Dynamics NAV 2016 and NAV Universal App on IOS Access Issue

Question Status

Suggested Answer
Michael Hnatiw asked a question on 10 Nov 2017 3:29 PM

Hello Everyone,

So we have a Dynamics NAV 2016 installation on-premise and have been looking at implementing ADFS and IFD for some time now.
Over the last few weeks we have setup ADFS and have used a WAP to get external access to our NAV development installation from the internet.
This works fine for any web client on any device we have tested.

However, we are having issues gaining access to the environment through the Dynamics NAV universal app for IOS.
We cant seem to get past the 'Service Name' screen where the external address of the server is inputted as we get the generic 'Could not connect to the server' error.

QfiFJ5lsTwuX9uf2I5Zn_Image-1.jpg
Using a packet trace through our Fortinet Firewall seems to indicate our WAP may not be re-directing some .ASP pages incorrectly, as indicated from the snippet below.
These pages exist on the NAV server but for whatever reason the request isnt getting forwarded and its looking for these pages on the WAP.

2017-10-06 18:33:42 10.2.1.1 27735 10.2.1.35 443 HTTP/1.1 GET /Fireball_NAV_DEV/Empty.aspx - 404 - NotFound -
2017-10-06 18:33:42 10.2.1.1 28131 10.2.1.35 443 HTTP/1.1 POST /Fireball_NAV_DEV/auth?dc=phone&aid=NAV - 404 - NotFound -
2017-10-06 18:33:45 10.2.1.1 31504 10.2.1.35 443 HTTP/1.1 GET /Fireball_NAV_DEV/Empty.aspx - 404 - NotFound -
2017-10-06 18:33:45 10.2.1.1 31899 10.2.1.35 443 HTTP/1.1 POST /Fireball_NAV_DEV/auth?dc=phone&aid=NAV - 404 - NotFound -
2017-10-06 18:58:56 10.2.1.1 6969 10.2.1.35 443 HTTP/1.1 GET /Fireball_NAV_DEV/Empty.aspx - 404 - NotFound -
2017-10-06 18:58:56 10.2.1.1 7357 10.2.1.35 443 HTTP/1.1 POST /Fireball_NAV_DEV/auth?dc=phone&aid=NAV - 404 - NotFound -
2017-10-06 19:00:06 10.2.1.1 41452 10.2.1.35 443 HTTP/1.1 GET /Fireball_NAV_DEV/Empty.aspx - 404 - NotFound -
2017-10-06 19:00:06 10.2.1.1 42022 10.2.1.35 443 HTTP/1.1 POST /Fireball_NAV_DEV/auth?dc=phone&aid=NAV - 404 - NotFound -
2017-10-06 22:00:31 10.2.1.1 20678 10.2.1.35 443 HTTP/1.1 GET /Fireball_NAV_DEV/Empty.aspx - 404 - NotFound -
2017-10-06 22:00:31 10.2.1.1 21062 10.2.1.35 443 HTTP/1.1 POST /Fireball_NAV_DEV/auth?dc=phone&aid=NAV - 404 - NotFound -

So, as a general question, what could I be missing in terms of setup if the access to the web client works on any device except within the IOS Dynamics Universal NAV app?

I should mention I have also tried creating an Azure install under a trial just to demo the app, and have even install the self-signed cert for the NAV server ion Azure on the device using the universal app itself and still cannot connect to our NAV installation (Trust Root CA is enabled on the IOS device).

If more details are need let me know.
Any feedback appreciated!

Best Regards,

Reply
Suggested Answer
Zaid Tariq responded on 10 Nov 2017 4:29 PM

Hi,

  1. Please test first if this URL is accessible of not.
  2. To work with IOS, you need to create a CA and then generate a certificate for this server/website using that CA.
  3. Install the CA certificate and then the website certificate in your IOS device. 
  4. Self signed certificate will not work in case of IOS.

Let me know if you need scripts to do all these steps. Thanks

Reply
Manish Sharma responded on 10 Nov 2017 11:48 PM

Have you generate certificate on the server, did the binding & installed that certificate on the Tablet.

Reply
Suggested Answer
Michael Hnatiw responded on 14 Nov 2017 2:29 PM

Hey Everyone,

I appreciate the suggested answers, but unfortunately we are using a 3rd part CA and a wildcard cert.

Self-signed is not a problem since it is not being used, but install the certificate on every device might also not be an option.

So the only solution is to install the wildcard onto each IOS device that will access NAV and ensure the trust settings are enabled for the root CA?

Reply
DavidVenero responded on 15 Nov 2017 1:43 PM

Hi everyone,

Suffering the same problem on iOS devices running the latest OS release (iOS 11).

Working properly on older devices with iOS 9.

On iOS11 I also cound’t pass the login screen.

So I think we should pray for a Microsoft APP updated for iOS.

Reply
Suggested Answer
Zaid Tariq responded on 10 Nov 2017 4:29 PM

Hi,

  1. Please test first if this URL is accessible of not.
  2. To work with IOS, you need to create a CA and then generate a certificate for this server/website using that CA.
  3. Install the CA certificate and then the website certificate in your IOS device. 
  4. Self signed certificate will not work in case of IOS.

Let me know if you need scripts to do all these steps. Thanks

Reply
Suggested Answer