saptechnicalguru – Page 22 – Saptechnicalguru.com

Including customer transports in SUM upgrade procedure

This blog will explain the option of integrating customer transports into the SUM upgrade.

Questions that will be answered are:

Why should I integrate customer transport requests into the SUM upgrade?
How do I integrate customer transport requests into the SUM upgrade?
How to check the RC import code of the customer transport requests included into the SUM upgrade?

Why should I integrate customer transport requests into SUM upgrade?

After an upgrade (especially to S4HANA) there can be a large amount of customer transports needed for S4HANA customer code fixes and fixes for the S4HANA upgrade itself (Z code fixes and OSS notes). All these transports will have to be imported in the production system and take time. For a larger system these transport can add up ranging from 1 to 4 hours import and check time. This is all added to the business downtime of the upgrade. By integrating the customer transports into the SUM upgrade, these transports will now be imported by SUM tool in the system build, saving you the import time. As a result the business down time is decreased. If you have a larger system with high pressure on reducing business downtime, this method is worth while to look at.

How to integrate customer transport request in SUM upgrade?

Activate SICF service SCTS_DIST_CTL_UPGINT_UI. Then start transaction SUPGINT_APP:

Press next to select the system:

Next and select Create new Task:

Now select all the transports (select carefully the ones you want to include):

On the next screen confirm the selection and then download the buffer file.

This buffer file you can use in the SUM upgrade tool.

The transport will be imported as part of the shadow build.

ZDO (zero downtime option)

Please read OSS note 2784699 – Include ZDO compliance checks when creating a customer transport buffer if you want to include customer transport when using the ZDO option.

RC code handling and import history

The RC code handling of the customer transports has to be done from the SUM tool logging. See OSS note 2964187 – customer transports included in upgrade: returncode handling. This explains to check for RC-8 code of the customer transports.

The customer transports are not visible in the import history. When this is wanted, carry out the procedure as described in OSS note 2772908 – Customer transports involved in an upgrade are not visible in the import history.

References

Good references:

SAP blog on integration customer transports
Reference note: 1759080 – Prerequisites and restrictions of Customer Transport Integration with SUM.
Wizard information: 2450902 – Customer Transport Integration Wizard
SAP help link and how to integrate the file into SUM on this help link

System log messages and audit log messages

System and audit log message are used in many different ways and applications.

When you have a system log message code or audit log message code, you might want more information, or in some cases change the severity level of the code.

Questions that will be answered in this blog are:

Where can I find the definition of the system log message codes and their long text?
Where can I find the definition of the audit log message codes and their long text?
How can I change the severity of system log and audit log messages?

Maintenance of system log and audit log messages

Maintenance of system and audit log messages is done with transaction SE92:

You can now get a list of messages:

And per message you can see the details:

In the details you can see the short text, long text and the Severity. The severity will determine the traffic light in the SM21 system log overview.

For ABAP code to write the new message to the system log, read this blog.

Audit log change of severity

You can also change audit log severity:

Changing from default SAP does require a key.

Related OSS notes

OSS notes:

RFC connections with fast serialization

Fast serialization is an option in the RFC settings to increase performance.

Questions that will be answered in this blog are:

What is required to use RFC fast serialization?
When to use RFC fast serialization?
How can I switch to fast serialization without touching the RFC in SM59?
How do I make the settings for RFC fast serialization?

Fast serialization

Fast serialization is available since release Basis 7.51. Downport might be possible, but think twice if you want to do this. Background OSS note on fast serialization is 2372888 – Fast serialization in RFC.

The whole goal of fast serialization is simply to increase the performance.

The fast serialization option is set in the RFC destination on the tab Special Options at the bottom:

Note that in S4HANA destination NONE is using fast serialization by default. Keep it that way.

Switching to fast serialization without touching SM59

In SM59 when you touch the RFC it might request you to re-enter the password. You can still switch the existing RFC without touching SM59. The instruction is in OSS note 2315100 – Activation of new RFC serialization on client side. Run program SFASTRFCMAINTENANCE (2561904 – Fast RFC serialization maintained with SFASTRFCMAINTENANCE):

When to use fast serialization

Fast serialization can be used when both the sender and receiver side of the RFC connection supports it.

Fast serialization in custom or standard RFC function modules

In SE37 SAP can set an RFC enabled function module Interface Contract to Fast serialization required. If you have build custom RFC function module that also only works with Fast serialization you should set this option:

Bug fix and explanation OSS notes

SAP downtime optimization app

SAP has create an app for analyzing the downtime for a SAP system upgrade or support package.

Questions that will be answered in this blog are:

How to use the SAP downtime minimization app?

Full references of SAP downtime minimization app

The full specification of the SAP downtime minimization app is maintained in SAP OSS note 2881515 – Introduction to the Technical Downtime Optimization App and on this SAP blog.

Using the SAP downtime minimization app

The app is hosted at SAP and can be reached on this URL: https://launchpad.support.sap.com/#/downtimeoptimization. When you start you come to the intro screen:

You start with the upload button. Here you can upload the UPGANA and APPLANA xml files:

After uploading, you need to wait 3 hours.

When you come back the result should be there:

Now you can analyze the SUM runtime uptime and downtime phase timing (this is tool time without idle time). There are hints given by SAP on which parts improvements could be made.

Reducing downtime

For reducing downtime, you can read the blog on including customer transport in SUM upgrade procedure as one of the means to reduce the downtime.

Also read OSS note 2351294 – S/4HANA System Conversion / Upgrade: Measures to reduce technical downtime, which contains many hints for downtime reduction.

SAP tutorial navigator

SAP and senior developers have set up quite a lot of nice tutorials. The tutorials are very good in explaining a how to execute a specific development or basis task. There are many tutorials on the SAP cloud products which can be new for a lot of ABAP and basis persons.

The SAP tutorial navigator is a good starting point exploring the tutorials.

Questions that will be answered in this blog are:

How to use the SAP tutorial navigator to find a tutorial that interests me?

SAP tutorial navigator

The SAP tutorial navigator can be started via the URL https://developers.sap.com/tutorial-navigator.html.

The main page will open:

You can search or filter based on the key words:

If you select the tutorial, the detailed tutorial will open now:

On the details page there is learning content and pre-requisites. On the right hand side you can navigate through the steps.

Then you can start with the step by step tutorial in a click here, click there easy to follow style:

SAP API business hub

SAP has collected all their web services and ODATA services on one central page.

Questions that will be answered in this blog are:

How to use the SAP API business hub to find an SAP interface for my use case?

SAP API business hub

Start the SAP API business hub by going to the URL api.sap.com:

Let’s zoom in to SAP S4HANA:

Now search for Sales Order and select the Sales Order ODATA:

For each method you can zoom into the details:

On the main details tab you can download the API specification, for example in JSON format:

Also it tells you how to build the URL to be called.

A bit below on the same screen is the link to the online documentation:

Which links to the actual help.sap.com helpfile:

SAP reference

SAP reference blog can be found here.

Logical file names

This blog will explain the maintenance of logical file names.

Questions that will be answered in this blog are:

Why use logical file names?
How to setup logical paths and logical file names?
Which variables can be used in logical file names and logical paths?
What is new in transaction SFILE?

Why use logical file name?

The use of a logical file name in any ABAP keeps the location and name name of the file constant from a logical function perspective. The actual implementation of the file location can then be maintained by the basis team. If they want to move files around, they can do so, as long as they also update the logical files. Also this way an ABAP developer does not need to worry in case of any OS switch (for example from Windows to Linux).

The names are the same on development, QA and production system. The basis team can choose to have different file structures on each system. For example by including the system ID in the folder name.

Maintaining logical file path

To maintain logical file names, start transaction FILE:

With new entries, you can add new logical file path.

We will use A2_GLOBALPATH here as example. Select the entry and click on Assignment of physical path to logical path:

Select the operating system to see the details:

Logical file names

Logical file names are also maintained with transaction FILE:

Parameters in naming

The following parameters can be used in the naming conventions:

Parameter	Meaning
<OPSYS>	Operating system in function module parameter
<INSTANCE>	Application Instance
<SYSID>	Application name in accordance with system field SY-SYSID.
<DBSYS>	Database system in accordance with system field SY-DBSYS
<SAPRL>	Release in accordance with system field SY-SAPRL
<HOST>	Host name in accordance with system field SY-HOST
<CLIENT>	Client in accordance with system field SY-MANDT
<LANGUAGE>	Logon language in accordance with system field SY-LANGU
<DATE>	Date in accordance with system field SY-DATUM
<YEAR>	Year in accordance with system field SY-DATUM, four characters
<SYEAR>	Year in accordance with system field SY-DATUM, two characters
<MONTH>	Month in accordance with system field SY-DATUM
<DAY>	Day in accordance with system field SY-DATUM
<WEEKDAY>	Weekday in accordance with system field SY-FDAYW
<TIME>	Time in accordance with system field SY-UZEIT
<STIME>	Hour and minute in accordance with system field SY-UZEIT
<HOUR>	Hour in accordance with system field SY-UZEIT
<MINUTE>	Minute in accordance with system field SY-UZEIT
<SECOND>	Seconds in accordance with system field SY-UZEIT
<PARAM_1>	External parameter 1 passed in function call
<PARAM_2>	External parameter 2 passed in function call
<PARAM_3>	External parameter 3 passed in function call
<P=name>	Value of a profile parameter in the current system
<V=name>	Value of a variable in the variable table
<F=name>	Return value of a function module

Transaction SFILE

Transaction SFILE is a new maintenance transaction. It is available as of S4HANA 1610. The main functions are the same as FILE. Main new function is the mass download and upload of definitions.

More background on SFILE: see OSS note 2370836 – FAQ | File access management with transaction SFILE.

Bug fix OSS notes:

SE16N emergency edit mode

For emergency cases you might need to edit table data directly. This blog will describe the emergency edit mode of SE16N.

Questions that will be answered are:

How to get the SE16N emergency edit mode?
How to enable the SE16N emergency edit mode?
How to use the SE16N emergency edit mode?

Getting the SE16N emergency edit mode

The SE16N emergency edit mode is standard installed as of S4HANA 2020. For older versions, you need to apply OSS note 2911103 – SE16N: Alternative edit mode.

Enabling SE16N emergency mode

The SE16N emergency mode is started via transaction SE16N_EMERGENCY. This transaction is locked by default:

Please consult your security team before unlocking this powerful transaction.

Use transaction SM01_CUS to unlock the SE16N_EMERGENCY transaction. Read this blog on the use of SM01_CUS.

Use of the SE16N emergency mode

Use of the emergency mode is pretty simple. Start transaction SE16N_EMERGENCY enter the table and you are launched into edit mode immediately. Example is here for table T001:

Other ways

For more different ways of direct table hacking, read this blog.

Checking usage

Checking SE16N usage is explained in this blog.

Or configure audit log after applying/checking this OSS note: 3140539 – SAL | New event definition for change access in SE16N.

Bug fix OSS notes

Bug fix note:

SAP password hash hacking Part V: optimizing the attack speed

This blog series will explain the process of hacking SAP password hashes: also know as SAP password hacking. The process of hacking will be explained and appropriate countermeasures will be explained.

In this fifth blog we will focus on optimizing the speed of attack. The preventive measures will focus on reducing the attack speed.

For the first blog on attacking the SAP BCODE hash click here.

For the second blog on attacking the SAP PASSCODE has click here.

For the third blog on attacking the SAP PWDSALTEDHASH has click here.

For the fourth blog on advanced topics, like the rule based attack, click here.

For more on extended word lists, click here.

Questions that will be answered in this blog are:

How to optimize the attack speed?
How to optimize getting hashes converted into real passwords?

Optimizing the attack

First check if you can get hold of PASSCODE or preferably BCODE hashes. These ones are 10 to 20 times faster to hack than PWDSALTEDHASH codes.

Assuming the administrators have done their work and only PWDSALTEDHASH remains, there are still options to speed up the attack.

Get faster graphical card(s)

Don’t do password hacking on a laptop. The graphical card in any laptop is simply too slow. Use a gaming specification graphical card or cards (cost range is about 300 to 500 dollar or Euro per card).

Preparation of the attack

First thing to do is to get the password rules. Most common is 1 letter, 1 digit, 1 special and minimum length of 8. But differences occur. If for example minimum length is 10, you can adjust your dictionaries to remove all small words that will not comply.

Check the language: use the webster dictionary for English in all cases, but based on language of the company, you must use German, French, Spanish, Italian, Dutch, etc dictionaries as well.

If possible filter out high potential targets from you list. It is best to have a high value administrator or CEO, then a warehouse person who can do simple movements and write time.

Sequence of attacks

Start first with your library of most frequently used passwords. Maybe there is already a hit.

You will be surprised that about 1% will hit.

Second run is with a list of company, product and department names. If you want to target company called TARGET with product name PRODUCT, make a special file with names like:

Target2021!

Product2021!

Use the password rulebooks to generate as many variations as possible (examples are T@rget2021, Pr0duct2021!).

You will be surprised that about another 1% will hit. Who is using these simple to guess passwords? More people than you think!

Third run should be dictionary run with rulebook. Start with English and primary language of the company. Most successful Rule is word plus digit plus special.

You will be surprised that about another 1 to 3% will hit.

Pending on the speed and sizes the rulebook is a very good one to run for a longer time (consider 1 week constantly running this).

Fourth run should be a keyboard walk rulebook. The keyboard walk contains passwords like QWERtyui1234%^&*, or 1qaz@WSX (walk on keyboard…).

You will be surprised that about another 1% will hit.

Re-using the output file to generate new attack: fingerprint attack

When your first attacks are done, there is one final surprisingly successful last attack possible. For this you take your file with all the passwords you have already cracked.

These passwords you now cut into 2. Example Target2021! is cut into:

T and arget2021!

Ta and rget2021!

….

Target2021 and !

And the word itself Target2021!

Now you have 2 files. Use these into a combinator attack mode (see hashcat wiki for the exact syntax to use).

This procedure is called a fingerprint attack.

This might give surprising results like TargetProduct2021!

This attack will bring a surprising high number of hits. The better the first passwords you have cracked, the better the result here. Save this attack till last, since it can be a very lengthy one, and a lot of duplication with the previous attacks can happen.

Strengthening password technical strength

The ABAP password can be made more strong by technical means, by increasing the hash salt size. This will take longer time to crack. OSS notes:

Read more in this dedicated blog on password hash strengthening.

BI queue deletion

During a SPAM import or during application of a TCI OSS note using SPAM, you can get errors due to BI queues. This blog will explain how to delete these queues.

For normal processing on BI delta queue with RSA7, please read the FAQ note 380078 – FAQ: BW delta queue (RSA7): Questions and answers.

Questions that will be answered in this blog are:

How to clean up the BI queues in case SPAM or TCI note is being blocked by it?

qRFC clean up

First start in transaction SMQ1 to delete the MCEX BI outbound queues:

Select all queues and press the delete button.

More blocks

If it is still blocking run program RMCEXCHK:

Look for the application number(s) that is blocking. In this example 04. For V3 updates read 2886816 – Supplement to Note 652310 & 67014 & 1083709 about error ‘due to open V3 proc not changed’.

Now start transaction LBWG to delete the setup for this application:

Details behind LBWG are explained in OSS note 1752439 – Explanation of transaction LBWG.