on 10-25-2010 8:35 PM
Hi Experts,
The ECC system is not coming up when I add the below mentioned parameters in the Instance profile. The issue I have identified it is database is coming up but SAP application is not and all the work process are in ended stated and message server & dispatcher are not coming up in the system.
The SNC Parameters are...
snc/enable =1
snc/identity/as=p:SAPServiceSID/abcdevde1.abc.no at ABC.NO
snc/accept_insecure_gui=1
snc/gssapi_lib = /usr/lib/libgssapi_krb5.a (libgssapi_krb5.a.so)
Kindly,see the work process developer trace log details...
N SncInit(): Initializing Secure Network Communication (SNC)
N IBM RS/6000 with AIX (st,ascii,SAP_UC/size_t/void* = 16/64/64)
N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)N SncInit(): found snc/data_protection/min=2, using 2 (Integrity Level)
N SncInit(): found snc/data_protection/use=9, using 3 (Privacy Level)N SncInit(): found
snc/gssapi_lib=/usr/lib/libgssapi_krb5.a(libgssapi_krb5.a.so)
N File "/usr/lib/libgssapi_krb5.a(libgssapi_krb5.a.so)" dynamically
loaded as GSS-API v2 library.
N The internal Adapter for the loaded GSS-API mechanism identifies as:
N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
N SncInit(): found
snc/identity/as=p:SAPServiceSID/abcdevde1.abc.no at ABC.NO
N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1439]
N GSS-API(maj): Miscellaneous failure
N GSS-API(min): No such file or directory
N Could't acquire ACCEPTING credentials for
N name="p:SAPServiceSID/abcdevde1.abc.no at ABC.NO"
N SncInit(): Fatal -- Accepting Credentials not available!
N <<- SncInit()==SNCERR_GSSAPI
N sec_avail = "false"
M ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c 230]
M *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c 232]
M in_ThErrHandle: 1
M *** ERROR => SncInitU (step 1, th_errno 44, action 3, level 1)
[thxxhead.c 10651]
As per the forum rules @---> at is replaced in the above error.
Kindly,look in to the issue and suggest the solution how to activate the SNC in the ECC system for the Kerberos SSO purpose.
OS : AIX 6.1
SAP : SAP Netweaver EHP1
Database : IBM DB2 9.5
Actually,I'm configuring the Kerberos SSO between Active Directory & SAP. I have already generated the keytab file in the AD and copied in the AIX system under the /etc/krb5 directory.The Ticket-Grating-Ticket is genarated in the system and SIDADM is able to access the keytab file.
If any one faced already above stated issue and please provide the solution if you have resolved the issue.
Thanks & Regards
Sandeep.
N Could't acquire ACCEPTING credentials for
N name="p:SAPServiceSID/abcdevde1.abc.no at ABC.NO"
N SncInit(): Fatal -- Accepting Credentials not available!
You need to authenticate to your KDC before you start SAP.
As <SID>adm user execute:
kinit -V -k SAPServiceSID/abcdevde1.abc.no at ABC.NO
The result should be "Authenticated to Kerberos v5". You must get this right before you start your SAP system and then add it to a cron job so that the tickets get automatically renewed otherwise they will expire.
Nelis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Sandeep,
Please keep in mind that the SAP support for kerberos implementations on Unix is quite limited. Check SAP note 150380 for further info on those limitations.
Regards,
Désiré
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you checked the below SAP notes..Particularly section 1.2 in Note 95810.
Note 595341 - Installation issues with Single Sign-On and SNC
Note 95810 - Problem analysis when using SNC
Hope this helps
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.