Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.6K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 295 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
NAV2009 R2 Webservices and delegation
dkavaliunas
Member Posts: 8
Hello,
we have NAV2009 R2 webservices, which should be accesible from the internet.
NAV service tier is installed on the server nav.internal.contoso.com. The same server from the internet is accessible as navws.contoso.com.
SPNs for both adresses are registered on the nav service user:
HTTP/nav
HTTP/nav:7047
HTTP/nav.internal.contoso.com
HTTP/nav.internal.contoso.com:7047
HTTP/navws.contoso.com
HTTP/navws.contoso.com:7047
Webservices work correctly when accessed from the internal network. Even from the computer which is not a part of the domain.
Attempt to open webservices from outside, only works if NAV service user is set to „Trust this user for delegation to specified services only“ -> "Use any authentication protocol“. But when using this option, it is not possible to access SMB2 shares (according to http://support.microsoft.com/kb/2621984)
When NAV service user is set as „Trust this user for delegation to any service (Kerberos only)“, then attempt to access web service ends with a message about failed login to sql server.
In the network trace I can see KRB5KDC_ERR_BADOPTION NT Status: STATUS_NOT_SUPPORTED.
So the question is: is it possible to use NAV webservices from the internet, when NAV service user is trusted to delegate to any service?
Any ideas would be appreciated.
we have NAV2009 R2 webservices, which should be accesible from the internet.
NAV service tier is installed on the server nav.internal.contoso.com. The same server from the internet is accessible as navws.contoso.com.
SPNs for both adresses are registered on the nav service user:
HTTP/nav
HTTP/nav:7047
HTTP/nav.internal.contoso.com
HTTP/nav.internal.contoso.com:7047
HTTP/navws.contoso.com
HTTP/navws.contoso.com:7047
Webservices work correctly when accessed from the internal network. Even from the computer which is not a part of the domain.
Attempt to open webservices from outside, only works if NAV service user is set to „Trust this user for delegation to specified services only“ -> "Use any authentication protocol“. But when using this option, it is not possible to access SMB2 shares (according to http://support.microsoft.com/kb/2621984)
When NAV service user is set as „Trust this user for delegation to any service (Kerberos only)“, then attempt to access web service ends with a message about failed login to sql server.
In the network trace I can see KRB5KDC_ERR_BADOPTION NT Status: STATUS_NOT_SUPPORTED.
So the question is: is it possible to use NAV webservices from the internet, when NAV service user is trusted to delegate to any service?
Any ideas would be appreciated.
Darius
0