NAV 2013r2Role Tailored Client connection to Amazon instance

tarkmyler

I've got a test site at Amazon with the demo software installed. The web client works with a link that is formatted as
http://NN.NNN.NN.NNN:8080/DynamicsNAV71/WebClient

All is good. I'd love to bring up the RTC and see how it runs against this instance. However, I can't seem to get the RTC to "see" the remote service tier. I can telnet to 7046 at NN.NNN.NN.NNN and get a response.

The certificate configuration in 7.1 is a little different than 7.0. I managed to get the thumbprint entered. I even installed a second instance, pointed at the same database and configured it to run NAVUserPassword. I can log in with a user id (non-windows) and password successfully. I will test it from the outside when I can get the new port opened up.

However, it seems like the RTC should work from the outside. After all, the web client works with windows authentication.... But when I try and connect the RTC to the windows authentication instance (7046) I get...

A server was not found at
"nettcp://NN.NNN.NN.NNN:7046/DynamicsNAV71/Service" Ether the URL is incorrect or the server is currently not available.

Hard to believe how much time it takes to install and configure this version. I will say that the install seems better in 7.1 than 7.0. Anybody got any ideas before I burn more trial and error time?

Thanks!

ChristianDamm_[MSFT]

Hi,

If the first instance at 7046 is configured for Windows authentication, then it won't work to connect with Windows client running on another machine. I don't think you really want Windows authentication in this case, so I won't spend time on it here, but do know that it can be made to work even with Windows authentication.

The other instance which is configured for NavUserPassword authentication - that should work when connecting with the Windows client running from anywhere, as long as it can "see" the server of course. So try opening up that firewall and see if it works.

/Christian

tarkmyler

Christian - Thanks for your help! You validated my suspicion and saved me some time.

Now I have the ports I need opened, and have moved on to the next message, which is generated during RTC certificate authentication. The NAVUserPassword method of connecting works in an RDP session on the Amazon server, but the root certificate authority cannot be contacted to validate the certificate for a remote RTC session.

See the message below and the details of how the certificate was created. Being certificate challenged doesn't help me in this whole experience. However, I would bet I'm not the first NAV pro to get stumped here. How do I change the certificatevalidationmode or create a certificate with a root authority that can be contacted by anyone?

Thanks,
Mark


message/
The Service Principal Name (Delegation) configuration has been set incorrectly. Server connect URL: "nettcp://NN.NNN.NN.NNN:7052/DynamicsNAV71_Cert/Service" SPN Identity:
"DynamicsNAV/NN.NNN.NN.NNN:7052"
The X.509 certificate CN=DynamicsNAV71Service is not in the trusted people store. The X.509 certificate CN=DynamicsNAV71Service chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
/message

NAV Instance called "DynamicsNAV71_Cert".

Script to create certificates as follows:
===============script/
c:
cd \temp\cert
del *.cer
del *.pvk
del *.crl
makecert -n "CN=RootDynamicsNAV71ServiceCA" -r -sv RootDynamicsNAV71ServiceCA.pvk RootDynamicsNAV71ServiceCA.cer
rem
rem If this succeeded then import it into the Trusted Root Certificates Authority - Certificates Folder
rem
pause
rem
rem NOW CERTIFICATE REVOKATION LIST
makecert -crl -n "CN=RootDynamicsNAV71ServiceCA" -r -sv RootDynamicsNAV71ServiceCA.pvk RootDynamicsNAV71ServiceCA.crl
rem
rem If this succeeded then import it into the Trusted Root Certificates Authority - then refresh tree to see revokation list folder appear
rem
pause
rem
rem NOW THE CERTIFICATE FOR THE NAV SERVICE
makecert -sk DynamicsNAV71Service -iv RootDynamicsNAV71ServiceCA.pvk -n "CN=DynamicsNAV71Service" -ic RootDynamicsNAV71ServiceCA.cer -sr localmachine -ss my -sky exchange -pe DynamicsNAV71Service.cer
rem
rem certificate in the Personal folder - grab the thumbprint for the service config
rem
pause
/script=======================

tarkmyler

Some days the magic works and some days... :oops:

It appears this will resolve my issue...

viewtopic.php?f=32&t=57628