be  controlled in the configuration of reginfo file. Further information about this parameter is also available in the following link:
 
The SAP documentation in the following link explains how to create the file rules:
                        http://help.sap.com/saphelp_nw73/helpdata/en/e2/16d0427a2440fc8bfc25e786b8e11c/content.htm
The note explains and provides examples of reginfo and secinfo files.
      Note 1408081: Basic settings for reg_info and sec_info
In order to figure out the reason why the gateway is not allowing the registered program, please follow some basics steps that should be managed during the creation of the rules:
1) The rules in the files are read by the gateway from the TOP to the BOTTOM hence it is important to check the previous rules in order to  check if the specific problem does not fit some previously rule. See the examples in the note below:
     Note 1592493: GW: Problems during reginfo configuration
2) It is possible to change the rules in the files and reload its configuration without restart the gateway:
     -> transaction SMGW
        -> Goto
           -> expert functions
              -> external security
                 -> reload
 However, in such situation, it is mandatory to de-register the  registered program involved and re-register it again because programs already registered will continue following the old rules.

3) The rules in the secinfo and reginfo file do not always use the same syntax, it depends of the VERSION defined in the file. Check the above mentioned SAP documentation about the particular of each version.
4) It is possible to enable the gateway logging in order to reproduce the issue. The parameter is gw/logging, see note below:
   Note 910919: Setting up Gateway logging
   This parameter will allow you to reproduce the gateway access and see the TP and HOST that the access is using hence create the rules in the reginfo or secinfo file.
5) The rules defined in the reginfo or secinfo file can be reviewed in colored syntactic correctness.
    -> transaction SMGW
      -> Goto
        -> expert functions
          -> Display secinfo/reginfo

   Green means OK, yellow warning, red incorrect. See note below:
   Note 1503858: Colored lines for sec(-reg) info test in SMGW
Workaround:
===========
Removing the files defined in the reginfo and secinfo parameters will remove the security rules from the gateway. If these files do not exist, the gateway read the definition in gw/acl_mode parameter, if it is set to 1 only internal rules are enabled. Until your own gateway security rules are not correctly setup it is possible to remove the reginfo and secinfo files and also set the parameter gw/acl_mode to 0  in order to avoid the security control (in such way, the parameter gw/reg_no_conn_info should not include the bit mask 16, see note below:
     Note 1444282: gw/reg_no_conn_info settings
The combination of the following configuration means that everything is allowed when starting external servers and registered servers. See note below:
     Note 1480644: gw/acl_mode versus gw/reg_no_conn_info
IMPORTANT: It is not recommended to keep the gateway security disabled in production systems.

Comments

Post a Comment

Popular posts from this blog

Hana XS Engine Troubleshooting

Overview:  HANA 2.0 is having XSA as base for many application like HANA cockpit, WEB IDE, Big Data Hub to name a few. You are lucky if you get it through for installation but sometimes you are stuck with few issues which you keep trying to solve , you don find solution. This Blog identifies and help you solve few of them. Getting a guide is very easy. But troubleshooting in real world might make your head spin. So sharing my experience. XX will represent the instance no. used in this blog. Error:  Adding role ‘xs_worker’ failed: Check /var/tmp latest update folder and it will mention the file name which contains more details. It should be with name like hdbmodify_addlocalroles.log. and Reason :  FAIL: process hdbxscontroller HDB XS Controller not running Sub Reason:   Could not startup the controller components: SAP WebDispatcher failed to bind application port (already occupied). Route to application will be unavailable. Restarting the...
Read more

Check Users Locked or deactivated in Hana or Hana Studio

Check Users; select * from users where user_deactivated= ‘TRUE’; Deactive hana user We can use the following SQL query to DEACTIVATE HANA DB user ; ALTER USER DEACTIVATE USER NOW; Example ; alter user HanaUser deactivate user now; To activate the user again we can use the below SQL query ; ALTER USER ACTIVATE USER NOW; Example ; alter user Hanauser activate user now;
Read more

Hana ini file location

The ini files are stored at the following default location on the server: /hana/shared/$SID/global/hdb/custom/config. File Details /usr/sap/ /HDB /exe/config Default values (not to be adjusted) /usr/sap/ /SYS/global/hdb/custom/config/ .ini Valid for a specific service (e.g. indexserver) or component (e.g. multidb) on all hosts /usr/sap/ /SYS/global/hdb/custom/config/global.ini Valid for all services on all hosts /usr/sap/ /HDB / / .ini Valid for a specific service (e.g. indexserver) or component (e.g. multidb) on a specific host /usr/sap/ /HDB / /global.ini Valid for all services on a specific host
Read more