Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.7K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 317 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Authentication (kerberos / ntlm)
derek
Member Posts: 22
I have 3-tier installation on 3 server. Servers are SQLSERVER, NAVSERVER and REMOTESERVER. All of these servers are Win Server 2008's. I have three databases for different purposes. Every databases had they own NAV service (Demo, Dev, Prod) and these uses SQL default instance. Demo uses it's default (DynamicsNAV) instance and others are hand maded. Every service use the same default ports, so tcp-sharing is in use.
When I make a RTC connecton from NAVSERVER to SQLSERVER then everything goes fine with every service. Also, if I make connection from RTC (REMOTESERVER) to Demo instance, still everything are ok. But if change Server address to different service, then I get "The login failed when connecting to SQL server (servername)".
All config files are double checked and only differencies found on server instance names and databases. All of these authentication keys are same. Event viewer from NAVSERVER gives me different information when I change instance. When I make a successful login to demo, then security info is:
An account was successfully logged on.
New Logon:
Security ID: MyDOMAIN\MyUserName
Account Name: MyUserName
Account Domain: MyDOMAIN
Logon ID: 0x7155f0a
Logon GUID: {b15d0e52-e876-a20d-b8d0-7e2090335d282}
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
And when I try to connect to other service, then I get followed:
An account was successfully logged on.
New Logon:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x715679a2
Logon GUID: {00000000-0000-0000-0000-000000000000}
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
I dunno what to do next. Every parameters are 'same' but Demo is still so special.
How and what parameters I have to change so, that I can get these others to work? Something to authentication keys or ports?
When I make a RTC connecton from NAVSERVER to SQLSERVER then everything goes fine with every service. Also, if I make connection from RTC (REMOTESERVER) to Demo instance, still everything are ok. But if change Server address to different service, then I get "The login failed when connecting to SQL server (servername)".
All config files are double checked and only differencies found on server instance names and databases. All of these authentication keys are same. Event viewer from NAVSERVER gives me different information when I change instance. When I make a successful login to demo, then security info is:
An account was successfully logged on.
New Logon:
Security ID: MyDOMAIN\MyUserName
Account Name: MyUserName
Account Domain: MyDOMAIN
Logon ID: 0x7155f0a
Logon GUID: {b15d0e52-e876-a20d-b8d0-7e2090335d282}
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
And when I try to connect to other service, then I get followed:
An account was successfully logged on.
New Logon:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x715679a2
Logon GUID: {00000000-0000-0000-0000-000000000000}
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
I dunno what to do next. Every parameters are 'same' but Demo is still so special.
How and what parameters I have to change so, that I can get these others to work? Something to authentication keys or ports?
0
Answers
That would be my guess.
Dynamics NAV, MS SQL Server, Wherescape RED;
PRINCE2 Practitioner - License GR657010572SG
GDPR Certified Data Protection Officer - PECB License DPCDPO1025070-2018-03
Problem has solved with SPN's. DynamicsNAV was only instance which has two SPN's (short and FQDN).
And because this was only service which works, then I made FQDN SPN's for these other instances.
I also set up UserAccountControl flag in Active Directory and I made some changes to CustomSettings file:
<add key="AllowNtlm" value="False" />
<add key="ServicePrincipalNameRequired" value="True" />
Now after all these changes, I get Network type: Connection authenticated (Kerberos) on RTC Select Server form.
Earlier this Network type was Negotiated Authentication (Kerberos or NTLM).
Now shortcuts are created for every instance, so now environment is ready to work.
When I start to make 3-tier to 3-server installation, I never believe in this could be so multifaceted installation.
After all these steps I should spend some time for documentation