SNC is not activated in the ECC system.

Former Member · ‎10-25-2010

Hi Experts,

The ECC system is not coming up when I add the below mentioned parameters in the Instance profile. The issue I have identified it is database is coming up but SAP application is not and all the work process are in ended stated and message server & dispatcher are not coming up in the system.

The SNC Parameters are...

snc/enable =1

snc/identity/as=p:SAPServiceSID/abcdevde1.abc.no at ABC.NO

snc/accept_insecure_gui=1

snc/gssapi_lib = /usr/lib/libgssapi_krb5.a (libgssapi_krb5.a.so)

Kindly,see the work process developer trace log details...

N SncInit(): Initializing Secure Network Communication (SNC)

N IBM RS/6000 with AIX (st,ascii,SAP_UC/size_t/void* = 16/64/64)

N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)N SncInit(): found snc/data_protection/min=2, using 2 (Integrity Level)

N SncInit(): found snc/data_protection/use=9, using 3 (Privacy Level)N SncInit(): found

snc/gssapi_lib=/usr/lib/libgssapi_krb5.a(libgssapi_krb5.a.so)

N File "/usr/lib/libgssapi_krb5.a(libgssapi_krb5.a.so)" dynamically

loaded as GSS-API v2 library.

N The internal Adapter for the loaded GSS-API mechanism identifies as:

N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2

N SncInit(): found

snc/identity/as=p:SAPServiceSID/abcdevde1.abc.no at ABC.NO

N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1439]

N GSS-API(maj): Miscellaneous failure

N GSS-API(min): No such file or directory

N Could't acquire ACCEPTING credentials for

N name="p:SAPServiceSID/abcdevde1.abc.no at ABC.NO"

N SncInit(): Fatal -- Accepting Credentials not available!

N <<- SncInit()==SNCERR_GSSAPI

N sec_avail = "false"

M ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c 230]

M *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c 232]

M in_ThErrHandle: 1

M *** ERROR => SncInitU (step 1, th_errno 44, action 3, level 1)

[thxxhead.c 10651]

As per the forum rules @---> at is replaced in the above error.

Kindly,look in to the issue and suggest the solution how to activate the SNC in the ECC system for the Kerberos SSO purpose.

OS : AIX 6.1

SAP : SAP Netweaver EHP1

Database : IBM DB2 9.5

Actually,I'm configuring the Kerberos SSO between Active Directory & SAP. I have already generated the keytab file in the AD and copied in the AIX system under the /etc/krb5 directory.The Ticket-Grating-Ticket is genarated in the system and SIDADM is able to access the keytab file.

If any one faced already above stated issue and please provide the solution if you have resolved the issue.

Thanks & Regards

Sandeep.

nelis · ‎10-26-2010


N Could't acquire ACCEPTING credentials for
N name="p:SAPServiceSID/abcdevde1.abc.no at ABC.NO"
N SncInit(): Fatal -- Accepting Credentials not available!

You need to authenticate to your KDC before you start SAP.

As <SID>adm user execute:


kinit -V -k SAPServiceSID/abcdevde1.abc.no at ABC.NO

The result should be "Authenticated to Kerberos v5". You must get this right before you start your SAP system and then add it to a cron job so that the tickets get automatically renewed otherwise they will expire.

Nelis

desiree_matas · ‎10-26-2010

Hello Sandeep,

Please keep in mind that the SAP support for kerberos implementations on Unix is quite limited. Check SAP note 150380 for further info on those limitations.

Regards,

Désiré

Former Member · ‎10-26-2010

Did you checked the below SAP notes..Particularly section 1.2 in Note 95810.

Note 595341 - Installation issues with Single Sign-On and SNC

Note 95810 - Problem analysis when using SNC

Hope this helps

SNC is not activated in the ECC system.

Accepted Solutions (0)

Answers (3)

Answers (3)

Re: How can we use a odata connection of dataspher...

Re: Scheduled Report shows successful status; but ...

Re: Blending Tables (Import Models)

Re: Object store secret mys-object-store-secret no...

Re: CF Deployment Error: Error getting tenant t0