Options

NAV 2013r2Role Tailored Client connection to Amazon instance

tarkmylertarkmyler Member Posts: 57
edited 2013-12-11 in NAV Three Tier
I've got a test site at Amazon with the demo software installed. The web client works with a link that is formatted as
http://NN.NNN.NN.NNN:8080/DynamicsNAV71/WebClient

All is good. I'd love to bring up the RTC and see how it runs against this instance. However, I can't seem to get the RTC to "see" the remote service tier. I can telnet to 7046 at NN.NNN.NN.NNN and get a response.

The certificate configuration in 7.1 is a little different than 7.0. I managed to get the thumbprint entered. I even installed a second instance, pointed at the same database and configured it to run NAVUserPassword. I can log in with a user id (non-windows) and password successfully. I will test it from the outside when I can get the new port opened up.

However, it seems like the RTC should work from the outside. After all, the web client works with windows authentication.... But when I try and connect the RTC to the windows authentication instance (7046) I get...

A server was not found at
"nettcp://NN.NNN.NN.NNN:7046/DynamicsNAV71/Service" Ether the URL is incorrect or the server is currently not available.

Hard to believe how much time it takes to install and configure this version. I will say that the install seems better in 7.1 than 7.0. Anybody got any ideas before I burn more trial and error time?

Thanks!
Mark Tyler
Pacific City, OR

Comments

  • Options
    ChristianDamm_[MSFT]ChristianDamm_[MSFT] Member, Microsoft Employee Posts: 15
    Hi,

    If the first instance at 7046 is configured for Windows authentication, then it won't work to connect with Windows client running on another machine. I don't think you really want Windows authentication in this case, so I won't spend time on it here, but do know that it can be made to work even with Windows authentication.

    The other instance which is configured for NavUserPassword authentication - that should work when connecting with the Windows client running from anywhere, as long as it can "see" the server of course. So try opening up that firewall and see if it works.

    /Christian
    Christian Heide Damm
    Developer @ Microsoft
  • Options
    tarkmylertarkmyler Member Posts: 57
    Christian - Thanks for your help! You validated my suspicion and saved me some time.

    Now I have the ports I need opened, and have moved on to the next message, which is generated during RTC certificate authentication. The NAVUserPassword method of connecting works in an RDP session on the Amazon server, but the root certificate authority cannot be contacted to validate the certificate for a remote RTC session.

    See the message below and the details of how the certificate was created. Being certificate challenged doesn't help me in this whole experience. However, I would bet I'm not the first NAV pro to get stumped here. How do I change the certificatevalidationmode or create a certificate with a root authority that can be contacted by anyone?

    Thanks,
    Mark


    message/
    The Service Principal Name (Delegation) configuration has been set incorrectly. Server connect URL: "nettcp://NN.NNN.NN.NNN:7052/DynamicsNAV71_Cert/Service" SPN Identity:
    "DynamicsNAV/NN.NNN.NN.NNN:7052"
    The X.509 certificate CN=DynamicsNAV71Service is not in the trusted people store. The X.509 certificate CN=DynamicsNAV71Service chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
    /message

    NAV Instance called "DynamicsNAV71_Cert".

    Script to create certificates as follows:
    ===============script/
    c:
    cd \temp\cert
    del *.cer
    del *.pvk
    del *.crl
    makecert -n "CN=RootDynamicsNAV71ServiceCA" -r -sv RootDynamicsNAV71ServiceCA.pvk RootDynamicsNAV71ServiceCA.cer
    rem
    rem If this succeeded then import it into the Trusted Root Certificates Authority - Certificates Folder
    rem
    pause
    rem
    rem NOW CERTIFICATE REVOKATION LIST
    makecert -crl -n "CN=RootDynamicsNAV71ServiceCA" -r -sv RootDynamicsNAV71ServiceCA.pvk RootDynamicsNAV71ServiceCA.crl
    rem
    rem If this succeeded then import it into the Trusted Root Certificates Authority - then refresh tree to see revokation list folder appear
    rem
    pause
    rem
    rem NOW THE CERTIFICATE FOR THE NAV SERVICE
    makecert -sk DynamicsNAV71Service -iv RootDynamicsNAV71ServiceCA.pvk -n "CN=DynamicsNAV71Service" -ic RootDynamicsNAV71ServiceCA.cer -sr localmachine -ss my -sky exchange -pe DynamicsNAV71Service.cer
    rem
    rem certificate in the Personal folder - grab the thumbprint for the service config
    rem
    pause
    /script=======================
    Mark Tyler
    Pacific City, OR
  • Options
    tarkmylertarkmyler Member Posts: 57
    Some days the magic works and some days... :oops:

    It appears this will resolve my issue...

    viewtopic.php?f=32&t=57628
    Mark Tyler
    Pacific City, OR
Sign In or Register to comment.