Microsoft Dynamics NAV

Microsoft Dynamics NAV Team Blog

Common Tasks
Unfiltered HTML
Search
The views expressed in this blog are those of the individual and do not necessarily represent those of Microsoft. This information is provided by way of general information only and should not be relied on without obtaining independent expert advice. These postings are provided "AS IS" with no warranties and confer no rights. You assume all risk for your use.
NAV Blogs and Forums
Dynamics NAV Resources
Tags
Archives
Archives

Managing network files in RTC

MSDN Blogs > Microsoft Dynamics NAV Team Blog > Managing network files in RTC

Managing network files in RTC

Rate This
22 Dec 2011 2:18 AM
  • Comments 4

In Dynamics NAV 2009 in RTC client if you are accessing files located on network machines, these files can be accessed when each service is running on single machine, when SQL and NST are on same machine (2 tier) or each service is running on separate machine (3 tier).

However when accessing such network files in (2 and 3 tier) environment there might be some additional Delegation requirements.

As best practice i will summarize these requirements as following.

(Here NAV Server Service is runnign under Domain User account, Service Account for SQL can be same or separate dedicated Domain User account and NAV Server Service account is currently set to allow Kerberos only)

This msdn article can be followed with additional steps as described below

Managing network files in RTC (Setting Delegation)

http://msdn.microsoft.com/en-us/library/dd568720.aspx

 

1. Additional steps required:

    in Adsiedit.msc console Windows Server 2003 Service Pack 2 32-bit Support Tools, Open the User that is running in NAV Server Service in AD and go to the Delegation Tab

  • Click on ‘Add’
  • Select ‘Users or Computers’
  • Enter in the name of the machine that is hosting the Shared Folder
  • Click ‘Check Names’ and now it should show an underline below the servername
  • Click ‘OK’
  • Now you should see a list of Services for this machine that contains the shared folder
  • Click on the Service called ‘cifs’
  • Click ‘OK’

2. Please check the following Local Group policy on Middle tier machine and add this for NAV Service account domain user.

     Add these policies for this domain user under which NAV middle tier service runs.

  • "Enable computer and user accounts to be trusteted for delegation” under computer Configuration -> Security Settings -> Local Policicies -> User Rights Assignment
  • After this from Windows Start -> Run and type gpupdate /force in CMD prompt to refresh/update the policy.

 

 3. If the above steps does not work, additionally you can set the value of “UserAccountControl” flag value to 17367552 (To do this adsiedit.msc console can be taken)

     (TRUSTED_FOR_DELEGATION+TRUSTED_TO_AUTH_FOR_DELEGATION)
     According to following KB:

     http://support.microsoft.com/kb/305144/en-us

 

 4. After this please copy the “Kerbtray.exe” on the Middle tier and client machine and aftre running (double click on kerbtray.exe) right clickt -> purge the Tickets. So that on next RTC connection attempt it will automatically receive new Kerberos ticket.

     Kerbtray Tool you can download from the the „Windows Server 2003 Service Pack 2 32-bit Support Tools“.

 

5. With new RTC start this time now you are able to access the network files, (you may need to performance step 4 more than one time)

 

6. If it is still not working then probably Kerberos is failing back to NTLM, so you may also allow NTLM to the NAV Server service account "Use any authentication protocol" in the property of this Domain user or you are hitting the issue as described in below KB article.

   Delegation errors when working with file shares in the Microsoft Dynamics NAV RoleTailored client

   https://mbs.microsoft.com/knowledgebase/KBDisplay.aspx?scid=kb;EN-US;2621984

 

Hope with this way you can get access to network files from RTC client.

 

, , , , , ,
Leave a Comment
  • Please add 3 and 4 and type the answer here:
  • Post
Comments
  • Vincent Vancalbergh
    10 Jan 2012 12:52 AM

    Thank you! Now I can direct my collegue to this blog instead of explaining things over the phone !

  • dtacconi
    22 Mar 2012 4:08 AM

    Great post, Arv. Very precise and useful !

  • Kim
    20 Apr 2012 1:02 AM

    What about network files not on the same network/domain?

    We have a network drive mapped over WAN.

  • what_a_mess
    13 Jun 2012 1:38 AM

    The post is good, but MS has done a lousy job - they should have spent more time on these file access and service user account rights questions. This is a mess.

Page 1 of 1 (4 items)