Skip to Content

SNC error while opening olap report

Hi ,

We have install Business object 4.2 SP5 Patch 2 on Win2016 and SQL2016.

We have setup all 3 authentication to winad,sap,lDAP.We are able open webi report against our bw system.When we try to open Aolap report against same BW system connection it gives SNC error which is attached.We want to use kerberos with SNC.

If we disable the SNC from CMC reports opens up.

Surprisingly we found sap note. but we don't in what it will help us.

We want it to work with SNC.

olap-error.png (106.8 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Apr 02, 2018 at 12:56 PM

    You connection uses STS and can only use STS for authentication, this is the the way all 4.x applications work. SNC can still be used for SSO for legacy 3.x applications such as webi - unv or crystal 20xx but not for 4.x applications.

    However in 4.1 and 4.2 SNC has been used to encrypt STS communication this was done on various SAP notes most collected here . So when you enable SNC, BI is attempting to use the SNC to encrypt the STS communications. This encryption was developed and tested with only SAP crypto. If your BW system uses SNC other than SAPcrypto (as appears the case) you will probably need to open an issue with support and see if your type of SNC can be used.

    If SNC SSO is working (webi-unv) then it's just a question if that method can be used to encrypto the rest of BW communications of excluded. If SNC SSO is not working then as any version of SNC other than SAP crypto is not documented we'd have to find out if that is even supported 1st then test the STS once it is working.


    Add comment
    10|10000 characters needed characters exceeded

    • It's never been documented or tested to use any other library other than the crypto. The rule of thumb is if the SNC library is not SAP's sapcrypto and a customer is using 3rd party SNc, it's possibly it might work but the 3rd party vendor of SNC would need to provide any documentation, and raise any issues with SAP themselves if it doesn't work.

      If the kerberos library is SAP's I'm not sure how we would proceed, but it's unlikely it will work in the new configuration as the way it encrypts is kerberos specific and I'm not sure that can be used to encrypt the non kerberos traffice such as sapcrypto does.