Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.7K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 317 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Business Notification -> Tools -> Security Problem
toor
Member Posts: 52
Hey folks,
i've some installations of bn, all with the same problem. The main functionality works well. I can send mails with bn, but i can't use the security manager from the bn-managers tools menu.
Whenever i try to open the security manager, i get an error message on the client and an event log entry on the bn server (see below). And yes i used a local administrator as well as domain administrator and any other user.
The server is running win 2003 server with latest patches, sql server 2000 sp3a, bn services, navision 4.00 client and server (native db).
I can reproduce the problem with nav 4.00 and 4.01.
I've opened a call at mbs support, but they can't help me since 6 weeks now. The call is now at the bn developers, but they are not very cooperative.
I think that the error comes from one of the WebServices, where they try to retrieve the usernames from AD and forget to handle an unexpected result...
Hope that anybody here has an idea.
Thanks
tobi
The event log entry is:
Ereignistyp: Fehler
Ereignisquelle: DeploymentServer
Ereigniskategorie: Keine
Ereigniskennung: 0
Datum: 27.09.2005
Zeit: 16:09:46
Benutzer: Nicht zutreffend
Computer: NAV01
Beschreibung:
Exception occured while retrieving server ACL!
Exception:
System.Security.SecurityException
Exception occured while retrieving ACL!
at Microsoft.BusinessSolutions.BusinessNotification.Deployment.Server.SecurityManager.GetAcls()
at Microsoft.BusinessSolutions.BusinessNotification.Deployment.Server.DeploymentServerService.GetServerAcl()
Inner Exception
System.Runtime.InteropServices.COMException
Zuordnungen von Kontennamen und Sicherheitskennungen wurden nicht durchgeführt.
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode, IntPtr errorInfo)
at Microsoft.Win32.Security.Sid.LookupSid(String userName, String machineName)
at Microsoft.Win32.Security.Sid..ctor(String userName)
at Microsoft.BusinessSolutions.BusinessNotification.Deployment.Server.SecurityManager.GetAcls()
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.
i've some installations of bn, all with the same problem. The main functionality works well. I can send mails with bn, but i can't use the security manager from the bn-managers tools menu.
Whenever i try to open the security manager, i get an error message on the client and an event log entry on the bn server (see below). And yes i used a local administrator as well as domain administrator and any other user.
The server is running win 2003 server with latest patches, sql server 2000 sp3a, bn services, navision 4.00 client and server (native db).
I can reproduce the problem with nav 4.00 and 4.01.
I've opened a call at mbs support, but they can't help me since 6 weeks now. The call is now at the bn developers, but they are not very cooperative.
I think that the error comes from one of the WebServices, where they try to retrieve the usernames from AD and forget to handle an unexpected result...
Hope that anybody here has an idea.
Thanks
tobi
The event log entry is:
Ereignistyp: Fehler
Ereignisquelle: DeploymentServer
Ereigniskategorie: Keine
Ereigniskennung: 0
Datum: 27.09.2005
Zeit: 16:09:46
Benutzer: Nicht zutreffend
Computer: NAV01
Beschreibung:
Exception occured while retrieving server ACL!
Exception:
System.Security.SecurityException
Exception occured while retrieving ACL!
at Microsoft.BusinessSolutions.BusinessNotification.Deployment.Server.SecurityManager.GetAcls()
at Microsoft.BusinessSolutions.BusinessNotification.Deployment.Server.DeploymentServerService.GetServerAcl()
Inner Exception
System.Runtime.InteropServices.COMException
Zuordnungen von Kontennamen und Sicherheitskennungen wurden nicht durchgeführt.
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode, IntPtr errorInfo)
at Microsoft.Win32.Security.Sid.LookupSid(String userName, String machineName)
at Microsoft.Win32.Security.Sid..ctor(String userName)
at Microsoft.BusinessSolutions.BusinessNotification.Deployment.Server.SecurityManager.GetAcls()
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.
0
Comments
1) Be sure, that there are not problems with some old DNS entries (leading to non-existing IP, old names for same IPs etc.)
2) You can "trace" the network flow for example with Ethereal to know, what the BN is doing in time of problems (asking for AD server, searching for his name, communicating with AD etc...) - but you need to understand TCP/IP a little...
3) Can you read virtual table 2000000050 without problems within Navision? If no, there is problem with AD. Sometime restarting the server helps ;-)
No more hints for you now...
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
thanks for your replay.
There is only one dns entry for the DC. The system is running in a VPC enviroment. No reverse lookup zone is defined for my cronus.local-Domain. Nslookup works fine for forward lookups.
I can read the table 2000000050 without problems, logged in with the BN Service Account.
I will try to sniff the network flow later.
so, thanks again
tobias
May be there is problem with some ACL for non-existing account. Please, check exposed areas for UIDs for deleted users (UID which cannot be translated to login name, because the account was deleted) - look into file permissions, IIS permissions, etc.
But this is only a tip.
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
thanks again.
I can't sniff the network traffic because i've installed all components on a single (virtual) machine. So there is nothing that Eterreal can sniff from the network card :-(
Are there any tools to sniff from the tcp/ip-driver of the os?
I've checked for non-existing accounts in the past, but without success. It's a clean installation and i never deleted any users. I've also checked and played arround with the iis permissions. No succes, as well.
Do you know some tools, that check the AD for consistency/functionalty? But i don't think that the AD is really damaged, because everything else works pretty fine. No entries in the eventvwr and no unexpected behavior.
I have the problem also at a customers installation. So i'm wondering to be the first guy reporting this problem. Or have someone heard something about this?
greetings
tobias