cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to create SNC PSE

Former Member

on ‎02-09-2009 6:07 AM

0 Kudos

We are trying to establish an external authentication  for ITS using LDAP.

Our Ticket issuing server will be a R/3 server.

We have installed SAP Cryptographic Library on the application server.

Now when trying to create a SNC(SAPCryptoLib) Pse, it fails to create giving the error.

"Error While creating PSE"

On the help of the error message  we have "message no. trust040:"

Also in the profile parameters we have set all the values as given for having the snc, expect

snc/enable=1

as soon as we set the parameter as 1, the application server refuses to start and gives the following error

"Initialization                  SNC Failed, Return Code -000019"

What are we missing out??

The version of our ITS is 6.20

The version of our R/3 is 4.7X110

The ldap server is a Lotus Domino Directory.

Hopefully this is the correct place to post for this error

Thanks in advance

Abhishek

Edited by: Abhishek Sen on Feb 9, 2009 7:08 AM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎02-09-2009 2:10 PM
0 Kudos

Hai,

Check the document 'Using the SAP Cryptographic Library for SNC' in the below link.....

https://websmp103.sap-ag.de/%7Eform/sapnet?_SHORTKEY=01100035870000668370&;

Regards,

Yoganand.V

Show replies
Show replies
Former Member
‎02-11-2009 5:56 AM
0 Kudos

Thanks for your reply.

We have followed the instruction as given in the pdf exactly, but still its the same error

the error log on dw_0 is as follows


N  SncInit(): Initializing Secure Network Communication (SNC)
N        PC with Windows NT (mt,ascii,SAP_UC/long/void* = 2/4/4)
N  SncInit():   found snc/data_protection/max=1, using 1 (Authentication Level)
N  SncInit():   found snc/data_protection/min=1, using 1 (Authentication Level)
N  SncInit():   found snc/data_protection/use=1, using 1 (Authentication Level)
N  SncInit(): found  snc/gssapi_lib=C:\usr\sap\C12\SYS\exe\run\sapcrypto.dll
N    File "C:\usr\sap\C12\SYS\exe\run\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
N    The internal Adapter for the loaded GSS-API mechanism identifies as:
N    Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
N  SncInit():   found snc/identity/as=p:CN=C12,O=XYZ
N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1223]
N        GSS-API(maj): No credentials were supplied
N        GSS-API(min): No credentials found for this name (not logged on) (USER=SAPServiceC12)
N      Could't acquire ACCEPTING credentials for
N  
N      name="p:CN=C12, O=XYZ"
N  SncInit(): Fatal -- Accepting Credentials not available!
N  <<- SncInit()==SNCERR_GSSAPI
N           sec_avail = "false"
M  ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c    223]
M  *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c    225]
M  in_ThErrHandle: 1
M  *** ERROR => SncInitU (step 1, th_errno 44, action 3, level 1) [thxxhead.c   8437]

The user SAPServiceC12 is the one by whom the sap services are running.When checking his credentials, it shows that the SapService can read the pse.

But as soon as we set snc/enable =1

The application server gives the same error as above.

What setting are we missing out, cause we have followed all the steps as given in the pdf.

Thanks in advance

Abhishek

Former Member
‎08-11-2009 7:56 AM
0 Kudos

Hi Abhishek,

How was your solution to resolve this Problem?

Many thanks and best regards

Marcus

Ask a Question