Symptom
The following error is displayed when attempting to login to InfoView with a Vintela Single Sign-On configuration:
"HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException:
com.wedgetail.dim.spnego.server.SpegnoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Could not decrypt service ticket with Key type 3, KVNO 4, Principal
"HTTP/Servername.Domain@DOMAIN"
using key: Principal:
HTTP/SERVERNAME.DOMAIN@DOMAIN
Type: 1 TimeStamp: Day Mmm YY HH:MM:SS Timezone Year KVNO: -1 Key: [x,xx xx xx xx xx xx x xx ] Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem] [Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?] [Note: Since you are using DES rather than RC4, did you remember to reset the password in Active Directory after you did the SPN mapping for "HTTP/SERVERNAME.DOMAIN@DOMAIN"?
type Status report
message com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Could not decrypt service ticket with Key type 3, KVNO 4, Principal HTTP/Servername.domain@DOMAIN using key: Principal: HTTP/SERVERNAME.DOMAIN@DOMAIN Type: 1 TimeStamp: Day Mmm YY HH:MM:SS Timezone Year KVNO: -1 Key: [x,xx xx xx xx xx xx x xx ] Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem] [Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?] [Note: Since you are using DES rather than RC4, did you remember to reset the password in Active Directory after you did the SPN mapping for "HTTP/SERVERNAME.DOMAIN@DOMAIN"?] )
description The server encountered an internal error (com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Could not decrypt service ticket with Key type 3, KVNO 4, Principal "HTTP/Servername.domain@DOMAIN" using key: Principal: HTTP/SERVERNAME.DOMAIN@DOMAIN: 1 TimeStamp: Day Mmm YY HH:MM:SS Timezone Year KVNO: -1 Key: [x,xx xx xx xx xx xx x xx ] Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem] [Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?] [Note: Since you are using DES rather than RC4, did you remember to reset the password in Active Directory after you did the SPN mapping for "HTTP/SERVERNAME.DOMAIN@DOMAIN"?] )) that prevented it from fulfilling this request."
Read more...
Product
Keywords
Vintela SSO Krb AD SPN SetSPN , 3147957 , KBA , BI-BIP , Business intelligence platform , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.