07-21-2010 1:17 PM
Hi,
I downloaded & installed the new SAP SPNEGO add-on into the NW7.01 portal. I went through the installation, which all worked, & was able to open Portal without signon/password.
We then faced problems as the AD team had created the keytab with DES encryption which doesn't work with Windows 7. Got the keytab re-created using RC4-HMAC, and replaced the keytab using the configuration wixard.
I am now unable to open the portal without logon/password. The error in the trace shows :
com.sap.security.spnego.SPNEGOProtocolException: No key (etype: 3) for realm ---
Any clues as to what this message means?
Gill
07-21-2010 6:15 PM
Hi Gillian,
This is a Basis/Infrastructure question
Why dont you go to this link
http://help.sap.com/saphelp_nw70/helpdata/en/45/40a0de773a7527e10000000a114a6b/frameset.htm
and see if you have followed all the appropriate steps.
08-16-2010 5:01 AM
Hi Gillian,
If you want to switch to RC4-HMAC encyrption type then please ask the AD administrator to disable DES encryption algorithms for the JEE service user. This is done in "Active Directory Users and Computers" tool -> double click the JEE service user -> select "Account" tab -> "Account options" -> unselect "Use DES ecryption types for this account".
Regards,
Dimitar
08-16-2010 12:47 PM
Hi Gillian Hanlon ,
Were you able to resolve this issue
we are also getting the similar error "The file you have selected does not contain any valid encryption keys
for the realm........" when trying to confiure spnego for RC4-HMAC encryptoin.
Thanks and regards
Basit
10-12-2010 8:10 AM
Hi,
Have you solved this? I get the same error when trying to upload the keytab file...
Your help is much appreciated.
kind regards,
Clinton
10-16-2010 9:55 PM
Hi Basit,
The error you get means that the keytab does not contain DES or RC4 keys for the selected realm. Could you please check with klist -e -f -k -K keytab what keys the file contains and for which principal/realm? If necessary re-genearte the file with ktab tool from JDK 1.5 or 1.6.
Regards,
Dimitar
10-16-2010 9:56 PM
Hi Ray,
See my reply to Basit. Please double check that the keytab contains keys for the realm your are trying to configure. In doubt re-generate the file with ktab tool from JDK 1.5 or 1.6.
Regards,
Dimitar
10-17-2010 9:18 PM
Hi Everyone,
Thanks you for the help. My problem turned out to be 2 users in AD with the same SPN assigned to them. Once the duplicate was removed, all was fine.
Gill