SAP Logon load balancing and Windows AD with SSO Kerberos Authentication

This steps explains on how to use logon load balancing with SSO and Win AD domain. The steps are very simple.

Basically you create different Windows domain accounts for all the application server and central instance. Generate the keytab file for the respective servers and create the certificate on the servers. Next edit the profile parameter to have the correct SNC name and restart the application servers.

From the windows clients, create a new entry from SAP Logon pad - Groups - generate the list. The list will be populated from transaction SMLG. Choose one of them click on add and logon. Click on the advanced tab and enable the SNC box. The SNC name will be automatically populated from the profile parameter. Make sure it has the host is message server and not the application server.

Now try to logon 2 things will happen.

1. Logon using SSO (Win AD authentication)

2. Load balancing (should go to the server based on the load balancing algorithm).