ADS RFC Test Results: Forbidden

We recently ran into another issue with ADS on a different client site.
When running the Connection Test from SM59 for the ADS RFC, we came up with the result "Forbidden."

This will happen if you also get prompted for credentials when you call http://wsnavigator.
If this is the case, you will need to alter the security settings for the application/service.
Open your Visual Admin tool and to go Services>Security Provider.
Choose Policy Configuration > sap.com/com.sap.engine.services.webservices.tool~wsnavigator
Select the tab Security Roles. The applied security role for WSNavigatorRole needs to be "all."
The ADS RFC Connection in transaction SM59 should work now.

Hope this helps...

Single Sign-On within Citrix Metaframe...

I ran into a little bit of an issue today while trying to configure single sign-on (SSO) in an environment in which the SAPGui is used through Citrix Metaframe (CM). It was working fine from the server-side as well as from desktops with the SAPGui installed locally. However, through the CM I kept getting the following error while trying to utilize SSO:

--- Unable to load the GSS-API DLL named 'sncgss32.dll' ---

To make a long story short, sncgss32.dll is the default library used when one has not been specified via an environment variable (EV) in Windows. When SAPSSO.msi is executed, it creates a User EV tied to the user performing the install. In the CM environment, there is a different context for each user utilizing the application. So the fix was to create the System EV SNC_LIB and point it to the correct DLL in the system directory. This resolved the problem.

Hope this helps...