on 05-24-2005 7:56 AM
I have a problem with Kerberos SSO authentication in Windows 2003 server.EP send a SAP logon ticket to Browser as cookie MYSAPSSO2.LsaLogonUser handle is correct and there is an error in Kerberos protocol:
KDC_ERR_S_PRINCIPAL_UNKNOWN.
I have an WeBSite in IIS: WebDAV where I publishing a virtual directory in IIS.The KerbMap filter is installed correctly(green indicator).
I think there is a problem with SPN. My logon ID is testowy and this is parameter(UserPrincipalName) for user KUKA in WIN2003.I try to register for this account a SPN like http/orkan when "orkan" is a host name but it doesn't work.I still have an error KDC_ERR_S_PRINCIPAL_UNKNOWN.
I know that should be SPN like: service_class/host but which service class should I use? http? www? w3svc? or something else.
Best regards
Rafa³
Hi,
The SPN you can get with the Tool SETSPN.EXE.
The SPN it shows me was:
HOST/<server>.<domain>.de
But i have also the error:
KDC_ERR_S_PRINCIPAL_UNKNOWN
Did you find any solution?
Kind Regards
Matthias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
10 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.