SAP Logon load balancing and Windows AD with SSO K...

Ramesh_Cirrus · ‎01-26-2009

This steps explains on how to use logon load balancing with SSO and Win AD domain. The steps are very simple.

Basically you create different Windows domain accounts for all the application server and central instance. Generate the keytab file for the respective servers and create the certificate on the servers. Next edit the profile parameter to have the correct SNC name and restart the application servers.

From the windows clients, create a new entry from SAP Logon pad - Groups - generate the list. The list will be populated from transaction SMLG. Choose one of them click on add and logon. Click on the advanced tab and enable the SNC box. The SNC name will be automatically populated from the profile parameter. Make sure it has the host is message server and not the application server.

Now try to logon 2 things will happen.

1. Logon using SSO (Win AD authentication)

2. Load balancing (should go to the server based on the load balancing algorithm).

Former Member · ‎01-26-2009

Hi,

What are you talking about ? Is this a question ?

I can share with you an apple pie recipe if you'd like !

Olivier

Ramesh_Cirrus · ‎01-26-2009

This is not a question, solution to solve SSO using SAP logon load balancing. Will be useful if anyone out there trying to implement SSO using Win AD and Kerberos Authentication.

Former Member · ‎01-26-2009

Hi Ramesh,

Thanks for the initiative to share this with us. I am sure that your intentions are very good, and I appreciate it. We often have real SSO related questions here, so your contributions to them are very welcome. Perhaps next time you want to check first in the wikis and blogs to see whether the subject matter has been covered there already. You can also add comments and edit the wikis possibly.

If the topic is additionally already well covered by discussions in the forums, help.sap.com and service.sap.com, then the next best thing is to lure Olivier into publishing the famous apple pie recipe with home made vanilla sauce which has been passed down from generation to generation in the Chretien family...

Kind regards,

Julius

tim_alsop · ‎01-26-2009

Ramesh,

From your instructions, I suspect you are referring to a scenario when using SNC with Kerberos, and SAP ABAP AS is running on a Windows Server ? If instead, a commercially available SNC-based product is used, the vendor would likely explain how to implement the load balancing using their product. Anyway, I can confirm that the load balancing with SNC is not documented well in SAP documentation, so I can see why you posted it. However, as Julius mentioned, perhaps you should have created a blog instead since the SDN forums as better used when you have a specific question to ask, or need advice.

Thanks,

Tim

Former Member · ‎06-03-2009

Dear Sir/Madam,

We are trying to setup SSO using windows kerbos by configuring SAP Front Ends automatically by setting up as Group Policy using Windows 2003 SP2 but we are not able to apply the policy fully.

We are able to setup the same successfully on individual meachines but when are trying to setup on domain then we are not able to do it.

The erro is SNC Error, under control panner - Add and remove programs I can see that SAP Kerbos SSO support but it says used rarely and doesn't show the size.

Under Event Message it's saying:

Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Kindly advice us

Regards

P ...

SAP Logon load balancing and Windows AD with SSO Kerberos Authentication