Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 271 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
SQL errors below was occured :
kamel.hedi
Member Posts: 61
Does Someone know what means this message occured when connecting to SQL Server database from a client Navision (authentication type :DB Server authentication)
"SQL errors below was occured :
2764, "42000", [Microsoft][ODBC SQL Server Driver][SQL Server]incorrect password for the application permission '$ndo$ar$59A3....' "
$ndo$ar$59A3.... is a role given to the user who want to connect..
in Service Manager (on SQL server), this user have only the permission public
When i give the permission dbowner to the user (from Service Manager of SQL Server), he can connect to the DB.
BUT IT'S NOT NORMAL TO GIVE THIS PERMISSION TO ALL USERS.
Does someona have a solution, a raison of this error?
THANKS
"SQL errors below was occured :
2764, "42000", [Microsoft][ODBC SQL Server Driver][SQL Server]incorrect password for the application permission '$ndo$ar$59A3....' "
$ndo$ar$59A3.... is a role given to the user who want to connect..
in Service Manager (on SQL server), this user have only the permission public
When i give the permission dbowner to the user (from Service Manager of SQL Server), he can connect to the DB.
BUT IT'S NOT NORMAL TO GIVE THIS PERMISSION TO ALL USERS.
Does someona have a solution, a raison of this error?
THANKS
HKAMEL
0
Comments
I do not know the path how to re-create the Application role for Navision (I think it is created in DB Creation process)...
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
Navision is using Application role to connect to SQL DB. It is why users need only Public permissions to the DB - because all what they do through Navision, is done under Application role of the Navision. It seems, that something changed this Application role (changed password for it) - did you some changes on the DB directly? Did you some backup restore or upgrade? Did you some changes on your Active directory?
I didn't any changes neither in the Active directory, nor restore or upgrade
BUT I think u re wright, because i have given to all users the role Application SUPER (we have no longer dispatched the roles application to the users of the databases, all of them have the role SUPER on the company=my company)
i think the role SUPER need the permission DBOWNER on the SQL to be given to a user (unless dbowner role, the SUPER user connection make a confilct in permissions on the SQL Server)
Do u think so, have I wright ?
but back to your question:
There are many combinations of the roles in Navision and on MS SQL which can do many problems etc... But main thing is:
1) users need only public permission to the DB
2) designers need to be at least db_owner
3) administrator need to have permissions to the master DB to be able to upload license there (if you do not have per DB license).
All what Navision is doing in MS SQL server with data, all is done through Application role (Application roles bypass standard permissions). This role have some password, which know only the application, and this application activate this role for the connection through this password. In you case it seems, that this password was changed (in DB or in Navision)...
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
Did you run 'Tools, Security, Synchronize' after making the change?
Yes i have run the Synchronize routine and this has resolved the problem, but must I this (synchronize) from all the Client sessions/posts or only from the session from which i did the change (The change is : Re-customize, Re-cofigure the ODBC DSN user : I have change the ODBC for SQL Server and I have TESTED the connection to the Server with another ID user (The SUPER on ALL COMPANIES) ). Perhaps this is the source of the Problem...?????????????
thanks
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
We have similar problem with the application roles. In our case we use SQL Server 2000, Navision 4, database authentication. The problem occurs on 2 out of 20 computers.
When a user tries to login as 'sa' (dbowner), it works. When he logs in with "stadnard user" account, the message about incorrect application role is displayed. He still can login from another computer where it works.
Synchronization was run several times. This applies for all user logins that don't have dbowner right.
I have doble checked ODBC Encrypt function via SQL statements (works fine), reinstalled MBS-Navision, no progress.
Anybody knows what to do?
dependent from the machine itself?
or is it dependent from windows login?
are there any differences between these windows logins besides the name and Password?
Michael Schumacher
oh, what day is it? Backup day. OK, let's dump all data to /dev/nul ;-)
Yes, it is machine-dependent. We are using database logins. If we try to login to the server using login A from that computer it doesn't work. When we login from the other computers, it just works for that login A. Server and client computers are not in domain. Do you think that Windows login can influence this behavior (even when using database authentication)? Btw. all logins have the same user role (except sa - he has role super).
if there would be a domain my next question would be:
Did you ever try to logon to the misbehaving workstation with a windows login which works on other machines?
But without domain... hmmm.
Do the logged on users have the same lokal permissions? e.g. local administrator or main user
what is the operation system and SP on this machines?
are all users known at the server (can they map a sharing on it)?
questions over questions....
Michael Schumacher
oh, what day is it? Backup day. OK, let's dump all data to /dev/nul ;-)
We will check user permissions on the computers, if they differ. Operating system is Windows 2000, I see no information about Service pack. Version number is 5.0.2195.
Computers are "per user", i.e. access to the computer is granted for administrator and user that is using it. No other logins are specified. For administrator, however, the login didn't work too.
We will check the Service pack information. If none present, we will install up-to-date Service pack to see if that helps.
can everyone connect to a server share?
that means, are all windows logins also known at the windows server?
if not this might cause problems
but you said that with administrator (same password as administrator on the server?) login failed.....
another thing:
try to check mdac version on the machines if they are different....
Michael Schumacher
oh, what day is it? Backup day. OK, let's dump all data to /dev/nul ;-)
No, windows users are not know on the server. What share shall they have access to?
doesn't matter which one. if they can, then it is good enough ;-)
please take a second look at my last posting. ->edited
Michael Schumacher
oh, what day is it? Backup day. OK, let's dump all data to /dev/nul ;-)
Administrator account is different on client computers and server machine on all the computers.
besides drinking a dark Krusovice and think it all over.
Unfortunately I can't get it here.
Michael Schumacher
oh, what day is it? Backup day. OK, let's dump all data to /dev/nul ;-)
Using Windows Authentication in Navision requires Windows Directory Services (2000 or 2003) (this is Navision limitation). Workstations and database server must be in the same domain.
'Tools, Security, Synchronize' must be run as a user that is a member of the SQL role 'Security Administrators' or better.
Database Authentication is independent of Windows login and Windows user rights. With database authentication, the user only needs IP access to the server. Either through DNS or by entering the ip address into the Navision login. This is a common configuration when installing Navision in a non-Windows environment.
The ability to map a drive is not a valid test of access to SQL on the same computer. The access rights for these are independently assigned. From a performance (and security) note, you should avoid creating user shares on a dedicated SQL server.
Emanuel