Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Could't acquire ACCEPTING credentials for name="p:CN=SLLServiceSM1"

Hi all,

I am trying to configure SAP NetWeaver Single Sign-On for SAP GUI for Windows with Kerberos integration.

As <SID>adm

I have downloaded the files and uncar'd them into my D:\usr\sap\SM1\SLL directory.

I set my environment variables: SUCDIR = D:\usr\sap\SM1\DVEBMGS02\sec, SNCLIB = D:\usr\sap\SM1\SLL\secgss.dll

I have maintained my Instance Profile with:

snc/enable = 1

snc/gssapi_lib = D:\usr\sap\SM1\SLL\secgss.dll

snc/identity/as = p:CN=SLLServiceSM1

snc/data_protection/max = 3

snc/data_protection/min = 2

snc/data_protection/use = 3

snc/r3int_rfc_secure = 0

snc/r3int_rfc_qop = 8

snc/accept_insecure_cpic = 1

snc/accept_insecure_gui = 1

snc/accept_insecure_rfc = 1

snc/permit_insecure_start = 1

snc/force_login_screen = 0

snc/accept_insecure_r3int_rfc = 1

snc/extid_login_diag = 1

snc/extid_login_rfc = 1

I have a user on the Active Directory: SLLServiceSM1

I ran through the steps:

D:\>set SECUDIR=D:\usr\sap\SM1\DVEBMGS02\sec

D:\>cd D:\usr\sap\SM1\SLL

D:\usr\sap\SM1\SLL>sapgenpse keytab -p SAPSNCSKERB.pse -a SLLServiceSM1@office.xxxxx.com (no errors)

D:\usr\sap\SM1\SLL>sapgenpse seclogin -p SAPSNCSKERB.pse -O SLLServiceSM1 (no errors)

D:\usr\sap\SM1\SLL>sapgenpse seclogin -l  

(gives:  running seclogin with USER="sm1adm" 0: CN=SLLServiceSM1@office.xxxxxx.com D:\usr\sap\SM1\DVEBMGS02\sec\SAPSNCSKERB.pse NOT readable for sm1adm NO readable SSO-Credentials available (total 1))

When I try to start SAP, it Stops and my trace reads:

SncInit(): Initializing Secure Network Communication (SNC)

N        PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/64/64)

N        GetUserName()="SAPServiceSM1"  NetWkstaUser="SAPServiceSM1"

N  SncInit():   found snc/data_protection/max=3, using 3 (Privacy Level)

N  SncInit():   found snc/data_protection/min=2, using 2 (Integrity Level)

N  SncInit():   found snc/data_protection/use=3, using 3 (Privacy Level)

N  SncInit(): found  snc/gssapi_lib=D:\usr\sap\SM1\SLL\secgss.dll

N    File "D:\usr\sap\SM1\SLL\secgss.dll" dynamically loaded as GSS-API v2 library.

N    The internal Adapter for the loaded GSS-API mechanism identifies as:

N    Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2

N    FileVersionInfo: D:\usr\sap\SM1\SLL\secgss.dll, FileVersion= 8.4.1.32

N  SncInit():   found snc/identity/as=p:CN=SLLServiceSM1

N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1445]

N        GSS-API(maj): No credentials were supplied

N      Could't acquire ACCEPTING credentials for

N      name="p:CN=SLLServiceSM1"

N      FATAL SNCERROR -- Accepting Credentials not available!

N      (debug hint: default acceptor = "p:CN=DummyCredential")

N  <<- SncInit()==SNCERR_GSSAPI

N           sec_avail = "false"

Any input would be greatly appreciated.

Thanks,

Diana

Former Member
Former Member replied

Turns out there was a conflict between me SAProuter SNC configuration on this server and the SNC for SSO. Once I set the SNC SSO environment variables as 'user' variables (left the SAProuter variables as 'system') everything was fine.

Thanks,

Diana

0 View this answer in context

Helpful Answer

by
Not what you were looking for? View more on this topic or Ask a question