Three tiers. RTC and webservices can be accessed on the middle tier.
Outside the middle tier, we can only access the webservices by signing in as the administrator (Login: [domain]\administrator) of the middle tier machine. No other logins work, we have added a tremendous list of SPNs. We cannot find a 'Delegation' tab mentioned in previous posts. The site has been added to 'trusted sites' in IE. Best Practice Analyzer in NAV is not giving us anything to work with.
SPNs, just in case it is important for analysis, DEVNAV0 is the service tier box:
Registered ServicePrincipalNames for CN=DEVNAV0,CN=Computers,DC=mynewplace,DC=lo
cal:
HTTP/DEVNAV0.nph.[domain] nph\DEVNAV0
[domain]/DEVNAV0
[domain]/DEVNAV0:7047
[domain]/DEVNAV0.[domain]:7047
HTTP/DEVNAV0.[domain]\DEVNAV0
HTTP/DEVNAV0.[domain].local:7047
DynamicsNAV/DEVNAV0.[domain].local:7046
HTTP/DEVNAV0.[domain].local
HTTP/DEVNAV0
WSMAN/DEVNAV0
WSMAN/DEVNAV0.[domain].local
TERMSRV/DEVNAV0
TERMSRV/DEVNAV0.[domain].local
HOST/DEVNAV0
HOST/DEVNAV0.[domain].local
0
Comments
Edit
Below are the SPNs from a working 3 tier system (RTC and WS) using RTC and service tier with build 30286. You do need a post v6 SP1 build as there have been significant fixes and the SPNs have changed.
The full name of the domain is "ttnav.local" and the DC's name is tt-dc.ttnav.local.
I'm not 100% sure that all the SPNs are needed but most of them appear to be.
The delegation is: "MSSQLSvc TT-DB.ttnav.local 1433 "
Edit2
The webservice URL format has changed too.
TVision Technology Ltd
Once thing I have not come across is different requirements for Admin vs non admin users. Which suggests you still don't have the correct SPNs and are probably running the service tier as the same admin user. If you are then your Admin login whould be using a two tier authentication not three tier. You may also need your equlivent of the SPN: "http/TT-ST", the computer name without domain or port number.
One thing I would mention is that I'm having trouble setting this up on our real internal domain. It was working at one point but then failed again to the point where I spent several hours on it before more important things took over. So at the moment only 'Three tiers on two machines' is working in that domain (which is easy to get working).
The updates I've mentioned are available at
https://mbs.microsoft.com/knowledgebase/search.aspx
http://support.microsoft.com/hotfix/KBH ... num=123456
The first is the KB search, the second is downloading the KB fixes by kb number, it looks like you have to be logged in to access them; I don't know offhand if they are 'customer source' or 'partner source' but really the partner should be involved in installing anything like this.
At the moment setting up a three tier system is very much a moving target; If this is a customer system, as you're hinting, I would strongly suggest getting Microsoft directly involved in the setup.
TVision Technology Ltd