web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics NAV (Archived) / Nav 2009 SP1 - 3 Tier ...
Microsoft Dynamics NAV (Archived)

Nav 2009 SP1 - 3 Tier Setup Issues

(0) ShareShare
ReportReport
Posted on by Rob Ellsworth

Hello everyone, 

I'm trying to setup a 3-tier installation following the Walkthough provided by Microsoft: ( https://msdn.microsoft.com/en-us/library/dd301254.aspx )

I have 2 machines currently setup. First is the SQL Server (omisqldev), and the second machine is the Web Services machine (ws1). Both machines are members of the EOMEGA domain, and I created 1 Domain User for use for both system's services (SQLAdmin). 

Here are the services for the Web Services server:

NavService.png

Here are the services for the SQL Server:

SQLService.png

Here is the Domain User for both services:

DomainUser.png

Here is the list of delegations, reported by setspn:

setspn_5F00_list.jpg

And this is the output of the Best Practices Analyser:

BestPractice.jpg

Unless I'm missing something, the MSSQLSvc/omisqldev.eomega.org SPN is defined for the service account user. I don't know what's missing in the setup.

When I try to connect from a third machine via Web Services, I am presented with a login screen.  After providing the credentials for a local account to WS1 (Domain Users didn't work) I get:

WS1_5F00_LogonFail.jpg

Anyone have any suggestions on where I should go next or what the missing piece to this puzzle is?

I have tried both WebServicesUseNTLMAuthentication = true and false in the CustomSettings.config for the Navision Service.

Thanks for taking the time to read this, 

- Rob

*This post is locked for comments

I have the same question (0)
  • Suresh Kulla Profile Picture
    Suresh Kulla 50,278 Super User 2026 Season 1 on at

    Please refer to this link, it looks it is using database authentication, try adding user to the windows authentication/windows login.

    msdn.microsoft.com/.../dd338947.aspx

  • Rob Ellsworth Profile Picture
    Rob Ellsworth on at

    The Windows users have been added to the database.  I can connect using the Classic client in Windows Authentication mode for the SQLAdmin user.  

    Also, I am able to run the RTC, but only on WS1 (when logged into the domain with SQLAdmin).  

    It looks to be a delegation issue, as the SQL Logs show attempts of logging in as Anonoymous

    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 192.168.0.51]


    The infrastructure error is the missing SPN that IS setup (at least what I believe to be setup, as provided by the setspn screen capture I provided).  The BPA says the SPN isn't setup, when it looks like it is. 

    Thanks for the suggestion though Suresh, but that's not it :(

  • Verified answer
    Suresh Kulla Profile Picture
    Suresh Kulla 50,278 Super User 2026 Season 1 on at

    Try registering the command using following command

    netsh http add urlacl url=https://hostname:port/navserver user=DOMAIN\user

    replace hostname, port nav server and user accordingly

    Refer to this blog it could be because of duplicate SPN

    http://blogs.msdn.com/b/nav/archive/2009/11/05/duplicate-spns-in-a-3-tier-setup-and-how-to-locate-them.aspx

  • Rob Ellsworth Profile Picture
    Rob Ellsworth on at

    After registering the URL on WS1, I am finally able to login in with the domain user (when the browser prompts me to) and I get the results I was expecting!  Only modification to your answer was doing a registration for http:// (since I haven't setup SSL yet).

  • Rob Ellsworth Profile Picture
    Rob Ellsworth on at

    Actually, I noticed that the URL Registration wasn't needed at all.  I figured out where my error was in this whole process.  

    After I had set (on the Navision Service) the "WebServicesUseNTLMAuthentication" to true, I never tested logging into Web Services with the Domain User.  I was able to log in to Web Services with the Domain User and I got the expected results from the session:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    <discovery xmlns="schemas.xmlsoap.org/.../&quot; xmlns:xsi="www.w3.org/.../XMLSchema-instance&quot; xmlns:xsd="www.w3.org/.../XMLSchema&quot;>

    <contractRef xmlns="schemas.xmlsoap.org/.../&quot; ref="192.168.0.51/.../Omega Testing 2014/SystemService"/>

    <contractRef xmlns="schemas.xmlsoap.org/.../&quot; ref="192.168.0.51/.../Omega Testing 2014/Page/Contact"/>

    <contractRef xmlns="schemas.xmlsoap.org/.../&quot; ref="192.168.0.51/.../Omega Testing 2014/Page/Customer"/>

    <contractRef xmlns="schemas.xmlsoap.org/.../&quot; ref="192.168.0.51/.../Omega Testing 2014/Page/RoomCategory"/>

    </discovery>

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics NAV (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans