In Dynamics NAV 2009 in RTC client if you are accessing files located on network machines, these files can be accessed when each service is running on single machine, when SQL and NST are on same machine (2 tier) or each service is running on separate machine (3 tier).
However when accessing such network files in (2 and 3 tier) environment there might be some additional Delegation requirements.
As best practice i will summarize these requirements as following.
(Here NAV Server Service is runnign under Domain User account, Service Account for SQL can be same or separate dedicated Domain User account and NAV Server Service account is currently set to allow Kerberos only)
This msdn article can be followed with additional steps as described below
Managing network files in RTC (Setting Delegation)
1. Additional steps required:
in Adsiedit.msc console Windows Server 2003 Service Pack 2 32-bit Support Tools, Open the User that is running in NAV Server Service in AD and go to the Delegation Tab
2. Please check the following Local Group policy on Middle tier machine and add this for NAV Service account domain user.
Add these policies for this domain user under which NAV middle tier service runs.
3. If the above steps does not work, additionally you can set the value of “UserAccountControl” flag value to 17367552 (To do this adsiedit.msc console can be taken)
(TRUSTED_FOR_DELEGATION+TRUSTED_TO_AUTH_FOR_DELEGATION) According to following KB:
4. After this please copy the “Kerbtray.exe” on the Middle tier and client machine and aftre running (double click on kerbtray.exe) right clickt -> purge the Tickets. So that on next RTC connection attempt it will automatically receive new Kerberos ticket.
Kerbtray Tool you can download from the the „Windows Server 2003 Service Pack 2 32-bit Support Tools“.
5. With new RTC start this time now you are able to access the network files, (you may need to performance step 4 more than one time)
6. If it is still not working then probably Kerberos is failing back to NTLM, so you may also allow NTLM to the NAV Server service account "Use any authentication protocol" in the property of this Domain user or you are hitting the issue as described in below KB article.
Delegation errors when working with file shares in the Microsoft Dynamics NAV RoleTailored client
Hope with this way you can get access to network files from RTC client.
Thank you! Now I can direct my collegue to this blog instead of explaining things over the phone !
Great post, Arv. Very precise and useful !
What about network files not on the same network/domain?
We have a network drive mapped over WAN.
The post is good, but MS has done a lousy job - they should have spent more time on these file access and service user account rights questions. This is a mess.