After SAProuter Cert Renewal

Hello All,

I have renewed saprouter cert and everyting seem work but cannot pass RFC SAPOSS.

and this is error in dev_rout. I just need to use Tcode SNOTE.

Wed Jul 16 15:51:52 2014

*** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1445]

      GSS-API(maj): No credentials were supplied

      GSS-API(min): No credentials found for this name (not logged on) (USER=SYSTEM)

    Could't acquire INITIATING credentials for

    name="p:CN=macdermid-asia, OU=0000195593, OU=SAProuter, O=SAP, C=DE"

<<- SncSessionInitiatorAK()==SNCERR_GSSAPI

  'target_acl_key' (addr=000000000CB9C9F4, len=86) full hexdump

  0x00000  00030401 00080606 2b240301 25010000  ........ +$..%...

  0x00010  00443042 310b3009 06035504 06130244  .D0B1.0. ..U....D

  0x00020  45310c30 0a060355 040a1303 53415031  E1.0...U ....SAP1

  0x00030  12301006 0355040b 13095341 50726f75  .0...U.. ..SAProu

  0x00040  74657231 11300f06 03550403 13087361  ter1.0.. .U....sa

  0x00050  70736572 7632                        pserv2          

*** ERROR => NiSncIInitHdlSecurity: SncSessionInitiatorAK failed (sncrc=-4;0000000002552770) [nisnc.c      1185]

*** ERROR => NiSncHandleForAddr C12/-1, 194.39.131.34 (rc=-17) [nirout.cpp   3275]

*** ERROR => NiRClientHandle: NiRExRouteCon for C12/-1 'ASSAPECCSDX' failed (rc=-17) [nirout.cpp   2653]

Wed Jul 16 15:52:50 2014

*** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1445]

      GSS-API(maj): No credentials were supplied

      GSS-API(min): No credentials found for this name (not logged on) (USER=SYSTEM)

    Could't acquire INITIATING credentials for

    name="p:CN=macdermid-asia, OU=0000195593, OU=SAProuter, O=SAP, C=DE"

<<- SncSessionInitiatorAK()==SNCERR_GSSAPI

  'target_acl_key' (addr=000000000CB9C9F4, len=86) full hexdump

  0x00000  00030401 00080606 2b240301 25010000  ........ +$..%...

  0x00010  00443042 310b3009 06035504 06130244  .D0B1.0. ..U....D

  0x00020  45310c30 0a060355 040a1303 53415031  E1.0...U ....SAP1

  0x00030  12301006 0355040b 13095341 50726f75  .0...U.. ..SAProu

  0x00040  74657231 11300f06 03550403 13087361  ter1.0.. .U....sa

  0x00050  70736572 7632                        pserv2          

*** ERROR => NiSncIInitHdlSecurity: SncSessionInitiatorAK failed (sncrc=-4;0000000002552770) [nisnc.c      1185]

*** ERROR => NiSncHandleForAddr C13/-1, 194.39.131.34 (rc=-17) [nirout.cpp   3275]

*** ERROR => NiRClientHandle: NiRExRouteCon for C13/-1 'ASSAPECCSDX' failed (rc=-17) [nirout.cpp   2653]

Seem work in saprouter checking:

C:\Users\Administrator>cd..

C:\Users>cd..

C:\>cd saprouter

C:\saprouter>sapgenpse get_my_name -v -n validity

Opening PSE "C:\saprouter\local.pse"...

PSE (v2) open ok.

Retrieving my certificate... ok.

Getting requested information... ok.

SSO for USER "Administrator"

  with PSE file "C:\saprouter\local.pse"

Validity  -  NotBefore:   Tue Jul 15 11:29:42 2014 (140715032942Z)

              NotAfter:   Fri Jan 01 08:00:01 2038 (380101000001Z)

C:\saprouter>sapgenpse get_my_name -v -n Issuer

Opening PSE "C:\saprouter\local.pse"...

PSE (v2) open ok.

Retrieving my certificate... ok.

Getting requested information... ok.

SSO for USER "Administrator"

  with PSE file "C:\saprouter\local.pse"

Issuer  : CN=macdermid-asia, OU=0000195593, OU=SAProuter, O=SAP, C=DE

C:\saprouter>sapgenpse get_my_name -v -n Issuer

Opening PSE "C:\saprouter\local.pse"...

PSE (v2) open ok.

Retrieving my certificate... ok.

Getting requested information... ok.

SSO for USER "Administrator"

  with PSE file "C:\saprouter\local.pse"

Issuer  : CN=macdermid-asia, OU=0000195593, OU=SAProuter, O=SAP, C=DE

C:\saprouter>sapgenpse seclogin -p local.pse -O svc-administrator

running seclogin with USER="Administrator"

ERROR in lookup_sid_by_username: (10/0x000a) LastError=1332: No mapping between

account names and security IDs was done.

C:\saprouter>sapgenpse seclogin -p local.pse -O svc-saprouter

running seclogin with USER="Administrator"

ERROR in lookup_sid_by_username: (10/0x000a) LastError=1332: No mapping between

account names and security IDs was done.

C:\saprouter>sapgenpse seclogin -p local.pse -O administrator

running seclogin with USER="Administrator"

creating credentials for user "MACDERMID-ASIA\Administrator" (yourself)...

Please enter PIN:

Adjusting credentials and PSE ACLs to include "MACDERMID-ASIA\Administrator"...

Oh, you supplied your own name explicitly ... ok.

   C:\saprouter\cred_v2  ... ok.

   C:\saprouter\local.pse  ... ok.

   C:\saprouter\SECUDIR\local.pse  ...

   C:\saprouter\SECUDIR\local.pse  ...

   C:\saprouter\SECUDIR\new.pse  ...

Updated SSO-credentials (#0) for PSE "C:\saprouter\local.pse"

Warning (for SNC): later/hidden SSO credentials with same DName:

1: CN=macdermid-asia, OU=0000195593, OU=SAProuter, O=SAP, C=DE

         C:\saprouter\SECUDIR\local.pse

      Options:  LIFETIME= Sat, 12 Jul 2014 07:05:37 (GMT)

                DIRACCESS=FALSE

                CRLCHECK=FALSE

   "CN=macdermid-asia, OU=0000195593, OU=SAProuter, O=SAP, C=DE"

C:\saprouter>saprouter -r -G routerlog -S 3299 -K "p:CN=macdermid-asia, OU=00001

95593, OU=SAProuter, O=SAP, C=DE"

trcfile  dev_rout

logfile  routerlog

WARNING: wildcard character used in route target