Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 304 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 260 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
3-tier Helle with SPN's in a 4 tier setup in NAV 2009
plc5700
Member Posts: 10
Hi
I have been struggling with SPN's kerberos and all possible other things that could influence my problem.
Generally I'm trying to setup a 3(4) tier setup where users login through Citrix and start the RTC. Using the RTC the user connects to the NAV Service which resides on a different computer, which in turn connects to a SQL Server database which resides on yet another computer.
As a result - I have 4 computers involved (Client computer, Citrix Server, NAV Service Server and SQL Server)
I have until now not given any thought the the first tier in my problem - the Client computer - is that correct of me :?:
This is what I have:
SQL Server is running as a named instance called SQLSRV\NAV on a computer named SQLSRV running under the domain account DOMAIN\sqlnavsvc. Port number for this Named instance is 52934
NAV Service is running without Port Sharing on a server called NAVSRV - running on default ports 7046+7047 - under the domain account of DOMAIN\navsvc
RTC is running on a citrix server called CITRIX28
I have tried to follow this guide: Walkthrough: Installing the Three Tiers on Three Computers as best as possible - since it does not cover my set-up completely.
I have only created the first entries (non-fqdn) because some people have told me that that’s what Microsoft says you should do :? :? :?
I would prefer only having the 3 fqdn entries.
I have setup contrained delegation on the account DOMAIN\navsvc on the following so i have the following lines on the Delegation Page of the account:
When I try to connect using the RTC from CITRIX28 I get this error ](*,)
I have noticed that all guides let me know that the spn for SQL Server should be name MSSQLSvc/SQLSRV.domain.local:52934 - but when I change that - i'm not even able to connect to the sql server from a remote computer using any method and tool/application.
In the above mentioned walkthrough the domain service account for both NAVSRV and SQLSRV is the same - does it that have any influence that this is not the case in my setup?
I'm able to connect to the database using classic client on both NAVSRV and CITRIX28 (And others for that matter)
If I start the RTC locally on the NAVSRV server - it works perfectly.
Can somebody tell me what i'm missing :?: :?: :?: :?:
Do I need to something with the DOMAIN\sqlnavsvc account?
Do I need to give the DOMAIN\navsvc any further permissions or something?
I have been struggling with SPN's kerberos and all possible other things that could influence my problem.
Generally I'm trying to setup a 3(4) tier setup where users login through Citrix and start the RTC. Using the RTC the user connects to the NAV Service which resides on a different computer, which in turn connects to a SQL Server database which resides on yet another computer.
As a result - I have 4 computers involved (Client computer, Citrix Server, NAV Service Server and SQL Server)
I have until now not given any thought the the first tier in my problem - the Client computer - is that correct of me :?:
This is what I have:
SQL Server is running as a named instance called SQLSRV\NAV on a computer named SQLSRV running under the domain account DOMAIN\sqlnavsvc. Port number for this Named instance is 52934
NAV Service is running without Port Sharing on a server called NAVSRV - running on default ports 7046+7047 - under the domain account of DOMAIN\navsvc
RTC is running on a citrix server called CITRIX28
I have tried to follow this guide: Walkthrough: Installing the Three Tiers on Three Computers as best as possible - since it does not cover my set-up completely.
-
For the DOMAIN\navsvc I have created the following SPN's:
- NAV/SQLSRV:52934
- DynamicsNAV/NAVSRV:7046
- HTTP/NAVSRV:7047
- NAV/SQLSRV.domain.local:52934
- HTTP/NAVSRV.domain.local:7047
- DynamicsNAV/NAVSRV.domain.local:7046
I have only created the first entries (non-fqdn) because some people have told me that that’s what Microsoft says you should do :? :? :?
I would prefer only having the 3 fqdn entries.
I have setup contrained delegation on the account DOMAIN\navsvc on the following so i have the following lines on the Delegation Page of the account:
NAV SQLSRV.domain.local 52934 HTTP NAVSRV.domain.local 7047 DynamicsNAV NAVSRV.domain.local 7046
When I try to connect using the RTC from CITRIX28 I get this error ](*,)
The login failen when connecting to SQL Server SQLSRV.domain.local\NAV
I have noticed that all guides let me know that the spn for SQL Server should be name MSSQLSvc/SQLSRV.domain.local:52934 - but when I change that - i'm not even able to connect to the sql server from a remote computer using any method and tool/application.
In the above mentioned walkthrough the domain service account for both NAVSRV and SQLSRV is the same - does it that have any influence that this is not the case in my setup?
I'm able to connect to the database using classic client on both NAVSRV and CITRIX28 (And others for that matter)
If I start the RTC locally on the NAVSRV server - it works perfectly.
Can somebody tell me what i'm missing :?: :?: :?: :?:
Do I need to something with the DOMAIN\sqlnavsvc account?
Do I need to give the DOMAIN\navsvc any further permissions or something?
0