Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics NAV (Archived)

Wildcard Certificate Problem between Web Server and Nav Server (2016)

(0) ShareShare
ReportReport
Posted on by 714

Hi Team,

I have face issue wildcard certificate validation fail between Web Server and Nav Server. We have use wildcard certificate for nav and web. The problem is web client has below issue when certificate validation during login.

Error accessing Website Microsoft Dynamics NAV 2016 Web Client
URL: nav.cronus.com.sg/.../SignIn.aspx
Type: Microsoft.Dynamics.Nav.Types.NavSecurityNegotiationException
Message: The Service Principal Name (Delegation) configuration has been set incorrectly. Server connect URL: "net.tcp://navapp.cronus.com.sg:7046/NAV90-AU/Service". SPN Identity: "DynamicsNAV/navapp.cronus.com.sg:7046"
The X.509 certificate CN=*.cronus.COM.SG, O=Cronus Pte Ltd, L=Singapore, C=SG is not in the trusted people store. The X.509 certificate CN=*.cronus.COM.SG, O=Cronus Pte Ltd, L=Singapore, C=SG chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation because the revocation server was offline.

1.Certificated is added on both server.

Computer Account\Personal\Certificate and Trusted Root Certificate\Certificate

2.DnsIdentity is added WebConfig

<add key="DnsIdentity" value="cronus.com.sg"/>

3.RTC can open from Web Server.

4.Use NavUserPassword

5.NAV2016 CU16 - AU

6.Web Server without join domain. Only App and Data join domain.

I would like to heard your suggestion on my issue.

Regards,

Yukon

*This post is locked for comments

  • RE: Wildcard Certificate Problem between Web Server and Nav Server (2016)

    I agree. It depends on the IIS version (the one included in Windows Server 2016 and you are probably right - also in Windows 10. To my knowledge it is NOT a problem with earlier versions).

    But the setting has the same defaults on earlier IIS versions, so it is some internals in IIS or Windows certificate handling that have changed and is also controlled by this setting.

    The strange thing is that the Azure Gallery servers (made by Freddy from Freddys blog) has always been setting this in the initialize scripts (also om earlier Windows/IIS versions) - but it has not been causing problems for me earlier and I not sure if anybody knows why anymore (not even Freddy :-) - he helped me identifying the issue).

    To my knowledge is has never been documented and the NAV installer has never set it.

    As mentioned I've reported it to Microsoft earlier and I was told it is now on an internal bug list.

  • Yukon Profile Picture
    Yukon 714 on at
    RE: Wildcard Certificate Problem between Web Server and Nav Server (2016)

    Hi Gert Lynge,

           It's work perfect after changed the setting. I suspect that not Windows 2016 issue. I more on think IIS default setting on different version. I tested with windows 2012 DC IIS 8.xx is working, i do not change any setting. Again, i used windows 10 and IIS 10.xxx but error is same as previous my question. MS should fixed it or write the documentation. Thanks for your help.

    Regards,

    Yukon

  • Verified answer
    RE: Wildcard Certificate Problem between Web Server and Nav Server (2016)

    Hi Yokon

    If you are running on a Windows Server 2016 with a "real trusted certificate" (and not a self-signed one) I've blogged about this exact issue and the solution (unfortunately in Danish) here: http://blog.systemconnect.dk/?p=1075

    The solution in short:

    Go to IIS, open Application Pools, select the Microsoft Dynamics NAV2017 Web Client Application Pool, open Advanced Settings. Find Process Model / Load User Profile and make sure it is False (default is True).

    The issue has already been reported to Microsoft by me [REG:117011215166449]. And I think they are planning to modify the NAV installer and/or online documentation.

    Btw: The Azure Gallery NAV-server is actually doing this modification in its powershell script (made by Freddy). That is why they are working without this problem...

  • Suggested answer
    dkatson Profile Picture
    dkatson 2,263 on at
    RE: Wildcard Certificate Problem between Web Server and Nav Server (2016)

    Hi,

    I can suggest you to follow this blog. This helped me with ssl certificate

    saurav-nav.blogspot.ru/.../microsoft-dynamics-nav-2017-create-sll.html

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Verified Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,391 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,445 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans