Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 267 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 992 SQL General
- 384 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
Kerberos 3 Tier Install Nightmare
pfancy79
Member Posts: 9
Hi,
I am currently having an issue with installing NAV 2009 R2 on a 3 Tier environment.
I have followed the MSDN walk-through and spent many many hours searching and reading through various blogs e.t.c, but without finding a successful result.
The problem that I am experiencing is when running the RTC from a client machine I am getting "The Login failed when connecting to SQL Server XXXXX".
Obviously this error has been reported many times and nearly always is an issue with delegation and SPN's. I am fairly sure that I have set this all up correctly.
Environment:
SQLServer
Server 2003
SQL 2005
The service is running under LocalSystem.
NAV Server
Server 2008
The service is running under XXXXX\NAVRTCService which for the purpose of testing has been set as DOMAIN ADMIN.
Config file has been setup correctly to point to the database. This works as an RTC client on NAV Server connects correctly.
SPN's
setspn -A DynamicsNAVSpikes/W2008-TS.XXXXX.local:7046 XXXXX\NAVRTCService
setspn -A DynamicsNAVSpikes/W2008-TS:7046 XXXXX\NAVRTCService
setspn -A MSSQLSvc/SQLSRV1.XXXXX.local:1433 XXXXX\NAVRTCService
Delegation then set against User Active Directory object for both services. Have tried just the SQL one but made no difference.
Have tried allowing delegation for any service option but this made no difference.
No duplicate SPN's found
When connecting I get a Security event on NAV Server saying that user XXXXX\Paul authenticated by Kerberos.
On SQL Server get a Security event saying that NT AUTHORITY\ANONYMOUS USER logged on using NTLM.
Have tried both AllowNTLM = true and false on the UserSettings.config on client machine.
Have run out of ideas now and feel that going around in circles.
Also have made sure that before each connection attempt that KLIST PURGE has been called on all 3 machines.
Any one have any suggestions, or even words of encouragement would be grateful.
Thanks
Paul
I am currently having an issue with installing NAV 2009 R2 on a 3 Tier environment.
I have followed the MSDN walk-through and spent many many hours searching and reading through various blogs e.t.c, but without finding a successful result.
The problem that I am experiencing is when running the RTC from a client machine I am getting "The Login failed when connecting to SQL Server XXXXX".
Obviously this error has been reported many times and nearly always is an issue with delegation and SPN's. I am fairly sure that I have set this all up correctly.
Environment:
SQLServer
Server 2003
SQL 2005
The service is running under LocalSystem.
NAV Server
Server 2008
The service is running under XXXXX\NAVRTCService which for the purpose of testing has been set as DOMAIN ADMIN.
Config file has been setup correctly to point to the database. This works as an RTC client on NAV Server connects correctly.
SPN's
setspn -A DynamicsNAVSpikes/W2008-TS.XXXXX.local:7046 XXXXX\NAVRTCService
setspn -A DynamicsNAVSpikes/W2008-TS:7046 XXXXX\NAVRTCService
setspn -A MSSQLSvc/SQLSRV1.XXXXX.local:1433 XXXXX\NAVRTCService
Delegation then set against User Active Directory object for both services. Have tried just the SQL one but made no difference.
Have tried allowing delegation for any service option but this made no difference.
No duplicate SPN's found
When connecting I get a Security event on NAV Server saying that user XXXXX\Paul authenticated by Kerberos.
On SQL Server get a Security event saying that NT AUTHORITY\ANONYMOUS USER logged on using NTLM.
Have tried both AllowNTLM = true and false on the UserSettings.config on client machine.
Have run out of ideas now and feel that going around in circles.
Also have made sure that before each connection attempt that KLIST PURGE has been called on all 3 machines.
Any one have any suggestions, or even words of encouragement would be grateful.
Thanks
Paul
0
Comments
1) SQL is under localsystem - it have no access to network. Use the Network service account instead
2) If you are using system service, the account for the SPN must be the server domain account, it means
setspn -A MSSQLSvc/SQLSRV1.XXXXX.local:1433 XXXXX\SQLSRV1$
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
You can easily use it to check what is needed for connecting your "frontend" (NST) to the "backend" (SQL).
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.