Kerberos authentication sometimes fails in the NetWeaver ABAP and you can check the "The verification of Kerberos ticket failed." error message.
In the CommonCryptoLib trace (SAP Note 1848999), you notice that the Service Account User Principal is different from the one in the SPNego UI. For example:
] Verifying ticket returned a2600204: Kerberos ticket decryption failed
] Ticket version number: 5
] Realm: EXAMPLE.DOMAIN.COM
] Principal name (SPN):
] Name (type 2):SAP/SSO-SID
] Encrypted part:
] Key type: RC4 (23)
] Key version number: 2
] Cipher: <Not displayed>
] global keyTab:
] Service account (type 0):KerberosSID@EXAMPLE.DOMAIN.COM
but in the SPNEGO transaction, the Service Account configured is different:
- SAP NetWeaver ABAP release independent
- SAP Single Sign-On Product 2.0
- SAP Single Sign-On Product 3.0
intermittent , KBA , BC-IAM-SSO-SL , Secure Login , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.