NAV 2013 / Net Tcp Port Sharing / Dedicated service account

Hello all,

I try to configure a port sharing between the different services Navision.
I have set a service account, who is a AD user, to launch the services.
This account is not an admin account (local and domain). I don't want that it have this permission.
But he is in the group "Log on as a service".
I've followed this article : https://docs.microsoft.com/en-us/dynamics-nav/provisioning-the-microsoft-dynamics-nav-server-account.
When I start one Navision service I've this error :
Detailed error information:System.ServiceModel.CommunicationException: The service endpoint failed to listen on the URI 'net.tcp://stnasfrbzggz30.gazechim.local:7046/DynamicsNAVPB_FR_TEST/Service' because access was denied. Verify that the current user is granted access in the appropriate allowAccounts section of SMSvcHost.exe.config. ---> System.ComponentModel.Win32Exception: Access is denied.
In more the account can run the service "NetTcpPortSharing", before that was not possible.
However when I give it the local administrator right, the Navision service run.
So how to set the sharing TCP with a non administrator account service ?!

Thanks in advance.

Answers

  • irasoelbaksirasoelbaks Netherlands, theMember Posts: 119
    edited 2021-02-26
    You need to add this entry to your SMSvcHost.exe.config:
    <add securityIdentifier="S-1-5-6"/>
    After changing the config restart the service or sometimes the machine in order to take effect.

    This group includes all security principals that have logged on as a service privileges.

    Then restart the service. Ofcourse the serviceaccount must be granted the Log on as a service privilege as you did.
    One other step is to add the PortSharing dependency to the Nav service.
Sign In or Register to comment.