tirsdag den 12. juni 2012

Dynamics NAV - Multiple Service Tiers – Part 2

So I felt like a super hero figuring out all the stuff explained in Part 1 but after posting it, and testing some more I started getting weird errors, and stuff would stop working. While working on something else ( implementing Claims based authentication in Citrix XenApp ) I had enabled Kerberos Logging and I noticed this error


And I got this sweating feeling all over, like when you did something bad. So I quickly went to test it. First I tried opening the client, making sure AllowNtlm was set to false and ServicePrincipalNameRequired to true, and tried connecting to one of the Navision instance I had problems with.
It failed.
I added a SPN for the service account with instance name pointing to the server’s FQDN(not the cname as explained in the article) and restarted the service and tried again.

Bam, success … so I went to Google and searched for the documentation. Try opening http://msdn.microsoft.com/en-us/library/dd301254.aspx and search for SPN. Notice how it says

setspn -A InstanceName/FullyQualifiedDomainNameOfServer:Port Domain\User

How the freaking hell did I miss that ? I’ve seen that pages a billion times. Oh well, nothing wrong in learning something new once in a while.

Using a CName is still a good idea thou. If you want to use Kerberos when talking to the Web Service you still need a HTTP/HOST SPN Service registered and what I wrote in part 1 will still apply.

1 kommentar:

  1. Slots Casino Site - Casino Software | Best Online Slots
    Our casino site provides 카지노사이트 information カジノ シークレット on what slots games to play, jackpots, and bonuses you can play on fun88 vin your mobile devices. Check Slots Casino