cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SNCERR_CONTEXT_EXPIRED during Citrix Timezone redirection

Former Member

on ‎04-27-2016 8:27 PM

0 Kudos

Hello,

We have a environment to provide connectivity to our remote users. They can join the local environment using RDP or VDI to connect to our systems when VPN  access is not possible. Everything works well but when we activate the time-zone redirection feature SSO stops working if time-zone of the remote user is equal to or greater than 10 hours (as this is the lifetime of the Kerberos tickets).

Error we get is SNCERR_CONTEXT_EXPIRED.

I have already tried all the standard available solutions and a incident is already opened with SAP but so far no solution there.


I hope to get some help here.


Thanks.


Anand

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-27-2016 2:24 PM
0 Kudos

After a lot of reading here and there we came to know that Microsoft Kerberos does not enforce security context expiration on message protection calls, so it is possible to completely disable security context lifetime reporting for gsskrb5.dll through this little registry tweak:

SubKey:  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SAP\gsskrb5

Entry:   ForceCtxNoExpire

Type:    REG_DWORD

Value:   1   (default is 0)

Above mentioned registry key addition worked for us.

Thanks you all.

Kind Regards

Anand

Show replies
Show replies
Former Member
‎07-29-2016 7:35 PM
0 Kudos

Thanks for the additional information Anand.  I did try the changes in our Citrix environment, and it didn't work. 

Best Regards,

Robin

Former Member
‎05-10-2016 3:50 AM
0 Kudos

Hi Anand,

I am facing the same issue.  Did you ever get a resolution on your issue?

Thanks,

Robin

Show replies
Show replies
tim_alsop
Active Contributor
‎05-10-2016 7:41 AM
0 Kudos

Robin

Which SNC library are you using on Citrix Server (same host as SAP GUI) and on host running AS ABAP ?

Thanks

TIm

Former Member
‎05-11-2016 9:03 PM
0 Kudos

Hi Tim,

I get the issue whether I'm logged directly into the Citrix server or through the host. In my case, I've been testing exclusively on the Citrix Server to try and resolve the issue.  I've tested using the latest GUI and SNC libraries and turning off the Time-zone redirection is not something we can do.

Thanks for the response,

Robin

Former Member
‎05-11-2016 9:49 PM
0 Kudos

Hello Robin,

No solution so far, after a lot of analysis issues seems to be related to SNC library provided by ouyr SSO provider. Waiting for them to update the DDL..

Anand

Former Member
‎05-11-2016 9:51 PM
0 Kudos

Robin,

from where you got the latest SNC library?

Anand

tim_alsop
Active Contributor
‎05-11-2016 11:05 PM
0 Kudos

Robin

I helped Anand confirm that the SNC library he is using was causing this issue. I showed him that using our SNC library that the problem doesn't occur. He is therefore waiting for his vendor to fix the issue in their library. <deleted by moderator>

Thanks

Tim

Former Member
‎05-13-2016 4:46 AM
0 Kudos

Hi Tim,

In working with the BASIS team, it looks like we have a similar issue where the SNC DLL is outdated.

Thank you for chiming in, as it helped confirm our findings.

Robin

Former Member
‎05-13-2016 4:48 AM
0 Kudos

Thanks for the info Anand.  Seems to be a similar issue for us as well.

Cheers, Robin

Ask a Question