webservice error SQL authentication failed / delegation error

distodisto Member Posts: 3
edited 2016-04-07 in NAV Three Tier
NAV 2009 R2


I have some trouble using the webservice.
We're using the 3 tier environment without any problem for some years now.
Now we also want to use the webservice so I walked through this thread:
How to: Configure Web Services with Delegation

The NAVServerService and The NAVWebservice are running with the same domain user account.
Also the SQL-Server is running with the same account.

SPN for the domain user account running the services:


I've set the delegation for the domain user account as described in the walkthrough for the 3-Tier installation.

So the user is trusted for delegation to the MSSQLSvc on SQLSERVER, with Kerberos only.

With RTC everything works properly.

When I try to call the webservice with a Browser (IE or chrome) with a domain user (i.e. domain\user1) I get:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"&gt;
<faultcode xmlns:a="urn:microsoft-dynamics-schemas/error">
<faultstring xml:lang="de-DE">
The login failed when connecting to SQL Server SQLSERVER.
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/"&gt;
The login failed when connecting to SQL Server SQLSERVER.

Calling the webservice from any client with the domain user account running the services is working properly.

In the event log from the NAVSERVER I can see, that a domain user (i.e. domain\user1) logon correct with logon type 3 (network).
But in the event log from the SQLSERVER I can see, a logn error "NT-AUTHORITY\ANONYMOUS LOGON" with event id 18456.

So I think there is a problem with the delegation.
But I can't find any configuration issue.

Any help is appreciated - thank you.

best regards


Best Answer


  • Options
    ara3nara3n Member Posts: 9,256
    Make sure there is no SPN for the computer. Find the NAVSERVER in AD and make sure there is no SPN.
    Ahmed Rashed Amini
    Independent Consultant/Developer

    blog: https://dynamicsuser.net/nav/b/ara3n
  • Options
    distodisto Member Posts: 3
    Hi ara3n,

    thank you for your reply.
    Which SPN's do you mean?
    There are just the typical SPN's set for this Server. For example Host/.. WSMAN/.. TERMSRV/.. and so on. There is no SPN set for DynamicsNAV/, http/ or MSSQLSrv/ for the Server.
    These SPN's are only set to the domain user account under which the services are running.
    As already mentioned the 3-Tier Environment with RTC works properly.


Sign In or Register to comment.