cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

canonical name failed error

Former Member

on ‎08-22-2007 9:43 AM

0 Kudos

Hi all,

We are implementing SSO solution into our SAP infrastructure, but we are facing with SNC problem, while logging on to the system. The error that we faced determined, below;

N Wed Aug 22 11:31:24 2007

N ->> SncSessionInit(&snc_hdl=0433FC48)

N <<- SncSessionInit()==SAP_O_K

N out: &snc_hdl = 27B7D810

N ->> SncSessionAcceptor(snc_hdl=27B7D810, buf_size_hint=0)

N <<- SncSessionAcceptor()==SAP_O_K

N ->> SncProcessInput(snc_hdl=27B7D810, ibuf=06750048, ilen=202, &obuf=0433FD8C,

N &olen=0433FDA0, &backbuf=0433FD98, &backlen=0433FDC0)

N 'ibuf' (addr=06750048, len=202) full hexdump

N 0x00000 534e4346 52414d45 02050048 00000038 SNCFRAME ...H...8

N 0x00010 0000004a 0004002a 00000001 002a0004 ...J...* .....*..

N 0x00020 0401000c 060a2b06 01040185 36020102 ......+. ....6...

N 0x00030 00000014 59415341 525c434e 3d544f4c ....YASA R\CN=TOL

N 0x00040 4741414b 494e4349 6036060a 2b060104 GAAKINCI `6..+...

N 0x00050 01853602 01020101 4e544c4d 53535000 ..6..... NTLMSSP.

N 0x00060 01000000 078208a2 00000000 00000000 ........ ........

N 0x00070 00000000 00000000 0501280a 0000000f ........ ..(.....

N 0x00080 496e7465 726e616c 20534e43 2d416461 Internal SNC-Ada

N 0x00090 70746572 20285265 7620312e 30292074 pter (Re v 1.0) t

N 0x000a0 6f205341 50277320 4753532d 41504920 o SAP's GSS-API

N 0x000b0 7632206f 76657220 4e544c4d 28535350 v2 over NTLM(SSP

N 0x000c0 49292041 64617074 6572 I) Adapt er

N ->> SncPFrameIn(): state=DO_ACCEPT, role=ACCEPT, p_in->used=202

N UnFrame: (len=202, token=56, data=74, flags=0x002a) FR_INIT <<

N UnFrame: (ext_flags= 0x00000001, ext_len= 48)

N SncPFrameIn(): parsing of supplied

N canonical name failed (SNCERR_UNKNOWN_MECH)

N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3352]

N GSS-API(maj): A token was invalid

N Unable to establish the security context

N <<- SncProcessInput()==SNCERR_GSSAPI

M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 976]

M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 981]

M in_ThErrHandle: 1

M *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1, level 1) [thxxhead.c 10205]

We are trying to implement this on Win2K3 system which is not attached to an AD. Anyone has a suggestion about it?

Thank you.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

tim_alsop
Active Contributor
‎08-22-2007 10:05 AM
0 Kudos

Orkun,

If you are using the SAP gss-api Kerberos library on Windows server and on workstations then the server MUST be joined to domain.

If you are looking for a solution which does not require the server to be joined to the domain, please let me know and I will be pleased to help. I represent a company that provides Kerberos libraries for Windows and UNIX/Linux and our product does not require domain membership. You can contact me via my email in SDN business card.

Thanks,

Tim

Show replies
Show replies
Former Member
‎08-22-2007 11:54 AM
0 Kudos

Hi Tim,

Thank you for your response. We are using sapcrpyto.dll at server side and gssntlm.dll at client side. We are not using kerberos. Because of this, we can use SSO, cross domain. Am I right? Do you have further suggestions?

Thank you.

tim_alsop
Active Contributor
‎08-22-2007 12:01 PM
0 Kudos

Orkun,

You cannot use NTLM for client and x.509 for server. You need both client and server to talk the same language/protocol. If you want cross domain authentication then you need to use domain authentication protocol, and if you are using Active Directory this is best done with Kerberos, not NTLM.

Thanks,

Tim

Former Member
‎08-22-2007 12:25 PM
0 Kudos

Thank you. I configured gssntml.dll at server and client side, both. Now, in SU01, I am using "p:DOMAIN\USERNAME" notation and in SAP profile, "snc/identity/as = p:MACHINENAME\SAPServiceSID". Consequently, I faced the error, below;

N Wed Aug 22 14:12:45 2007

N ->> SncSessionInit(&snc_hdl=0433FC48)

N <<- SncSessionInit()==SAP_O_K

N out: &snc_hdl = 29FE11B0

N ->> SncSessionAcceptor(snc_hdl=29FE11B0, buf_size_hint=0)

N <<- SncSessionAcceptor()==SAP_O_K

N ->> SncProcessInput(snc_hdl=29FE11B0, ibuf=06750048, ilen=203, &obuf=0433FD8C,

N &olen=0433FDA0, &backbuf=0433FD98, &backlen=0433FDC0)

N 'ibuf' (addr=06750048, len=203) full hexdump

N 0x00000 534e4346 52414d45 02050049 00000038 SNCFRAME ...I...8

N 0x00010 0000004a 0004002a 00000001 002b0004 ...J...* .....+..

N 0x00020 0401000c 060a2b06 01040185 36020102 ......+. ....6...

N 0x00030 00000015 5053424e 5430315c 53415053 ....PSBN T01\SAPS

N 0x00040 45525649 43455053 42603606 0a2b0601 ERVICEPS B`6..+..

N 0x00050 04018536 02010201 014e544c 4d535350 ...6.... .NTLMSSP

N 0x00060 00010000 00078208 a2000000 00000000 ........ ........

N 0x00070 00000000 00000000 00050128 0a000000 ........ ...(....

N 0x00080 0f496e74 65726e61 6c20534e 432d4164 .Interna l SNC-Ad

N 0x00090 61707465 72202852 65762031 2e302920 apter (R ev 1.0)

N 0x000a0 746f2053 41502773 20475353 2d415049 to SAP's GSS-API

N 0x000b0 20763220 6f766572 204e544c 4d285353 v2 over NTLM(SS

N 0x000c0 50492920 41646170 746572 PI) Adap ter

N ->> SncPFrameIn(): state=DO_ACCEPT, role=ACCEPT, p_in->used=203

N UnFrame: (len=203, token=56, data=74, flags=0x002a) FR_INIT <<

N UnFrame: (ext_flags= 0x00000001, ext_len= 49)

N MakeFrame: (len=261, token=163, data=74, flags=0x002a) FR_ACCEPT >>

N <<- SncProcessInput()==SAP_O_K

N return values = "(no data) in=203, back=261, out=0"

N 'backbuf' (addr=2B9F6CD8, len=261) full hexdump

N 0x00000 534e4346 52414d45 04050018 000000a3 SNCFRAME ........

N 0x00010 0000004a 0004002a 6081a006 0a2b0601 ...J...* `....+..

N 0x00020 04018536 02010201 024e544c 4d535350 ...6.... .NTLMSSP

N 0x00030 00020000 000e000e 00380000 0005828a ........ .8......

N 0x00040 a274c859 17cbfa5b 51000000 00000000 .t.Y...[ Q.......

N 0x00050 004c004c 00460000 000502ce 0e000000 .L.L.F.. ........

N 0x00060 0f500053 0042004e 00540030 00310002 .P.S.B.N .T.0.1..

N 0x00070 000e0050 00530042 004e0054 00300031 ...P.S.B .N.T.0.1

N 0x00080 0001000e 00500053 0042004e 00540030 .....P.S .B.N.T.0

N 0x00090 00310004 000e0070 00730062 006e0074 .1.....p .s.b.n.t

N 0x000a0 00300031 0003000e 00700073 0062006e .0.1.... .p.s.b.n

N 0x000b0 00740030 00310000 00000049 6e746572 .t.0.1.. ...Inter

N 0x000c0 6e616c20 534e432d 41646170 74657220 nal SNC- Adapter

N 0x000d0 28526576 20312e30 2920746f 20534150 (Rev 1.0 ) to SAP

N 0x000e0 27732047 53532d41 50492076 32206f76 's GSS-A PI v2 ov

N 0x000f0 6572204e 544c4d28 53535049 29204164 er NTLM( SSPI) Ad

N 0x00100 61707465 72 apter

N ->> SncQueryFixProcess(snc_hdl=29FE11B0, &fix_process=0433FA4B)

N <<- SncQueryFixProcess()==SAP_O_K

N out: fix = "TRUE"

N ->> SncProcessInput(snc_hdl=29FE11B0, ibuf=06750048, ilen=291, &obuf=0433FD8C,

N &olen=0433FDA0, &backbuf=0433FD98, &backlen=0433FDC0)

N 'ibuf' (addr=06750048, len=291) full hexdump

N 0x00000 534e4346 52414d45 02050018 000000c1 SNCFRAME ........

N 0x00010 0000004a 0004002a 6081be06 0a2b0601 ...J...* `....+..

N 0x00020 04018536 02010201 034e544c 4d535350 ...6.... .NTLMSSP

N 0x00030 00030000 00180018 00800000 00180018 ........ ........

N 0x00040 00980000 000a000a 00480000 00160016 ........ .H......

N 0x00050 00520000 00180018 00680000 00000000 .R...... .h......

N 0x00060 00b00000 00058288 a2050128 0a000000 ........ ...(....

N 0x00070 0f590041 00530041 0052004f 0052004b .Y.A.S.A .R.O.R.K

N 0x00080 0055004e 00470045 00440049 004b0031 .U.N.G.E .D.I.K.1

N 0x00090 004f0052 004b0055 004e0047 00450044 .O.R.K.U .N.G.E.D

N 0x000a0 0049004b 004e0042 0075aa05 93e61e28 .I.K.N.B .u.....(

N 0x000b0 e0000000 00000000 00000000 00000000 ........ ........

N 0x000c0 00d96986 43d5119e 507e7b58 46aaf73a ..i.C... P~{XF..:

N 0x000d0 d1dc51af 1c61ca10 b0496e74 65726e61 ..Q..a.. .Interna

N 0x000e0 6c20534e 432d4164 61707465 72202852 l SNC-Ad apter (R

N 0x000f0 65762031 2e302920 746f2053 41502773 ev 1.0) to SAP's

N 0x00100 20475353 2d415049 20763220 6f766572 GSS-API v2 over

N 0x00110 204e544c 4d285353 50492920 41646170 NTLM(SS PI) Adap

N 0x00120 746572 ter

N ->> SncPFrameIn(): state=ACCEPTING, role=ACCEPT, p_in->used=291

N UnFrame: (len=291, token=193, data=74, flags=0x002a) FR_INIT <<

N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3352]

N GSS-API(maj): Miscellaneous Failure

N GSS-API(min): The logon attempt failed

N Unable to establish the security context

N <<- SncProcessInput()==SNCERR_GSSAPI

M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 976]

M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 981]

M in_ThErrHandle: 1

M *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1, level 1) [thxxhead.c 10205]

M Entering ThSetStatError

M ***LOG R68=> ThIRollBack, roll back () [thxxhead.c 13205]

What may be wrong? Thank you your feedbacks.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
‎08-29-2007 5:52 PM
0 Kudos

> I am using "p:DOMAIN\USERNAME" notation and in SAP profile, "snc/identity/as = p:MACHINENAME\SAPServiceSID".

That's the point: "MACHINENAME\SAPServiceSID" indicates that the ABAP server is running under a local account (not a domain account).

Ask a Question