2011 Jul 19 1:41 PM
Hi Experts,
We have configured SP Nego for SSO and it works fine from all machines except the POS clients which runs on OS - Windows XP Professional SP 3.And it doesn't occur all the time but sometimes.
SAP Note 934138 - IE browser sends NTLM token instead of Kerberos) says that only Windows XP SP2 has a microsoft bug
and sends NTLM Token but here we are getting for SP3 as well.
Collected the Web Dialog tool and Yatt tool traces for successful scenarios of otehr PCs and failure cases from POS clients.
From them it is visible that in the POS case the SPNEGO authentication does not succeed because AS Java
had received an NTLM token, whereas in the other machines from Citrix case AS Java had received an SPNEGO token.
The same is confirmed by the YATT traces - in the POS case the value of the "Negotiate" authorization header starts with "TIRM..." and that is the indicator that it is an NTLM token, whereas in the other PCs from citrix case the same value starts with "YII..." which means it is an SPNEGO token.
Now the IE settings are same and as required in both the cases.
Appreciate if anyone can help in finding a solution and letting me know if there is a fix,patch etc available for such scenario.
Thanks
Priya
2011 Oct 20 12:23 PM
The problem was with the Active Directory Domain Controller.It was identified by MS .Customer's LDAP server was in mixed Environment and for SP Nego authentication to work ,we applied 2 Microsoft patches to the DC and that resolved the issue.
Regards,
Bishnu Priya Sahoo