cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sapgui sso error: No security credentials were supplied

Go to solution
former_member197700
Participant

on ‎02-05-2014 7:54 PM

0 Kudos

Hi gurus,

I think I have followed all the steps to enable single sign for sapgui using the Secure Login Client, Secure Login Library, and spnego for ABAP.  When I try to login with sso, I see this message (also see picture attached):

GSS-API(maj): No credentials were supplied  Unable to establish security context target="p:CN=KerberosSID"

I took a secure login client trace and it looks like this:

----------------------------------------------------------------------------

Trace file   : "C:\Documents and Settings\JOESMITH\My Documents\Downloads\SECURE_LOGIN_CLIENT_20\sec-02596.trc"

Trace level  : 2

Process id   : 2596

----------------------------------------------------------------------------

[YYYY.MM.DD HH:MM:SS.MIL][LEVEL][PROCESS             ][MODULE      ][THR_ID]

[2014.02.05 11:39:03.033][ERROR][sbus.exe            ][LOADER      ][  4612] ERROR(0xA0800200) in DLL->get_DLL_WINSCARD(): Cannot load DLL

[2014.02.05 11:39:03.033][ERROR][sbus.exe            ][LOADER      ][  4612] ERROR(0xA0800200) in DLL->sec_get_API_locked(): Cannot load DLL

[2014.02.05 11:40:14.518][WARN ][sbus.exe            ][Kerberos    ][  6320] Getting kerberos ticket for 'SAP/KerberosSID@MYDOMAIN.COM' with algorithm 23 returned error

[2014.02.05 11:40:14.518][WARN ][sbus.exe            ][Kerberos    ][  6320]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.02.05 11:40:14.518][WARN ][sbus.exe            ][Kerberos    ][  6320] Getting kerberos ticket for 'SAP/KerberosSID@MYDOMAIN.COM' with algorithm  3 returned error

[2014.02.05 11:40:14.518][WARN ][sbus.exe            ][Kerberos    ][  6320]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.02.05 11:40:14.518][WARN ][sbus.exe            ][Kerberos    ][  6320] Getting kerberos ticket for 'SAP/KerberosSID@MYDOMAIN.COM' failed (user name is joe.smith@mydomain.com)

[2014.02.05 11:40:14.534][ERROR][sbus.exe            ][Kerberos    ][  6320] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service

[2014.02.05 11:41:44.166][WARN ][sbus.exe            ][Kerberos    ][  7728] Getting kerberos ticket for 'SAP/KerberosSID@MYDOMAIN.COM' with algorithm 23 returned error

[2014.02.05 11:41:44.166][WARN ][sbus.exe            ][Kerberos    ][  7728]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.02.05 11:41:44.166][WARN ][sbus.exe            ][Kerberos    ][  7728] Getting kerberos ticket for 'SAP/KerberosSID@MYDOMAIN.COM' with algorithm  3 returned error

[2014.02.05 11:41:44.166][WARN ][sbus.exe            ][Kerberos    ][  7728]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.02.05 11:41:44.166][WARN ][sbus.exe            ][Kerberos    ][  7728] Getting kerberos ticket for 'SAP/KerberosSID@MYDOMAIN.COM' failed (user name is joe.smith@mydomain.com)

[2014.02.05 11:41:44.166][ERROR][sbus.exe            ][Kerberos    ][  7728] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service

Any ideas are appreciated!

Warm Regards, CM

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member197700
Participant
‎02-17-2014 3:38 PM
0 Kudos

Solution: 

With Netweaver Single Sign on 2.0, the Secure Login Client I think must be hardcoded to expect the prefix "SAP/".  In the example above, this would be SAP/KerberosSID. 

Using the instructions from the Netweaver sso videos (which are excellent):

https://scn.sap.com/docs/DOC-40310

The relevant section starts at minute 1:48 with adsi edit.  After adding SAP/KerberosSID to the servicePrincipalName attribute as described in the video, sso started working.

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎02-17-2014 7:50 AM
0 Kudos

Hello Clifton,

the error message "The security database on the server does not have a computer account for this workstation trust relationship." in the traces looks like a problem with the domain relationship of the windows system. You can try to remove and add the computer to the domain if you are able to do that (you need administrator rights to add it again).

Or the configuration on the ABAP server side is for another domain or an untrusted sub domain.

Unfortunately this microsoft error message is not really specific.

best regards

Alexander Gimbel

Show replies
Show replies
donka_dimitrova
Contributor
‎02-06-2014 9:57 AM
0 Kudos

Dear Clifton,

It seems you have a problem with the CNC parameter for the library on the client.  If you made the settings with a running SAP GUI it is possible that the parameter might not have been loaded correctly. You can try with a reboot of the client and if after the reboot you still see the same message please, provide some more details of the steps you followed.

Best Regards,

Donka Dimitrova

Show replies
Show replies
Former Member
‎04-02-2015 7:26 AM
0 Kudos

Good Morning

Same  error   facing  while   SAP GUI  SSO  ERROR  my  system    SAP  ERP 6. SR3  with ABAP stack

implemented SECURE Login Liberay 1.0 file   SP4

SLLIBERARY04_6-10010553.SAR

Please review  attach  screen shots

SAP  GUi ERROR

Tejas

Ask a Question