Skip to Content
0
Former Member
Jan 06, 2011 at 03:29 PM

SNC error: An operation failed at the GSS-API level. And EXTIDDATA=...

157 Views

Dear expert,

I have server SNC error between BW and BOE. BW user is already assigned as alias to AD user.

The PSE file of BOE is already readable to my AD service account user running SIA (only 1 SIA, so split scenario or multiple SIA is not used here). Below is the RFC trace.

rfcOpenHooked

destination <unknown>

mode 3

conopt 3 hostname MYBWSERVER.MYORGUNIT.MYORG.MYCOUNTRY

conopt 3 sysnr 0

conopt 3 use_l_bal 0

conopt 3 use_sapgui 0

client 200

language E

trace 0

L-GetCodePage (DEFAULT-CP) rc = 0: 4103

L-GetCodePage (PCS-CP) rc = 0: 1100

resize I/O buffer to 16000 bytes

>>>> [5] <unknown> : EXT <ac: 9> L MYBWSERVER.MYORGUNIT.MYORG.MYCOUNTRY >>> OPEN

UUID: ab_drvstate create uuid {909719E0-9481-F12F-AEB8-005056BB5FE7}

{ }_{ }_0-

0 { }_{ }_0- __0 Error in program 'crproc': ======> SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed Connect_PM GWHOST=MYBWSERVER.MYORGUNIT.MYORG.MYCOUNTRY, GWSERV=sapgw00, SYSNR=00 LOCATION CPIC (TCP/IP) on local host with Unicode ERROR SNCERR_GSSAPI TIME Thu Jan 06 21:19:18 2011 RELEASE 710 COMPONENT SNC (Secure Network Communication) VERSION 5 RC -4 DETAIL An operation failed at the GSS-API level COUNTER 10 >>>> [5] <unknown> : EXT <ac: 10> L MYBWSERVER.MYORGUNIT.MYORG.MYCOUNTRY >>> CLOSE abrfcio.c 628 -{909719E0-9481-F12F-AEB8-005056BB5FE7} { }_{ }_0- __0

==== Delta 0 0 LOG DROPPED

>>> RfcOpenEx ...

Got following connect_param string:

CLIENT=200 LANG=EN ASHOST=MYBWSERVER.MYORGUNIT.MYORG.MYCOUNTRY SYSNR=00 SNC_MODE=1 SNC_QOP=1 SNC_LIB=C:\sapcrypto\sapcrypto.dll SNC_PARTNERNAME=p:CN=MYBWSERVER,OU=MYORGUNIT,O=MYORG,C=MYCOUNTRY

SNC_MYNAME=p:CN=MYBOESERVER,OU=MYORGUNIT,O=MYORG,C=MYCOUNTRY EXTIDDATA=... EXTIDTYPE=UN

>>> RfcLastErrorEx

<<< RfcLastErrorEx

<<< RfcOpenEx failed

My questions are:

1.

If you notice, the EXTIDDATA is '...'. What could be the reason for this?

Someone solved this problem on this link below, but i'm still having the problem though i've done it like what he did.

SAP SNC Config and SNC Name

In CMC tab 'Authentication > SAP > Entitlement System':

i already left SNC name blank and use BW username 'CRYSTAL' and put the password.

I gave role CRYSTAL_ENTITLEMENT to that BW user 'CRYSTAL'. This role is created as per PDF Integration Kit given by Business Objects.

2. Do i need to run Tomcat using this service account as well? Currently only SIA is run using AD service account, Tomcat is run using local system account.

3. Is the SNC name below case-sensitive? Do we have to make the uppercase/lowercase exactly the same as in Private and Public Key?

And also not to put ' ' (space) after ',' (comma) as what we typed?

Because in tcode STRUST they always show it having ' ' (space), though i actually didn't put space when generating using sapgenpse.exe.

p:CN=MYBOESERVER,OU=MYORGUNIT,O=MYORG,C=MYCOUNTRY

Thank you very much.

Kind regards,

aswin