/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Kerberos authentication sometimes fails in the NetWeaver ABAP with error message "The verification of Kerberos ticket failed" .
The CommonCryptoLib trace (SAP Note 1848999) shows that Service Account User Principal is different from the one in the SPNego UI. For example:
] Verifying ticket returned a2600204: Kerberos ticket decryption failed
] Ticket:
] Ticket version number: 5
] Realm: EXAMPLE.DOMAIN.COM
] Principal name (SPN):
] Name (type 2):SAP/SSO-SID
] Encrypted part:
] Key type: RC4 (23)
] Key version number: 2
] Cipher: <Not displayed>
] global keyTab:
] Service account (type 0):KerberosSID@EXAMPLE.DOMAIN.COM
but in the SPNEGO transaction, the Service Account configured is different:
*Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Read more...
Environment
- SAP NetWeaver Application Server ABAP
- SAP S/4HANA
- ABAP Platform
Product
Keywords
intermittent, intermittently, A2210217, The verification of Kerberos ticket failed, Kerberos, ABAP, a2600204, keytab, service account, user principal name , KBA , BC-IAM-SSO-SL , Secure Login , BC-SEC-LGN-SPN , SPNego for ABAP , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)