on 09-15-2008 3:34 PM
Hello gurus,
we have installed BI 7.0 SP15 with Portal as the java side of the BI (double stack). We have CI + 3 dia instances.
we have configured the SPNego as described in SAP documents and for some reason only on two servers the SSO is working.
On the problematic servers we got error:
CreateContext failed: GSSException: Failure unspecified at GSS-API
level (Mechanism level: KDC has no support for encryption type (14))
I wasn't able to find any differences between the servers so the spnego configuration
looks fine on all the servers.
Any idea ?
Dimitry Haritonov
Hi Dimitry,
Reason for the error : WebLogic Server is getting the SPNEGO ticket. But from error, it's clear the KDC has no support for encryption which WebLogic Server is looking for (Typically, the encryption type is specified in the krb5.conf/krb5.ini Kerberos configuration file).
Please refer to this link and search for the error that you are getting.
Hope this helps.
Cheers,
Sandeep Tudumu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
ok so :
WebLogic Server security system as well as Windows Kerberos protocol
suggested solution:
Check the user account at KDC for "Use DES encryption types for this account" and it needs to be checked.
Log off from the client machine so that the credentials cache is flushed and all session tickets and all session keys are destroyed. After relogin the Kerberos client at user's machine will get new session ticket and key with proper encryption type.
but as I already stated I have 4 servers that only two of them have SPNego working correctly. All the servers use the same active directory user.
Also all the krb5.conf files are the same...
Any ideas ?
Dimitry Haritonov
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.