on 03-25-2011 8:30 AM
Hello,
Iu2019m setting up the diagnostics agents on my Solution Manager system.
When I start the Diagnostics Setup wizard and go through the configuration steps I get an error in the configuration step. The error I get is in the Type SSO with the message u201CA failure occured while setting 'ticket' authentication template to the Diagnostics Componentsu201D.
The SSO details gives a little bit extrainformation:
Found SID for SSO ACL entry : SM1
Found login.ticket_client for SSO ACL entry : 000
Backup SSO ticket cert file was restored from SMD Repository
ABAP SSO ticket certificate of SM1 was imported in ABAP PSE of localhost (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SM1 LoginTicketClient=001)
Java SSO ticket certificate of SM1 was imported in ABAP PSE of localhost (client 001)
The Java SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SM1 LoginTicketClient=000)
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
Failed to give write privileges to security domain sap.com/tcwebadministratorsolmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar for inserting the ABAP cert into J2EE Keystore. Please check SAP Note 960304
!! Exception : com.sap.engine.services.keystore.exceptions.BaseRemoteException: Code permissions for domain[sap.com/tcwebadministratorsolmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar] and keystore operation [{WRITE_ENTRY TicketKeystore SAPLogonTicketKeypair-cert }] are not granted
From the error description I conclude that there is a write problem in the described domain. The file permissions for the SetupLib.jar file have I changed from -rw-ru2014r-- 1 sm1adm sapsys 575084 Aug 26 2010 SetupLib.jar to -rw-rw-rw- 1 sm1adm sapsys 575084 Aug 26 2010 SetupLib.jar but didnu2019t solve the problem. What could be the problem here?
Kind regards,
Richard Meijn
Hello Richard,
Have you checked SAP Note 960304?
Reason and Prerequisites
Under certain circumstances, the J2EE security domains used for reading
the keystore contents from the SMD setup application, can no longer be
available.
The absence of the J2EE security domains can be verified in Visual Admin
: server->services->Key Storage->Runtime tab->Security tab : if the "All
Domains" list is empty, the security domains are no longer available for
the SSO setup of SMD.
Solution
Restart the Monitoring J2EE engine, optionally check the presence of
security domains in Visual Admin, retry the SMD setup.
Have you verified if the ALL DOmains list is empty?
You should also have a Close Look at SAP Note
1121248 - SSO Setup for Diagnostics
These should assist in resolving this error.
Regards,
Paul
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.