Skip to Content
author's profile photo Former Member
0
Former Member
Oct 04, 2016 at 01:58 PM

SNC Error: Key version number for principal in key table is incorrect

471 Views

Hi experts,

I am configuring SSO with Kerberos, in a AS/400.

It seems all workf ine, the SAP system is started without problem, but, when I try lo login with a user activating the SSO in SAPGui, appear a popup with the error:

"Error en Security Network Layer (SNC)"

and, If I checked the trace for the wp, appear;

N Tue Oct 4 15:54:03 2016

N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3563]

N GSS-API(maj): Miscellaneous failure

N GSS-API(min): Key version number for principal in key table is incorrect

N Unable to establish the security context

N <<- SncProcessInput()==SNCERR_GSSAPI

M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 1035]

M {root-id=57F3154F6D5F2DEBE1008003C0A800DA}_{conn-id=00000000000000000000000000000000}_0

M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 1040]

M {root-id=57F3154F6D5F2DEBE1008003C0A800DA}_{conn-id=00000000000000000000000000000000}_0

M in_ThErrHandle: 1

M *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1, level 1) [thxxhead.c 11560]

M {root-id=57F3154F6D5F2DEBE1008003C0A800DA}_{conn-id=00000000000000000000000000000000}_0

M DpVmcGetVmByTmAdm: no VM found for T22/M0/I0 (locked VMs ignored)

How can solved? During the startup all is ok:

SncInit(): Initializing Secure Network Communication (SNC)

IBM i with OS400 (st,ascii,SAP_UC/size_t/void* = 8/64/64)

UserId="deb00" (121), envvar USER="DEB00"

SncInit(): found snc/data_protection/max=1, using 1 (Authentication Level)

SncInit(): found snc/data_protection/min=1, using 1 (Authentication Level)

SncInit(): found snc/data_protection/use=1, using 1 (Authentication Level)

SncInit(): found snc/gssapi_lib=/lib/libgssapi_krb5.a(libgssapi_krb5.a.so)

File "/lib/libgssapi_krb5.a(libgssapi_krb5.a.so)" dynamically loaded as GSS-API v2 library.

The internal Adapter for the loaded GSS-API mechanism identifies as:

Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2

SncInit(): found: snc/identity/as=p:krbsvr400/sap.domain.com.es@DOMAIN.COM.ES

SncInit(): Accepting Cred: "krb5" (0x0002) ok, lifetime=Indefinite

SncInit(): Initiating Cred: "krb5" (0x0002) ok, lifetime=Expired

SNC (Secure Network Communication) enabled

Thanks in advance,

Regards,