Microsoft Kerberos SSP setup for ABAP and SAPGUI

Hello,

I'm trying to configure SSO from SAPGUI to SAP ABAP using Microsoft SSP and I'm running into issues. My information is as follows.

SAP Server: Windows 2008 R2

AD Domain Server: Windows 2008 R2

Domain Name: mydomain.net

SAP Startup Service User: mydomain.net\SAPServiceSID

For the service user I have tried multiple SPNs along with the corresponding entry in snc/identity/as in the instance profile but SAP fails to start with all of them:

SAP/SAPServiceSID

SAPServiceSID

SAPServiceSID @ mydomain.net (All caps and lower case for the domain/Kerberos Realm)

SAP/SAPServiceSID @ mydomain.net (All caps and lower case for the domain/Kerberos Realm)

What is the proper formatting for SPN/UPN?

What is the proper formating for snc/identity/profile?

Here is the error that I'm getting for all attempts?

SncInit(): Initializing Secure Network Communication (SNC)

N        PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/64/64)

N        GetUserName()="SAPServiceCBX"  NetWkstaUser="SAPServiceCBX"

N  SncInit():   found snc/data_protection/max=3, using 3 (Privacy Level)

N  SncInit():   found snc/data_protection/min=2, using 2 (Integrity Level)

N  SncInit():   found snc/data_protection/use=3, using 3 (Privacy Level)

N  SncInit(): found  snc/gssapi_lib=C:\Windows\SysWOW64\gx64krb5.dll

N    File "C:\Windows\SysWOW64\gx64krb5.dll" dynamically loaded as GSS-API v2 library.

N    The internal Adapter for the loaded GSS-API mechanism identifies as:

N    Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2

N    FileVersionInfo: InternalName= GX64KRB5-Release, FileVersion= 1.0.11.2

N  SncInit():   found snc/identity/as=p:SAP/SAPServiceSID @ mydomain.net

N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1445]

N        GSS-API(maj): No valid credentials provided (or available)

N        GSS-API(min): SSPI::IniSctx#1()==No credentials available in security package

N      Could't acquire ACCEPTING credentials for

N 

N      name="p:SAP/SAPServiceSID @ mydomain.net"

N      FATAL SNCERROR -- Accepting Credentials not available!

N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1445]

N        GSS-API(maj): Miscellaneous Failure

N        GSS-API(min): SSPI::AcqCredHdl(ACC)==No credentials available in security package

N      Could't acquire DEFAULT ACCEPTING credentials