Skip to content

Things that happen in support messages that I don’t like…

After some years working in support solving messages everybody will have a list of things that do occur over and over again and that never seem to get better.
Today I will start with the most anoying one (at least to me):

No remote connection possible!

Imagine you experience a heart attack. What you usually need is somebody trained to help you in that situation and do at least the primary steps to save your life.
At best this person is a paramedic so you can be rather sure that you’re in good hands.
Now imagine you have this person at your front door, when the heart attack occurs but when he wants to enter the room where you’re lying at the floor you just tell him:
“You cannot enter! Our companys security policy denies access by people not working for us… Please tell me how I can save myself!”

Althought this situation might be overbooked it is basically what I (and many of my collegues) face every day.
Customers facing a complete system down situtation are not able to provide TELNET access to their database servers. They are just not prepared to do so.
Of course TELNET is not state of the art concerning security on connections over the internet, no question about that.
But it’s possible to make up something like logging on to a remote connection server via Windows Terminal Services (for example) and from there via SSL to the target machine. So there are options to make this access secure.

And even if customers make the (correct!) decision that for this special situation the potential risk of beeing hacked while the TELNET connection is open is – by far – less costly than having a whole shift of workers leaving early due to the system down situation, even than it’s often just not possible to use the connection.
The companys firewalls block the TELNET port, the SAP service connection is not maintained or (this is the real classic): people ignore the description how to set up such a service connection and forget to allow port 23 (TELNET) on their SAPROUTER. So the infamous “route permission denied” error is just right on its way.

My recommendation: make plans how support should access your systems when they are down!
Set the connections up.
Have them tested – just open a support message and ask for somebody to logon!
This may save you precious HOURS the next time the database won’t come up.

As there are plenty of SAP notes describing the various remote connections I won’t fail to list the most important ones:

#35010 – Service connections: Composite note (overview)

Specific connection types:
Telnet Connection: Note 37001
R/3 Support: Note 812732
SAP-DB Connection: Note 202344
WTS Connection: Note 605795

Official statement concerning SSH-connections:
#789026 – Remote Connection: SSH
For semi-automatic line-opening see:
#797124 – LOP – Line Opener Program

By the way: the connection types listed in the overview (35010) note are exclusive. Whatever remote access tool or technology you are using usually in your company – when it’s not on the list, support cannot use it. So better don’t waste time and ask for such things to be tried.

Best regards

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: