NAV 2009 Web Services only works from web service machine

jwilder · 2008-12-22

In regards to NAV 2009 Web Services I am having a small problem. Here is the setup:

Computer Name Description

swk-test1 SQL Server 2005 + Database are on this server

swk-lab2 Web Services installed

Ports 7046 + 7047 are open + accessible. The services are set up with an administrator that is also a super user in navision. To see what web services are available I run this: http://swk-lab2:7046/DynamicsNAV/WS/Services from the Web Service machine and I get a correct response with the services list.

If I try running the same url on another machine it first asks for a password and then displays a "Can't Find Page" in internet explorer error. In the application log on the web service machine an error was logged that says:

User:

Type: Microsoft.Dynamics.Nav.Types.NavDatabasePasswordException

SuppressMessage: False

FatalityScope: None

Message: The login failed when connecting to SQL Server 10.1.1.25.

One more piece of info. The server where the database resides has the following error in the application log:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: swk-lab2]

I am sure I am missing some little security option or somethig like that.

[-o<

freddy.dk · 2008-12-22

Sounds like you need to setup delegation for swk-lab2 to swk-test1 in your AD (swk-lab2 needs to be able to connect to swk-test1 as a different user).

jwilder · 2008-12-22

Why would Ihave to do that, is this part of the normal process to get web services working in NAV2009?

freddy.dk · 2008-12-22

It is a part of getting NAV 2009 (or I guess most 3T applications) to work in a 3Tier environment.
Same thing if you have the service tier on the swk-lab2 - it will need to be able to connect to the SQL server as the user connecting from a Client computer.

jwilder · 2008-12-22

Would you be willing tell me how to do this in Active Directory. This isn't something we have done before.

freddy.dk · 2008-12-23

There is a walkthrough in the documentation explaining how to do this:

Walkthrough: Installing the Three Tiers on Three Computers

I think that will help you.

jwilder · 2008-12-23

I can't find that topic in Navision help. Where do I find it?

freddy.dk · 2008-12-23

under the documentation/Install Guides folder on the DVD there is a nav_install.chm - in that you will find the topic.

jwilder · 2008-12-23

This is exactly what I need, thanks!

jwilder · 2008-12-29

Thanks for all your help so far but I still have a ways to go to get this solved.

First off the help file is geared more towards using the RTC. We don't care about the RTC at this point and are only interested in the Web Service. Starting in the help file under "Creating a Domain User Account for the NAV Service" we went through and found the documentation to not match what our "active directory users and computers" had for options. For example when we right click on the new user we have no option to "Raise Domain Functional Level". Later on we could find an option for the computer running the web service to "Trust Computer for Delegation" but there was no screen to actually map to specific services. This was very different from the instructions.

One thought is that our active directory is in Native 2000 Mixed mode not Windows Server 2003. Could this have anything to do with the differences? We are basically stuck at this until we can figure some of these things out.

freddy.dk · 2008-12-29

RTC connects to Service Tier in the same way as a Web Service consumer connects to NAV Web Services - setup is the same.
You should just trust the machine for delegation - that worked on my server.

jwilder · 2008-12-29

The problem we are running into is the trust for delegation part. It is not very clear on what needs to be done to get this trust to work. Are you saying you don't have to specify the specific service to trust (the directions ago down to the service level)? Also do you know if Native 2000 Mixed mode could be causing the problem? The directions say to change to Windows Server 2003 for the specific machine but we only have that option at the enterprise level which is something we can't just change without some consideration and testing. Any more input would be appreciated, thansk for your help.

jod · 2009-01-09

We are having the same problem on a 3-tier installation. We have gotten the role tailored client to work unsing kerberos authentication but cannot work out how to get kerberos authentication to work with the Web Service. The web services are only available on the server that is running the service tier. We have tried creating HTTP SPN entries for the service account but this has not helped.
There is no documentation available on this for NAV2009 so any suggestions would be welcome....

bruno77 · 2009-02-01

I am able to connect using the name but when using the IP I get the same error:

This works:
http://server:7047/DynamicsNAV/WS/Services

This doesn't:
http://192.168.1.100:7047/DynamicsNAV/WS/Services

Any help would be great. Is it just me or is this setup unnecessary complex? Also, could anyone explain why it was designed like this?

Thanks in advance for any help

Hennie · 2012-07-19

Hi,

Give your nav service account the right to registrate the appropriate url by typing the following line at command prompt.

netsh http add urlacl url=http://+:7047/DynamicsNAV user=nav_service

Replace DynamicsNAV with you own service name and replace nav_service with the service account of the web service.

Howdy, Stranger!

Quick Links

Categories

NAV 2009 Web Services only works from web service machine

Comments