NAV 2009 SP1 3 Tiers configuration

moichinoimoichinoi Member Posts: 41
edited 2015-04-30 in NAV Three Tier
Hi,

I am using Nav 2009 SP1, and try to deploye it on the 3Tiers configuration.

So I have followed this step :

Walkthrough: Installing the Three Tiers on Three Computers :
https://msdn.microsoft.com/en-us/library/dd301254.aspx

and my COnfiguration :

- One server for: SQL SERVER 2008R2 on Windows Server 2008 R2 Standard
- One server for: NAV Server on Windows Server 2008 R2 Standard
- One server for: SQL SERVER 2008R2 with RTC client



Connecting on a client RTC on the Nav server work well, but not with client.
I can use my nav with a client on the NAVSERVER, but it is not my wish.
I would like to connect with any other client on my domain.
All of them have a connexion in sql and a account working with Nav.


The 3 servers are on the same domain.
Nav server and SQL server are using the same domain user , i will call it Mydomain\sqlnav

I created the next SPN:
- setspn -A DynamicsNAV/NAVSERVER.mydomain.com:7046 Mydomain\sqlnav
- setspn -A DynamicsNAV/NAVSERVER:7046 Mydomain\sqlnav
- setspn -A MSSQLSvc/SQLSERVER.domain.com:1433 Mydomain\sqlnav
- setspn -A MSSQLSvc/SQLSERVER:1433 Mydomain\sqlnav

I just have one SLQ instance, and the port is well the 1433.

And I did well this step

To delegate access to the SQL Server service
Click Start, and then click Run.
In the Open field, type dsa.msc.
This opens the Active Directory Users and Computers utility.
Right-click the node for the domain where you have installed Microsoft Dynamics NAV, and then click Find.
In the Find Users, Contacts, and Group dialog box, type the name of the domain user in the Name field, and then press ENTER.
In the Search results area, right-click the domain user, and then click Properties.
On the Delegation tab, click Trust this user for delegation to specified services only, and then click Use Kerberos only.
There is also the option to not restrict authorization to Kerberos, although the environment is not as secure when you are less restrictive. Your decision must be reflected in the value that you assign to the AllowNtlm setting in the RoleTailored client configuration file (ClientUserSettings.config). For details, see Configuring the RoleTailored Client.
Click Add to open the Add Services dialog box.
Click Users or Computers, and then specify the domain user.
In the list of services for the domain user, click MSSQLSvc, which is the SQL Server service.
Click OK to close the Add Services dialog box. Continue clicking OK to close all open dialog boxes.
Delegation from the domain user to the SQL Server service on a separate computer is now enabled.

And on the client I added this line in the clientconfigurationfile

<add key=”DelegateInfo” value=”DomainUser”>

</add> <add key=”Allowntlm” value=”false”></add>

But, when I try to connect with this client, I got the error : Login fail to SQLSERVER.

And on the event log of the SQLSERVER, i got an "ANONYMOUS" Logon message.

All the firewall are swithed off.

All server ping each other.

I don't know what to do after, what to check.

I have launch the best practice analyser, and just got the message about Nav web service, but I don't use it.

Anybody would have an Idea ??
thx you.
Sign In or Register to comment.