Skip to Content
avatar image
Former Member

SNC: Problem implementing SNC on a system with multiple instances


So I followed this document (yes, one of my own creation) to implement SNC on our QA system.  Unlike our development/sandbox systems, our QA system has multiple application instances (two, to be exact).

The first instance starts up just fine.  The second one had this problem:

N  SncInit(): Initializing Secure Network Communication (SNC)

N        Solaris on SPARCV9 CPU (st,ascii,SAP_UC/size_t/void* = 16/64/64)

N  SncInit():   found snc/data_protection/max=3, using 3 (Privacy Level)

N  SncInit():   found snc/data_protection/min=2, using 2 (Integrity Level)

N  SncInit():   found snc/data_protection/use=3, using 3 (Privacy Level)

N  SncInit(): found  snc/gssapi_lib=/usr/sap/EQ1/D21/SLL/

N    File "/usr/sap/ /DXX/SLL/" dynamically loaded as GSS-API v2 library.

N    The internal Adapter for the loaded GSS-API mechanism identifies as:

N    Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2

N  SncInit():   found snc/identity/as=p:CN=SAP/Kerberos<SID>@<DOMAIN>

N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1439]

N        GSS-API(maj): No credentials were supplied

N      Could't acquire ACCEPTING credentials for


N      name="p:CN=SAP/Kerberos<SID>@<DOMAIN>"

N  SncInit(): Fatal -- Accepting Credentials not available!

N  <<- SncInit()==SNCERR_GSSAPI

N           sec_avail = "false"

M  ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c    235]

M  *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c    238]

M  in_ThErrHandle: 1

M  *** ERROR => SncInitU (step 1, th_errno 44, action 3, level 1) [thxxhead.c   11292]

Of note: I used the same value for "snc/identity/as" in each application instance.  They are also both using the same "Service Principal Name" in the Active Directory.

I read somewhere in my reading (I can't find where now) that you had to follow a different convention for "snc/identity/as" on systems where you have multiple instances.  Any ideas on this or the resolution to this problem?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Sep 11, 2013 at 02:11 PM

    This problem is resolved via OSS.

    Guilherme helped me realize I did not follow my own documentation.  This line was missing from the START profile of the second instance.


    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 09, 2013 at 01:53 PM

    By the way, the log snippet comes from /usr/sap/<SID>/<Instance>/work/dev_w0.  Sorry I forgot to specify this in the OP.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Patrick.

      I appreciate the reply.  Yes, <SID> and <DOMAIN> both contain appropriate values (and are all caps) but have been redacted by me -- although it appears I missed <SID> on one occasion 😉