Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 264 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 992 SQL General
- 384 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
Nav 2009 R2 3T configuration
avazquez
Member Posts: 8
Hello all,
first of all I hope all can read between lines :-)
We are trying to install the 3T enviorment with this configuration:
- One server for: SQL SERVER 2008 on Windows Server 2008 R2 Standard
- One server for: NAV Server on Windows Server 2008 R2 Standard
- One server for: Client Windows 7 and Windows XP
All servers are in the same domain group, and we have a domain user that executes Nav Server and MicrosoftDynamicsNavWS.
We try to do step by step these guides, from Nav2009R2 Documentation files:
- Walkthrough: Installing the Three Tiers on Three Computers
- "How to: Configure Web Services with Delegation"
When we try to access web services http://instancename:7047/DynamicsNAV/WS ... y/Services, its impossible, always the browser give us a HTTP 500 error.
We created the next SPN:
- setspn -A DynamicsNAV/NAVSERVER.domain.com:7046 group\user
- setspn -A MSSQLSvc/SQLSERVER.domain.com:1433 group\user
After this, we did it:
"To delegate access to the SQL Server service
Click Start, and then click Run.
In the Open field, type dsa.msc.
This opens the Active Directory Users and Computers utility.
Right-click the node for the domain where you have installed Microsoft Dynamics NAV, and then click Find.
In the Find Users, Contacts, and Group dialog box, type the name of the domain user in the Name field, and then press ENTER.
In the Search results area, right-click the domain user, and then click Properties.
On the Delegation tab, click Trust this user for delegation to specified services only, and then click Use Kerberos only.
There is also the option to not restrict authorization to Kerberos, although the environment is not as secure when you are less restrictive. Your decision must be reflected in the value that you assign to the AllowNtlm setting in the RoleTailored client configuration file (ClientUserSettings.config). For details, see Configuring the RoleTailored Client.
Click Add to open the Add Services dialog box.
Click Users or Computers, and then specify the domain user.
In the list of services for the domain user, click MSSQLSvc, which is the SQL Server service.
Click OK to close the Add Services dialog box. Continue clicking OK to close all open dialog boxes."
Then we found one problem:
- The MSSQLSvc doesn't appear. Where MSSQLSvc are?
We try again to open the url in the browser (I.E.) but its impossible, we always received the same http 500 error.
We need to access the webservices, what are we doing bad?
KR,
Alex.
first of all I hope all can read between lines :-)
We are trying to install the 3T enviorment with this configuration:
- One server for: SQL SERVER 2008 on Windows Server 2008 R2 Standard
- One server for: NAV Server on Windows Server 2008 R2 Standard
- One server for: Client Windows 7 and Windows XP
All servers are in the same domain group, and we have a domain user that executes Nav Server and MicrosoftDynamicsNavWS.
We try to do step by step these guides, from Nav2009R2 Documentation files:
- Walkthrough: Installing the Three Tiers on Three Computers
- "How to: Configure Web Services with Delegation"
When we try to access web services http://instancename:7047/DynamicsNAV/WS ... y/Services, its impossible, always the browser give us a HTTP 500 error.
We created the next SPN:
- setspn -A DynamicsNAV/NAVSERVER.domain.com:7046 group\user
- setspn -A MSSQLSvc/SQLSERVER.domain.com:1433 group\user
After this, we did it:
"To delegate access to the SQL Server service
Click Start, and then click Run.
In the Open field, type dsa.msc.
This opens the Active Directory Users and Computers utility.
Right-click the node for the domain where you have installed Microsoft Dynamics NAV, and then click Find.
In the Find Users, Contacts, and Group dialog box, type the name of the domain user in the Name field, and then press ENTER.
In the Search results area, right-click the domain user, and then click Properties.
On the Delegation tab, click Trust this user for delegation to specified services only, and then click Use Kerberos only.
There is also the option to not restrict authorization to Kerberos, although the environment is not as secure when you are less restrictive. Your decision must be reflected in the value that you assign to the AllowNtlm setting in the RoleTailored client configuration file (ClientUserSettings.config). For details, see Configuring the RoleTailored Client.
Click Add to open the Add Services dialog box.
Click Users or Computers, and then specify the domain user.
In the list of services for the domain user, click MSSQLSvc, which is the SQL Server service.
Click OK to close the Add Services dialog box. Continue clicking OK to close all open dialog boxes."
Then we found one problem:
- The MSSQLSvc doesn't appear. Where MSSQLSvc are?
We try again to open the url in the browser (I.E.) but its impossible, we always received the same http 500 error.
We need to access the webservices, what are we doing bad?
KR,
Alex.
0
Comments
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
I red this topic: http://dynamicsuser.net/blogs/kine/arch ... -spns.aspx
"Is the SQL running under same account as the service tier? The SPNs looks like yes, but is it true?": Yes, we have a user called: sqladminqa
sqladminqa run SQL and run NAVServer.
Now, we are trying to configure by this way:
Needed SPNs for NAV Server:
setspn –A DynamicNAV/NAVSERVER.domain.com:7046 domain.com\sqladminqa$
setspn –A DynamicNAV/NAVSERVER:7046 domain.com\sqladminqa$
SPNs for NAV WebService:
setspn –A HTTP/NAVSERVER.domain.com domain.com\sqladminqa$
setspn –A HTTP/NAVSERVER domain.com\sqladminqa$
SPN for SQL:
setspn –A MSSQLSvc/SQLSERVER.domain.com:1433 domain.com\sqladminqa
setspn –A MSSQLSvc/SQLSERVER:1433 domain.com\sqladminqa
I will tell your more info about it if this config works or dont.
Thanks !
domain.com\sqladminqa$ is account for COMPUTER with name sqladminqa!
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
Then must be the same without '$' ??:
Needed SPNs for NAV Server:
setspn –A DynamicNAV/NAVSERVER.domain.com:7046 domain.com\sqladminqa
setspn –A DynamicNAV/NAVSERVER:7046 domain.com\sqladminqa
SPNs for NAV WebService:
setspn –A HTTP/NAVSERVER.domain.com domain.com\sqladminqa
setspn –A HTTP/NAVSERVER domain.com\sqladminqa
SPN for SQL:
setspn –A MSSQLSvc/SQLSERVER.domain.com:1433 domain.com\sqladminqa
setspn –A MSSQLSvc/SQLSERVER:1433 domain.com\sqladminqa
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
Finally, the three tier is configured and working!
Thanks for your help!.
it seems to be okay....
i already create SPN
i already delegate and using kerberos
but when i check in the event viewer in db server... why it still said login failed for user NT AUTHORITY\ANONYMOUS LOGON ??
reason : Token-based server access validation failed with an infrastructure error
thanks
/Claus
Program Manager
Microsoft Dynamics NAV