Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics NAV (Archived) / Nav 2009 SP1 - 3 Tier ...
Microsoft Dynamics NAV (Archived)

Nav 2009 SP1 - 3 Tier Setup Issues

(0) ShareShare
ReportReport
Posted on by Rob Ellsworth

Hello everyone, 

I'm trying to setup a 3-tier installation following the Walkthough provided by Microsoft: ( https://msdn.microsoft.com/en-us/library/dd301254.aspx )

I have 2 machines currently setup. First is the SQL Server (omisqldev), and the second machine is the Web Services machine (ws1). Both machines are members of the EOMEGA domain, and I created 1 Domain User for use for both system's services (SQLAdmin). 

Here are the services for the Web Services server:

NavService.png

Here are the services for the SQL Server:

SQLService.png

Here is the Domain User for both services:

DomainUser.png

Here is the list of delegations, reported by setspn:

setspn_5F00_list.jpg

And this is the output of the Best Practices Analyser:

BestPractice.jpg

Unless I'm missing something, the MSSQLSvc/omisqldev.eomega.org SPN is defined for the service account user. I don't know what's missing in the setup.

When I try to connect from a third machine via Web Services, I am presented with a login screen.  After providing the credentials for a local account to WS1 (Domain Users didn't work) I get:

WS1_5F00_LogonFail.jpg

Anyone have any suggestions on where I should go next or what the missing piece to this puzzle is?

I have tried both WebServicesUseNTLMAuthentication = true and false in the CustomSettings.config for the Navision Service.

Thanks for taking the time to read this, 

- Rob

*This post is locked for comments

  • Rob Ellsworth Profile Picture
    Rob Ellsworth on at
    RE: Nav 2009 SP1 - 3 Tier Setup Issues

    Actually, I noticed that the URL Registration wasn't needed at all.  I figured out where my error was in this whole process.  

    After I had set (on the Navision Service) the "WebServicesUseNTLMAuthentication" to true, I never tested logging into Web Services with the Domain User.  I was able to log in to Web Services with the Domain User and I got the expected results from the session:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    <discovery xmlns="schemas.xmlsoap.org/.../&quot; xmlns:xsi="www.w3.org/.../XMLSchema-instance&quot; xmlns:xsd="www.w3.org/.../XMLSchema&quot;>

    <contractRef xmlns="schemas.xmlsoap.org/.../&quot; ref="192.168.0.51/.../Omega Testing 2014/SystemService"/>

    <contractRef xmlns="schemas.xmlsoap.org/.../&quot; ref="192.168.0.51/.../Omega Testing 2014/Page/Contact"/>

    <contractRef xmlns="schemas.xmlsoap.org/.../&quot; ref="192.168.0.51/.../Omega Testing 2014/Page/Customer"/>

    <contractRef xmlns="schemas.xmlsoap.org/.../&quot; ref="192.168.0.51/.../Omega Testing 2014/Page/RoomCategory"/>

    </discovery>

  • Rob Ellsworth Profile Picture
    Rob Ellsworth on at
    RE: Nav 2009 SP1 - 3 Tier Setup Issues

    After registering the URL on WS1, I am finally able to login in with the domain user (when the browser prompts me to) and I get the results I was expecting!  Only modification to your answer was doing a registration for http:// (since I haven't setup SSL yet).

  • Verified answer
    Suresh Kulla Profile Picture
    Suresh Kulla 43,745 on at
    RE: Nav 2009 SP1 - 3 Tier Setup Issues

    Try registering the command using following command

    netsh http add urlacl url=https://hostname:port/navserver user=DOMAIN\user

    replace hostname, port nav server and user accordingly

    Refer to this blog it could be because of duplicate SPN

    http://blogs.msdn.com/b/nav/archive/2009/11/05/duplicate-spns-in-a-3-tier-setup-and-how-to-locate-them.aspx

  • Rob Ellsworth Profile Picture
    Rob Ellsworth on at
    RE: Nav 2009 SP1 - 3 Tier Setup Issues

    The Windows users have been added to the database.  I can connect using the Classic client in Windows Authentication mode for the SQLAdmin user.  

    Also, I am able to run the RTC, but only on WS1 (when logged into the domain with SQLAdmin).  

    It looks to be a delegation issue, as the SQL Logs show attempts of logging in as Anonoymous

    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 192.168.0.51]


    The infrastructure error is the missing SPN that IS setup (at least what I believe to be setup, as provided by the setspn screen capture I provided).  The BPA says the SPN isn't setup, when it looks like it is. 

    Thanks for the suggestion though Suresh, but that's not it :(

  • Suresh Kulla Profile Picture
    Suresh Kulla 43,745 on at
    RE: Nav 2009 SP1 - 3 Tier Setup Issues

    Please refer to this link, it looks it is using database authentication, try adding user to the windows authentication/windows login.

    msdn.microsoft.com/.../dd338947.aspx

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,269 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,198 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans