Hi, I am configuring an SAP Single Sign-On 2.0 Based on Kerberos Tokens. I have already done every step mainly based on the videos that SAP provides to implement a SSO with Kerberos and following as well the implementation guide. However when I turn the parameter snc/enable from 0 to 1 and restart the server it gives me an error which I traced from the file dev_w0.
The error is the following:
N SncInit(): Initializing Secure Network Communication (SNC)
N PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/64/64)
N GetUserName()="SAPServiceDG1" NetWkstaUser="SAPServiceDG1"
N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)
N SncInit(): found snc/data_protection/min=2, using 2 (Integrity Level)
N SncInit(): found snc/data_protection/use=3, using 3 (Privacy Level)
N SncInit(): found snc/gssapi_lib=E:\usr\sap\DG1\DVEBMGS00\SLL\sapcrypto.dll
N File "E:\usr\sap\DG1\DVEBMGS00\SLL\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
N SECUDIR="E:\usr\sap\DG1\DVEBMGS00\sec" (from $SECUDIR)
N The internal Adapter for the loaded GSS-API mechanism identifies as:
N Internal SNC-Adapter (Rev 1.1) to SAPCRYPTOLIB 5.x
N Product Version = SAPCRYPTOLIB 5.5.5C pl35 (Mar 21 2013) MT-safe
N SncInit(): found snc/identity/as=p:CN=SL-ABAP-DG1@<DOMAIN>.COM
N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [D:/depot/bas/74 1445]
N GSS-API(maj): No credentials were supplied
N Could't acquire ACCEPTING credentials for
N
N name="p:CN=SL-ABAP-DG1@<DOMAIN>.COM"
N FATAL SNCERROR -- Accepting Credentials not available!
N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [D:/depot/bas/74 1445]
N GSS-API(maj): No credentials were supplied
N
N Thu Oct 15 12:05:51 2015
N Could't acquire DEFAULT ACCEPTING credentials
N
N *** ERROR => (debug hint: no default acceptor cred available)
N [D:/depot/b 737]
N <<- SncInit()==SNCERR_GSSAPI
N sec_avail = "false"
M ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c 272]
M *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c 274]
M in_ThErrHandle: 1
M *** ERROR => SncInitU (step TH_INIT, thRc ERROR-SNC-OTHER ERROR IN SNC LAYER, action STOP_WP, level 1) [thxxhead.c 2422]
NOTE:Where is <DOMAIN> I replaced for the correct domain.
The parameters that I used are these:
snc/enable = 1
snc/gssapi_lib = E:\usr\sap\DG1\DVEBMGS00\SLL\sapcrypto.dll
snc/identity/as = p:CN=SL-ABAP-DG1
snc/data_protection/min = 2
snc/data_protection/max = 3
snc/data_protection/use = 3
snc/accept_insecure_gu = 1
snc/accept_insecure_rfc = 1
snc/accept_insecure_cpic = 1
snc/permit_insecure_start = 1
snc/r3int_rfc_qop = 8
snc/r3int_rfc_secure = 0
snc/force_login_screen = 0
Anyone have a clue about how to solve this error? I thought that it was due to the command to create file cred_v2 "sapgenpse seclogin -p SAPSNCSKERB.pse -O SAPServiceDG1" which SAP warning us about a possible conflict in Windows environment. However I tried to solve that by adding -N in the end of the command as SAP told us to do, but my Command Prompt says that the command with -N is unknown.