Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SSO no tab SNC SU01 transaction

Former Member
0 Kudos

Hi experts,

I want to install SSO with kerberos in R/3 system. I have install SAPSSO.msi and I have modify my instance profile with this parameters:

snc/permit_insecure_comm 1

snc/permit_insecure_start 1

snc/accept_insecure_rfc 1

snc/accept_insecure_gui 1

snc/accept_insecure_cpic 1

snc/enable 1

snc/gssapi_lib C:\WINDOWS\system32\gx64krb5.dll

snc/identity/as p:SAPServiceSVI@My Domain

I restart the instance but in SU01 I can't find SNC tab, this is the log of my dev_w0 file:

-


trc file: "dev_w0", trc level: 1, release: "700"

-


*

  • ACTIVE TRACE LEVEL 1

  • ACTIVE TRACE COMPONENTS all, MJ

*

B

B Wed Feb 27 12:05:25 2008

B create_con (con_name=R/3)

B Loading DB library 'G:\usr\sap\SVI\SYS\exe\run\dboraslib.dll' ...

B Library 'G:\usr\sap\SVI\SYS\exe\run\dboraslib.dll' loaded

B Version of 'G:\usr\sap\SVI\SYS\exe\run\dboraslib.dll' is "700.08", patchlevel (0.115)

B New connection 0 created

M sysno 00

M sid SVI

M systemid 562 (PC with Windows NT)

M relno 7000

M patchlevel 0

M patchno 95

M intno 20050900

M make: multithreaded, ASCII, 64 bit, optimized

M pid 5188

M

M kernel runs with dp version 224(ext=109) (@(#) DPLIB-INT-VERSION-224)

M length of sys_adm_ext is 360 bytes

M ***LOG Q0Q=> tskh_init, WPStart (Workproc 0 5188) [dpxxdisp.c 1301]

I MtxInit: 30000 0 0

M DpSysAdmExtCreate: ABAP is active

M DpSysAdmExtCreate: VMC (JAVA VM in WP) is not active

M DpShMCreate: sizeof(wp_adm) 38704 (944)

M DpShMCreate: sizeof(tm_adm) 49352672 (24664)

M DpShMCreate: sizeof(wp_ca_adm) 60000 (60)

M DpShMCreate: sizeof(appc_ca_adm) 120000 (60)

M DpCommTableSize: max/headSize/ftSize/tableSize=2000/16/2208048/2208064

M DpShMCreate: sizeof(comm_adm) 2208064 (1088)

M DpSlockTableSize: max/headSize/ftSize/fiSize/tableSize=0/0/0/0/0

M DpShMCreate: sizeof(slock_adm) 0 (104)

M DpFileTableSize: max/headSize/ftSize/tableSize=0/0/0/0

M DpShMCreate: sizeof(file_adm) 0 (72)

M DpShMCreate: sizeof(vmc_adm) 0 (1600)

M DpShMCreate: sizeof(wall_adm) (256048/346336/64/104)

M DpShMCreate: sizeof(gw_adm) 48

M DpShMCreate: SHM_DP_ADM_KEY (addr: 0000000010620050, size: 52388976)

M DpShMCreate: allocated sys_adm at 0000000010620050

M DpShMCreate: allocated wp_adm at 0000000010621AE0

M DpShMCreate: allocated tm_adm_list at 000000001062B210

M DpShMCreate: allocated tm_adm at 000000001062B270

M DpShMCreate: allocated wp_ca_adm at 000000001353C250

M DpShMCreate: allocated appc_ca_adm at 000000001354ACB0

M DpShMCreate: allocated comm_adm at 0000000013568170

M DpShMCreate: system runs without slock table

M DpShMCreate: system runs without file table

M DpShMCreate: allocated vmc_adm_list at 00000000137832B0

M DpShMCreate: allocated gw_adm at 0000000013783330

M DpShMCreate: system runs without vmc_adm

M DpShMCreate: allocated ca_info at 0000000013783360

M DpShMCreate: allocated wall_adm at 0000000013783370

X

X Wed Feb 27 12:05:26 2008

X EmInit: MmSetImplementation( 2 ).

X MM global diagnostic options set: 0

X <ES> client 0 initializing ....

X Using implementation view

X <EsNT> Using memory model view.

M <EsNT> Memory Reset disabled as NT default

X ES initialized.

M

M Wed Feb 27 12:05:27 2008

M ThInit: running on host ITSECDS0

M

M Wed Feb 27 12:05:41 2008

M calling db_connect ...

C CLIENT_ORACLE_HOME is not set as environment variable or

C DIR_CLIENT_ORAHOME is not set as profile parameter.

C assuming using instant client with unspecified location.

C Oracle Client Version: '10.2.0.1.0'

C Client NLS settings: AMERICAN_AMERICA.WE8DEC

C Logon as OPS$-user to get SAPR3's password

C Connecting as /@SVI on connection 0 (nls_hdl 0) ... (dbsl 700 250407)

C Nls CharacterSet NationalCharSet C EnvHp ErrHp ErrHpBatch

C 0 WE8DEC 1 000000001C7850B0 0000000006EFF1D0 0000000009995BD8

C Attaching to DB Server SVI (con_hdl=0,svchp=0000000009995A98,srvhp=000000001C795108)

C

C Wed Feb 27 12:05:43 2008

C Starting user session (con_hdl=0,svchp=0000000009995A98,srvhp=000000001C795108,usrhp=0000000006EFF9E8)

C Now '/@SVI' is connected (con_hdl 0, nls_hdl 0).

C Got SAPR3's password from OPS$-user

C Disconnecting from connection 0 ...

C Closing user session (con_hdl=0,svchp=0000000009995A98,usrhp=0000000006EFF9E8)

C Now I'm disconnected from ORACLE

C Connecting as SAPR3/<pwd>@SVI on connection 0 (nls_hdl 0) ... (dbsl 700 250407)

C Nls CharacterSet NationalCharSet C EnvHp ErrHp ErrHpBatch

C 0 WE8DEC 1 000000001C7850B0 0000000006EFF1D0 0000000009995BD8

C Starting user session (con_hdl=0,svchp=0000000009995A98,srvhp=000000001C795108,usrhp=0000000006EFF9E8)

C Now 'SAPR3/<pwd>@SVI' is connected (con_hdl 0, nls_hdl 0).

C Database NLS settings: AMERICAN_AMERICA.WE8DEC

C DB instance SVI is running on ITSECDS0 with ORACLE version 10.2.0.2.0 since FEB 26, 2008, 23:58:40

B Connection 0 opened (DBSL handle 0)

B Wp Hdl ConName ConId ConState TX PRM RCT TIM MAX OPT Date Time DBHost

B 000 000 R/3 000000000 ACTIVE NO YES NO 000 255 255 20080227 120541 ITSECDS0

M db_connect o.k.

M ICT: exclude compression: .zip,.cs,.rar,.arj,.z,.gz,.tar,.lzh,.cab,.hqx,.ace,.jar,.ear,.war,.css,.pdf,.js,.gzip,.uue,.bz2,.iso,.sda,.sar,.gif

I MtxInit: 0 0 0

M SHM_PRES_BUF (addr: 000000001CB20050, size: 20000000)

M SHM_ROLL_AREA (addr: 000007FFD78D0050, size: 268435456)

M SHM_PAGING_AREA (addr: 000000001DE40050, size: 134217728)

M SHM_ROLL_ADM (addr: 0000000025E50050, size: 2678942)

M SHM_PAGING_ADM (addr: 00000000260E0050, size: 525344)

M ThCreateNoBuffer allocated 324144 bytes for 1000 entries at 000000000FFA0050

M ThCreateNoBuffer index size: 3000 elems

M ThCreateVBAdm allocated 7440 bytes (50 server) at 000000000FFF0050

X EmInit: MmSetImplementation( 2 ).

X MM global diagnostic options set: 0

X <ES> client 0 initializing ....

X Using implementation view

X ES initialized.

B db_con_shm_ini: WP_ID = 0, WP_CNT = 41, CON_ID = -1

B dbtbxbuf: Buffer TABL (addr: 000000002B4D0160, size: 50000000, end: 000000002E47F1E0)

B dbtbxbuf: Buffer TABLP (addr: 000000002E480160, size: 30720000, end: 00000000301CC160)

B dbexpbuf: Buffer EIBUF (addr: 00000000301E0170, size: 20480000, end: 0000000031568170)

B dbexpbuf: Buffer ESM (addr: 0000000031570170, size: 4194304, end: 0000000031970170)

B dbexpbuf: Buffer CUA (addr: 0000000031980170, size: 5120000, end: 0000000031E62170)

B dbexpbuf: Buffer OTR (addr: 0000000031E70170, size: 4194304, end: 0000000032270170)

M CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.

S

S Wed Feb 27 12:05:44 2008

S *** init spool environment

S initialize debug system

T Stack direction is downwards.

T debug control: prepare exclude for printer trace

T new memory block 000000001C905E20

S spool kernel/ddic check: Ok

S using table TSP02FX for frontend printing

S 2 spool work process(es) found

S frontend print via spool service enabled

S printer list size is 150

S printer type list size is 50

S queue size (profile) = 300

S hostspool list size = 3000

S option list size is 30

S found processing queue enabled

S found spool memory service RSPO-RCLOCKS at 000000003A2500C0

S doing lock recovery

S setting server cache root

S found spool memory service RSPO-SERVERCACHE at 000000003A250B60

S using messages for server info

S size of spec char cache entry: 165024 bytes (timeout 100 sec)

S size of open spool request entry: 1192 bytes

S immediate print option for implicitely closed spool requests is disabled

A

A -PXA--


A PXA INITIALIZATION

A System page size: 4kb, total admin_size: 16452kb, dir_size: 16300kb.

A Attached to PXA (address 000007FFE7900050, size 400000K)

A abap/pxa = shared protect gen_remote

A PXA INITIALIZATION FINISHED

A -PXA--


A

A ABAP ShmAdm attached (addr=000007FF4668F000 leng=20955136 end=000007FF47A8B000)

A >> Shm MMADM area (addr=000007FF46A5B520 leng=261056 end=000007FF46A9B0E0)

A >> Shm MMDAT area (addr=000007FF46A9C000 leng=16707584 end=000007FF47A8B000)

A RFC Destination> destination ITSECDS0_SVI_00 host ITSECDS0 system SVI systnr 0 (ITSECDS0_SVI_00)

A RFC Options> H=ITSECDS0,S=00,d=1,

A RFC FRFC> fallback activ but this is not a central instance.

A

A RFC rfc/signon_error_log = -1

A RFC rfc/dump_connection_info = 0

A RFC rfc/dump_client_info = 0

A RFC rfc/cp_convert/ignore_error = 1

A RFC rfc/cp_convert/conversion_char = 23

A RFC rfc/wan_compress/threshold = 251

A RFC rfc/recorder_pcs not set, use defaule value: 1

A RFC rfc/delta_trc_level not set, use default value: 0

A RFC rfc/no_uuid_check not set, use default value: 0

A RFC rfc/bc_ignore_thcmaccp_retcode not set, use default value: 0

A RFC Method> initialize RemObjDriver for ABAP Objects

M ThrCreateShObjects allocated 42738 bytes at 000000003A370050

N SsfSapSecin: putenv(SECUDIR=G:\usr\sap\SVI\DVEBMGS00\sec): ok

N

N =================================================

N === SSF INITIALIZATION:

N ===...SSF Security Toolkit name SAPSECULIB .

N ===...SSF trace level is 0 .

N ===...SSF library is G:\usr\sap\SVI\SYS\exe\run\sapsecu.dll .

N ===...SSF hash algorithm is SHA1 .

N ===...SSF symmetric encryption algorithm is DES-CBC .

N ===...sucessfully completed.

N =================================================

N MskiInitLogonTicketCacheHandle: Logon Ticket cache pointer retrieved from shared memory.

N MskiInitLogonTicketCacheHandle: Workprocess runs with Logon Ticket cache.

M JrfcVmcRegisterNativesDriver o.k.

W =================================================

W === ipl_Init() called

B dbtran INFO (init_connection '<DEFAULT>' [ORACLE:700.08]):

B max_blocking_factor = 5, max_in_blocking_factor = 5,

B min_blocking_factor = 5, min_in_blocking_factor = 5,

B prefer_union_all = 0, prefer_join = 0,

B prefer_fix_blocking = 0, prefer_in_itab_opt = 1,

B convert AVG = 0, alias table FUPD = 0,

B escape_as_literal = 1, opt GE LE to BETWEEN = 0,

B select * =0x0f, character encoding =SBCS / <none>:-,

B use_hints = abap->1, dbif->0x1, upto->2147483647, rule_in->0,

B rule_fae->0, concat_fae->0, concat_fae_or->0

W ITS Plugin: Path dw_gui

W ITS Plugin: Description ITS Plugin - ITS rendering DLL

W ITS Plugin: sizeof(SAP_UC) 1

W ITS Plugin: Release: 700, [7000.0.95.20050900]

W ITS Plugin: Int.version, [33]

W ITS Plugin: Feature set: [12]

W ===... Calling itsp_Init in external dll ===>

W === ipl_Init() returns 0, ITSPE_OK: OK

W =================================================

E Replication is disabled

E EnqCcInitialize: local lock table initialization o.k.

E EnqId_SuppressIpc: local EnqId initialization o.k.

E EnqCcInitialize: local enqueue client init o.k.

M

M Wed Feb 27 12:05:47 2008

M SecAudit(RsauShmInit): WP attached to existing shared memory.

M SecAudit(RsauShmInit): addr of SCSA........... = 0000000009B50050

M SecAudit(RsauShmInit): addr of RSAUSHM........ = 0000000009B504A0

M SecAudit(RsauShmInit): addr of RSAUSLOTINFO... = 0000000009B504E0

M SecAudit(RsauShmInit): addr of RSAUSLOTS...... = 0000000009B504EC

S

S Wed Feb 27 12:07:43 2008

S found spool memory service RSPO-ACTIONS at 000000003A256A00

B

B Wed Feb 27 12:08:08 2008

B dbmyclu : info : my major identification is 169738772, minor one 0.

B dbmyclu : info : Time Reference is 1.12.2001 00:00:00h GMT.

B dbmyclu : info : my initial uuid is DCE5244265A802F18608005056963625.

B dbmyclu : info : current optimistic cluster level: 0

B dbmyclu : info : pessimistic reads set to 2.

A

A Wed Feb 27 12:10:49 2008

A TH VERBOSE LEVEL FULL

A ** RABAX: level LEV_RX_PXA_RELEASE_MTX entered.

A ** RABAX: level LEV_RX_PXA_RELEASE_MTX completed.

A ** RABAX: level LEV_RX_COVERAGE_ANALYSER entered.

A ** RABAX: level LEV_RX_COVERAGE_ANALYSER completed.

A ** RABAX: level LEV_RX_ROLLBACK entered.

A ** RABAX: level LEV_RX_ROLLBACK completed.

A ** RABAX: level LEV_RX_DB_ALIVE entered.

A ** RABAX: level LEV_RX_DB_ALIVE completed.

A ** RABAX: level LEV_RX_HOOKS entered.

A ** RABAX: level LEV_RX_HOOKS completed.

A ** RABAX: level LEV_RX_STANDARD entered.

A ** RABAX: level LEV_RX_STANDARD completed.

A ** RABAX: level LEV_RX_STOR_VALUES entered.

A ** RABAX: level LEV_RX_STOR_VALUES completed.

A ** RABAX: level LEV_RX_C_STACK entered.

A

A Wed Feb 27 12:10:50 2008

A ** RABAX: level LEV_RX_C_STACK completed.

A ** RABAX: level LEV_RX_MEMO_CHECK entered.

A ** RABAX: level LEV_RX_MEMO_CHECK completed.

A ** RABAX: level LEV_RX_AFTER_MEMO_CHECK entered.

A ** RABAX: level LEV_RX_AFTER_MEMO_CHECK completed.

A ** RABAX: level LEV_RX_INTERFACES entered.

A ** RABAX: level LEV_RX_INTERFACES completed.

A ** RABAX: level LEV_RX_GET_MESS entered.

A ** RABAX: level LEV_RX_GET_MESS completed.

A ** RABAX: level LEV_RX_INIT_SNAP entered.

A ** RABAX: level LEV_RX_INIT_SNAP completed.

A ** RABAX: level LEV_RX_WRITE_SYSLOG entered.

A ** RABAX: level LEV_RX_WRITE_SYSLOG completed.

A ** RABAX: level LEV_RX_WRITE_SNAP entered.

A ** RABAX: level LEV_SN_END completed.

A ** RABAX: level LEV_RX_SET_ALERT entered.

A ** RABAX: level LEV_RX_SET_ALERT completed.

A ** RABAX: level LEV_RX_COMMIT entered.

A ** RABAX: level LEV_RX_COMMIT completed.

A ** RABAX: level LEV_RX_SNAP_SYSLOG entered.

A ** RABAX: level LEV_RX_SNAP_SYSLOG completed.

A ** RABAX: level LEV_RX_RESET_PROGS entered.

A ** RABAX: level LEV_RX_RESET_PROGS completed.

A ** RABAX: level LEV_RX_STDERR entered.

A Wed Feb 27 12:10:50 2008

A

A ABAP Program CL_SWF_XI_CST_DISPATCH_JOB====CP .

A Source CL_SWF_XI_CST_DISPATCH_JOB====CM006 Line 30.

A Error Code RAISE_EXCEPTION.

A Module $Id: //bas/700_REL/src/krn/runt/abfunc.c#10 $ SAP.

A Function ab_jfune Line 2561.

A ** RABAX: level LEV_RX_STDERR completed.

A ** RABAX: level LEV_RX_RFC_ERROR entered.

A ** RABAX: level LEV_RX_RFC_ERROR completed.

A ** RABAX: level LEV_RX_RFC_CLOSE entered.

A ** RABAX: level LEV_RX_RFC_CLOSE completed.

A ** RABAX: level LEV_RX_IMC_ERROR entered.

A ** RABAX: level LEV_RX_IMC_ERROR completed.

A ** RABAX: level LEV_RX_DATASET_CLOSE entered.

A ** RABAX: level LEV_RX_DATASET_CLOSE completed.

A ** RABAX: level LEV_RX_RESET_SHMLOCKS entered.

A ** RABAX: level LEV_RX_RESET_SHMLOCKS completed.

A ** RABAX: level LEV_RX_ERROR_SAVE entered.

A ** RABAX: level LEV_RX_ERROR_SAVE completed.

A ** RABAX: level LEV_RX_ERROR_TPDA entered.

A ** RABAX: level LEV_RX_ERROR_TPDA completed.

A ** RABAX: level LEV_RX_PXA_RELEASE_RUDI entered.

A ** RABAX: level LEV_RX_PXA_RELEASE_RUDI completed.

A ** RABAX: level LEV_RX_LIVE_CACHE_CLEANUP entered.

A ** RABAX: level LEV_RX_LIVE_CACHE_CLEANUP completed.

A ** RABAX: level LEV_RX_END entered.

A ** RABAX: level LEV_RX_END completed.

A ** RABAX: end no http/smtp

A ** RABAX: end RX_BTCHLOG|RX_VBLOG

A Exception condition "CHECK_FAILED" raised..

A

Someone can help me?

thank you

1 ACCEPTED SOLUTION

tim_alsop
Active Contributor
0 Kudos

Hi,

There is no mention of snc being enabled in your dev_w0 trace file - are you sure you updated the instance profile as you suggested ? Perhaps you can check the profile file contents on the file system to be sure that your use of rz10 was successful.

In addition, I noticed you are using SAPServiceSVI@My Domain - the domain name needs to be without any spaces and in UPPER case. e.g. if your Windows domain = company then your snc/identity/as needs to end with @COMPANY

Thanks,

Tim

9 REPLIES 9

tim_alsop
Active Contributor
0 Kudos

Hi,

There is no mention of snc being enabled in your dev_w0 trace file - are you sure you updated the instance profile as you suggested ? Perhaps you can check the profile file contents on the file system to be sure that your use of rz10 was successful.

In addition, I noticed you are using SAPServiceSVI@My Domain - the domain name needs to be without any spaces and in UPPER case. e.g. if your Windows domain = company then your snc/identity/as needs to end with @COMPANY

Thanks,

Tim

Former Member
0 Kudos

Hi,

the parameter is set snc/identity/as p:SAPServiceSVI@CAMP-SAP so I think is right,

I have see that in SAPMMC after the start I have this warning:

Communications data: Could not send SLD data

This warning can help us?

tim_alsop
Active Contributor
0 Kudos

Can you check the contents of the profile on the file system to be sure you entered the correct snc/ parameters with = between the param name and value.

Thanks,

Tim

Former Member
0 Kudos

Yes they are

tim_alsop
Active Contributor
0 Kudos

If the parameters are correct in the profile when you start SAP system using mmc you will see Snc messages in the work process logs. Can you search all files in the work directory to see if you are getting any msgs related to Snc ?

Thanks,

Tim

tim_alsop
Active Contributor
0 Kudos

If the profile parameters are correct then you will see messages in dev_w0, but you are not - this is why I think you have not coded the parameters correctly.

These are messages I see in dev_w0 in my Windows SAP system:

N Wed Feb 27 12:49:58 2008
N  SncInit(): Initializing Secure Network Communication (SNC)
N        PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/64/64)
N  SncInit():   found snc/data_protection/max=3, using 3 (Privacy Level)
N  SncInit():   found snc/data_protection/min=2, using 2 (Integrity Level)
N  SncInit():   found snc/data_protection/use=3, using 3 (Privacy Level)
N  SncInit(): found  snc/gssapi_lib=c:\windows\system32\sncgss64.dll
N    File "c:\windows\system32\sncgss64.dll" dynamically loaded as GSS-API v2 library.
N    The internal Adapter for the loaded GSS-API mechanism identifies as:
N    Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
N  SncInit():   found snc/identity/as=p:sapW02/sapw02.dev.local@DEV.LOCAL
N  SncInit(): Accepting  Credentials available, lifetime=Indefinite
N  
N Wed Feb 27 12:49:59 2008
N  SncInit(): Initiating Credentials available, lifetime=07h 59m 59s

My instance profile params look like:

# SNC Params for CyberSafe TrustBroker
snc/enable=1
snc/gssapi_lib=c:\windows\system32\sncgss64.dll
snc/identity/as=p:sapW02/sapw02.dev.local@DEV.LOCAL
snc/data_protection/max = 3
snc/data_protection/min = 2
snc/data_protection/use = 3
snc/r3int_rfc_secure = 0
snc/r3int_rfc_qop = 8
snc/accept_insecure_cpic = 1
snc/permit_insecure_gui = 1
snc/accept_insecure_gui = 1
snc/accept_insecure_r3int_rfc = 1
snc/accept_insecure_rfc = 1
snc/permit_insecure_start = 1
snc/force_login_screen = 0
snc/extid_login_diag = 1
snc/extid_login_rfc = 1

Thanks,

Tim

Former Member
0 Kudos

Ok now I'm solved the problem thanks a lot for your attention.

Bye

Former Member
0 Kudos

Hi there,

How did you solve this? as I am facing the same problem. No SNC tab in SU01.

tim_alsop
Active Contributor
0 Kudos

Mihhajur,

You need to check the dev_w0 for the Snc error, fix it and then when SAP starts you will see the SNC tab in SU01.

Thanks,

Tim