Hi all,
Please do these activities when you have time, its a long activity and i would suggest do all activities in one go. So be clam and lets start.
For NAV 2013 R2 Refer Here.
For NAV 2016 Steps have been Reduced Please Refer Here.
I have installed NAV 2013 and its work great with my windows credentials.
I was checking the service console (Microsoft Dynamics NAV Administration) in NAV 2013 and found out that Credentials Type have multiple Options.
1) Windows (we use this as default and its works fine when we install default NAV 2013. We are using same after release of NAV 2009).
Other Options are - UserName, NavUserPassword and AccessControlService.
First of create a user under Administration/IT Administration/General/Users. As shown below how to create it.
I use UserName as TEST and Password as Manager@1. Provide Super Role to the Test User.
You will encounter with an error message when you try to save the Login as shown below.
Just click ok, we are getting this error because we haven't changed the service file yet.
Let's try to use the second option that is NavUserPassword in this article. All steps remain same for UserName too.
First of all i will change the Credentials Type in Service Console of NAV 2013 by editing the service as shown below.
After that try to stop and start the service. You will encounter with an error message -
Server Instance 'MicrosoftDynamicsNavServer$DynamicsNAV70' failed to reach status 'Running' on this server due to the following error: 'Time out has expired and the operation has not been completed.'. Additional information may be in the event log of the server.
I checked the event viewer and here is what the detailed error i got -
Server instance: DynamicsNAV70
Session type: UnknownClient
Session ID: 0
User:
Type: Microsoft.Dynamics.Nav.Types.NavConfigurationException
SuppressMessage: False
FatalityScope: None
Message: The required certificate thumbprint is not specified. Specify a valid value for the ClientServicesCertificateThumbprint configuration setting.
StackTrace:
at Microsoft.Dynamics.Nav.Types.CertificateValidator.ValidateCertificateThumbprint(String thumbprint)
at Microsoft.Dynamics.Nav.Types.CertificateHelper.GetCertificateFromThumbprint(String certificateThumbprint)
at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.CreateServiceHosts(ServerUserSettings settings, Boolean usePortSharing, String machineName)
at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.OnStart(String[] args)
Source: Microsoft.Dynamics.Nav.Types
HResult: -2146233088
It says that we need to specify ClientServicesCertificateThumbprint in the Service. Lets try to find where we need to specify it. I opened the service console and under client service i can see the Certificate thumbprint as shown below.
Let try to specify a value for the same.
Prerequisites -
1. Microsoft Management Console (MMC).
2. The makecert.exe utility.
If you do not already have this (MMC) snap-in installed, then follow these steps:
1. Choose Start, choose Run, and then type Mmc.exe.
2. In the console, on the File menu, choose Add/Remove Snap-in.
3. In the Add Standalone Snap-in dialog box, select Certificates, choose Computer Account, choose Local Computer, and then choose Add.
The makecert.exe utility is installed with Microsoft Visual Studio and Microsoft Windows SDK.
To create a root CA and a private key file by using the makecert.exe utility.
1. On the computer running Microsoft Dynamics NAV Server, create a temporary folder to use when you work with certificates.
2. Open the command prompt as follows:
If you have Visual Studio installed on your computer, choose Start, choose All Programs, choose Microsoft Visual Studio 2010, choose Visual Studio Tools, and then right-click Visual Studio Command Prompt and choose Run as Administrator.
3. Type the following command.
makecert -n "CN=RootNavServiceCA" -r -sv RootNavServiceCA.pvk RootNavServiceCA.cer
When you are prompted, enter a password. You need this password to create the service certificate.
The RootNavServiceCA.cer certificate file and the RootNavServiceCA.pvk private key are saved in your temporary folder.
To use the Certificates snap-in to install the root CA on the computer running Microsoft Dynamics NAV Server -
1. Start the Certificates snap-in for MMC on the computer running Microsoft Dynamics NAV Server, and then add the Certificates snap-in. [Already Done]
2. In the Certificates snap-in dialog box, choose Computer account, and then choose Next.[Already Done]
3. In the Select Computer pane, choose Local computer: (the computer this console is running on), and then choose Finish. [Already Done]
4. Choose OK to close the Add or Remove Snap-ins dialog box. [Already Done]
5. In the left pane of MMC, expand the Certificates (Local Computer) node.
6. Expand the Trusted Root Certification Authorities node, right-click the Certificates subfolder, select All Tasks, and then choose Import.
7. In the Certificate Import Wizard, on the Welcome page, choose Next.
8. On the File to Import page, choose Browse.
9. Browse to the location of the RootNavServiceCA.cer certificate file, select the file, and then choose Open.
The default Location is C:\Windows\SysWOW64\RootNavServiceCA.cer.
10. On the File to Import page, choose Next.
11. On the Certificate Store page, accept the default selection, and then choose Next.
12. On the Completing the Certificate Import Wizard page, choose Finish.
13. The RootNavServiceCA certificate is now visible in the list of trusted root CAs.
14. You now create a certificate revocation list for the root certification authority and then install the certificate revocation list on the computer running Microsoft Dynamics NAV Server. A certificate revocation list is required because WCF applications check the revocation list when validating certificates.
To create a certificate revocation list for the root certification authority
At the command prompt, type the following command: (use same Visual Studio Command Prompt)
makecert -crl -n "CN=RootNavServiceCA" -r -sv RootNavServiceCA.pvk RootNavServiceCA.crl
When you are prompted, enter the password that you used to create the certificate.
To install the certificate revocation list on the computer running Microsoft Dynamics NAV Server -
1. In the Certificates snap-in, in the left pane of MMC, expand the Certificates (Local Computer) node.
2. Expand the Trusted Root Certification Authorities node, right-click the Certificates subfolder, select All Tasks, and then choose Import.
3. In the Certificate Import Wizard, on the Welcome page, choose Next.
4. On the File to Import page, choose Browse.
5. In the File Type field, select Certificate Revocation List (*.crl).
6. Browse to the location of the RootNavServiceCA.crl file, select the file, and then choose Open.
7. On the File to Import page, choose Next.
8. On the Certificate Store page, accept the default selection, and then choose Next.
9. On the Completing the Certificate Import Wizard page, choose Finish.
10. Select the Trusted Root Certificate Authorities node, and then refresh the snap-in.
A Certificate Revocation List folder that contains the RootNavServiceCA.crl file has been created.
To create and install a test certificate for the Microsoft Dynamics NAV Server computer -
1. At the command prompt, type the following command:
makecert -sk NavServiceCert -iv RootNavServiceCA.pvk -n "CN=NavServiceCert" -ic RootNavServiceCA.cer -sr localmachine -ss my -sky exchange -pe NavServiceCert.cer
This command specifies the subject’s certificate name as NavServiceCert. You need this certificate name when you configure the Microsoft Dynamics NAV Windows client or Microsoft Dynamics NAV Web Server components.
2. When you are prompted, enter the password that you used to create the root CA.
3. Select the Trusted Root Certificate Authorities node, and then refresh the snap-in.
To grant access to the certificate’s private key to the service account for Microsoft Dynamics NAV Server -
1. In the left pane of MMC, expand the Certificates (Local Computer) node, expand the Personal node, and then select the Certificates subfolder.
2. In the right pane, right-click the NavServiceCert certificate, choose All Tasks, and then choose Manage Private Keys.
3. In the Permissions for NavServiceCert private keys dialog box, choose Add.
In the Select Users, Computers, Service Accounts, or Groups dialog box, enter the name of the service account that is used by Microsoft Dynamics NAV Server By default, the service account is NETWORK SERVICE. Choose OK when done.
In the Permissions for NavServiceCert private keys dialog box, select the account, and then select the Allow check box next to Full Control. Choose OK when done.
In the right pane, double-click the NavServiceCert certificate.
In the Certificate dialog box, choose the Details tab, and then select the Thumbprint field.
Copy or note the value of the Thumbprint field. (Make Sure you only copy the value as the Thumbprint value have a space in the start as shown in image below)
Paste the value in service as shown below.
Start the service and walla service started succesfully.
Now let's try opening Role Tailored Client (Windows Client).
What the Hell we are getting an error saying - There is a communication protocol mismatch between the client and the server.
And the worst part is that there is nothing on the Event viewer also.
Oh! i missed one more configuration file that reside under users in c. Let's stop the service and open the ClientUserSettings file.
The path for file is - C:\Users\<user name>\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\70
When i opened the file, i figured out that ClientServicesCredentialType is still windows. Lets try to change it to NavUserPassword.
Save the file, start the service and start the client.
Wow the RTC Client Connected and its asking for user name and password.
When i entered username and password, clicked ok. But what i am getting an error.
The error message also suggest the solution.It says we need to put the Certificate Name in DNSIDENTITY.
so where is it? It in the ClientUserSetting, open the file and enter the certificate name in the DNSIdentity Value as shown below.
Now lets start the client and its started successfully as shown below.
Put comments if you like this post or you have any issues.
By Saurav Dhyani
http://saurav-nav.blogspot.in/
Hi, I follow the step, but I cannot start the client successfully. It shows "The program could not create a connection to the server. Do you want to try again?" Any idea what's went wrong for my setup??
ReplyDeleteGreat article and I was able to use it to get the windows client working using UserName but I can not get it to work for the web client. I still get the "There is a communication protocol mismatch between the client and the server." error. Can you give me any pointers?
ReplyDeleteThanks,
Andy
Hi Andy,
DeleteFor same you can visit the post from Microsoft -
http://msdn.microsoft.com/en-us/library/jj551778(v=nav.70).aspx
Regards,
Saurav Dhyani
Hi I have the same issue in that I can't get the Web Client to work and I get the same error as Andy, I tried the Microsoft article with no luck. Any ideas?
DeleteHi,
DeleteAs of now i haven't tried credential type with Web Client.
Dear friend
ReplyDeleteI'm getting this error on NAV Web Page.
Dear Ganesj,
DeleteCan you tell me what is the error that you are getting.
Regards,
saurav Dhyani
After following all of the steps above, I get this error. Can anyone help, cant test anymore until its fixed!!
ReplyDeletehttp://mibuso.com/forum/download/file.php?id=3760
hi
ReplyDeletei followed the above steps but after giving the value in certificate thumbprint the instance(dynamicsNAV07) is not able to start and in event viewer its giving the message
The service MicrosoftDynamicsNavServer$DynamicsNAV70 failed to start. This could be caused by a configuration error. Detailed error information:System.ArgumentException: It is likely that certificate 'CN=NavServiceCert' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail...
then having some codings...
not getting what to do?
I have same problem after following the steps.
ReplyDelete