NAS/NEP NAV4.0SP2 Config problems with SS2005 DB

GrahamS7GrahamS7 Member Posts: 15
edited 2006-07-23 in Navision e-Commerce
Hi

I am having a problem configuring NAS/NEP using a SQL Server 2005 DB Option (NEP-SQL)

My config is:

Server-01 (MS2K3,Sharepoint/IIS,NAS/EP (NAV4.0SP2)Installed, J# all Prereqs.

Server-02 (MS2K3, SQLServer 2005 ( 2 Instances -(2 Databases demo/test and production(NAV4.0SP2) in Default Instance), 1 Named Instance)

XP Workstations, NAV4.0SP2 Client

My problem is getting the Key Exchange management to complete the config steps, the outcome being that after going thru the update,start,refresh actions the status is not being set as "registration completed", and therefore the there is nothing in the trusted sites list.

In NEP-SQL NAS I have the Database Server Name parameter set as "Server-02" and the Start up parameter as NAS-1. There is no help available in the NAS Manager MMC snapin.

In the Key Exchange Tab my request queue string is setup as
"FormatName:DIRECT=TCP:Server-01\private$\nap_key_reply"

In the Navision Key Exchange Management Console i have the following string entered in the Request Queue column "FormatName:DIRECT" is this correct or should it be "FormatName:DIRECT=TCP:Server-01\private$\nap_key_reply"

Is this correct, or is there some other syntax required, where can i get more doco/tech info on the semantics of the strings, NEP in general.

Also, for instance as I have two SS2005 Instances running on "Server-02" how does the NEP-SQL NAS know which SQL server instance it is to use.

Any suggestions greatly appreciated as I have been struggling with the current product install and config documentation ](*,)

Comments

  • krikikriki Member, Moderator Posts: 9,115
    [Topic moved from Dynamics NAV forum to Navision e-Commerce forum]
    Regards,Alain Krikilion
    No PM,please use the forum. || May the <SOLVED>-attribute be in your title!


  • GrahamS7GrahamS7 Member Posts: 15
    Thanks Kriki

    Thru searching threads on EP I was able to find and download a white paper on security for EP from PartnerSource. (NAV_EmployeePortalWP.doc). However, I am still having problems with the message queues. I have setup the additional private message queues on the Sharepoint Server as:
    1. sbs-server-01\private$\nep_key_exchange_request
    2. sbs-server-01\private$\nep_key_exchange_reply
    with full control security permission given to ANONYMOUS LOGIN

    I have entered the following Key Exchange parameters in Application Server Setup in NAV as: (the IP address of the Sharepoint and NAV Application server is 192.168.0.1)

    Key Exchange Request Queue -- .\private$\nep_key_exchange_request
    Key Exchange Reply Queue -- FormatName:DIRECT=HTTPS://192.168.0.1/msmq/nep_key_exchange_reply

    The documentation is ambiguous(both MSMQ and NAV), so should these paramaters be:

    For the Sharepoint Server private message queues:

    1. sbs-server-01\msmq\private$\nep_key_exchange_request
    2. sbs-server-01\msmq\private$\nep_key_exchange_reply

    And the Key Exchange parameters in Application Server Setup in NAV as: (the IP address of the Sharepoint and NAV Application server is 192.168.0.1)

    Key Exchange Request Queue -- .\msmq\private$\nep_key_exchange_request
    Key Exchange Reply Queue -- FormatName:DIRECT=HTTPS://192.168.0.1/msmq/private$/nep_ key_exchange_reply

    My gut feel is that the documentation has syntax errors.

    I have limited MSMQ experience, thanks in advance
  • IHateLinuxIHateLinux Member Posts: 223
    Hi Graham,

    can you please confirm if the NAS is successfully running?

    Because a NAS handling NEP should start with Startup parameter
    NEP-xxxxx

    To see if the NAS is successfully running:
    1.) Stop NAS
    2.) Look in Services Snap in if the service is really stopped.
    3.) Clear the event log
    4.) Start the NAS and you should get a couple of messages

    I have NAV 4.0 SP2 based on SQL2005 and SPS2003 up and running on a virutal machine.

    HTH,
    Rainer
  • GrahamS7GrahamS7 Member Posts: 15
    Hi IHateLinux

    NAS Server -- NEP-SQL startup up parameters are:
    Database Server Name -- sbs-server-01
    Database - Navision Demo Database (4-0)
    Company Name -- CRONUS xxxx xxx xxx
    Startup Parameter --- NEP-1
    NetType -- TCP/IP Sockets

    The start and stop service buttons on the NASMSnapIn dont seem to do anything. I start the NAS service from the Services MMC snapin.

    It starts OK and its service status is Started in both snapins.

    System event log shows 2 events:

    1. Navision Application Server NEP-SQL was successfully sent a start control from SCM

    2. Navision Application Server NEP-SQL service entered the running state.

    Application event log shows 2 events:

    Info--- Event ID 109 in Source (NEP-SQL) cannot be found ..... event: NAS for Employee Portal started.

    Warning -- Event ID 109 in Source (NEP-SQL) cannot be found ..... event: The queue listener could not open the queue .\private$\nep_key_exchange_request

    My problem is with the Key Management Console.

    Started the console: Entered the following

    Descrption -- NEP Server
    URL - http://sbs-server-01/
    Path to web config -- C:\inetpub\wwwroot
    Reply Q - .\private$\nep_key_exchange_reply
    Request Q - FormatName:DIRECT (???)

    as per the examples in the install instructions Figure 9, Key Exchange Management.

    The instructions are:
    Start the application, and fill the necessary information for each Microsoft Windows SharePoint site / portal.

    The following fields are available and should be changed/completed:
    • The description for the site
    • The URL of the site which can be chosen with a combo box from all Microsoft SharePoint enabled sites on this server
    • The path to the web.config of this site
    • The path (formatname) to the key exchange reply queue (which is on the local machine) (???) and
    • The path to the key exchange request queue (which is pointing to the queue, existing on the NAS machine) ???

    After adding the above information, I selected command “Start Service” from the “Action” menu. the field status changed to value “Request for Public Backend”.

    Then after a few seconds selected “Refresh” from the “Action” menu, the value did not change to “Registration request sent”.

    The form “Trusted Sites” is empty. I cannot seem to finish the last two steps.

    regards Graham
  • IHateLinuxIHateLinux Member Posts: 223
    Hi,

    can you please check if the queue is existing?

    There are two different ways of addressing a queue:
    - Short format (only for queues which are local private queues)
    e.g. ---.\private$\nep_key_reply---
    - Long format (for remote queues)
    e.g. FormatName:DIRECT=TCP:10.0.0.1\private$\nep_reply

    The long format can be either:
    - FormatName:DIRECT=TCP:HERECOMESTHEIP
    - FormatName:DIRECT=OS:HERECOMESTHENETBIOSNAME
    - FormatName:DIRECT=HTTP:URL (only Windows server 2003 AND
    installed MSMQ with HTTP Support)

    So as far as i understand and read your first posting: just replace the name of the server with the IP OR replace TCP with OS.

    Then it should work.

    HTH,

    Rainer
  • GrahamS7GrahamS7 Member Posts: 15
    Hi Rainer

    I rechecked all of the private queues and parameter strings and found I had a typo in one of the key exchange queue names, corrected this and restarted the NAS (NEP-1), Restarted the service. (No warnings or errors)

    I was able to setup,register and acknowledge the Trusted sites.

    After resetting IIS and restarting the NAS service I can open sharepoint web sites with NAV web parts they display & are working fine.(without encription).

    However, when I then change the Application Server Setup for NEP-1 by turning on 'Use Encription" in Navision, and in the web.config file, after resetting IIS and restarting the NAS services when I open the same sharepoint web sites with NAV web parts I get the following message displayed on each web part. " Communication error (10131): Cannot retrieve backend public key."

    Do you have any further suggestions :?:

    thanks Graham
  • GrahamS7GrahamS7 Member Posts: 15
    I tested further; trying to deploy SSL encription involves configuration across several layers - (WS2K3, IIS, ISA protocol rules, and CA certificates on servers and clients, as well as the browser config)

    I found configuring IIS Websites for SSL to be problematic particularly when using the default web site. I have other websites installed under the Default Web Site collection that do not require SSL security and get browser errors asking for https://websitename URL protocols.

    I would advise setting up Custom Virtual Directories for the NAV Employee Portal.

    For the time being, I have reverted to a configuration without using SSL security protocols, encryption, and compression, as I am more interested in evaluating and testing EP functionality prior to proposing this feature to customers.

    Hopefully, Microsoft will release better install, configuration and training documentation, particularly as installation is across multiple technology layers, therefore becoming more complex..

    Thanks for your assistance
    GrahamS7
  • IHateLinuxIHateLinux Member Posts: 223
    Hi Graham,

    this last issue is quite simple.

    In the Setup card of Navision Employee Portal (not in the NAS Setup) you will have a menu button "Security" on the bottom. Click there and generate a backend key pair. Afterwards restart the NAS. Then it should work.

    HTH,

    Rainer
  • GrahamS7GrahamS7 Member Posts: 15
    Hi Rainer

    I did that previously,

    I do not have Certificate Services, or a CA installed therefore SSL is not enabled/configured for the default web sites(under IIS).

    When i did this I had the following problem, I have a number of subwebs under the default website, some of them NON-SSL/encripted websites. The problem when I configure the default website for SSL it assumes all subwebs are also to be encripted, therefore the non encripted web sites cannot be accessed.(cannot be accessed with http:// URL prefix, error message)

    It appears that the best option is to install SPS/WSS websites that are going to use the NAV webparts with encrypted security in custom virtual directories that do not have a mixture of encypted and non encrypted sub-webs.

    regards
    Graham
Sign In or Register to comment.