web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics NAV (Archived) / Wildcard Certificate P...
Microsoft Dynamics NAV (Archived)

Wildcard Certificate Problem between Web Server and Nav Server (2016)

(0) ShareShare
ReportReport
Posted on by Yukon 714

Hi Team,

I have face issue wildcard certificate validation fail between Web Server and Nav Server. We have use wildcard certificate for nav and web. The problem is web client has below issue when certificate validation during login.

Error accessing Website Microsoft Dynamics NAV 2016 Web Client
URL: nav.cronus.com.sg/.../SignIn.aspx
Type: Microsoft.Dynamics.Nav.Types.NavSecurityNegotiationException
Message: The Service Principal Name (Delegation) configuration has been set incorrectly. Server connect URL: "net.tcp://navapp.cronus.com.sg:7046/NAV90-AU/Service". SPN Identity: "DynamicsNAV/navapp.cronus.com.sg:7046"
The X.509 certificate CN=*.cronus.COM.SG, O=Cronus Pte Ltd, L=Singapore, C=SG is not in the trusted people store. The X.509 certificate CN=*.cronus.COM.SG, O=Cronus Pte Ltd, L=Singapore, C=SG chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation because the revocation server was offline.

1.Certificated is added on both server.

Computer Account\Personal\Certificate and Trusted Root Certificate\Certificate

2.DnsIdentity is added WebConfig

<add key="DnsIdentity" value="cronus.com.sg"/>

3.RTC can open from Web Server.

4.Use NavUserPassword

5.NAV2016 CU16 - AU

6.Web Server without join domain. Only App and Data join domain.

I would like to heard your suggestion on my issue.

Regards,

Yukon

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    dkatson Profile Picture
    dkatson 2,263 on at

    Hi,

    I can suggest you to follow this blog. This helped me with ssl certificate

    saurav-nav.blogspot.ru/.../microsoft-dynamics-nav-2017-create-sll.html

  • Verified answer
    gert@lynge.org Profile Picture
    gert@lynge.org on at

    Hi Yokon

    If you are running on a Windows Server 2016 with a "real trusted certificate" (and not a self-signed one) I've blogged about this exact issue and the solution (unfortunately in Danish) here: http://blog.systemconnect.dk/?p=1075

    The solution in short:

    Go to IIS, open Application Pools, select the Microsoft Dynamics NAV2017 Web Client Application Pool, open Advanced Settings. Find Process Model / Load User Profile and make sure it is False (default is True).

    The issue has already been reported to Microsoft by me [REG:117011215166449]. And I think they are planning to modify the NAV installer and/or online documentation.

    Btw: The Azure Gallery NAV-server is actually doing this modification in its powershell script (made by Freddy). That is why they are working without this problem...

  • Yukon Profile Picture
    Yukon 714 on at

    Hi Gert Lynge,

           It's work perfect after changed the setting. I suspect that not Windows 2016 issue. I more on think IIS default setting on different version. I tested with windows 2012 DC IIS 8.xx is working, i do not change any setting. Again, i used windows 10 and IIS 10.xxx but error is same as previous my question. MS should fixed it or write the documentation. Thanks for your help.

    Regards,

    Yukon

  • gert@lynge.org Profile Picture
    gert@lynge.org on at

    I agree. It depends on the IIS version (the one included in Windows Server 2016 and you are probably right - also in Windows 10. To my knowledge it is NOT a problem with earlier versions).

    But the setting has the same defaults on earlier IIS versions, so it is some internals in IIS or Windows certificate handling that have changed and is also controlled by this setting.

    The strange thing is that the Azure Gallery servers (made by Freddy from Freddys blog) has always been setting this in the initialize scripts (also om earlier Windows/IIS versions) - but it has not been causing problems for me earlier and I not sure if anybody knows why anymore (not even Freddy :-) - he helped me identifying the issue).

    To my knowledge is has never been documented and the NAV installer has never set it.

    As mentioned I've reported it to Microsoft earlier and I was told it is now on an internal bug list.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics NAV (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans