Skip to Content
0
Mar 05, 2021 at 11:36 AM

SAP-SSO Configuration: WindowsServer 2016 / Windows10 with GUI 760: Specified target is unknown

210 Views

Dear SAP-Expert,

I am trying to do the SAP-SSO-Configuration for GUI.

To explain my configuration here I am using symbolic names:

My SID is ABC

I have an AD User aduser@mydomain.xyz

My SAP Server is myserver@mydomain.xyz

My SAP-User is: mysapuser

My Windows User is: mysapuser@mydomain.xyz

my SAP Services are running with SAPServiceABC

(I tried also SAPServiceABC@mydomain.xyz)

SAP-GUI 760 Build 1902768

I set the SPNS for the AD-User:

SAP/ABC

HTTP/myserver@mydomain.xyz

I have:

Windows Server 2016 Standard 10.0.14393, VM Ware , x64

Frontend is Windows 10

SAP: NW 7.5-13

SAP_Basis 750-0013

CommonCryptolib 8.5.22

Kernel: 753 300

In SNCWizard I set the profile parameters:

snc/accept_insecure_cpic 1

snc/accept_insecure_gui 1

snc/accept_insecure_r3int_rfc

snc/accept_insecure_rfc 1

snc/data_protection/max

snc/data_protection/min

snc/data_protection/use

snc/enable 1

snc/extid_login_diag 1

snc/extid_login_rfc 1

snc/force_login_screen

snc/gssapi_lib S:\usr\sap\ABC\D00\exe\sapcrypto.dll

snc/identity/as p:CN=ABC

snc/log_unencrypted_rfc

snc/only_encrypted_gui

snc/only_encrypted_rfc

snc/permit_insecure_start 1

snc/r3int_rfc_qop

snc/r3int_rfc_secure

spnego/construct_SNC_name 111

spnego/enable 1

spnego/krbspnego_lib S:\usr\sap\ABC\D00\exe\sapcrypto.dll

In strust the SNC-Cryptolib has been created with:

CN=ABC

In SAPLogon-Entry for system ABC I set the SNC-Entry :

p:CN=ABC

I also set the snc for my sap-User:

p:CN=mysapuser@mydomain.xyz

I set my Kerberos Token to be used with SAP-SSO in SAP Secure Client:

p:CN=mysapuser@mydomain.xyz

Wenn I try to logon to system ABC I get this Error:

GSS-API(maj): Miscellaneus Failure

GSS-API(min): SSP::IniSctx#10==Specified target is unknown or unreac

target=”p:CN=ABC@mydomain.xyz”

Time ...

Component SNC(Secure Network Communication)

Release 753

Version 6

Module

D:/depot/bas/753_REL/src/krn/snc/sncxxall.c

Line 3604

Method SncPEstablishContext

Return Code -4

System Call gss_init_sec_context

Counter 25

It seems to me that It is adding my domain @mydomain.xyz to my p:CN=ABC - Entry and so it cannot find the target!

Does anybody have an Idea about this error? Why is the domain being added to my CN here at Logon time?

Thanks and Best Regards

Armin