User log in error: NAVCancelCredentialPromptException

CmadziwaCmadziwa Member Posts: 5
Hi,

I have an database upgraded from BC15 to BC20.6 onprem using AAD for authentication. At times users are not able to log in and it appears the browser is processing something on the log in screen. Users can only log in after clearing the cookies for the BC website. In the event log I am seeing the following error:

otkfy51eoh7z.png

Best Answer

Answers

  • TallyHoTallyHo Member Posts: 382
    Anyone? Same here.
  • SanderDkSanderDk Member Posts: 467
    Do you have a previous error in the eventviewer? (Perhaps something with error on Azure handshake?)
    I have seen a lot of these because Azure security token lifetime is not set.
    For help, do not use PM, use forum instead, perhaps other people have the same question, or better answers.
  • CmadziwaCmadziwa Member Posts: 5
    Thanks for the suggestion @SanderDk .

    There was an error regarding a token expiration before this... I set the ExtendedSecurityTokenLifetime setting on the server instance to 8hours and it went away.

    Now I have the above error. The only thing I do see a warning though before this issue starts. How did you solve this issue?

    vramhmol43z7.png
    941ua1ww7zuf.png

  • SanderDkSanderDk Member Posts: 467
    edited 2022-12-14
    Have you disable token-signing certificate validation

    https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/configure-server-instance


    "Disable token signing certificate validation when configuring Azure Active Directory authentication with single sign-on."
    For help, do not use PM, use forum instead, perhaps other people have the same question, or better answers.
  • CmadziwaCmadziwa Member Posts: 5
    Hi @SanderDk ,

    This is disabled - whv31p7rsnh3.png


    And the guys responsible for setting up the azure ad have confirmed they are using a default policy with a token lifetime variable between 60-90mins
  • SanderDkSanderDk Member Posts: 467
    Could you include the multiple errors from eventview?
    For help, do not use PM, use forum instead, perhaps other people have the same question, or better answers.
  • CmadziwaCmadziwa Member Posts: 5
    It appears be as follows:

    I. A user authenticates on the server: bngnkwg4w4ja.png

    2. The system tries to get AAD authentication: yd7jdrwtrgn0.png

    3. I get a configuration warning: zjoc92iet5ga.png

    Steps 1,2&3 are repeated multiple times before there is a string of errors:

    n46m8lvcdn20.png
Sign In or Register to comment.