Setting up NAV 2009 on Three machines

Setting up NAV 2009 on Three machines

  • Comments 1

Setting up delegation and SPNs for NAV 2009 on three machines (when the NAV Server and SQL Server are on two seperate machines) is described in "Walkthrough: Installing the Three Tiers on Three Computers". But in addition to this, also be aware of the following:

  • The syntax of SPNs has changed since KB 968189
  • You may need to set UserAccountControl flag in Active Directory

Also thanks to our German colleagues for already posting this information here and here.

  

Syntax of SPNs has changed since KB 968189

After installing KB 968189 for NAV 2009 (Build 6.0.28795.0) the SPNs now have this format:
<Instance>/<server host>:<port>
<Instance>/<server FQDN>:<port>


So for example if the SPNs used to be set like this:

NAV-SERVER_DynamicsNAV/NAV-SERVER.Domain.com:7046
NAV-SERVER_DynamicsNAV/NAV-SERVER:7046

From this build and later they have to be set like this:
DynamicsNAV/NAV-SERVER.Domain.com:7046
DynamicsNAV/NAV-SERVER:7046


About KB 968189 itself, it solves a very specific problem where it may not be possible to connect if the domain has multiple DNS Suffixes, which is quite unusual. Most installations are not affected by this. You can check whether you are affected by running ipconfig from a command prompt, and see if it lists more than one domain name under "Connection-specific DNS Suffix".

 

Setting UserAccountControl flag

In some cases you have to set UserAccountControl as described in KB 305144. You set this flag by running ADSIEDIT.msc, go to properties of the user account running your NAV Server, and then select UserAccountControl. Setting it to 17301504 means TRUSTED_FOR_DELEGATION+TRUSTED_TO_AUTH_FOR_DELEGATION

 

 

These postings are provided "AS IS" with no warranties and confer no rights. You assume all risk for your use. 

 

Best regards


Lars Lohndorf-Larsen (Lohndorf )

Microsoft Dynamics UK


Microsoft Customer Service and Support (CSS) EMEA

Leave a Comment
  • Please add 7 and 5 and type the answer here:
  • Post
  • I have been set the user account control to 17301504. But, after some time, it has changed to 17302016. The mean of 17302016 is TRUSTED_FOR_DELEGATION+TRUSTED_TO_AUTH_FOR_DELEGATION too. Why could this happen?

    Thanks.

Page 1 of 1 (1 items)