RTC Delegation not working

dspacedspace Member Posts: 15
edited 2010-08-17 in NAV Three Tier
I have created a 3-tier setup. The server and SQLserver interact nicely, but when I try to run an RTC, I get a "login failed when connecting to SQlServer". I have setup SPNs on the ad server and have used dsa to setup delegation.

When I look at the event log after a failed attempt, it says that SQLServer did not allow access to MY domain username, not the delegated domain username. It's as if the delegation did not exist.

Any thoughts or suggestions? Thanks.

Comments

  • TonyHTonyH Member Posts: 223
    Are you using domain service accounts or network service?

    t
  • dspacedspace Member Posts: 15
    Domain account.
  • TonyHTonyH Member Posts: 223
    Have you checked for duplicate SPN's?

    If you have try going back to using a network service account, and see if you have the same issue...

    t
  • TonyHTonyH Member Posts: 223
    You can check for duplicate SPNs using Setpsn-x on the CMD Prompt...

    t

    EDIT : -

    You can also set SQL server to dynamically generate SPN's.
    I know it says SQL 2000 but this is the article I was sent to by an MS engineer on another issue, not tried it yet, but will do on my next install.

    http://support.microsoft.com/kb/319723/en-us
  • dspacedspace Member Posts: 15
    No duplicate SPNs.
  • TonyHTonyH Member Posts: 223
    Can you try running this tool and see what it shows?

    https://mbs.microsoft.com/partnersource ... zerNAV2009

    t
  • dspacedspace Member Posts: 15
    I'm not authorized to view that page, but if that is the Best Practices analyzer, I have run that and the only issue it shows is the Web Services service is stopped, which is true.
  • TonyHTonyH Member Posts: 223
    Okay,

    Flick it (NST) back to network service, reapply the Delegation based on <ComputerName>$. Don't worry about SPN's and give that a try....

    t
  • dspacedspace Member Posts: 15
    The problem with that is I originally had it setup with network service. I figured that would be quick and easy and I could move it later. It had the same problem then and I thought that maybe using a domain login would solve it - I was wrong. I guess I'll just have to wait for partner to get us on their schedule. I was hoping that I could try out some things ahead of time, but had no idea how fussy the install would be - you gotta love .net and ad and all the other related technologies :(

    Thanks for your suggestions. I'll post the answer when we finally discover it.
  • TonyHTonyH Member Posts: 223
    Try setting it to Network Service and follow the guidelines here in this MSDN Article for delegation

    http://msdn.microsoft.com/en-us/library/dd568720.aspx

    Ignore the SPN's.

    Ensure that <ComputerName>$ is setup as a used in the SQL Database and that you have the listener as the default schema... as long as there is nothing crazy happening on your network it will work..

    http://msdn.microsoft.com/en-us/library/dd568739.aspx

    t
  • anieanie Member Posts: 14
    dear dspace,

    have you found any solution to this problem of yours?
    we am also stuck the same way as you. please let us know.

    thank you.

    best regards,
    Anish
  • dspacedspace Member Posts: 15
    No luck yet, but am expecting some professional help in the next week or two. As soon as I have a solution, I will post it here.
  • anieanie Member Posts: 14
    Dear dspace,

    Just succeeded to connect the NAV database using the RTC over three computers.

    Followed the steps given in the Walkthrough: Installing the Three Tiers on Three Computers ( http://msdn.microsoft.com/en-us/library/dd301254.aspx ). Used the default Network Service account as the service account of NAV Services. Then configured the OCL using the NAV Server computer as login, i.e., <Computer Name>$ (e.g.: DSCP25310$). Skipped the creation of spns (deleted the existing MSSQLSvc spns) and also the delegation part.

    Connected the database (the demo database installed in the NAVSQL machine) with the classic client and added the Network Service account along with a Domain Account in the Windows Logins and assigned the roles Super to them. Also given full access to the domain account in the Service folder in the NAVServer machine where the NAV Service Tier is installed. Finally logged into the third machine with the Domain Account and started the RTC and it successfully connected to the database.

    \:D/

    Let me know if it solved your issue as well.

    Best Regards,
    Anish
Sign In or Register to comment.