SETSPN for SQL Server

Soumyadip

Hi,

Bit confused here. As per the documents for installing NAV 3 tier we need to create SPNs for SQL and NAV WebServices. The instruction says -

Create an SPN for the SQL Server service. This service runs on the NAVSQL computer with a default instance name of MSSQLSvc. Type the following command -

Copysetspn -A MSSQLSvc/NAVSQL.yourDomain.yourCompany.com:1433 yourDomain\yourUser

Again, replace "yourDomain," "yourCompany," and "yourUser" with the appropriate values.

The question is - MSSQLSvc... is this static information or do i Replace it with SQL Server Instance name (Services.msc -> select SQL Server -> Right Click -> Property -> Service Name). In my case i am using an existing SQL SERVER 2005 and the Service Name is MSSQLSERVER

kine

Use as it is, the MSSQLSvc is name of the default SQL instance. If the instance is named, than use the name of the instance. I was confused too with this..

Soumyadip

I am having a weird problem. I have installed NAV in 3-tier architecture (One Server for DB another for Service RTC is installed in both). I have set the following SPNs for user (Domain\UserName) –
• HTTP/FullyQualifiedDomainNameOfTheServiceTier:7047
• MSSQLSvc/ FullyQualifiedDomainNameOfTheDBTier:1433
• DynamicsNAV/ FullyQualifiedDomainNameOfTheServiceTier:7046

Kerberos Delegation has been configured against Domain\UserName from MSSQLSvc SPN.
It is working fine, when I am running the RTC or iE (WebService URL) from Service Tier but it is not working from DB layer.
Any clue why?

kine

And what you get as error?

Soumyadip

iE (WebService URL) = Internet Explorer can not displa the webpage
RTC = The program could not create a connection to the server. Do you want to try again?
EventViewer = Nothing

Soumyadip

The event viwer is capturing a weird ERROR when I am running the RTC from DB Server - "The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required."
If that is so, then how is it working from Service Layer?

kine

I think that there is some problem on the SQL... But regarding the IE - just the beginning of the error doesn't tell you enough I need to know why it cannot open the page. If there is Error 500, or 401 or it cannot find the name on DNS...

And check event logs on client and server...

Soumyadip

1) Checked the SQL Server, but that event log is getting generated in regular interval irrespective of any action in NAV.

2) iE Error is -

This problem can be caused by a variety of issues, including:
•Internet connectivity has been lost.
•The website is temporarily unavailable.
•The Domain Name Server (DNS) is not reachable.
•The Domain Name Server (DNS) does not have a listing for the website's domain.
•There might be a typing error in the address.
•If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.

3) I tried running RTC and iE (WebService URL) its not running and nothing is getting captured in Event Log in DB Server+Client and Service Tier

4) I was checking for duplicate SPNs (setspn -x) it is pointing to one duplication of MSSQLSvc..but it is registered as MSSQLSvc/DiffCompName.SameDomain:1433 SameDomain\DiffUser

kine

1) are you able to ping the server from the client through name or ip?
2) you can use this tool http://www.iis.net/community/default.as ... g=6&i=1887 to check the SPN settings... it is best what I have found yet...
3) SPN for another server is not duplicity

Soumyadip

Sorry for all the confusions... The Firewall on the Application Server was ON.

It is working now both RTC and iE (Web Services URL) and from both servers (DB and Apps).

I have AX installed in my DB server. I was trying to consume NAV WebService from AX. While I am trying to ADD the service reference it is throwing the following error -

The remote server returned an error: (500) Internal Server Error


Any clue?

kine

Question is which URL you are using and if the service you want to consume is correct...

Soumyadip

Question is which URL you are using

I am using the standard WebService for WSDL ([url=Http://IPofServiceTier:7047/DynamicsNAV/WS/CompanyName/Codeunit/Name]Http://IPofServiceTier:7047/DynamicsNAV ... eunit/Name[/url])

It is working from in iE from both ServiceTier and DB. However in DB Server, when i am trying to consume the same from AX it is giving me the error.

and if the service you want to consume is correct...

I have tried the same in Dev environment (AX is consuming NAV web service perfectly). After installing the same in test environment it is throwing this error when i am trying to add service reference in AX... I tried adding the same in SSIS WebService Connection and the error is same.

Soumyadip

Do I need to setup delegation for HTTP SPN also? I have done it for MSSQLSvc.

kine

If you will use WebServices then yes, if you will use only RTC, you do not need SPN for HTTP...

Soumyadip

I will use web services. I have 3 SPN created for MSSQLSvc, DynamicsNAV and HTTP (details mentioned in previous post). I have delegation set for MSSQLSv. The RTC and Web Services WSDL is accessible from iE. But I am not being able to add the web service as reference in other application. Do I need to set delegation for the HTTP & DynamicsNAV SPN?

kine

Use the tool I mentioned, it will answer this for you... ;-)

Soumyadip

I have configured the Tool in IIS. It is generating a Report with few red crosses. Which one do i check? Is there any manual/link on NAV installation with this kind of SPN/Delegation config? The MSDN ends at Delegation for MSSQLSvc (but if someone wants to use RTC + Web Service?)

Another problem... it is running fine in Dev environment but not in Test Env. Sadly I am bit hesitant to follow a trial and error route in this environment (it may bring down all the other apps installed in test environment)

kine

1) If you want to use RTC, you need to set delegation from DynamicsNAV (frontend) service to SQL (backend).
2) If you want to use WebService, you need to set delegation from HTTP (frontend) service to SQL (backend)
3) If there are some red crosses, you need to solve them...

Soumyadip

kine wrote:

3) If there are some red crosses, you need to solve them...

Agree ...

Soumyadip

I have given delegation to HTTP SPN but it is still not working.

I just noticed something...

In Application Server and DB Server -
1) [Working]This URL is working - http://IPofAppServer:7047/DynamicsNAV/W ... me/Service

2) [Not Working] This URL is asking for UID and PWD and no UID/PWD is accepted -
http://FullyQualifiedDomainNameofAppSer ... me/Service

kine

It depends on which name you created the SPNs... ;-) if you want to use both, you need to create SPNs for both