on 04-27-2016 8:27 PM
Hello,
We have a environment to provide connectivity to our remote users. They can join the local environment using RDP or VDI to connect to our systems when VPN access is not possible. Everything works well but when we activate the time-zone redirection feature SSO stops working if time-zone of the remote user is equal to or greater than 10 hours (as this is the lifetime of the Kerberos tickets).
Error we get is SNCERR_CONTEXT_EXPIRED.
I have already tried all the standard available solutions and a incident is already opened with SAP but so far no solution there.
I hope to get some help here.
Thanks.
Anand
After a lot of reading here and there we came to know that Microsoft Kerberos does not enforce security context expiration on message protection calls, so it is possible to completely disable security context lifetime reporting for gsskrb5.dll through this little registry tweak:
SubKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SAP\gsskrb5
Entry: ForceCtxNoExpire
Type: REG_DWORD
Value: 1 (default is 0)
Above mentioned registry key addition worked for us.
Thanks you all.
Kind Regards
Anand
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anand,
I am facing the same issue. Did you ever get a resolution on your issue?
Thanks,
Robin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tim,
I get the issue whether I'm logged directly into the Citrix server or through the host. In my case, I've been testing exclusively on the Citrix Server to try and resolve the issue. I've tested using the latest GUI and SNC libraries and turning off the Time-zone redirection is not something we can do.
Thanks for the response,
Robin
User | Count |
---|---|
95 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.