WebServices user login
Wojtekm
Member Posts: 123
Hello,
I have NAV2009R2 installed in 3 tier enviroment.
WS service and NAV service are set up to logot as: Network Service.
I am testing WebService form local PC using IE on my own account in db (Super role) and i get WS list form browser. So WS works fine.
But when i`m testing WS using another account (Super role, the same PC) i get error message in borwser:
The login failed when connecting to SQL Server mysqlserver.
And error form SQL server
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
I`ve checked SPN and set permission to Object Change Listener but still nothing.
I`ve add, delete and synchronize users few times.
Both users are local Admins on NAV server.
](*,)
What else can i check?
regards,
Wojtekm
I have NAV2009R2 installed in 3 tier enviroment.
WS service and NAV service are set up to logot as: Network Service.
I am testing WebService form local PC using IE on my own account in db (Super role) and i get WS list form browser. So WS works fine.
But when i`m testing WS using another account (Super role, the same PC) i get error message in borwser:
The login failed when connecting to SQL Server mysqlserver.
And error form SQL server
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
I`ve checked SPN and set permission to Object Change Listener but still nothing.
I`ve add, delete and synchronize users few times.
Both users are local Admins on NAV server.
](*,)
What else can i check?
regards,
Wojtekm
0
Comments
-
1) Check for duplicit SPNs
2) Check that delegation is enabled for the computer account o which the service is running
3) After you change something, before you restart both services (stop both, start both), clear all kerberos tickts (klist -purge).0 -
Do you use NTLM or SPNEGO? Did you try to use NTLM?0
-
Hi Kine and Koubek,
1. There is no duplicate SPN,
2. Delegation is enabled for serwer account in AD,
3. I`ve clear ticket
Still working only for one user.
4. i`ve try NTLM (previously was SPNEGO).
The only differece in second user can login to WS webpage.
My own user get the same error: Loginfiled to SQL server and Anonymous login on SQL server event viewer.
regards,0 -
Than still, there is some problem with SPNs and the delegation. Try to use script from this article http://blogs.msdn.com/b/nav/archive/201 ... shell.aspx to collect different info.0
-
Can i understand that you can see the list of WS published by NAV within IE or another browser now? The problem occurs when you are trying to consume WS from another application? By the way the application is .NET or PHP for example (you have mentioned sth. about mysql...)?0
-
EDIT>>
Sorry, i`m not clear in previous post - still 1 user can not see WS list.
EDIT<<
I have 2 users in my database. The same security (Super role), the same AD setup (local admins on NAV server).
I need to use both users to run WS.
One of this user can list WS in browse, second get error.
In my solution i wont to run WS in both account form .net project.
If i can run WS form browser my .net project works fine, but when i cant i get the same error form .net code.
But now we are talking only about access to WS form browser, .net projects works fine if only user can logon to WS.
regards,0 -
Have you tried to disable "Show friendly HTTP error messages" in IE. You can find it in TOOLS->INTERNET OPTIONS->ADVANCED.0
-
Okej Guys,
I`ve made huge investigation.
User witch can see list of WS is database owner (not db_owner role but in database properties owner = mylogin).
I can run WS form NAV server (Application Server) using my account.
Second account still do not work.
Accesing form my local PC - do not work.
I`ve tried disable "Show friendly HTTP error messages" in IE - still the same error.
I`ve tried Kine`s script - and all looks fine.
Here is my SPN for 3 tier installation (according to Kine`s blog):
NAV services wuns on Network servises.
SQL - for mydomain\sqlservice user:
I`m using MSSQLSvc, but i have my own sql instance 'NAV'. But i read that sqlbrowser should find correct instance using port connection.
MSSQLSvc/sqlsrv.mydomain.local:1433
MSSQLSvc/sqlsrv:1433
NAV for mydomain\navsrv$ user:
DynamicsNAV/navsrv.mydomain.local:7046
DynamicsNAV/navsrv:7046
WS for mydomain\navsrv$ user:
http/navsrv.mydomain.local
http/navsrv
I`ve checked spn for duplicate with success.
And i still do not have any idea why second account do not work.
regards,0 -
The problem will be SPN for SQL. See this http://msdn.microsoft.com/en-us/library/ms191153.aspx there is how to create correct SPN for named instance (there is change since SQL 2008).0
-
Thank you kine =D>
After create SPN both users works but...
After few times log on for both users and connect form Visual Studio and it stop working ](*,).
The same error form SQL: Anonymous Logon
Is there any limitation to session logged as WS?
I`ve tried to clear all kerberos tickets.
Still nothing.
I`m using SPNEGO.0 -
No, there is no limit. Sometime when you open the WSDL over IE from the server itself, you have 24 hours till the ticket expire. you can check the tickets on the server by "klist". There should be one for the SQL server with delegation enabled. If not, there is still someproblem...0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions