Environment
Novell iChain 2.3 Support Pack 5
SAP ERP 2005 ECC6 with Integrated ITS, Basis 7.00
SAP ERP 2005 ECC6 with Integrated ITS, Basis 7.00 Service Pack Version 9
Windows Server 2003 Enterprise x64 edition with Service Pack 1
SAP ERP 2005 ECC6 with Integrated ITS, Basis 7.00
SAP ERP 2005 ECC6 with Integrated ITS, Basis 7.00 Service Pack Version 9
Windows Server 2003 Enterprise x64 edition with Service Pack 1
Situation
SAP NetWaever portal server does not maintain persistent TCP
sessions as requested by iChain. Instead of running subsequent HTTP
requests over the same TCP session the SAP server closes the TCP
session down after the request web object has been delivered to the
requesting client (iChain). This behavior causes extra
traffic and and processing on iChain and the SAP Portal
server.
The Novell iChain proxy server has been configured for:
The Novell iChain proxy server has been configured for:
- "Enable persistent connections to browser" has been enabled (default)
- "Enable persistent connections to origin server" has been
enabled (default
- set accelerator [SAP portal accelerator name] forcehttp10toorigin = NO has been set to make sure HTTP1.1 will be used. Note: If a given browser client generating a request to an iChain accelerator has been configured to make use of HTTP 1.0 iChain will use as well HTTP 1.0 to communicate with the origin web server
- Secure Exchange has been enabled between the browser client and
iChain proxy server
Resolution
SAP provided a fix which can be referenced under SAP note 1123915
on 21/12/07 (kernel patch 140)
Additional Information
Troubleshooting:
In order to troubleshoot this issue it was required to track a given user session at both sides (public, private) on the iChain proxy using LAN traces. Therefore it is helpful to turn on "Forward browser IP address in Request Header [X-Forwarded-FOR" and Forward iChain cookie to web server on the SAP accelerator. This trace has been compare with a trace taken from a direct browser to SAP server connection. SSL has been turned off in all cases.
Backround:
A peristent connection will be initiated by a given user agent (browser client, proxy...) using the HTTP "Connection: keep-alive" header. iChain used this "Connection: keep-alive" header on all outgoing requests initiated to the SAP server (for further details on HTTP persistent connection handling use RFC2616.
iChain requests a persistent connection and chunked encoding in one header line using a separator and closing it with e CRLF.
Example:"Connection: keep-alive, TE".
Based on the following definitions from RFC2616 this construct is valid:
- Connection = "connection"":" 1#(connection-token)
- connection-token = token
- token = 1*
- separators = "(" | ")" | "<" |">" | "@"| "," | ";" | ":" | "\" | <">|..........."
The SAP server does not accept this construct and therefore does not honor the connection keep-alive request
In order to troubleshoot this issue it was required to track a given user session at both sides (public, private) on the iChain proxy using LAN traces. Therefore it is helpful to turn on "Forward browser IP address in Request Header [X-Forwarded-FOR" and Forward iChain cookie to web server on the SAP accelerator. This trace has been compare with a trace taken from a direct browser to SAP server connection. SSL has been turned off in all cases.
Backround:
A peristent connection will be initiated by a given user agent (browser client, proxy...) using the HTTP "Connection: keep-alive" header. iChain used this "Connection: keep-alive" header on all outgoing requests initiated to the SAP server (for further details on HTTP persistent connection handling use RFC2616.
iChain requests a persistent connection and chunked encoding in one header line using a separator and closing it with e CRLF.
Example:"Connection: keep-alive, TE".
Based on the following definitions from RFC2616 this construct is valid:
- Connection = "connection"":" 1#(connection-token)
- connection-token = token
- token = 1*
- separators = "(" | ")" | "<" |">" | "@"| "," | ";" | ":" | "\" | <">|..........."
The SAP server does not accept this construct and therefore does not honor the connection keep-alive request