Web Services and delegation problems
passt
Member Posts: 6
Hi everybody,
For installation of NAV server and Web Services I used Walkthrough: Installing the Three Tiers on Three Computers. MicrosoftDynamicsNavServer and MicrosoftDynamicsNavWS run with the local Network Service account from the server NAVSERVER where they are installed. According to the walkthrough I added two service principal names DynamicsNAV1 (1 is correct in our case) and MSSQLSvc both for the FQDN and the NETBIOS names of the servers. In active directory I configured the computer account of the NAVSERVER and added the delegation for MSSQLSvc.
The RTC can connect to NAV from any computer in the network successfully.
When I connect to the web services directly from NAVSERVER with http://localhost:7047/DynamicsNAV1/WS/Services, I receive the list of the published web services. When I replace localhost with 127.0.0.1 or NAVSERVER or when I try to connect to the web services from any other computer in the network (and login with my user account which has sufficient rights in NAV), I receive the following error message:
Can anybody help?
Regards,
Peter
For installation of NAV server and Web Services I used Walkthrough: Installing the Three Tiers on Three Computers. MicrosoftDynamicsNavServer and MicrosoftDynamicsNavWS run with the local Network Service account from the server NAVSERVER where they are installed. According to the walkthrough I added two service principal names DynamicsNAV1 (1 is correct in our case) and MSSQLSvc both for the FQDN and the NETBIOS names of the servers. In active directory I configured the computer account of the NAVSERVER and added the delegation for MSSQLSvc.
The RTC can connect to NAV from any computer in the network successfully.
When I connect to the web services directly from NAVSERVER with http://localhost:7047/DynamicsNAV1/WS/Services, I receive the list of the published web services. When I replace localhost with 127.0.0.1 or NAVSERVER or when I try to connect to the web services from any other computer in the network (and login with my user account which has sufficient rights in NAV), I receive the following error message:
Microsoft.Dynamics.Nav.Types.NavDatabasePasswordException The login failed when connecting to SQL Server SQLSERVERand on the MSSQL Server the following error is logged:
Login failed for user 'NT-AUTORITÄT\ANONYMOUS-ANMELDUNG'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT:<IP address of NAVSERVER>] Error: 18456, Severity: 14, State: 11
Can anybody help?
Regards,
Peter
0
Comments
-
Does the Role Tailored Client work? This is to make sure the issue is with setting up of the delegation and not the NAV webservices.0
-
Yes, RTC is working without any problems.
Btw, right now I'm busy with this issue. I am reading the How to: Configure Web Services with Delegation and it seems that the configuration is missing step 4 with httpcfg.exe. On Windows Server 2008 this tool is replaced by netsh.exe and I don't know what to enter there.
Any suggestions?0 -
Meanwhile I found out how to use netsh.exe. The result was after adding the urlacl that the service didn't start anymore. When I removed this urlacl again, the service started successfully.
BUT my description of the problem wasn't correct. When I connect to Web Services from any computer, I have to enter a user. Only one user account logs in successfully and returns the list published web services.
Hm, it seems that I'm missing some basics of the security functionality of NAV server and web services.0 -
The use you are using to login to the webservices must have account and assigned roles in NAV (Windows logins). But you must be sure that you correctly set up the SPNs. There cannot be double entries for same service etc. Try to use DelegConfig v2 web application to check if all is correct or look at my blog for simple description of what must be set.0
-
Can you help with DelegConfig?
I try to run it on the local machine where DelegConfig is installed. When I click on the Report link, I only see Please wait ... and nothing happens.
Unfortunately the latest version of Internet Explorer which is installed on my IIS server, doesn't show any error message. However IE 8 on a different computer shows this warning message:Webpage error details User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Timestamp: Mon, 27 Feb 2012 11:18:20 UTC Message: Object doesn't support this property or method Line: 55 Char: 5 Code: 0 URI: http://MYIISSERVER/delegconfig/WebResource.axd?d=HjvE-9Hnn6-tnV05Fqrqs3PEIcRJ24FVA_KUhbUBTZCzq8eP7RZWQgQ2CinTzG00n1nwL3ZD3dstq-_qbyuRozhYJrzkij_mSRo2Mzo6YXHSpXUqHCIlHHP0GqIRDwsT4zBOKA2&t=634171284900000000
Any suggestions what to do?
Peter0 -
It could be a problem of .net version installed on the server. May be the .net framework was installed after the IIS, than you need to use command to regiser the frameworks with the IIS. See http://msdn.microsoft.com/en-us/library ... 8h(v=vs.80).aspx0
-
Finally it works now.
I used Best Practices Analyzer for Microsoft Dynamics NAV 2009 which checks for missing SPNs and delegation problems. However this tool indicates to add the following SPN:http/NAVSERVER.domain.local:7047 domain/serviceaccount
I think this should be added to the How to: Configure Web Services with Delegation.0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions