web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / NAV2016: Authenticatio...
Small and medium business | Business Central, N...
Suggested Answer

NAV2016: Authentication error for a web service since the windows server patch Jan 2022

(0) ShareShare
ReportReport
Posted on by FrankinBerlin 5

Hello,

we are running Navision 2016 on a windows server 2016 OS.

After installing the cumulate Patch from January 2022 our web service brings an error.
I found this: KB5011233: Protections in CVE-2022-21920 may block NTLM authentication if Kerberos authentication is not successful (microsoft.com)

It seems that we have a authentication problem. Because we have enabled NTLM inside the NAV instance.

But when I now disable NTLM it still will not work.

I can see inside the events errors from LSA:
"The program Microsoft.Dynamics.Nav.Server.exe, with the assigned process ID 10036, could not authenticate locally by using the target name HTTP/xxxxx:7147.
The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name."

It is still there. I put an SPN in for the Navision server, but has not worked.

Did anyone have the same problem or have an idea for the solution?

Best Regards
Frank


I have the same question (0)
  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 95,729 Super User 2025 Season 2 on at

    Hi, hope the information below can give you some new inspiration.

    https://stackoverflow.com/questions/52257656/authentication-for-nav-web-services-with-windows-user-over-http-basic-authentica

    https://cloudblogs.microsoft.com/dynamics365/it/2018/02/14/service-principal-names-spn-for-dynamics-nav-web-services/

    Thanks.

    ZHU

  • FrankinBerlin Profile Picture
    FrankinBerlin 5 on at

    Hi ZHU,

    thank you for your answer.

    It give me more ideas.

    But we have published a dns name for the webservice in the internet (nav2sm.xx.org) and we route via firewall them to the nav server (nav01.yy.intern).

    So the event say it comes an request from HTTP\nav2sm.xx.org.

    I set a SPN for nav2sm.xx.org and nav2sm. But it will not work.

    Also not a SPN for nav01.yy.intern and nav01.

    Now i want to redirect the traffic on the Firewall to nav01.yy.intern.

    I am trying.....;-)

    Do you have an idea more?

    Frank

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at

    Hello,

    There may be two issues here:

    Please verify this blog:

    docs.microsoft.com/.../accessing-server-locally-with-fqdn-cname-alias-denied

    It is still required if you are using a different url to get to the WebClient.

    The November 2021 patch for Windows has an issue. You need an out of band hot fix for it as it has an issue with the constrained kerberos authentication.

    Hope it helps.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,468

#2
YUN ZHU Profile Picture

YUN ZHU 923 Super User 2025 Season 2

#3
Sumit Singh Profile Picture

Sumit Singh 607

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans