Hi all:
I configure the Kerberos using SpNegoWizard.
After that I restart the EP7 in ibm aix.
I run the Diagtool, it checks my configure, and it does not print any warning or errors.
But when I run KERBTRAY in client machine, I found some strange things. Because my test users are using RemoteDesktop to login in EP. So when one test user login in the Remote Desktop in ADS, the Kerbtray util tool only display 2 Service Principal:
host/cn-sapdc01.cnsap.tst
krbtgt/CNSAP.TST
the cn-sapdc01 is the ADS server
cn-s-sapepq07.cn.test.com is the EP server
I access the Portal server in IE 7, there is no new service principal in Kerbtray tool. Is there something my configure wrong ?
I run ktpass and setspn like:
ktpass -princ host/cn-s-sapepq07.cn.test.com@CNSAP.TST -pass TestMe5So -out sap_svc3.keytab -mapUser j2ee-q09adm +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL
setspn -A HTTP/cn-s-sapepq07.cn.test.com j2ee-q09adm
setspn -A host/cn-s-sapepq07.cn.test.com j2ee-q09adm
for the Diagtool, it generate the output report like:
[1180359668151][May 28, 2007 9:41:08 PM ] - CLIENT: 2560, REQUEST:
{GET /irj/portal HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: cn-s-sapepq07.cn.abb.com:50100
Connection: Keep-Alive
Cookie: saplb_*=(J2EE14167500)14167550; JSESSIONID=(J2EE14167500)ID2049890150DB10367346751886666640End
[1180359668290][May 28, 2007 9:41:08 PM ] - CLIENT: 2560, REPLY:
{HTTP/1.1 200 OK
Server: SAP J2EE Engine/7.00
Content-Type: text/html; charset=UTF-8
Content-Language: zh-CN
expires: 0
Content-Encoding: gzip
Date: Mon, 28 May 2007 13:41:08 GMT
Transfer-Encoding: chunked
Set-Cookie: PortalAlias=portal; Path=/
[1180359675881][May 28, 2007 9:41:15 PM ] - CLIENT: 2816, REQUEST:
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /
Accept-Language: en-us
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)
[1180359675899][May 28, 2007 9:41:15 PM ] - CLIENT: 2816, REPLY:
Set-Cookie: saplb_*=(J2EE14167500)14167550; Version=1; Path=/
Content-Language: en-US
Date: Mon, 28 May 2007 13:41:15 GMT
Set-Cookie: JSESSIONID=(J2EE14167500)ID1304956950DB10359115125736143867End; Version=1; Domain=.cn.abb.com; Path=/
[1180359675926][May 28, 2007 9:41:15 PM ] - CLIENT: 3072, REQUEST:
{GET /irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_tradeshow/glbl/glbl_ie6.css?7.0.5.0.0 HTTP/1.1
Accept: /
Referer: http://cn-s-sapepq07.cn.abb.com:50100/irj/portal
Cookie: saplb_*=(J2EE14167500)14167550; PortalAlias=portal; JSESSIONID=(J2EE14167500)ID1304956950DB10359115125736143867End
[1180359675931][May 28, 2007 9:41:15 PM ] - CLIENT: 3072, REPLY:
Content-Type: text/css
Last-Modified: Tue, 03 Apr 2007 09:29:47 GMT
Cache-Control: max-age=86400
Content-Length: 5282
[1180359675963][May 28, 2007 9:41:15 PM ] - CLIENT: 3072, REQUEST:
{GET /irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_tradeshow/prtl_std/prtl_std_ie6.css?7.0.5.0.0 HTTP/1.1
[1180359675967][May 28, 2007 9:41:15 PM ] - CLIENT: 3072, REPLY:
Last-Modified: Tue, 03 Apr 2007 09:29:49 GMT
Content-Length: 440
[1180359676087][May 28, 2007 9:41:16 PM ] - CLIENT: 3072, REQUEST:
{GET /irj/portalapps/com.sap.portal.epcf.loader/script/optimize/js13_epcf.js?6.45000903 HTTP/1.1
[1180359676091][May 28, 2007 9:41:16 PM ] - CLIENT: 3072, REPLY:
Content-Type: application/x-javascript
Last-Modified: Tue, 03 Apr 2007 09:35:02 GMT
Content-Length: 12166
Date: Mon, 28 May 2007 13:41:16 GMT
[1180359680603][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REQUEST:
{GET /irj/portalapps/com.sap.portal.runtime.logon/css/logon.css HTTP/1.1
[1180359680603][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REQUEST:
{GET /irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/sap_tradeshow/ur/ur_ie6.css?7.0.5.0.0 HTTP/1.1
[1180359680606][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REPLY:
Last-Modified: Wed, 04 Apr 2007 09:38:04 GMT
Content-Length: 117
Date: Mon, 28 May 2007 13:41:20 GMT
[1180359680607][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REPLY:
Last-Modified: Tue, 03 Apr 2007 09:34:32 GMT
Content-Length: 24029
[1180359680667][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REQUEST:
{GET /irj/portalapps/com.sap.portal.runtime.logon/css/main2.css HTTP/1.1
[1180359680675][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REPLY:
Content-Length: 2620
[1180359680852][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REQUEST:
{GET /irj/portalapps/com.sap.portal.runtime.logon/js/basic.js HTTP/1.1
[1180359680855][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REPLY:
Content-Length: 739
[1180359680879][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REQUEST:
{GET /irj/portalapps/com.sap.portal.runtime.logon/layout/branding-image.jpg HTTP/1.1
[1180359680879][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REQUEST:
{GET /irj/portalapps/com.sap.portal.runtime.logon/layout/branding-text.gif HTTP/1.1
[1180359680881][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REPLY:
Content-Type: image/gif
Content-Length: 1866
[1180359680882][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REPLY:
Content-Type: image/jpeg
Content-Length: 25443
[1180359680909][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REQUEST:
{GET /irj/portalapps/com.sap.portal.runtime.logon/layout/sapLogo.gif HTTP/1.1
[1180359680911][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REPLY:
Content-Length: 1426
[1180359680919][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REQUEST:
{GET /irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/sap_tradeshow/common/label/3x1_label_designbar.gif?7.0.9.0.0 HTTP/1.1
[1180359680922][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REPLY:
Last-Modified: Tue, 03 Apr 2007 09:34:11 GMT
Content-Length: 43
[1180359681530][May 28, 2007 9:41:21 PM ] - CLIENT: 3072, REQUEST:
{GET /favicon.ico HTTP/1.1
[1180359681532][May 28, 2007 9:41:21 PM ] - CLIENT: 3072, REPLY:
{HTTP/1.1 404 Not Found
Pragma: no-cache
Cache-Control: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 1845
Date: Mon, 28 May 2007 13:41:21 GMT
101 lines
-
I do think there is some error configure in my ADS, Client side, right ?