SAP Knowledge Base Article - Preview

2785127 - Kerberos authentication in the NetWeaver ABAP fails intermittently


Kerberos authentication sometimes fails in the NetWeaver ABAP and you can check the "The verification of Kerberos ticket failed." error message.
In the CommonCryptoLib trace (SAP Note 1848999), you notice that the Service Account User Principal is different from the one in the SPNego UI. For example:

] Verifying ticket returned a2600204: Kerberos ticket decryption failed
] Ticket:
] Ticket version number: 5
] Principal name (SPN):
] Name (type 2):SAP/SSO-SID
] Encrypted part:
] Key type: RC4 (23)
] Key version number: 2
] Cipher: <Not displayed>
] global keyTab:
] Service account (type 0):KerberosSID@EXAMPLE.DOMAIN.COM

but in the SPNEGO transaction, the Service Account configured is different: 




  • SAP NetWeaver ABAP release independent
  • SAP Single Sign-On Product 2.0
  • SAP Single Sign-On Product 3.0


SAP NetWeaver all versions ; SAP Single Sign-On 2.0 ; SAP Single Sign-On 3.0


intermittent , KBA , BC-IAM-SSO-SL , Secure Login , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.