Set SPN issue

fcipriano
fcipriano Member Posts: 26
edited 2014-12-11 in NAV Three Tier
Hi all
I’m having one issue configuring SQL 2014 with NAV 2009 R2.

We are using two servers, SQL server is using SQL 2014 with one different instance from the standard and NAV 2009 R2 on another server.
I already try all the SPN configurations according the manuals but I still get the error that the user don't have permissions to access the database.

Did any have one similar experience and want share with me the correct SPN configuration? :D

Thanks

Comments

  • vremeni4
    vremeni4 Member Posts: 323
    Hi,

    If the error message is
    the user don't have permissions to access the database.
    then this has nothing to do with the SPN.
    You have to make sure that the user used for NAV 2009 Service is a DB_owner on the database.
    Also the user that wants to connect to the database needs to have permission to access the database.

    I hope this helps.
    Thanks.
  • fcipriano
    fcipriano Member Posts: 26
    Hi

    I've checked all user permissions and still don't work. ](*,)

    In the mean time we install the SQL 2008 R2 on the same server and NAV is working with no issues. :(

    Do you think is something related with SO Windows server 2008 R2 and SLQ 2014?
    Is the unique variable changed and is working, not like i need but is working.

    Thanks for your reply.
  • vremeni4
    vremeni4 Member Posts: 323
    Hi,

    I would suggest following steps.

    1. try to connect to SQL 2014 database from NAV. Wait to get the error message.
    2. Start SQL Studio manager and connect to the SQL 2014 Server.
    3. Go to -> Management -> SQL Server Logs -> Double Click on "Current"
    4. Remove tick from SQL Agent and select SQL Server -> current
    5. Scroll to see if there are any error messages regarding permissions.
    The error message should tell you what user is trying to connect to SQL Server and why it was rejected.

    I hope this helps.
    Thanks.
  • fcipriano
    fcipriano Member Posts: 26
    Hi again

    I got this error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Could not find a login matching the name provided."

    Like I've said we have in the same server one SQL 2008 R2 running and working with NAV service.
    We cannot assign the delegation on the service account for the SQL 2014 Service, for the 2008 service we are able to select SQL Service....

    Thanks
  • vremeni4
    vremeni4 Member Posts: 323
    Hi ,

    Okay I understand the issue now.
    The NAV Server for NAV 2009 uses Network Service as a user. This user does not exist on the SQL Server machine,
    as Network Service is local computer specific user so it cannot login on another machine.
    What windows does in these situation it converts "Network Service" user into "NT AUTHORITY\ANONYMOUS LOGON" on other machine. This is how another machine see Network Service user.

    To resolve this problem you have two options:
    1. You can add the user "NT AUTHORITY\ANONYMOUS LOGON" on the SQL Server and give it Db_owner permission. (from security point of view this is not the best option, but it will work and it is easier to maintain)

    2. You can use a dedicated domain user to run NAV Server for NAV 2009, rather then to use "Network Service". This domain user need to exist on the SQL server and to have db_owner permission on the database.
    (This option is more complicated as you will need to setup Delegation for RTC to work correctly. )

    I hope this helps.
    Thanks.

Categories