Skip to Content
avatar image
Former Member

SAP NW 7.40 : SPNego authentication failed


I used SPNego on NW 7.01.

I have upgraded my system from NW7.01 to NW 7.40.

I have regenerated the spnego by SPNego Wizard.

I have recreated the entry spnego by offlinecfgeditor (template=spnego).....I had to delete it after upgrade to be able to connect to the system.

Now, I can't connect using SPNego :


User: N/A

IP Address:

Authentication Stack:*login

Authentication Stack Properties:

        policy_domain = /login

        realm_name = Upload Protected Area

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details

1.             SUFFICIENT  ok          false                 true      

        #1 trusteddn1 = CN=D39,OU=DSIRH,OU=DGRH,O=SAP Trust Community,C=DE

        #2 trustediss1 = CN=D39,OU=DSIRH,OU=DGRH,O=SAP Trust Community,C=DE

        #3 trustedsys1 = D39,000

        #4 = true

2.                     OPTIONAL    ok          exception             true      SPNego authentication has failed during previous attempt.

        #1 = false

        #2 = true


        #4 = krb5principalname

        #5 = simple

3.               SUFFICIENT  ok          false                 true      

        #1 = true

4.   REQUISITE   ok          false                 false     

5.               REQUISITE   ok          false                 true      

        #1 = true

No logon policy was applied

Can you help me?


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Apr 17, 2014 at 01:09 PM


    I would like to point out that the error you have provided "SPNego authentication has failed during previous attempt" does not show us why SPNego is failing. This means there is still references in the cache and the trace will not show us the real reason for failure.

    Please clear the browser cache then close all browser sessions

    Reproduce a logon with the security troubleshooting wizard again and paste the output here.



    Add comment
    10|10000 characters needed characters exceeded

  • Apr 17, 2014 at 08:16 AM

    Your stack looks wrong.

    Instead of:               SUFFICIENT   REQUISITE               REQUISITE

    I would expect to see:               SUFFICIENT   REQUISITE               OPTIONAL



    Add comment
    10|10000 characters needed characters exceeded

    • It was wrong in your old system as well as being wrong in new system.

      You might find that when SPNEGO fails and user id password is used instead that the user enters their password and it won't generate a logon ticket. This is why it needs to be correct.



  • Jun 10, 2014 at 11:07 AM

    Hello Chris,

    I am having the exact same problem, only the target stack is NW 7.31 instead of 7.4.

    Did you manage to solve this?

    If so, how?

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Chris,

      Thanks for the prompt answer.

      In my system, when I added the SPNegoLoginModule and went to the SPNego tab I already found the "old" Realm configured.

      So what you did was to "Remove" that realm recreating it reimporting the old keytab into the Wizard?



  • avatar image
    Former Member
    Jun 19, 2014 at 06:50 AM


    yes, I removed the old Realm, restarted the system and then launched SPNego wizard.

    After that, I have reimported the old keytab.


    Add comment
    10|10000 characters needed characters exceeded