on 09-13-2011 12:32 PM
Dear Experts,
We are in the process of SSO between SAP Portal Microsoft Exchange Server.
SAP Portal Version : 7.01
Microsoft Exchange Server : 2008
Completed the Steps as per the Guide SSO22KerbMap.pdf from the below link
http://www.scribd.com/doc/54051058/SSO22KerbMap
if we give UserPrincipalname then we getting this below msg in the Log file .
"E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)(objectClass=user) (userPrincipalname=user1))"
If we given samname then it opening the Exchange Server login Page
we also Tried to fix that Issue Based Note 735639
Please tell me the solution to fix this Issue.
Thanks & Regards
Sebastian
Hi Sebastian,
Note 735639 has always helped to solve this issue
"The SSO22KerbMap module searchs in the Global Catalog for the attribute specified in the SSO22KerbMap.ini file. Not all
attributes of the LDAP schema are replicated into the Global Catalog by default.
In any case, the attribute UserPrincipalName has to be populated to the Global Catalog."
If replicate attributeUserPrincipalName attribute into the Global Catalog does not solve this issue, then there must be something else. Have you found other errors in the log? maybe increasing LogLevel of the filter to LogLevel=3 throws more light on this.
Br,
Javier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Javier
we tried to Replicated the UserprincipleName in Global Catalog but still facing the same issue . Please Check the below Log with trace level 3.
12:57:15 3336/732 i Initialize: Cannot delete file C:\sso\SSO22KerbMap_SSO.log: The system cannot find the file specified.
12:57:15 3336/732 I SSO22KerbMap.dll 1.1.0.9 is initialized
SSO22KerbMap configuration in C:\sso\SSO22KerbMap.ini:
PseFile: C:\sec\verify.pse
ServicePrincipalName: HOST/WIN-K6CONDF638I.kaartest.com
FilterPriority: High
SSO2AccountAttribute: userPrincipalName
LogLevel: 3
Activated SSO logfile: C:\sso\SSO22KerbMap_SSO.log
12:57:15 3336/732 I ADSI Configuration for delegation on host WIN-K6CONDF638I:
ServicePrincipalNames:
exchangeMDB/WIN-K6CONDF638I.kaartest.com
exchangeMDB/WIN-K6CONDF638I
exchangeRFR/WIN-K6CONDF638I.kaartest.com
exchangeRFR/WIN-K6CONDF638I
SMTP/WIN-K6CONDF638I
SMTP/WIN-K6CONDF638I.kaartest.com
SmtpSvc/WIN-K6CONDF638I
SmtpSvc/WIN-K6CONDF638I.kaartest.com
exchangeAB/WIN-K6CONDF638I
exchangeAB/WIN-K6CONDF638I.kaartest.com
TERMSRV/WIN-K6CONDF638I
TERMSRV/WIN-K6CONDF638I.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/ForestDnsZones.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/DomainDnsZones.kaartest.com
Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/WIN-K6CONDF638I.kaartest.com
DNS/WIN-K6CONDF638I.kaartest.com
GC/WIN-K6CONDF638I.kaartest.com/kaartest.com
RestrictedKrbHost/WIN-K6CONDF638I.kaartest.com
RestrictedKrbHost/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I/KAARTEST
HOST/WIN-K6CONDF638I.kaartest.com/KAARTEST
HOST/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I.kaartest.com
HOST/WIN-K6CONDF638I.kaartest.com/kaartest.com
E3514235-4B06-11D1-AB04-00C04FC2DCD2/fcf4c575-a809-42dc-96ac-2683cafc93be/kaartest.com
ldap/WIN-K6CONDF638I/KAARTEST
ldap/fcf4c575-a809-42dc-96ac-2683cafc93be._msdcs.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/KAARTEST
ldap/WIN-K6CONDF638I
ldap/WIN-K6CONDF638I.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/kaartest.com
Delegation allowed to following SPNs:
HOST/WIN-K6CONDF638I.kaartest.com/kaartest.com
HOST/WIN-K6CONDF638I.kaartest.com
HOST/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I.kaartest.com/KAARTEST
HOST/WIN-K6CONDF638I/KAARTEST
Delegation Flag:Use any authentication protocol: ACTIVE
12:57:15 3336/732 I IMPORTANT: Check that the Virtual directory of your target application is running
on 'Integrated Windows Authentication'!
12:57:15 3336/732 i OnPreprocHeaders: GET / HTTP/1.1
CONNECTION:Keep-Alive
ACCEPT:/
ACCEPT_ENCODING:gzip, deflate
ACCEPT_LANGUAGE:en-us
HOST:localhost
USER_AGENT:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
12:57:15 3336/732 i getAccountFromCookie: No header Cookie found
12:57:15 3336/732 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
12:57:23 3580/4576 i Initialize: Cannot delete file C:\sso\SSO22KerbMap_SSO.log: The process cannot access the file because it is being used by another process.
12:57:23 3580/4576 I SSO22KerbMap.dll 1.1.0.9 is initialized
SSO22KerbMap configuration in C:\sso\SSO22KerbMap.ini:
PseFile: C:\sec\verify.pse
ServicePrincipalName: HOST/WIN-K6CONDF638I.kaartest.com
FilterPriority: High
SSO2AccountAttribute: userPrincipalName
LogLevel: 3
Activated SSO logfile: C:\sso\SSO22KerbMap_SSO.log
12:57:23 3580/4576 I ADSI Configuration for delegation on host WIN-K6CONDF638I:
ServicePrincipalNames:
exchangeMDB/WIN-K6CONDF638I.kaartest.com
exchangeMDB/WIN-K6CONDF638I
exchangeRFR/WIN-K6CONDF638I.kaartest.com
exchangeRFR/WIN-K6CONDF638I
SMTP/WIN-K6CONDF638I
SMTP/WIN-K6CONDF638I.kaartest.com
SmtpSvc/WIN-K6CONDF638I
SmtpSvc/WIN-K6CONDF638I.kaartest.com
exchangeAB/WIN-K6CONDF638I
exchangeAB/WIN-K6CONDF638I.kaartest.com
TERMSRV/WIN-K6CONDF638I
TERMSRV/WIN-K6CONDF638I.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/ForestDnsZones.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/DomainDnsZones.kaartest.com
Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/WIN-K6CONDF638I.kaartest.com
DNS/WIN-K6CONDF638I.kaartest.com
GC/WIN-K6CONDF638I.kaartest.com/kaartest.com
RestrictedKrbHost/WIN-K6CONDF638I.kaartest.com
RestrictedKrbHost/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I/KAARTEST
HOST/WIN-K6CONDF638I.kaartest.com/KAARTEST
HOST/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I.kaartest.com
HOST/WIN-K6CONDF638I.kaartest.com/kaartest.com
E3514235-4B06-11D1-AB04-00C04FC2DCD2/fcf4c575-a809-42dc-96ac-2683cafc93be/kaartest.com
ldap/WIN-K6CONDF638I/KAARTEST
ldap/fcf4c575-a809-42dc-96ac-2683cafc93be._msdcs.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/KAARTEST
ldap/WIN-K6CONDF638I
ldap/WIN-K6CONDF638I.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/kaartest.com
Delegation allowed to following SPNs:
HOST/WIN-K6CONDF638I.kaartest.com/kaartest.com
HOST/WIN-K6CONDF638I.kaartest.com
HOST/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I.kaartest.com/KAARTEST
HOST/WIN-K6CONDF638I/KAARTEST
Delegation Flag:Use any authentication protocol: ACTIVE
12:57:23 3580/4576 I IIS SSO22KerbMap Module configured on following Web Sites:
12:57:23 3580/4576 I IMPORTANT: Check that the Virtual directory of your target application is running
on 'Integrated Windows Authentication'!
12:57:23 3580/4576 i OnPreprocHeaders: GET /owa HTTP/1.1
CONNECTION:Keep-Alive
ACCEPT:/
ACCEPT_ENCODING:gzip, deflate
ACCEPT_LANGUAGE:en-us
HOST:localhost
USER_AGENT:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
12:57:23 3580/4576 i getAccountFromCookie: No header Cookie found
12:57:23 3580/4576 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
12:57:24 3580/4576 i OnPreprocHeaders: GET /owa/ HTTP/1.1
CONNECTION:Keep-Alive
ACCEPT:/
ACCEPT_ENCODING:gzip, deflate
ACCEPT_LANGUAGE:en-us
HOST:localhost
USER_AGENT:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
12:57:24 3580/4576 i getAccountFromCookie: No header Cookie found
12:57:24 3580/4576 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
12:57:38 3428/4760 i Initialize: Cannot delete file C:\sso\SSO22KerbMap_SSO.log: The process cannot access the file because it is being used by another process.
12:57:38 3428/4760 I SSO22KerbMap.dll 1.1.0.9 is initialized
SSO22KerbMap configuration in C:\sso\SSO22KerbMap.ini:
PseFile: C:\sec\verify.pse
ServicePrincipalName: HOST/WIN-K6CONDF638I.kaartest.com
FilterPriority: High
SSO2AccountAttribute: userPrincipalName
LogLevel: 3
Activated SSO logfile: C:\sso\SSO22KerbMap_SSO.log
12:57:39 3428/4760 I ADSI Configuration for delegation on host WIN-K6CONDF638I:
ServicePrincipalNames:
exchangeMDB/WIN-K6CONDF638I.kaartest.com
exchangeMDB/WIN-K6CONDF638I
exchangeRFR/WIN-K6CONDF638I.kaartest.com
exchangeRFR/WIN-K6CONDF638I
SMTP/WIN-K6CONDF638I
SMTP/WIN-K6CONDF638I.kaartest.com
SmtpSvc/WIN-K6CONDF638I
SmtpSvc/WIN-K6CONDF638I.kaartest.com
exchangeAB/WIN-K6CONDF638I
exchangeAB/WIN-K6CONDF638I.kaartest.com
TERMSRV/WIN-K6CONDF638I
TERMSRV/WIN-K6CONDF638I.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/ForestDnsZones.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/DomainDnsZones.kaartest.com
Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/WIN-K6CONDF638I.kaartest.com
DNS/WIN-K6CONDF638I.kaartest.com
GC/WIN-K6CONDF638I.kaartest.com/kaartest.com
RestrictedKrbHost/WIN-K6CONDF638I.kaartest.com
RestrictedKrbHost/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I/KAARTEST
HOST/WIN-K6CONDF638I.kaartest.com/KAARTEST
HOST/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I.kaartest.com
HOST/WIN-K6CONDF638I.kaartest.com/kaartest.com
E3514235-4B06-11D1-AB04-00C04FC2DCD2/fcf4c575-a809-42dc-96ac-2683cafc93be/kaartest.com
ldap/WIN-K6CONDF638I/KAARTEST
ldap/fcf4c575-a809-42dc-96ac-2683cafc93be._msdcs.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/KAARTEST
ldap/WIN-K6CONDF638I
ldap/WIN-K6CONDF638I.kaartest.com
ldap/WIN-K6CONDF638I.kaartest.com/kaartest.com
Delegation allowed to following SPNs:
HOST/WIN-K6CONDF638I.kaartest.com/kaartest.com
HOST/WIN-K6CONDF638I.kaartest.com
HOST/WIN-K6CONDF638I
HOST/WIN-K6CONDF638I.kaartest.com/KAARTEST
HOST/WIN-K6CONDF638I/KAARTEST
Delegation Flag:Use any authentication protocol: ACTIVE
13:00:14 3580/3652 i OnPreprocHeaders: Determined account user1 from cookie MYSAPSSO2
13:00:14 3580/3652 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)(objectClass=user) (userPrincipalName=user1))
13:00:14 3580/3652 i OnPreprocHeaders: GET /owa/8.3.83.4/themes/base/lgnbotr.gif HTTP/1.1
CONNECTION:keep-alive
ACCEPT:/
ACCEPT_CHARSET:ISO-8859-1,utf-8;q=0.7,*;q=0.3
ACCEPT_ENCODING:gzip,deflate,sdch
ACCEPT_LANGUAGE:en-US,en;q=0.8
COOKIE:JSESSIONID=(J2EE8995800)ID1278516850DB11851917538977268067End; MYSAPSSO2=AjExMDAgAAxwb3J0YWw6dXNlcjGIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAFVVNFUjECAAMwMDADAANLUFQEAAwyMDExMDkxNTA3MzAFAAQAAAAICgAFVVNFUjH%2FAQUwggEBBgkqhkiG9w0BBwKggfMwgfACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGB0DCBzQIBATAiMB0xDDAKBgNVBAMTA0tQVDENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwOTE1MDczMDEwWjAjBgkqhkiG9w0BCQQxFgQUpHzub7O6!jJj!2FIIhXwTrX4iqYwCQYHKoZIzjgEAwQvMC0CFQDVGna%2Ffks8moQrSktvO1VtKLJXnwIUFnD3LsRFXIPN13P%2FP%2FqnhG1xS90%3D; SAPWP_active=1
HOST:mail.kaartest.com
REFERER:https://mail.kaartest.com/owa/auth/logon.aspx?url=https://mail.kaartest.com/owa/&reason=0
USER_AGENT:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
13:00:14 3580/4576 i OnPreprocHeaders: Determined account user1 from cookie MYSAPSSO2
13:00:14 3580/4576 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)(objectClass=user) (userPrincipalName=user1))
13:00:14 3580/1832 i OnPreprocHeaders: Determined account user1 from cookie MYSAPSSO2
13:00:14 3580/1832 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)(objectClass=user) (userPrincipalName=user1))
13:00:14 3580/2568 i OnPreprocHeaders: Determined account user1 from cookie MYSAPSSO2
13:00:14 3580/2568 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)(objectClass=user) (userPrincipalName=user1))
13:00:14 3580/4668 i OnPreprocHeaders: Determined account user1 from cookie MYSAPSSO2
13:00:14 3580/4668 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)(objectClass=user) (userPrincipalName=user1))
13:00:14 3580/3652 i OnPreprocHeaders: Determined account user1 from cookie MYSAPSSO2
13:00:14 3580/3652 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)
User | Count |
---|---|
74 | |
26 | |
10 | |
9 | |
7 | |
6 | |
4 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.