cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP-SSO Configuration: WindowsServer 2016 / Windows10 with GUI 760: Specified target is unknown

former_member361867
Explorer

on ‎03-05-2021 11:36 AM

0 Kudos

Dear SAP-Expert,

I am trying to do the SAP-SSO-Configuration for GUI.

To explain my configuration here I am using symbolic names:

My SID is ABC

I have an AD User aduser@mydomain.xyz

My SAP Server is myserver@mydomain.xyz

My SAP-User is: mysapuser

My Windows User is: mysapuser@mydomain.xyz

my SAP Services are running with SAPServiceABC

(I tried also SAPServiceABC@mydomain.xyz)

SAP-GUI 760 Build 1902768

I set the SPNS for the AD-User:

SAP/ABC

HTTP/myserver@mydomain.xyz

I have:

Windows Server 2016 Standard 10.0.14393, VM Ware , x64

Frontend is Windows 10

SAP: NW 7.5-13

SAP_Basis 750-0013

CommonCryptolib 8.5.22

Kernel: 753 300

In SNCWizard I set the profile parameters:

snc/accept_insecure_cpic 1

snc/accept_insecure_gui 1

snc/accept_insecure_r3int_rfc

snc/accept_insecure_rfc 1

snc/data_protection/max

snc/data_protection/min

snc/data_protection/use

snc/enable 1

snc/extid_login_diag 1

snc/extid_login_rfc 1

snc/force_login_screen

snc/gssapi_lib S:\usr\sap\ABC\D00\exe\sapcrypto.dll

snc/identity/as p:CN=ABC

snc/log_unencrypted_rfc

snc/only_encrypted_gui

snc/only_encrypted_rfc

snc/permit_insecure_start 1

snc/r3int_rfc_qop

snc/r3int_rfc_secure

spnego/construct_SNC_name 111

spnego/enable 1

spnego/krbspnego_lib S:\usr\sap\ABC\D00\exe\sapcrypto.dll

In strust the SNC-Cryptolib has been created with:

CN=ABC

In SAPLogon-Entry for system ABC I set the SNC-Entry :

p:CN=ABC

I also set the snc for my sap-User:

p:CN=mysapuser@mydomain.xyz

I set my Kerberos Token to be used with SAP-SSO in SAP Secure Client:

p:CN=mysapuser@mydomain.xyz

Wenn I try to logon to system ABC I get this Error:

GSS-API(maj): Miscellaneus Failure

GSS-API(min): SSP::IniSctx#10==Specified target is unknown or unreac

target=”p:CN=ABC@mydomain.xyz”

Time ...

Component SNC(Secure Network Communication)

Release 753

Version 6

Module

D:/depot/bas/753_REL/src/krn/snc/sncxxall.c

Line 3604

Method SncPEstablishContext

Return Code -4

System Call gss_init_sec_context

Counter 25

It seems to me that It is adding my domain @mydomain.xyz to my p:CN=ABC - Entry and so it cannot find the target!

Does anybody have an Idea about this error? Why is the domain being added to my CN here at Logon time?

Thanks and Best Regards

Armin

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member361867
Explorer
‎03-08-2021 8:29 AM
0 Kudos

Dear Christopher,

Thank you very much for your help:

Can I send you the Traces in a more private way ? Maybe directly toyour email,... ?

Best Regards

Armin

Show replies
Show replies
ChrisPS
Contributor
‎03-06-2021 5:07 PM
0 Kudos

Hi - can you paste in the secure login client trace (sec-sbus-exe trace file ). Trace can be found from the secure login client File -> options -> tracing tab. Best to have the trace level on 'Developer Traces'.

Thanks

Chris

SAP Support

Show replies
Show replies
Ask a Question