HI Tim,

here's what I got from dev_W0 regarding SNC. I couldn't find anywhere describing how to set up credentials for this service.

Thanks for your help,

Marco

SncInit(): Initializing Secure Network Communication (SNC)

N PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/32/32)

N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)

N SncInit(): found snc/data_protection/min=2, using 2 (Integrity Level)

N SncInit(): found snc/data_protection/use=9, using 3 (Privacy Level)

N SncInit(): found snc/gssapi_lib=C:\WINDOWS\system32\gsskrb5.dll

N File "C:\WINDOWS\system32\gsskrb5.dll" dynamically loaded as GSS-API v2 library.

N The internal Adapter for the loaded GSS-API mechanism identifies as:

N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2

N SncInit(): found snc/identity/as=p:SAPServiceERS@<DOMAIN>

N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1432]

N GSS-API(maj): No valid credentials provided (or available)

N GSS-API(min): SSPI u2u-problem: please add Service principal for own account

N Could't acquire ACCEPTING credentials for

N

N name="p:SAPServiceERS@<DOMAIN>"

M *** ERROR => ErrISetSys: error info too large [err.c 944]

M Mon Jun 02 10:30:34 2008

M LOCATION SAP-Server SAPSMSVR_ERS_00 on host SAPSMSVR (wp 0)

M ERROR GSS-API(maj): No valid credentials provided (or available)

M GSS-API(min): SSPI u2u-problem: please add Service principal for own a

M name="p:SAPServiceERS@<DOMAIN>"

M TIME Mon Jun 02 10:30:34 2008

M RELEASE 700

M COMPONENT SNC (Secure Network Communication)

M VERSION 5

M RC -4

M MODULE sncxxall.c

M LINE 1432

M DETAIL SncPAcquireCred

M SYSTEM CALL gss_acquire_cred

M ERRNO

M ERRNO TEXT

M DESCR MSG NO

M DESCR VARGS GSS-API(maj): No valid credentials provided (or available);;;;

M ;;;;GSS-API(min): SSPI u2u-problem: please add Service principal for own a;;;;

M ;;;;name="p:SAPServiceERS@<DOMAIN>"

M DETAIL MSG N

M DETAIL VARGS

M COUNTER 1

N SncInit(): Fatal -- Accepting Credentials not available!

N <<- ERROR: SncInit()==SNCERR_GSSAPI

N sec_avail = "false"

M ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c 230]

M *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c 232]

M in_ThErrHandle: 1

M *** ERROR => SncInitU (step 1, th_errno 44, action 3, level 1) [thxxhead.c 10380]

Hi Tim,

thanks for your promptly reply. The domain name is there in capital letters, but I had to take it out from the message because the FORUM was complaining about the e-mail address on the message ((user@DOMAIN).

You said: the user you start SAP under, needs to be a domain account and have the SPN mapped to it that you are using in snc/identity/as parameter. Could you explain to me what you mean with it? What is SPN?

Thanks again for your help,

Marco

Hi Tim,

We are having similar issues. In our case, the SAP server is not in the user domain (it's in a different one). Does that mean we can't use the SAP libraries? We are using 2003 and the SAP server domain trusts the account domain.

Also:

Our Kerberos Realm has the form: CORP.AD.COMP.ORG

The service user UPN is SAPServiceSID @ COMP.ORG

When I use SAPServiceSID @ CORP.AD.COMP.ORG in the snc/identity/as parameter, I get error "Caller is not the owner of the request".

When I use SAPServiceSID @ COMP.ORG, I don't get any error with the credentials. In this case I get "Specified target is unknown or unreac;;;"

Any help will be greatly appreciated.

Thanks.

Carlos

PS I put spaces around @ in order to be able to post this message