Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 262 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 992 SQL General
- 385 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
Delegatino issue NAV 2013R2 on Win server 2012 R2
vremeni4
Member Posts: 323
Hi,
I installed NAV 2013 R2 on three machines, all machines are Windows Server 2012 R2.
On the first machine is SQL server, second NAV Service (uses dedicate account, so it does not use Network Services) and on the third one we have Web client.
All works fine except the Web client.
On the local machine (where web client is installed aka. IIS) the web client works fine but it does not work on any other machine.
I suspected that Setspn needs to be created, so I followed the instruction on
http://msdn.microsoft.com/en-us/library/jj551742%28v=nav.71%29.aspx
All is fine until I get to the point 10
I tried with another name too e.g. NAVLIVE but that one also does not appear.
I checked the SETSPN -l and the entry is there.
The only way to make it work was to use the option
if I use the option
I have no idea why.
Did someone had similar issue and discovered what is wrong?
Thanks for your help.
I installed NAV 2013 R2 on three machines, all machines are Windows Server 2012 R2.
On the first machine is SQL server, second NAV Service (uses dedicate account, so it does not use Network Services) and on the third one we have Web client.
All works fine except the Web client.
On the local machine (where web client is installed aka. IIS) the web client works fine but it does not work on any other machine.
I suspected that Setspn needs to be created, so I followed the instruction on
http://msdn.microsoft.com/en-us/library/jj551742%28v=nav.71%29.aspx
All is fine until I get to the point 10
The problem is that the Service Type DynamicsNAV does not appear in the list ?!?!?In the list of available services, press and hold the Ctrl key, select DynamicsNAV for port 7046 and HOST, and then choose the OK button.
I tried with another name too e.g. NAVLIVE but that one also does not appear.
I checked the SETSPN -l and the entry is there.
The only way to make it work was to use the option
which basically means trust to all services. (this is probably not very secure)Trust this user for delegation to any service (Kerberos only).
if I use the option
as suggested in the MSDN article the name of the service does not appear in the list in the step 10.Trust this user for delegation to specified services only
I have no idea why.
Did someone had similar issue and discovered what is wrong?
Thanks for your help.
0
Comments
Just to give everyone an updated on this, as the problem is resolved in the meantime.
It was an error in the Instructions on the Microsoft web site. This was corrected by Microsoft.
The most important bit is
In order to see the services you need to select the computer where NAV server runs and not the user as the previous instructions were.
It is also important to remember that SPN entry will be automatically added when NAV Service is created from
“Microsoft Dynamics NAV 2013 R2 Administration”
The only problem is that SPN entry will be created always with the name DynamicsNAV and not with the name of the NAV server.
For example If the NAV server instance is called MyNAVServer on the port 7245, then the SPN that will be created automatically are
DynamicsNAV/MCNAVSVC:7245
DynamicsNAV/MCNAVSVC.corp:7245
Important bit is that these entries must not be deleted otherwise you will get error message that wrong SPN is set. (Always look at the port number as an indicator)
I hope this helps someone. :-)
Thanks.