The SAP Logon Application SAP BASIS

SAP logon is a Windows PC program that acts as an interface between the Web AS system and the common SAP user interface, SAP GUI. The SAP logon program is automatically installed with the SAP GUI. To start SAP logon, just double-click its icon. Figure shows an example. The SAP logon menu contains the available servers and logon groups that must be previously defined. You can either add servers or groups manually, or you can request a particular server for the available groups and make it add entries automatically. If it is the first time using it and the menu has not been configured by someone else, it might be empty.

SAP logon main menu (Copyright by SAP AG)

SAP logon main menu (Copyright by SAP AG)

To log on to a SAP system, just click on the entry and press the Logon button or simply double-click on the entry. When selecting a logon group, the system will select the application server with the best response time. This procedure is accomplished by SAP by means of the message server, which logs the availability and response times of all application servers for a SAP system.

SAP Logon Configuration

To make good use of the features of the SAP logon application, users or the administrator must configure some settings on the logon menu, such as adding servers or groups. To add a new server to the menu automatically, select the Server ... button. A dialog window will show up requesting the data for the new server. Now you have to specify the SAP system ID, the hostname where the message server is running, and the application server where the SAP router is running. SAP router is a special SAP program used for the connection with the message server. If SAP router is not running, you can leave this field blank (select <NONE>). You can add servers from different SAP systems to the same SAP logon menu or even configure a direct access to the SAP net system.

Upon pressing the Generate List button, if there are available application servers, they are displayed in the list box in the window. From this screen, you can decide either to log on to the server (Logon button), add it to the list of servers (Add button), or do both things at once (Add and Logon button). If there are none, then you have to add them manually. Defining groups is a very similar process. From the main SAP logon window, select the Group Selection button. The system displays a new window that has exactly the same fields as the server selection windows. Enter the SAP system ID, the message server, and SAP router information and press the OK button. The list box will display the active logon groups in the SAP system. From this screen, you can decide either to log on to the group (Logon button), add it to the list of groups (Add button), or do both things at once (Add and Logon button). The SAP logon application also provides the possibility of manually entering new entries or editing existing ones. To add a new entry, click on the New button from the SAP Logon menu. In the New Entry window, enter the necessary information in the available input fields:

  • Description. You can enter here any short description you want for the server. For example, you can enter the system name or something like Development System.
  • Application server. Specify in this field the name of the host for the application server.
  • SAP router string. If you are reaching your server via the SAP router program, then enter the routing entry here.
  • System number. Enter the system or instance number of the SAP system to which you want to connect.

If you want to change an existing entry, click on the Edit button on the main SAP logon menu and change the data you want, except for the application server and system number when modifying logon group entries.The SAP logon application also includes some configuration options that are not seen directly on the menu. To show those options, click on the top left corner of the SAP logon window and select Options. Figure shows the dialog box displayed on the screen. This dialog box is mainly used for troubleshooting the SAP logon application or looking for connection problems. The available fields are grouped in two boxes. The first one is the Sap Logon Options, which includes the following:

  • Language. This is used for selecting the SAP logon language. It must have been previously installed, and not all languages are available.
  • Message server time-out. The value, specified in seconds, is the time the SAP logon waits for a response from the message server of the SAP R/3 system. The default value is 10 seconds. If you experience time-out problems, then increase this value.
  • Confirmation of listbox entry delete. When this check box is selected, the system displays a warning before an entry is deleted from the SAP logon menu.
  • Disable editing functionality. This entry can be used to disable users from modifying logon entries. If the check box is selected, then the buttons in the SAP logon menu (Edit, New, Delete, and other options in the entry or group selection menu such as Add and Add and Logon) are grayed out and can't be used.

However, the easiest way to protect the SAP logon configuration from editing is to force users to use the SAP logon-PAD program (SAPLGPAD.EXE), which behaves just like SAP logon but without editing and configuration options. This is automatically installed with the SAP GUI from R/3 release 4.5. Newer SAP logon versions include also a list of configuration files so that you can edit those files directly.

SAP logon configuration dialog box (Copyright by SAP AG)

SAP logon configuration dialog box (Copyright by SAP AG)

The second box is the SAP GUI Start Options, which has the following fields:

  • Activate SAP GUI trace level. When this option is set, you first can activate a trace. Then select the radio buttons to the right to choose the level of information that the trace file will record.
  • Additional data hexdump in trace. This option can only be selected when the trace has been activated. When this option is selected, the trace will include additional memory areas. Please note that having both the trace file and the hexdump activated can result in loss of performance and the generation of very large trace files. When you finish a trace, deactivate those options and delete the trace files.
  • Additional command line arguments. In this field, you can enter additional arguments to the command line when starting the SAP GUI. Use this field and commands as requested by the SAP hotline in case of problems.

Administering the SAP Logon Application

SAP system managers can configure the settings for the SAP logon application and then distribute those settings to the end users. In order to do that, they must know what the configuration files are that the SAP logon application uses. The configuration files of the SAP logon are standard Windows system initialization files (INI files) located under the main Windows environment directory (normal locations for this directory are c:win95, c:winnt, depending on the Windows version and the users installation directory). These INI files are as follows:

  • sapmsg.ini. This is the initialization file that contains the list of hosts running the message servers. In the following example, the user can connect to SAP systems TT1 and DD1, which are running the message server in the node specified to the right of the equal sign.

    [Message Server]

    TT1 = copi01

    DD1 = copi02

    The first line of the file must contain the [Message Server] keyword. This file is updated automatically when users enter new SAP systems in the SAP logon menu.

  • saproute.ini. This initialization file contains route strings for the entries included in the SAP logon menu. For example,
    [Router]DD1 Development = /H/copi02/S/sapdp00

    For every possible connection, there must be a line with the format o <route_name> = <route_string> Route strings can concatenate multiple route entries when a connection uses multiple SAP routers. The format for this strings is /H/<host with saprouter>/S/<service where saprouter is running>/H/....

  • saplogon.ini. This is the initialization file that stores all the configuration settings, servers, groups, system, routes, and so forth that have been defined for the SAP logon menu. Finally, there is a very important file for the SAP logon to communicate correctly with the SAP system message servers. This communication is established via standard TCP/IP sockets. These are defined in the services file WINNT system32 driversetc for W2000. This file can be located in the same Windows directory or in a different one depending on the TCP/IP software you are using. You must ensure that for each entry in the sapmsg.ini file, you have a corresponding TCP service entry in the services file. These entries have the form of sapms<SID> <socket number>/TCP. For example,

Note A typical cause of problems with SAP logon configurations when editing the services file and including the entry for the message server in the last line is not placing a carriage return after the entry. A way to avoid the problem is not to insert the entry at the end. You also must ensure that the service names and numbers are exactly the same as those defined on the SAP servers in the corresponding services file. If you as administrator want to present for end users the available options with SAP logon, you have to make a base configuration for them, which is recorded in the saplogon.ini file. If you don't want users to define their own settings, you have to deactivate the selection options Groups and Server. In order to preset the settings and protect them against modifications, just copy them to the saplogon.ini file and make sure they have the right entries in the services file. Then make sure they don't have the sapmsg.ini and the saproute.ini files.

With the saplogon.ini file, when users start the SAP logon application, they have all the selections preset. This is the only one really needed. If you want even better protection against users modifying their entries, you can set the entry Restricted Mode = 1 in the Configuration section of the saplogon.ini file and make this file write-protected. You can use any of the programs for software distribution available in the market to send those files to all end users connected to the network.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status