TREX crawler: Failed with 401 unauthorized / no assertion ticket - on production only

Hello,

here is a problem we encounter with TREX indexing portal KM repositories.

A) Dev System works fine, for example:

1. Indexing is triggered by "Redindexing" a queue

2. The queue starts working, the TREX monitor shows documents process across the several states (e.g. preprocessing) etc.

3. you can see from the portal log that the user index_service accesses the portal to retrieve content:

LOGIN.OK

User: index_service

IP Address: xxx.xx.xx.xx

Authentication Stack: ticket

Authentication Stack Properties:

logon_policy = default

Login Module Flag Initialize Login Commit Abort Details

1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok true true

[...]

#10 ume.configuration.active = true

2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL ok true

3. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok false

4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok true

5. com.sap.security.core.server.jaas.CreateTicketLoginModule REQUISITE ok false

Central Checks true

Logon policies are disabled

As you can see the EvaluateTicketLoginModule is successful for user index_service

B) Production System does not work

1. Indexing is triggered by "Redindexing" a queue

2. The queue starts working, the TREX monitor shows all documents size > 10 KByte fail in state "Preprocessing failed" / 401 unauthorized

3. The log on the TREX server shows that the crawler wants to access a certain KM document for content retrieval (with a correct access URL)

4. you can see from the portal log that the user index_service is not able to log on the portal to retrieve content:

User: N/A

IP Address: xxx.xx.xx.xx

Authentication Stack: ticket

Authentication Stack Properties:

logon_policy = default

Login Module Flag Initialize Login Commit Abort Details

1. com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule SUFFICIENT ok exception true Received no SAP Authentication Assertion Ticket.

[...]

2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL ok exception true SPNego authentication has failed during previous attempt.

3. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok false true

4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok false false

5. com.sap.security.core.server.jaas.CreateTicketLoginModule REQUISITE ok false true

No logon policy was applied

As you can see the error message during logon is "Recieved no SAP Authenticatino Assertion Ticket".

Of course we THINK that configuration of both systems is the same. But obviously this is not the case.

So Question:

What can cause the fact, that in case B) no assertion ticket is present at the requests from TREX?

What kind of configuration or difference can be the reason?

Best regards

Ingo