I'm confused on the one hand you say SSO and 401 (and SSO error) and the other you mention manual logon by typing a username.
As Ted mentioned you must upgrade your java SDK to 1.5.x.x in order to use case INsensitive usernames.
However if this is SSO then case should not be an issue.
OK so I gather this is XIR2 SSO via vintela? Let me know if I'm wrong.
For SSO - A good couple of tests would be like so.
You have computerA and computerB, being used by userA and userB respectively.
Lets say userA/computerA is working and userB/ComputerB is not (the error above). Where does the problem go if you switch user/computers (i.e userA/computerB work/noand visa versa userB/computerA). There are some issues that occur in the workstation/profile and others that are due to settings on the user account.
A few other things to check...
Total # of AD groups the user belongs to (this is not mapped groups in the CMC but rather all AD groups in the MMC) If you see a pattern where the problem is with user accounts that belong to more overall groups then increase the http header in the server.xml (should have been set to 16384 in the initial set up)
If the problem seems to be the workstation check the control panel/user accounts/advanced/manage passwords and verify no incorrect passwords are here.
There is also an issue with an old Microsft patch for kerberos that forces the port# in the URL to append to SPN requests, this will create a mismatch in client requests/SPN and has been kbased in SAP notes.
Regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.