- SAP Community
- Products and Technology
- Additional Q&A
- sapgui: SNC Required for This Connection when not ...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
sapgui: SNC Required for This Connection when not using sso
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 06-05-2015 2:29 AM
Hi gurus, After setting snc/accept_insecure_gui to 0, logon with a user id and password using sapgui is denied. A denial message "SNC Required for this connection" appears. The "Activate Secure Network Communication" box is checked in the saplogon Network tab.
When using single sign on with NTLM, the logon works fine. How can I get a secure SNC connection between sapgui and the SAP server when not using single sign on?
Warm Regards, CM
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Clifton
Just happened to stumble on this post, so sorry for joining late, but with regards to NTLM, you might want to have a look at Microsoft's own recommendation to not use that protocol:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Are you planning to continue using NTLM or move to using Kerberos ? Did you want user to be able to enter SAP user id and password or AD user id and password during logon to SAP but still have the SAP GUI session encrypted ?
Thanks
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I'm not 100% sure if NTLM supports SNC encryption or not. I am researching this for you and will let you know what I find. If you used Kerberos instead of NTLM then I know for sure that session encryption is possible and widely used.
If it is possible to use NTLM with encryption, and you have enabled encryption in saplogon.ini and in the snc/ instance profile parameters on the app server, then the session will be encrypted after the user has logged on. If you want to logon with SAP user and password and still use NTLM, then you can configure that in saplogon.ini or right click the entry in SAP Logon and select the option to logon without SSO.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I found the answer. In the SNC Users Guide in section 4.8.1 it says:
Microsoft's NTLMSSP provides a uni-directional authentication of the initiator (client) to the acceptor (server) only. It does not provide mutual authentication, and it does not offer data integrity or data privacy protection for the communication.
You can find this guide at ftp://ftp.sap.com/pub/icc/bc-snc40/SNC_User_Guide.pdf
So, you need to use a different SNC library that supports Kerberos or x.509. For keeping it simple and low cost I would suggest Kerberos.
Thanks
Tim
- How to Install SAP Cloud Connector on a Mac M2 chipset in Technology Q&A
- How to Install SAP Cloud Connector on a Mac M2 Processor in Technology Q&A
- SAC Analytic Application: Table calculation in Technology Q&A
- SAP BTP FAQs - Part 2 (Application Development, Programming Models and Multitenancy) in Technology Blogs by SAP
- Currency Translation in SAP Datasphere in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.