Show TOC

 Configuring the Application ServerLocate this document in the navigation structure

Restriction

The following configuration does not enable you to run SNC with encryption, and it does not provide data integrity. Here, SNC protects inbound RFC connections only.

  1. Copy the gssntlm.dll file to the following directory on your central instance:

    <DRIVE>:\USR\SAP\<SID>\SYS\EXE\RUN

    For more information on how to get the gssntlm.dll file see SAP Note 352295 Information published on SAP site.

  2. Set the environment variable SNC_LIB to the location of the library.
  3. In the central instance profile, set the following SNC parameters:
    • snc/data_protection/max = 1
    • snc/data_protection/min = 1
    • snc/data_protection/use = 1
    • snc/enable = 1
    • snc/gssapi_lib = (<DRIVE>:\USR\SAP\<SID>\SYS\EXE\RUN\<gssntlm.dll>)
    • snc/identity/as = p:<DOMAIN_NAME>\SAPService<SID>

      where SAPService<SID> is the user who runs the SAP system.

      and < DOMAIN_NAME> is the Windows NT domain of this user.

      Note

      Although you can freely choose the Windows NT account under which the SAP system runs, it is normally SAPService<SID>.

      Note

      If you use a local account for SAPService<SID>, most operations are successful. However, any operations or communications where the SAP system initiates SNC-protected communication to a remote machine do not work with a local account for SAPService<SID>. Therefore, use a domain account.

    Additional SNC Parameters

    The following profile parameters let you continue with password-based access to the SAP system when SNC has been enabled. To log on to the SAP system as an administrator to maintain the mapping of Windows user accounts to SAP system user IDs (user and client), you have to use these additional parameters at least once after enabling SNC. Once the mapping (at least for the administrator) has been entered, you can disable further password-based logons by removing the respective profile parameters.

    • snc/accept_insecure_cpic = 1
    • snc/accept_insecure_gui = 1
    • snc/accept_insecure_rfc = 1
    • snc/permit_insecure_start = 1

  4. Stop and restart the SAP system to activate the profile parameters. Changes to SNC profile parameters always require an application server restart to take effect.