mibuso.com
Home NAV Three Tier

Web Services and delegation problems

passtpasst Member Posts: 6
edited 2012-03-08 in NAV Three Tier
Hi everybody,

For installation of NAV server and Web Services I used Walkthrough: Installing the Three Tiers on Three Computers. MicrosoftDynamicsNavServer and MicrosoftDynamicsNavWS run with the local Network Service account from the server NAVSERVER where they are installed. According to the walkthrough I added two service principal names DynamicsNAV1 (1 is correct in our case) and MSSQLSvc both for the FQDN and the NETBIOS names of the servers. In active directory I configured the computer account of the NAVSERVER and added the delegation for MSSQLSvc.

The RTC can connect to NAV from any computer in the network successfully.
When I connect to the web services directly from NAVSERVER with http://localhost:7047/DynamicsNAV1/WS/Services, I receive the list of the published web services. When I replace localhost with 127.0.0.1 or NAVSERVER or when I try to connect to the web services from any other computer in the network (and login with my user account which has sufficient rights in NAV), I receive the following error message: 
Microsoft.Dynamics.Nav.Types.NavDatabasePasswordException
The login failed when connecting to SQL Server SQLSERVER
and on the MSSQL Server the following error is logged: 
Login failed for user 'NT-AUTORITÄT\ANONYMOUS-ANMELDUNG'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT:<IP address of NAVSERVER>]
Error: 18456, Severity: 14, State: 11

Can anybody help?

Regards,
Peter

Comments

  • chethanhtchethanht Member Posts: 14
    Does the Role Tailored Client work? This is to make sure the issue is with setting up of the delegation and not the NAV webservices.
  • passtpasst Member Posts: 6
    Yes, RTC is working without any problems.

    Btw, right now I'm busy with this issue. I am reading the How to: Configure Web Services with Delegation and it seems that the configuration is missing step 4 with httpcfg.exe. On Windows Server 2008 this tool is replaced by netsh.exe and I don't know what to enter there.

    Any suggestions?
  • passtpasst Member Posts: 6
    Meanwhile I found out how to use netsh.exe. The result was after adding the urlacl that the service didn't start anymore. When I removed this urlacl again, the service started successfully.

    BUT my description of the problem wasn't correct. When I connect to Web Services from any computer, I have to enter a user. Only one user account logs in successfully and returns the list published web services.

    Hm, it seems that I'm missing some basics of the security functionality of NAV server and web services.
  • kinekine Member Posts: 12,562
    The use you are using to login to the webservices must have account and assigned roles in NAV (Windows logins). But you must be sure that you correctly set up the SPNs. There cannot be double entries for same service etc. Try to use DelegConfig v2 web application to check if all is correct or look at my blog for simple description of what must be set.
    Kamil Sacek
    MVP - Dynamics NAV
    My BLOG
    NAVERTICA a.s.
  • passtpasst Member Posts: 6
    Can you help with DelegConfig?

    I try to run it on the local machine where DelegConfig is installed. When I click on the Report link, I only see Please wait ... and nothing happens.

    Unfortunately the latest version of Internet Explorer which is installed on my IIS server, doesn't show any error message. However IE 8 on a different computer shows this warning message: 
    Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Timestamp: Mon, 27 Feb 2012 11:18:20 UTC
Message: Object doesn't support this property or method
Line: 55
Char: 5
Code: 0
URI: http://MYIISSERVER/delegconfig/WebResource.axd?d=HjvE-9Hnn6-tnV05Fqrqs3PEIcRJ24FVA_KUhbUBTZCzq8eP7RZWQgQ2CinTzG00n1nwL3ZD3dstq-_qbyuRozhYJrzkij_mSRo2Mzo6YXHSpXUqHCIlHHP0GqIRDwsT4zBOKA2&t=634171284900000000

    Any suggestions what to do?

    Peter
  • kinekine Member Posts: 12,562
    It could be a problem of .net version installed on the server. May be the .net framework was installed after the IIS, than you need to use command to regiser the frameworks with the IIS. See http://msdn.microsoft.com/en-us/library ... 8h(v=vs.80).aspx
    Kamil Sacek
    MVP - Dynamics NAV
    My BLOG
    NAVERTICA a.s.
  • passtpasst Member Posts: 6
    Finally it works now.
    I used Best Practices Analyzer for Microsoft Dynamics NAV 2009 which checks for missing SPNs and delegation problems. However this tool indicates to add the following SPN: 
    http/NAVSERVER.domain.local:7047 domain/serviceaccount
    I think this should be added to the How to: Configure Web Services with Delegation.
Sign In or Register to comment.