Skip to Content
avatar image
Former Member

SAP instance doesn't come up after setting up SNC

Dear all,

we're in the process of implementing SSO for SAP Application servers on our IBM AIX infrastructure.

We performed all the steps related to the intitial configuration as:

- installing the Kerberos client from the AIX Expansion DVD,

- configuring the Kerberos client making it point to our Windows Domain and Windows Domain Controller

- generating - via Windows AD tools - the keytab file

- importing the aforementioned keytab file into the proper AIX folder

- requesting the kerberos ticket through the "kinit -k (...)" command

- setting up the proper SAP profile parameters in order to enable the SAP instance to use SNC

 

Everything seemed to work fine on the Kerberos side; however, when we try to start up the instance, the procedure fails with the following error:

N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1439]

N        GSS-API(maj): Miscellaneous failure

N        GSS-API(min): No credentials cache found

 

What we don't get, is where the SAP system ( or the O.S. library ) try to look for the credential cache file; we - in fact - created the file in multiple copies aiming to try to solve the issue, saving them into:

- the SAP user home,

- the "/tmp" folder,

- the "/var/krb5/security/creds" folder ( where, by the way, it should reside by default),

- the DIR_HOME folder

 

None of the above folders, however, seemed to be the correct one, as the system - with the SNC parameters - still doesn't come up.

 

Could you please help us out?

 

If you need any infos or clarifications, feel free to ask.

 

We uploaded the dev_traces, in case you may want to take a look.

 

Best Regards,

Luciano Dei Rossi

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    May 16, 2012 at 12:20 PM

    <commercial spam removed by moderator>

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi,

      We had a very similar issue (see below the sapgui trace)  with NW SSO 2.0.

      @Luciano, did you solve it ?

        

      *** ERROR => SncPEstablishContext() failed for target='p:CN=XXXXX@yyyyyy.com' [sncxxall.c 3379]

      *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3345]

      GSS-API(maj): No credentials were supplied

      Unable to establish the security context

      target="p:CN=XXXXX@yyyyyy.com"

      <<- SncProcessOutput()==SNCERR_GSSAPI

      *** ERROR => TmIWrite: SncProcessOutput (SNCERR_GSSAPI) [dpxxtm.c 1782]

      *** ERROR => TmIConnect: TmIWrite [dpxxtm.c 948

  • avatar image
    Former Member
    Sep 06, 2012 at 07:02 PM

    Hello Luciano Dei Rossi

    How did you fixed the error

      *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1439]

    N        GSS-API(maj): No credentials were supplied

    N      Could't acquire ACCEPTING credentials for

    N

    N      name="p:CN=SAP/KerberosSS6@XXXX.COM"

    -Sid

    Add comment
    10|10000 characters needed characters exceeded