Dear SAP Experts

We have stuck due to the below error. If any one can help to resolve the issue will be helpful.

Below the command and error details.

When we run >sapgenpse keytab -p SAPSNCSKERB.pse -y **** -a sso@GULFMEDICAL.COM

############################################################################# License Disclaimer

SAP Single Sign-On You are about to configure trust for single sign-on or SNC Client Encryption.

Please note that for single sign-on you require a license for SAP Single Sign-On. As exception,

the usage of SNC Client Encryption only without SSO is free as described in SAP Note 1643878.

#############################################################################

Please enter PSE PIN/Passphrase: ********** Please reenter PSE PIN/Passphrase: ********** !!! WARNING:

For security reasons it is recommended to use a PIN/passphrase !!! WARNING: which is at least 8 characters long and contains characters in !!! WARNING:

upper and lower case, numbers and non-alphanumeric symbols. keytab: Created new keyTab entry. keytab: KeyTab content stored:  

Version  Time stamp                 KeyType   Kerberos name          1  Sat Jun 18 17:12:24 2016   DES       sso@GULFMEDICAL.COM          1  Sat Jun 18 17:12:24 2016   AES128    sso@GULFMEDICAL.COM          1  Sat Jun 18 17:12:24 2016   AES256    sso@GULFMEDICAL.COM          1  Sat Jun 18 17:12:24 2016   RC4       sso@GULFMEDICAL.COM !!! WARNING: You have successfully managed the keyTab to accept kerberos based connections !!! WARNING: but you don't have a SNC server PSE containing an X.509 server certificate yet. !!! WARNING: Please create the PSE 'SNC SAPCRYPTOLIB' with ABAP Trust Manager. keytab: Created PSE /usr/sap/CRR/DVEBMGS55/sll/SAPSNCSKERB.pse. When we run > sapgenpse seclogin -l running seclogin with USER="crradm" 0 (LPS:OFF):          (LPS:OFF): /usr/sap/CRR/DVEBMGS55/sll/SAPSNCSKERB.pse

1 readable SSO-Credentials available

When we set the below parameter in /sapmnt/CRR/profile/CRR_DVEBMGS55_crm-ro:

snc/enable = 1 snc/gssapi_lib = $(DIR_INSTANCE)/exe/libsapcrypto.

so snc/identity/as = p:CN=sso@GULFMEDICAL.COM snc/accept_insecure_gui = 1

snc/accept_insecure_rfc = 1

snc/accept_insecure_cpic = 1

snc/permit_insecure_start = 1

snc/r3int_rf_qop = 8

snc/r3int_rf_secure = 0

snc/force_login_screen = 0

spnego/enable = 1

spnego/krbspnego_lib = $(DIR_INSTANCE)/exe/libsapcrypto.

so The system fails to start and we find the below in dev_w0:

N        UserId="crradm" (502), envvar USER="crradm" N  SncInit():   found snc/data_protection/max=3, using 3 (Privacy Level) N  SncInit():  

found snc/data_protection/min=2, using 2 (Integrity Level) N  SncInit():  

found snc/data_protection/use=9, using 3 (Privacy Level) N  SncInit():

found  snc/gssapi_lib=/usr/sap/CRR/DVEBMGS55/exe/libsapcrypto.so N   

File "/usr/sap/CRR/DVEBMGS55/exe/libsapcrypto.so"

dynamically loaded as GSS-API v2 library. N    SECUDIR="/usr/sap/CRR/DVEBMGS55/sec" (from APPLICATION) N   

The internal Adapter for the loaded GSS-API mechanism identifies as: N   

Internal SNC-Adapter (Rev 1.1) to CommonCryptoLib N    Product Version = CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.48 pl40 (Jan 26 2016) MT-safe N  SncInit():  

found:    snc/identity/as=p:CN=sso@GULFMEDICAL.COM N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1465] N       

GSS-API(maj): No credentials were supplied N      Could't acquire ACCEPTING credentials for N  N      name="p:CN=sso@GULFMEDICAL.COM" N   

FATAL SNCERR -- Accepting Credentials:    "sapsso"  (0x0003) not available! N      (debug hint: default acceptor = "p:CN=CRR, OU=I0020645532, O=SAP Web AS") N  <<- SncInit()==SNCERR_GSSAPI N           sec_avail = "false" M  ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c    238] M  *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c    240] M  in_ThErrHandle: 1 M  *** ERROR => SncInitU (step 1, th_errno 44, action 3, level 1) [thxxhead.c

Thank You,

Mohammad Nahid