The client has a server running SQL, a server running NAV Server, and a server running IIS/Web Client. There are 2 companies in the database and users from 2 different domains. We have both companies setup and working in NAV from a Windows Client (RTC) perspective. Users from either domain can log in and move around in the application. We setup the first web client instance to point to company A because it went live first. We setup a second web client instance to point to company B.
The users on domain A can log in to either web client instance. The users on domain B cannot log into either web client instance. The error comes back in the web client: A server error occurred, and the content cannot be displayed. Refresh the page or open a new browser window. Reviewing the event log on the web server shows: A server was not found at net.tcp://navserver:7046/DynamicsNAV70/Service. Either the URL is incorrect or the server is currently not available. Further down in the event viewer (on the same message), it says Message: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was 00:00:09.956 (almost 10 seconds).
I have increased the timeout on the database (File, Database, Alter, Advanced) from 10 seconds to 30, verified that the NAV Server instance has ClientServicesOperationTimeout and ClientServicesReconnectPeriod and SQLCommandTimeout are at MaxValue or 00:30:00 (30 minutes), and that the web client SessionTimeout is set to the default of 00:20:00 (20 minutes). We tried editing the files to reference the FQDN of the NAV Server and the IP address, but neither fixed the error and trying to reference the IP address actually broke the web client for the users on domain A.
When running the Windows Client (RTC) from the database server as a user from domain B, it takes 11 seconds to open the client and connect to the database, so I think if I can increase the local socket timeout past 10 seconds, I will be ok.
The domains are trusted but both of them have their own firewall and are managed by independent IT staffs. From what we can see, Windows Firewall is turned off for both domains and the ports 7045-7048 and 8080 are allowed through on both firewalls. We have restared all the services and even rebooted all 3 servers, but no matter what we do, users on domain B cannot log in to the web client. We even sent a domain A user to a domain B computer and had them log in with their domain A credentials and everything worked fine. Changing the web client to port 80 made no difference either as we shut down their existing default site for a few minutes to test.
Is there anything else I can check or any way to increase the socket timeout past 10 seconds? I would normally think that the SPNs and delegation are messed up, but the fact that the users can get into the Windows Client with no problem and that all domain A users can log into the web client would seem to indicate that the SPNs and delegation are working correctly.
*This post is locked for comments
Sorry I misunderstood the scenario. I thought the IIS was on a separate server.
This may be a stupid question but how is that different than the auto SPN generation done by the NAV installer? We started those steps yesterday and when I did the setspn -A ...., it told me I was going to create a duplicate SPN and it ended the process, so from what I can see, the SPNs are already setup.
Also, if the SPNs were not setup, wouldn't the web client fail for all users, not just those on 1 domain?
You need to setup SPN for the webclient. RTC in nav 2013 doesn't use delegation.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
André Arnaud de Cal... 291,240 Super User 2024 Season 2
Martin Dráb 230,104 Most Valuable Professional
nmaenpaa 101,156