SAP PO – Deploying the SCA Using Telnet on the example of the last fix for Log4j

In last time, i.e. 11.01.2022 SAP released Log4j 2.17.1 update for SAP NetWeaver Process Integration. With this update all currently known Log4j vulnerabilities are fixed. More information You find in note: 3135581 and below You find  solution how to implement this fix.

To deploy fix on the server we need download Software Component Archive (SCA) file from SAP site or directly 3135581. The SCA file can be deployed using the Software Update Manager (SUM) tool or using the Telnet administration interface. Today we’ll be use the latter tool.

note: 3135581 – section: Support Package Patches

In my case I downloaded patch for SP021 – patch level 000031

Pay attention to SCA Dependency and if necessary download the correct version:

I also downloaded both above files.

Deploying the SCA Using Telnet

  1. At the beggining log on sidadm and copy the SCA file to a local directory, e.g. /usr/sap/SID/tmp.

2. To simplify the procedure create file, e.g. deploy.txt with SCA files location:

server:sidadm 57> pwd
/usr/sap/SID/tmp
server:sidadm 58> cat deploy.txt
/usr/sap/SID/tmp/SAPXIAF21_31-80000737.SCA
/usr/sap/SID/tmp/MESSAGING21P_18-80000682.SCA
/usr/sap/SID/tmp/INTGVISDCJ21_2-80000642.SCA

3. To deploy Your SCA file login via telnet to the SAP NetWeaver Application Server:

telnet localhost 5<AS Java Instance Number>08

for example:

server:sidadm 57> telnet localhost 50108
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

***********************************************
**********************************************
****###*******####*****#######**************
**##***##****##**##****##****##************
***##*******##****##***##****##**********
*****##*****########***######***********
******##****##****##***##*************
**##***##**##******##**##************
****###****##******##**##**********
**********************************
********************************

Telnet Administration
SAP Java EE Application Server v7.50

User name: Administrator
Password: XXX

Welcome to server node XXXXXXXX.

4. Now we’ll be deploy new appliacation:

-- Telnet help, use command:
>MAN

***** ADMIN *****
GC LIST_RC LSL SETSP
INFO LL LSM SHUTDOWN
LISTMP LLR LSS STARTSERVICE
LISTSP LSC LSTOL STOPSERVICE
LISTTEMPLATES LSI SETMP VERSION

***** DEPLOY *****
APP_REFS_GRAPH JAVA_VERSION REMOVE_APP
CHANGE_REF LIST_APP START_APP
CONTAINER_INFO LIST_APP_RES STOP_APP
DEPLOY LIST_EL UNDEPLOY
DEPLOY_INFO LIST_REFS UNDEPLOY_EMPTY_SCA
EXPLORE MIG_STAT UNLOCK_APP
GET_RESULT PARAM
GET_STARTUP REFS
GET_STATUS REFS_GRAPH_FIND_PATH

***** SYSTEM *****
ADD EXIT LOADENV QUIT SET
CAT GET MAN REMOVE
CLS GREP MORE RUN
ECHO KILL PS SAVEENV

***** TELNET *****
JUMP

-- for example if You need more information about DEPLOY command use:
> MAN DEPLOY

-- command to deploy new apps:
>DEPLOY list=/usr/sap/SID/tmp/deploy.txt version_rule=all on_prerequisite_error=stop

Deploy settings:
life_cycle=bulk
on_deploy_error=stop
on_prerequisite_error=stop
version_rule=all
workflow=normal

If there is an offline deployment, Telnet connection to host may be lost, but the result can be seen using [get_result] command

Processing deployment operation, wait...

===== PROGRESS START =====

Deploying [sap.com_com.sap.aii.adapter.ispeak.dbs (sda)] ...
Deploying [sap.com_com.sap.aii.module.oauth.os.lib (sda)] ...
Deploying [sap.com_com.sap.aii.olingo.odata.lib (sda)] ...
Deploying [sap.com_com.sap.aii.af.ifc.facade (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.marketplace.lib (sda)] ...
Deploying [sap.com_com.sap.aii.af.maas.lib (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.ws.cxf.lib (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.rest.lib (sda)] ...
Deploying [sap.com_com.sap.aii.mapping.lib.facade (sda)] ...
Deploying [sap.com_com.sap.aii.af.axis.lib (sda)] ...
Deploying [sap.com_com.sap.aii.af.lib.facade (sda)] ...
Deploying [sap.com_com.sap.aii.af.svc.facade (sda)] ...
Deploying [sap.com_com.sap.aii.af.int.svc.facade (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.xi.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.rfc.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.bc.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.marketplace.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.http.svc (sda)] ...
Deploying [sap.com_com.sap.aii.proxy.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.jdbc.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.ispeak.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.jms.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.file.svc (sda)] ...
Deploying [sap.com_com.sap.aii.adapter.mail.svc (sda)] ...
Deploying [sap.com_com.sap.aii.proxy.svc.facade (sda)] ...
Connection closed by foreign host.

If You see information: “Connection closed by foreign host.” at this moment You can restart Your SAP instance. To do this use stopsap r3 command (his may take a while), next: cleanipc and at the end startsap r3.

When You’ll observe log file like: dev_jstart during startup at some point You can see below error:

 ********************************************************************************
F Process snapshot started with pid 86034
F ********************************************************************************
F [Thr 140290306606976] *** LOG => Process snapshot started (pid 86034).
F [Thr 140290306606976] *** LOG => Process snapshot running (pid 86034).
F
F [Thr 140290306606976] Wed Jan 12 23:14:39 2022
F [Thr 140290306606976] *** LOG => SAP Start Service (pid 1864) connected.
F [Thr 140290306606976] *** LOG => SAP Start Service (pid 1864) disconnected.
M [Thr 140290306606976] *** WARNING => NiCloseHandle: invalid hdl 42 [nixx.c 1738]F
F [Thr 140290306606976] Wed Jan 12 23:14:49 2022
F [Thr 140290306606976] *** LOG => Signal 17 SIGCHLD.
F [Thr 140290306606976] *** LOG => Process snapshot stopped (pid 86034).
F [Thr 140290306606976] *** LOG => Instance state is "Deploying offline components" (STOPPING @ 0, INACTIVE).
F [Thr 140290306606976] *** LOG => Run level 1 completed.
F [Thr 140290306606976] *** LOG => Instance state is "Some processes failed" (STOPPED @ 0, INACTIVE).
I [Thr 140290306606976] MPI: dynamic quotas disabled.
I [Thr 140290306606976] MPI init, created: pipes=4010 buffers=2718 reserved=815 quota=10%, buffer size=65536, total size MB=170
I [Thr 140290306606976] *** ERROR => FcaInit: already initialized [fcaxxcomm.c 958]I [Thr 140290306606976] *** ERROR => ShmCleanup(62) failed 3 [mpixx.c 4647]F
F ********************************************************************************
F *** ERROR => Node 'deployment' failed with exit code 66.
F ***
F *** Please see section 'Failures in the 'deploying offline components' phase'
F *** in SAP Note 1316652 for additional information and trouble shooting advice.
F ********************************************************************************
F
F [Thr 140290306606976] *** LOG => exiting (exitcode 22002, retcode 1).

At this moment You can once again restart Your SAP instance. After that eveything should run properly.

5. Now verify component version for apps which You deployed, e.g.:

6. Check also Log4j version. To do this: Start https://<host>:<port>/nwa and navigate to Configuration –> Infrastructure –> Java Class Loader Viewer. Filter “Component Name” com.sap.aii.adapter.ws.cxf.lib and “Resource Path” log4j. Same for com.sap.aii.af.axisproviderlib in case you use it.

That’s all 😉

Copyright © 2022. SAPBasisWorld.com Privacy Policy