Re: Error "No Header Cookie Found" while Configuring SSO22KerbMap ISAPI

Here is the log currently, I am waiting for the AD team to perform

setspn -A HTTP/SHAREPOINTSERVER.domain.com SHAREPOINTSERVER

But I thought someone might let me know if this will resolve the issue.

LOGS:

12:45:41 3180/5816 i Initialize: Cannot delete file C:\MOBILEDOCS\ISAPI\SSO22KerbMap_SSO.log: The process cannot access the file because it is being used by another process.

12:45:41 3180/5816 I SSO22KerbMap.dll 1.1.0.9 is initialized

                SSO22KerbMap configuration in C:\MOBILEDOCS\ISAPI\SSO22KerbMap.ini:

                  PseFile: C:\MOBILEDOCS\ISAPI\verify.pse

                  ServicePrincipalName: HTTP/SHAREPOINTSERVER.domain.com

                  FilterPriority: High

                  SSO2AccountAttribute: userPrincipalName

                  LogLevel: 3

                  Activated SSO logfile: C:\MOBILEDOCS\ISAPI\SSO22KerbMap_SSO.log

12:45:41 3180/5816 I ADSI Configuration for delegation on host SHAREPOINTSERVER:

                ServicePrincipalNames:

                  SMTPSVC/SHAREPOINTSERVER

                  SMTPSVC/SHAREPOINTSERVER.domain.com

                  WSMAN/SHAREPOINTSERVER

                  WSMAN/SHAREPOINTSERVER.domain.com

                  TERMSRV/SHAREPOINTSERVER

                  TERMSRV/SHAREPOINTSERVER.domain.com

                  RestrictedKrbHost/SHAREPOINTSERVER

                  HOST/SHAREPOINTSERVER

                  RestrictedKrbHost/SHAREPOINTSERVER.domain.com

                  HOST/SHAREPOINTSERVER.domain.com

                Delegation allowed to following SPNs:

                  HTTP/sharepointurl.domain.com:3008

                Delegation Flag:Use any authentication protocol: ACTIVE

12:45:42 3180/5816 I IMPORTANT: Check that the Virtual directory of your target application is running

                           on 'Integrated Windows Authentication'!

                ERROR! The SPN 'HTTP/SHAREPOINTSERVER.domain.com' configured in SSO22KerbMap.ini is not

                       defined for host SHAREPOINTSERVER.

                       Please check the configuration by calling 'setspn -l SHAREPOINTSERVER'.

                ERROR! The Trusted-to-Authenticate-for-Delegation flag is not set for SPN 'HTTP/SHAREPOINTSERVER.domain.com'.

                       Please check the SPN by calling 'setspn -l SHAREPOINTSERVER'.

                       If the SPN is well known, configure the Trusted-to-Authenticate-for-Delegation flag:

                       Open 'Active directory Users and Computers'. Choose <domain> -> 'Computers'.

                       Right-click 'SHAREPOINTSERVER' and choose 'Properties'.

                       Select 'Delegation' and 'Trust this computer for delegation to specified services only'.

                       Select 'Use any authentication protocol' and choose 'Add'.

                       Select 'Users or Computers' and enter SHAREPOINTSERVER as object name.

                       Add the ServicePrincipalName HTTP/SHAREPOINTSERVER.domain.com.

12:45:42 3180/5816 i OnPreprocHeaders: GET /_vti_bin/cmis/rest/FD8891D9-BC80-49F8-9CD4-36F64D406715?getRepositoryInfo HTTP/1.1

                     CACHE_CONTROL:no-cache

                     CONNECTION:close

                     DATE:Tue, 18 Mar 2014 01:45:41 GMT

                     PRAGMA:no-cache

                     ACCEPT:*/*

                     HOST:SHAREPOINTSERVER:3008

                     USER_AGENT:SAP J2EE Engine

                     MYSAPSSO2:AjExMDAM<long string>

                     SAP_CLIENT:000

                     SAP_PASSPORT:2A54482A0300E6000000000<long string>

12:45:42 3180/5816 i getAccountFromCookie: No header Cookie found

12:45:42 3180/5816 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2