Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

FATAL SNCERROR - GSS-API(maj): No credentials were supplied

Hi, I am configuring an SAP Single Sign-On 2.0 Based on Kerberos Tokens. I have already done every step mainly based on the videos that SAP provides to implement a SSO with Kerberos and following as well the implementation guide. However when I turn the parameter snc/enable from 0 to 1 and restart the server it gives me an error which I traced from the file dev_w0.

The error is the following:

N  SncInit(): Initializing Secure Network Communication (SNC)

N        PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/64/64)

N        GetUserName()="SAPServiceDG1"  NetWkstaUser="SAPServiceDG1"

N  SncInit():   found snc/data_protection/max=3, using 3 (Privacy Level)

N  SncInit():   found snc/data_protection/min=2, using 2 (Integrity Level)

N  SncInit():   found snc/data_protection/use=3, using 3 (Privacy Level)

N  SncInit(): found  snc/gssapi_lib=E:\usr\sap\DG1\DVEBMGS00\SLL\sapcrypto.dll

N    File "E:\usr\sap\DG1\DVEBMGS00\SLL\sapcrypto.dll" dynamically loaded as GSS-API v2 library.

N    SECUDIR="E:\usr\sap\DG1\DVEBMGS00\sec" (from $SECUDIR)

N    The internal Adapter for the loaded GSS-API mechanism identifies as:

N    Internal SNC-Adapter (Rev 1.1) to SAPCRYPTOLIB 5.x

N    Product Version = SAPCRYPTOLIB  5.5.5C pl35  (Mar 21 2013) MT-safe

N  SncInit():   found snc/identity/as=p:CN=SL-ABAP-DG1@<DOMAIN>.COM

N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [D:/depot/bas/74 1445]

N        GSS-API(maj): No credentials were supplied

N      Could't acquire ACCEPTING credentials for

N      name="p:CN=SL-ABAP-DG1@<DOMAIN>.COM"

N      FATAL SNCERROR -- Accepting Credentials not available!

N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [D:/depot/bas/74 1445]

N        GSS-API(maj): No credentials were supplied

N Thu Oct 15 12:05:51 2015

N      Could't acquire DEFAULT ACCEPTING credentials

N  *** ERROR =>     (debug hint: no default acceptor cred available)

N   [D:/depot/b 737]

N  <<- SncInit()==SNCERR_GSSAPI

N           sec_avail = "false"

M  ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c    272]

M  *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c    274]

M  in_ThErrHandle: 1

M  *** ERROR => SncInitU (step TH_INIT, thRc ERROR-SNC-OTHER ERROR IN SNC LAYER, action STOP_WP, level 1) [thxxhead.c   2422]

NOTE: Where is <DOMAIN> I replaced for the correct domain.

The parameters that I used are these:

snc/enable = 1

snc/gssapi_lib = E:\usr\sap\DG1\DVEBMGS00\SLL\sapcrypto.dll

snc/identity/as = p:CN=SL-ABAP-DG1

snc/data_protection/min = 2

snc/data_protection/max = 3

snc/data_protection/use = 3

snc/accept_insecure_gu = 1

snc/accept_insecure_rfc = 1

snc/accept_insecure_cpic = 1

snc/permit_insecure_start = 1

snc/r3int_rfc_qop = 8

snc/r3int_rfc_secure = 0

snc/force_login_screen = 0

Anyone have a clue about how to solve this error? I thought that it was due to the command to create file cred_v2 "sapgenpse seclogin -p SAPSNCSKERB.pse -O SAPServiceDG1" which SAP warning us about a possible conflict in Windows environment. However I tried to solve that by adding -N in the end of the command as SAP told us to do, but my Command Prompt says that the command with -N is unknown.

Tags:
Former Member
Former Member replied

Ok it is solved the problem was the incorrect system user. Instead of SAPServiceDG1 it was SNL\SAPServiceDG1.

0 View this answer in context

Helpful Answer

by
Not what you were looking for? View more on this topic or Ask a question