Sometimes SAP application fails to start with an error message " GSS-API(min): Permission denied in replay cache code"

Solution Verified - Updated -

Issue

  • SAP is configured with Kerberos. Windows 2008 AD is acting as KDC.

  • This is an intermittent problem that only occurs on randomly chosen SAP work processes. When SAP starts up, it starts up a few dozen work processes simultaneously (independent forked single-threaded processes). Each of these is calling gssapi_krb5. When they do that, it looks like each one attempts to update a datestamp or access information within the KRB5 ticket cache.

  • Here is the complete error message

N    File "/usr/lib64/libgssapi_krb5.so" dynamically loaded as GSS-API v2 library.
N    The internal Adapter for the loaded GSS-API mechanism identifies as:
N    Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
N  SncInit():   found snc/identity/as=p/krb5:SAPServiceBWP/na.rpchome.com@NA.RPCHOME.COM
N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1439]
N        GSS-API(maj): Unspecified GSS failure.  Minor code may provide more information
N        GSS-API(min): Permission denied in replay cache code
N      Could't acquire ACCEPTING credentials for
N      name="p:SAPServiceBWP/na.rpchome.com@NA.RPCHOME.COM"
N  SncInit(): Fatal    Accepting Credentials not available!

Environment

  • Red Hat Enterprise Linux 5.7
  • Kerberos
  • SAP

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content