Skip to Content
Former Member
Jun 17, 2009 at 07:39 PM

SSO using windows kerbos by configuring SAP Front Ends automatically Win03


Hi Everyone,

We are trying to confogure SSO for our SAP Environment using AD on Windows2003 DC.

We are running SAPECC5 on Win200364bit with Oracle10.2 and we have only ABAP and no JAVA .

I tried to follow the steps configuring frontends individually and it worked fine.

Since we have many users we tried to do it using Domain Constroller as Group Policy but getting SNC errors.

I followed the below steps but even after the MSI file is installed on users meachines it is still showing the SNC error. I verified that Kerbos is installed , Dll files are created but getting SNC error.

.Can any one please provide the extact steps which need to be followed on domain to make it work successfully .

To define the Group Policy:

1. Log on to a front-end machine as domain administrator of the Windows 2000 domain.

2. Copy the program SAPSSO.MSI from the sapserv<x> directory

general/R3Server/binaries/NT/W2K to a shared directory.

3. From the Windows 2000 menu choose Start u2192 Programs u2192 Administrative tools u2192 Active

Directory Users and Computers.

The dialog box Active Directory Users and Computers appears.

4. Select the domain for which you want to set up Single Sign-On. Right-click and choose

Properties from the context menu.

The dialog box <Domain_Name> Properties appears.

5. On the Group Policy tab, choose New to access the dialog box for creating a new policy


6. Under Group Policy Object Links, enter a name for the new policy object, for example,

SAPSSO. Choose Edit to define the contents of the policy.

7. In the Group Policy Editor choose User Configuration u2192 Software Settings u2192 Software


The Deploy Software dialog box opens.

8. Right-click and choose New u2192 Package from the context menu.

The Open dialog box appears.

9. Select the file SAPMSSO.MSI from the shared location. Specify the path with the UNC name


10. Select Assign and confirm with OK.

You have now created a new Group Policy. The next time any user logs on to the domain with the

SAP front end, the wizard SAP Single Sign-On Support for Windows 2000 is started and

automatically prepares the front end for Single Sign-On.



Edited by: Pradeep Gali on Jun 17, 2009 9:55 PM