Could't acquire ACCEPTING credentials for name="p:CN=SLLServiceSM1"
I have downloaded the files and uncar'd them into my D:\usr\sap\SM1\SLL directory.
I set my environment variables: SUCDIR = D:\usr\sap\SM1\DVEBMGS02\sec, SNCLIB = D:\usr\sap\SM1\SLL\secgss.dll
I have maintained my Instance Profile with:
snc/enable = 1
snc/gssapi_lib = D:\usr\sap\SM1\SLL\secgss.dll
snc/identity/as = p:CN=SLLServiceSM1
snc/data_protection/max = 3
snc/data_protection/min = 2
snc/data_protection/use = 3
snc/r3int_rfc_secure = 0
snc/r3int_rfc_qop = 8
snc/accept_insecure_cpic = 1
snc/accept_insecure_gui = 1
snc/accept_insecure_rfc = 1
snc/permit_insecure_start = 1
snc/force_login_screen = 0
snc/accept_insecure_r3int_rfc = 1
snc/extid_login_diag = 1
snc/extid_login_rfc = 1
I have a user on the Active Directory: SLLServiceSM1
I ran through the steps:
D:\usr\sap\SM1\SLL>sapgenpse keytab -p SAPSNCSKERB.pse -a SLLServiceSM1@office.xxxxx.com (no errors)
D:\usr\sap\SM1\SLL>sapgenpse seclogin -p SAPSNCSKERB.pse -O SLLServiceSM1 (no errors)
D:\usr\sap\SM1\SLL>sapgenpse seclogin -l
(gives: running seclogin with USER="sm1adm" 0: CN=SLLServiceSM1@office.xxxxxx.com D:\usr\sap\SM1\DVEBMGS02\sec\SAPSNCSKERB.pse NOT readable for sm1adm NO readable SSO-Credentials available (total 1))
When I try to start SAP, it Stops and my trace reads:
SncInit(): Initializing Secure Network Communication (SNC)
N PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/64/64)
N GetUserName()="SAPServiceSM1" NetWkstaUser="SAPServiceSM1"
N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)
N SncInit(): found snc/data_protection/min=2, using 2 (Integrity Level)
N SncInit(): found snc/data_protection/use=3, using 3 (Privacy Level)
N SncInit(): found snc/gssapi_lib=D:\usr\sap\SM1\SLL\secgss.dll
N File "D:\usr\sap\SM1\SLL\secgss.dll" dynamically loaded as GSS-API v2 library.
N The internal Adapter for the loaded GSS-API mechanism identifies as:
N Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
N FileVersionInfo: D:\usr\sap\SM1\SLL\secgss.dll, FileVersion= 184.108.40.206
N SncInit(): found snc/identity/as=p:CN=SLLServiceSM1
N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1445]
N GSS-API(maj): No credentials were supplied
N Could't acquire ACCEPTING credentials for
N FATAL SNCERROR -- Accepting Credentials not available!
N (debug hint: default acceptor = "p:CN=DummyCredential")
N <<- SncInit()==SNCERR_GSSAPI
N sec_avail = "false"
Any input would be greatly appreciated.
Turns out there was a conflict between me SAProuter SNC configuration on this server and the SNC for SSO. Once I set the SNC SSO environment variables as 'user' variables (left the SAProuter variables as 'system') everything was fine.