Skip to Content
0
Former Member
Nov 27, 2013 at 08:58 AM

SSO issue after kernel upgrade from 7.00 to 7.21 EXT

137 Views

Hi All,

I have recently upgraded the SAP Kernel for our Portal system from 7.00 to 7.21 EXT. The system landscape scenario runs like this:

- SAP Servers are installed on HP-UX 11.31

- Oracle DB is 11.2.0.3

- Clients are Windows 7

- SAPGui versions being used are 7.20 & 7.30

- Kernel upgraded from 7.00 to 7.21 EXT following Note 1713896

- SAP host agent installed following Note 1031096

- SAPCRYPTOLIB (720_EXT version) re-installed following Notes 397175 & 1375378

After upgrading the kernel, I came across a host of new entities e.g. user sapadm, usage of SAP host agent etc but was able to start up our SAP Portal system smoothly. However, the problem is that the Employee Self Service (ESS) tab which we were using successfully via SSO Windows authentication prior to the upgrade, has now started throwing an exception. When I click on the ESS tab, I get the following error.

**************************************************************************************************************

Caused by: com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed

Connect_PM TYPE=B MSHOST=nakeqas1 GROUP=DEFAULT R3NAME=EQA MSSERV=sapmsEQA SNC_MODE=1 SNC_QOP=3 SNC_MYNAME="p:CN=PQA, OU=I002xxxxxxx, OU=SAP Web AS, O=SAP Trust Community, C=DE" SNC_PARTNERNAME="p:CN=EQA, OU=I002xxxxxxx, OU=SAP Web AS, O=SAP Trust Community, C=DE" PCS=1

LOCATION CPIC (TCP/IP) on local host with Unicode

ERROR GSS-API(maj): No credentials were supplied

GSS-API(min): No credentials found for this name (not logged

on) (USER

name="p:CN=PQA, OU=I002xxxxxxx, OU=SAP Web AS, O=SAP Trust

Community, C=DE"

TIME Wed Nov 27 11:05:23 2013

RELEASE 721

COMPONENT SNC (Secure Network Communication)

VERSION 6

RC -4

MODULE sncxxall_mt.c

LINE 1445

DETAIL SncPAcquireCred

SYSTEM CALL gss_acquire_cred

COUNTER 1

**************************************************************************************************************

I came across Note 1525059 (Analysis of Problems Accessing a PSE via Credentials) but am unable to analyze what and where to look for.

All certificates, ticket, cred_v2 files etc. reside in their original location. None of the settings have been changed during the upgrade process. The one thing I figure is that SAPCRYPTOLIB was reinstalled during the kernel upgrade. Can this be what is causing the issue? And in case it is, do we have to follow the entire process of importing the certificates again? Because it seems illogical that SSO would start failing just because the kernel was upgraded.

Please help!

Kind regards,

Amer.