NAV 2009 webservice cannot access SQL

We have 2 NAV 2009 Webservices, one for production and one for test, that has been working flawlessly for 10 years. A couple of days ago they were suddenly denied access to the SQL-server. We have checked credentials etc., and everything seems ok. Yesterday we got the access restored by restarting the whole server (restarting services did not work), but today any call to the services are rejected due to missing SQL access, and restart does not help. We have tried to deactivate Kaspersky security on both servers, but to no avail (Kaspersky has previously blocked legal ressources after updates).

The response given to the call: "The login failed when connecting to SQL Server SQL01."

Any ideas/suggestions will be appreciated.

Tomad

Regards

/tomad

Best Answer

  • smartvvsmartvv Member Posts: 2
    Accepted Answer
    Hello, check Win Update KB5007260. After installing this update on your Domain Controller (DC), you might have authentication failures on servers relating to Kerberos Tickets acquired via S4u2self. The authentication failures are a result of Kerberos Tickets acquired via S4u2self and used as evidence tickets for protocol transition to delegate to backend services which fail signature validation. Kerberos authentication will fail on Kerberos delegation scenarios that rely on the front-end service to retrieve a Kerberos ticket on behalf of a user to access a backend service. https://support.microsoft.com/en-us/topic/november-9-2021-kb5007260-monthly-rollup-eea1738a-38d1-424b-8d73-d9e30ce28e1a
    And install the next update KB5008604.

Answers

  • smartvvsmartvv Member Posts: 2
    Accepted Answer
    Hello, check Win Update KB5007260. After installing this update on your Domain Controller (DC), you might have authentication failures on servers relating to Kerberos Tickets acquired via S4u2self. The authentication failures are a result of Kerberos Tickets acquired via S4u2self and used as evidence tickets for protocol transition to delegate to backend services which fail signature validation. Kerberos authentication will fail on Kerberos delegation scenarios that rely on the front-end service to retrieve a Kerberos ticket on behalf of a user to access a backend service. https://support.microsoft.com/en-us/topic/november-9-2021-kb5007260-monthly-rollup-eea1738a-38d1-424b-8d73-d9e30ce28e1a
    And install the next update KB5008604.
  • tomadtomad Member Posts: 12
    Thank you, smartvv - I will forward this to my technical staff and have them investigate.
    Regards

    /tomad
  • tedcjohnstontedcjohnston Member Posts: 40
    I'm experiencing the same thing. Response to the web service login is invalid password. Logs on SQL show rejected anonymous logins being rejected. The update smartvv references is not on our DC (Server 2012R2).

    Please provide an update if you get this working, I will do the same.
    "There are only two truly infinite things: the universe and stupidity. And I am unsure about the universe." - Albert Einstein
    Corollary- Build and idiot proof system and nature will build a better idiot.
  • tedcjohnstontedcjohnston Member Posts: 40
    I restored our DC to before the most recent updates. This did not immediately help.

    I started removing security updates from our secondary DC. After getting KB5007147 removed, the web services started working.

    Not sure if it was just the kerberos tickets expiring and being renewed on the restored DC or if removing the KB from the other DC was the cause.
    "There are only two truly infinite things: the universe and stupidity. And I am unsure about the universe." - Albert Einstein
    Corollary- Build and idiot proof system and nature will build a better idiot.
  • smartvvsmartvv Member Posts: 2
    When I saw the installed update KB5007260 , I installed the KB5008604 update on both the DC, application server(webservices) and the SQL server, this solved the authentication problem.
  • tomadtomad Member Posts: 12
    Turned out that a lot of people out there had the problem. Our network supplier also came back with the answer - they had many customers with the issue.

    A little twist - we have a secondary DC which did not update automatically, so depending on which DC issued credentials to the webservice server it sometimes worked to restart the server. Which really confused us in the first place.

    But thanks for all the answers.
    Regards

    /tomad
Sign In or Register to comment.