Personalized Community is here!
Quickly customize your community to find the content you seek.
Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2020 Release Wave 2Discover the latest updates and new features to Dynamics 365 planned through March 2021.
Release overview guides and videos Release Plan | Preview 2020 Release Wave 2 TimelineWatch the 2020 Release Wave 1 virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
I have face issue wildcard certificate validation fail between Web Server and Nav Server. We have use wildcard certificate for nav and web. The problem is web client has below issue when certificate validation during login.
Error accessing Website Microsoft Dynamics NAV 2016 Web ClientURL: nav.cronus.com.sg/.../SignIn.aspxType: Microsoft.Dynamics.Nav.Types.NavSecurityNegotiationExceptionMessage: The Service Principal Name (Delegation) configuration has been set incorrectly. Server connect URL: "net.tcp://navapp.cronus.com.sg:7046/NAV90-AU/Service". SPN Identity: "DynamicsNAV/navapp.cronus.com.sg:7046"The X.509 certificate CN=*.cronus.COM.SG, O=Cronus Pte Ltd, L=Singapore, C=SG is not in the trusted people store. The X.509 certificate CN=*.cronus.COM.SG, O=Cronus Pte Ltd, L=Singapore, C=SG chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation because the revocation server was offline.
1.Certificated is added on both server.
Computer Account\Personal\Certificate and Trusted Root Certificate\Certificate
2.DnsIdentity is added WebConfig
<add key="DnsIdentity" value="cronus.com.sg"/>
3.RTC can open from Web Server.
5.NAV2016 CU16 - AU
6.Web Server without join domain. Only App and Data join domain.
I would like to heard your suggestion on my issue.
I can suggest you to follow this blog. This helped me with ssl certificate
If you are running on a Windows Server 2016 with a "real trusted certificate" (and not a self-signed one) I've blogged about this exact issue and the solution (unfortunately in Danish) here: http://blog.systemconnect.dk/?p=1075
The solution in short:
Go to IIS, open Application Pools, select the Microsoft Dynamics NAV2017 Web Client Application Pool, open Advanced Settings. Find Process Model / Load User Profile and make sure it is False (default is True).
The issue has already been reported to Microsoft by me [REG:117011215166449]. And I think they are planning to modify the NAV installer and/or online documentation.
Btw: The Azure Gallery NAV-server is actually doing this modification in its powershell script (made by Freddy). That is why they are working without this problem...
Hi Gert Lynge,
It's work perfect after changed the setting. I suspect that not Windows 2016 issue. I more on think IIS default setting on different version. I tested with windows 2012 DC IIS 8.xx is working, i do not change any setting. Again, i used windows 10 and IIS 10.xxx but error is same as previous my question. MS should fixed it or write the documentation. Thanks for your help.
I agree. It depends on the IIS version (the one included in Windows Server 2016 and you are probably right - also in Windows 10. To my knowledge it is NOT a problem with earlier versions).
But the setting has the same defaults on earlier IIS versions, so it is some internals in IIS or Windows certificate handling that have changed and is also controlled by this setting.
The strange thing is that the Azure Gallery servers (made by Freddy from Freddys blog) has always been setting this in the initialize scripts (also om earlier Windows/IIS versions) - but it has not been causing problems for me earlier and I not sure if anybody knows why anymore (not even Freddy :-) - he helped me identifying the issue).
To my knowledge is has never been documented and the NAV installer has never set it.
As mentioned I've reported it to Microsoft earlier and I was told it is now on an internal bug list.
Business Applications communities