Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 304 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 260 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
NT AUTHORITY\ANONYMOUS error Nav web service
BEsterhuizen
Member Posts: 11
Good day to all the guru's out there 
I hope that someone can help me with the issue that I am experiencing? I have written a .NET CF3.5 application in c# for our barcode scanners in our warehouse that access Dynamics NAV (2009 R2) data through Dynamics NAV Web Service.
Issue:
The issue that I am experiencing is that the application connects correctly most of the time but sometime when application is not being used / out of the blue it stops working and produces a login exception. I have to run the same .NET application from a windows machine (not barcode scanner) and then it unlocks all the devices which allow me to use the application on the barcode scanners again (almost like it is unlocking some trapped request). I have run the trace logs on the web server and come up with the following. The login failed when connecting to SQL Server DEL-SYS-SQL04. Also running the SQL Server Profiler SQL then flags the following Audit Login failure: ”Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors “.I think we have setup delegation correctly on the server and can be seen below.
I am not sure why this is working some times and then stop working only to be unlocked by accessing the application from a windows machine?
Any help will be much appreciated.
Delegation Setup done:
Microsoft Dynamics NAV Server is installed on Server-int-nas on ports 17000 and 17001
Logon Account for the Microsoft Dynamics NAV Server is Delta\Acc-ws-int
Logon Account for the SQL Server Service is Detla\SQL-Acc
Delta\Acc-ws-int
setspn -A http/Server-int-nas04:17001 Delta\Acc-ws-int
setspn -A http/SERVER-INT-NAS .delta. xxxxxxinc.com:17001 Delta\Acc-ws-int
setspn -A http/SERVER-INT-NAS .delta. xxxxxxinc.com Delta\Acc-ws-int
setspn -A http/SERVER-INT-NAS Delta\Acc-ws-int
setspn -A DynamicsNAV/SERVER-INT-NAS :17000 Delta\Acc-ws-int
setspn -A DynamicsNAV/SERVER-INT-NAS .delta.xxxxxxinc.com:17000 Delta\Acc-ws-int
Detla\SQL-Acc
setspn -A MSSQLSvc/Server-Int-SQL:1433 Detla\SQL-Acc
setspn -A MSSQLSvc/ Server-Int-SQL.delta. xxxxxxinc.com:1433 Detla\SQL-Acc
.NET Call code
DocumentScanningMethods.DocumentScanningMethods DocScanningMethods = new DocumentScanningMethods.DocumentScanningMethods();
DocScanningMethods.Credentials = new NetworkCredential(LoginCredentials.G_Username, LoginCredentials.G_Password, LoginCredentials.G_Domain);
DocScanningMethods.Url = Environment.WS_DocumentScanningMethods_URL;
Boolean boolConnected = false;
try
{
DocScanningMethods.TestWebServiceCall(ref boolConnected);
}
I hope that someone can help me with the issue that I am experiencing? I have written a .NET CF3.5 application in c# for our barcode scanners in our warehouse that access Dynamics NAV (2009 R2) data through Dynamics NAV Web Service.
Issue:
The issue that I am experiencing is that the application connects correctly most of the time but sometime when application is not being used / out of the blue it stops working and produces a login exception. I have to run the same .NET application from a windows machine (not barcode scanner) and then it unlocks all the devices which allow me to use the application on the barcode scanners again (almost like it is unlocking some trapped request). I have run the trace logs on the web server and come up with the following. The login failed when connecting to SQL Server DEL-SYS-SQL04. Also running the SQL Server Profiler SQL then flags the following Audit Login failure: ”Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors “.I think we have setup delegation correctly on the server and can be seen below.
I am not sure why this is working some times and then stop working only to be unlocked by accessing the application from a windows machine?
Any help will be much appreciated.
Delegation Setup done:
Microsoft Dynamics NAV Server is installed on Server-int-nas on ports 17000 and 17001
Logon Account for the Microsoft Dynamics NAV Server is Delta\Acc-ws-int
Logon Account for the SQL Server Service is Detla\SQL-Acc
Delta\Acc-ws-int
setspn -A http/Server-int-nas04:17001 Delta\Acc-ws-int
setspn -A http/SERVER-INT-NAS .delta. xxxxxxinc.com:17001 Delta\Acc-ws-int
setspn -A http/SERVER-INT-NAS .delta. xxxxxxinc.com Delta\Acc-ws-int
setspn -A http/SERVER-INT-NAS Delta\Acc-ws-int
setspn -A DynamicsNAV/SERVER-INT-NAS :17000 Delta\Acc-ws-int
setspn -A DynamicsNAV/SERVER-INT-NAS .delta.xxxxxxinc.com:17000 Delta\Acc-ws-int
Detla\SQL-Acc
setspn -A MSSQLSvc/Server-Int-SQL:1433 Detla\SQL-Acc
setspn -A MSSQLSvc/ Server-Int-SQL.delta. xxxxxxinc.com:1433 Detla\SQL-Acc
.NET Call code
DocumentScanningMethods.DocumentScanningMethods DocScanningMethods = new DocumentScanningMethods.DocumentScanningMethods();
DocScanningMethods.Credentials = new NetworkCredential(LoginCredentials.G_Username, LoginCredentials.G_Password, LoginCredentials.G_Domain);
DocScanningMethods.Url = Environment.WS_DocumentScanningMethods_URL;
Boolean boolConnected = false;
try
{
DocScanningMethods.TestWebServiceCall(ref boolConnected);
}
0
Comments
If not, the domain account used to run the webservice server must be a "group" account, and the user on the scanner must be a member of that group. Both group and scanner user must be database users.
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
I do not see any notice that you have enabled the deleagtion through ADUC management console (Active Directory Users and Computers). You have only set up the SPNs, which is only one part. Also check setspn -x for duplicities.
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
1) Since i am using .NET CFv3.5 am i doing my .NET connection correctly?
2) Some behaviour i notice when installing the service is that when you try to connect to the Web Service URL the first time it asks you for a username and password. Now when i run it from the scanner there is no Windows Authentication and might explain why it sometimes give me an 'AUTHORITY\ANONYMOUS LOGON' login error but when i activate the same app from windows it clears up the issue?
thanks in advance
did you already solved this issue? sometimes it happens also with a webservice of a customer. Maybe it is some kind of network adapter that is going into sleeping mode?
Another thing i noticed is that it looks like the webservice is not totaly thread save. For example we have a website that calls the webservice for the synchronisation of the prices. this goes ok until another job starts the synchronisation of the inventory. then the webservice uses another port for the response for this thread, and then the messages got mixed and after 2 or 3 times you see that there is an anonymous login error.
Gr. Jan Jansen