[gelöst] Azure/NAV2015 - remote login rtc-client

Hallo zusammen,

ich habe vor kurzem angefangen die wunderschöne Azure-Welt zu erkunden und bin soweit auch zufrieden, leider habe ich jedoch ein Problem.

Ich bin in der Lage mich auf dem virtuellen Server per "Microsoft Dynamics NAV 2015"-Client einzuloggen. Der Webclient funktioniert ebenfalls anstandslos.
Sobald ich mich jedoch auf meinem lokalen Computer bewege, schaffe ich es den WebClient zu nutzen, aber das Einloggen in den Windowsclient wird mir mit folgender Meldung verwehrt:

Code:

Entweder ist der angegebene Benutzername oder das Kennwort falsch, oder Sie besitzen kein gültiges Benutzerkonto in Microsoft Dynamics NAV.


Hat jemand eine Idee woran es liegen könnte?

Viele Grüße,
euer Thomas

Zuletzt geändert von thomasD1 am 16. Oktober 2014 11:26, insgesamt 1-mal geändert.

Moin,

wie sind denn die Einstellungen deiner Instanz und deines Clients (ClientUserSettings.config /CustomSettings.config)? Ist der Client mit Clickonce oder direkt installiert?

BG defiant701

Guten Morgen,

vielen Dank für die schnelle Nachfrage. Hätte ich natürlich auch direkt anhängen können..

Die Dateien liegen hier: C:\Program Files\Microsoft Dynamics NAV\80\Service\Instances\navcon-ins01

navcon-ins01

Code:

<configuration>
  <configSections>
    <section name="tenants" type="Microsoft.Dynamics.Nav.Configuration.TenantConfigurationSection, Microsoft.Dynamics.Nav.Types, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </configSections>
  <appSettings file="C:\Program Files\Microsoft Dynamics NAV\80\Service\Instances\navcon-ins01\CustomSettings.config" />
  <tenants file="C:\Program Files\Microsoft Dynamics NAV\80\Service\Instances\navcon-ins01\Tenants.config" />
</configuration>


CustomSettings

Code:

<appSettings>
  <add key="NetworkProtocol" value="Default" />
  <add key="DatabaseServer" value="localhost" />
  <add key="DatabaseInstance" value="" />
  <add key="DatabaseName" value="navcon-ins01" />
  <add key="EnableSqlConnectionEncryption" value="false" />
  <add key="TrustSQLServerCertificate" value="false" />
  <add key="ServerInstance" value="navcon-ins01" />
  <add key="ClientServicesPort" value="9001" />
  <add key="SOAPServicesPort" value="9002" />
  <add key="ODataServicesPort" value="9003" />
  <add key="ManagementServicesPort" value="9000" />
  <add key="ManagementServicesEnabled" value="true" />
  <add key="ClientServicesEnabled" value="true" />
  <add key="SOAPServicesEnabled" value="true" />
  <add key="ODataServicesEnabled" value="true" />
  <add key="SOAPServicesSSLEnabled" value="true" />
  <add key="ODataServicesSSLEnabled" value="true" />
  <add key="PublicODataBaseUrl" value="" />
  <add key="PublicSOAPBaseUrl" value="" />
  <add key="PublicWebBaseUrl" value="" />
  <add key="PublicWinBaseUrl" value="" />
  <add key="DefaultClient" value="Windows" />
  <add key="SOAPServicesMaxMsgSize" value="1024" />
  <add key="ServicesUseNTLMAuthentication" value="false" />
  <add key="ServicesDefaultTimeZone" value="UTC" />
  <add key="ServicesDefaultCompany" value="" />
  <add key="ODataServicesMaxPageSize" value="1000" />
  <add key="ClientServicesOperationTimeout" value="MaxValue" />
  <add key="ClientServicesProtectionLevel" value="EncryptAndSign" />
  <add key="MaxConcurrentCalls" value="40" />
  <add key="ClientServicesMaxConcurrentConnections" value="150" />
  <add key="ClientServicesReconnectPeriod" value="00:10:00" />
  <add key="ClientServicesMaxNumberOfOrphanedConnections" value="20" />
  <add key="ClientServicesCompressionThreshold" value="64" />
  <add key="MetadataProviderCacheSize" value="150" />
  <add key="ClientServicesMaxUploadSize" value="300" />
  <add key="EnableDebugging" value="false" />
  <add key="DebuggingAllowed" value="true" />
  <add key="ClientServicesMaxItemsInObjectGraph" value="512" />
  <add key="ClientServicesChunkSize" value="28" />
  <add key="ClientServicesProhibitedFileTypes" value="ade;adp;app;asp;bas;bat;chm;cmd;com;cpl;csh;exe;fxp;gadget;hlp;hta;inf;ins;isp;its;js;jse;ksh;lnk;mad;maf;mag;mam;maq;mar;mas;mat;mau;mav;maw;mda;mdb;mde;mdt;mdw;mdz;msc;msi;msp;mst;ops;pcd;pif;prf;prg;pst;reg;scf;scr;sct;shb;shs;url;vb;vbe;vbs;vsmacros;vss;vst;vsw;ws;wsc;wsf;wsh" />
  <add key="NASServicesStartupCodeunit" value="" />
  <add key="NASServicesStartupMethod" value="" />
  <add key="NASServicesStartupArgument" value="" />
  <add key="NASServicesEnableDebugging" value="false" />
  <add key="NASServicesRetryAttemptsPerDay" value="3" />
  <add key="ClientServicesCredentialType" value="NavUserPassword" />
  <add key="UIElementRemovalOption" value="LicenseFileAndUserPermissions" />
  <add key="ClientServicesTokenSigningKey" value="" />
  <add key="ClientServicesFederationMetadataLocation" value="" />
  <add key="AppIdUri" value="" />
  <add key="ServicesCertificateThumbprint" value="2403F04D046D537B3D26E19E4E91E90E8583640A" />
  <add key="ServicesCertificateValidationEnabled" value="true" />
  <add key="EnableSoftwareQualityMetrics" value="false" />
  <add key="DataCacheSize" value="9" />
  <add key="SessionEventTableRetainPeriod" value="3" />
  <add key="SqlCommandTimeout" value="00:30:00" />
  <add key="BufferedInsertEnabled" value="true" />
  <add key="DocumentServicesProvider" value="SHAREPOINTONLINE" />
  <add key="EnableFullALFunctionTracing" value="false" />
  <add key="Multitenant" value="false" />
  <add key="CloseInactiveSqlConnectionsGeneration" value="10" />
  <add key="EnableALServerFileAccess" value="true" />
  <add key="EnableStaticAssemblies" value="False" />
  <add key="ClientServicesIdleClientTimeout" value="MaxValue" />
  <add key="OrphanedConnectionPurgePeriod" value="00:01:00" />
  <add key="Binding" value="" />
  <add key="UseQueryForFind" value="False" />
  <add key="SqlParametersByOrdinal" value="True" />
  <add key="SqlConnectionTimeout" value="0:01:30" />
  <add key="SessionEventTablePurgeLookupPeriod" value="24:00:00" />
  <add key="CacheSynchronizationPeriod" value="0:00:30" />
  <add key="HeartbeatPeriod" value="0:00:30" />
  <add key="ResultSetGroupCacheUsesGlobalCache" value="True" />
  <add key="UseCalculatedFieldsCache" value="True" />
  <add key="UseResultSetCache" value="True" />
  <add key="EnableTempTableSizeReporting" value="False" />
</appSettings>


Tenants

Code:

<?xml version="1.0" encoding="utf-8"?>
<tenants />


Ich hoffe es hilft weiter. :)

Hi,

ist schon mal die halbe Miete

du hast deiner Service Instanz gesagt, nutze "localhost" als DB Server und verwende NAVUSERPASSWORD als Authentifizierung. Nun wenn Service Instanz und DB Server auf einer Umgebung sind sollte das sogar noch laufen. Jetzt bin ich mal gespannt, was du deinem (lokalen) Client mitgibst um selbigen zu finden (also die ClientUserSettings.config).

Mal sehen ob wir das dann auflösen können.

BG

Hallo defiant701,

zunächst einmal vielen vielen Dank für deinen Input! :)

Hier die gewünschte Datei:

Code:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <appSettings>
    <!--
      Name of the machine hosting the Microsoft Dynamics Nav Server to
      be connected to.
    -->
    <add key="Server" value="navcon.cloudapp.net"/>

    <!--
      The listening TCP port for the Microsoft Dynamics NAV Server.
      This is part of the server's URL.
      Valid range: 1-65535
    -->
    <add key="ClientServicesPort" value="9001"/>

    <!--
      Name of the Microsoft Dynamics NAV Server instance to connect
      to (for client).
    -->
    <add key="ServerInstance" value="navcon-ins01"/>

    <!--
      Id of the tenant  to connect to (for client).
    -->
    <add key="TenantId" value=""/>

    <!--
      The security services used to protect the client/server data stream.
      Valid options: EncryptAndSign, Sign, None
    -->
    <add key="ClientServicesProtectionLevel" value="EncryptAndSign"/>

    <!--
      Collection of past servers that have been connected to. This setting
      should not be edited by the user.
    -->
    <add key="UrlHistory" value=""/>

    <!--
      Threshold for when to start compressing data sets to avoid that they
      consume prohibitive amounts of memory.
    -->
    <add key="ClientServicesCompressionThreshold" value="64"/>

    <!--
      Sets the default size of a chunk, in KB. Should be a value between 4 and 80.
    -->
    <add key="ClientServicesChunkSize" value="28"/>

    <!--
      Sets the interval between reliable session keep alive messages in seconds.
      If the NAV Server sits behind a load balancer, set this value to approx. half of the load balancer's idle timeout.
    -->
    <add key="ClientServicesKeepAliveInterval" value="120"/>

    <!--
      The amount rows that will be handled when sending a number of records through xml to Word or Excel.
    -->
    <add key="MaxNoOfXMLRecordsToSend" value="5000"/>

    <!--
      Maximum image size (in bytes) allowed by validation.
    -->
    <add key="MaxImageSize" value="26214400"/>

    <!-- 
      The type of client credential used for authentication.
        Possible values:
           Windows              - Windows authentication is used, and client will connect with "current user"
                                  this user is expected to be the same and known to both server and client
                                  This is the default mode and is typically used on a LAN with Active Directory
                                  In this mode X.509 certificates are not used and options set below are ignored
           Username             - Windows authentication on the server. Client is expected to present username/password
                                  indentifying a windows user known (created) on the server.
                                  Typically the client will ask for these credentials and pass them to the server
                                  Certificates are used to protect the passing of credentials.
                                  This is typically used when only the server is part of an Active Directory, or
                                  when the client is not trusted, e.g. connection over a WAN/Internet
           NavUserPassword      - Authentication is managed by the server but not based on windows users.
                                  Client is expected to present username/password matching a user known to the server.
                                  Typically the client will ask for these credentials and pass them to the server
                                  Certificates are used to protect the passing of credentials.
                                  This mode is used in hosted environments e.g. Azure where the list of allowed users
                                  are maintained by NAV and not based on windows users.
           AccessControlService - Authentication for the Role-Tailored Client is handled by Windows Azure Access Control Service.
                                  An ACS namespace needs to be set up before. Also the Identity Providers need to be set up
                                  as well as the Relying Party representing the NAV Role-Tailored Client.
                                  To support ACS, you need to specify the ACS WS Federated authentication endpoint in the ACSUri.
    -->
    <add key="ClientServicesCredentialType" value="UserName"/>

    <!--
      Specifies the sign-in page that Microsoft Dynamics NAV redirects to when configured for Single Sign-On.
      For Azure AD (Office 365) authentication, the ACSUri setting has the following format:
            https://login.windows.net/<AAD TENANT ID>/wsfed?wa=wsignin1.0%26wtrealm=<APP ID URI>%26wreply=<APP RETURN URL>
         Where
            "<AAD TENANT ID>" is the ID of the Azure AD tenant, for example "CRONUSInternationLtd.onmicrosoft.com". Use "common" if the application  is configured as a multitenant Azure AD application.
            "<APP ID URI>" is the ID that was assigned to the Microsoft Dynamics NAV application when it was registered in Azure AD, for example "https://localhost/".
            "<APP RETURN URL>" is the reply URL that was assigned to the Microsoft Dynamics NAV application when it was registered in Azure AD, for example "https://localhost/".
      For ACS authentication, the ACSUri setting is a top level partition of ACS that is used to create the ACS tokens, for example "https://CRONUSInternationalLtd.accesscontrol.windows.net/v2/wsfederation?wa=wsignin1.0%26wtrealm=https%3a%2f%2flocalhost%2f"
      Remarks:
        - Notice the difference between ACS "wsfederation" and Azure AD "wsfed" resource
        - The query string parameter needs to be URI-encoded (use "%26" instead of "&").       
    -->
    <add key="ACSUri" value=""/>
   
    <!-- Settings for making sure we're connecting to an authenticated server, and that it's the server we want to connect to. -->

    <!--
      Specifies whether NTLM fallback is permitted when authentication of the server is not needed.
      Authentication of the server is only possible with kerberos.
      To require Kerberos authentication, set this value to false.
      This setting is only relevant if ClientServicesCredentialType is Windows.
    -->
    <add key="AllowNtlm" value="true"/>

    <!--
      Specifies whether the service requires an SPN from Active Directory.
      If true, the connection will only be made to a service with an SPN <ServerInstance>/<Server>:<ClientServicesPort>
      If false, the connection will be attempted to a service with or without an SPN.
      This setting is only used together with Kerberos authentication and ClientServicesCredentialType is Windows.
    -->
    <add key="ServicePrincipalNameRequired" value="False"/>

    <!--
      Indicate if you want to enforce validation of the certificate. 
      In a production environment this is strongly recommended.  (Default is true)

      When validation is enabled, the certificate needs to be trusted, not revoked and the CN name should
      match the URL of your service.

      When validation is disabled you can use a self-signed certificate with no revocation list and there
      are no constraint on the CN name
    -->
    <add key="ServicesCertificateValidationEnabled" value="true"/>

    <!--
      One of the initial checks when a client authenticates a server is to compare the value of the Subject field
      of the certificate to the Uniform Resource Identifier (URI) used to contact the service: the DNS of both must match.
      For example, if the URI of the service is "net.tcp://NavServer.com:7046/DynamicsNav/Service." then the Subject field
      of the certificate must also contain the value "NavServer.com".
      Most commonly, the Subject is prefixed with "CN" (for common name), e.g., "CN = NavServer.com", but it can also just be "NavServer.com".
      It is also possible for the Subject field to be blank, in which case the validation rules will be applied to the Subject Alternative Name field of the certificate.
      The DnsIdentity configuration settings can be used to associate an endpoint with the specified Dns name.
    -->
    <add key="DnsIdentity" value=""/>

    <!--
      Name of the Microsoft Dynamics NAV Help Server to connect
      to. The value of the "Server" setting is used as the default.
    -->
    <add key="HelpServer" value="navcon.cloudapp.net"/>

    <!--
      The listening TCP port for the Microsoft Dynamics NAV Help Server.
      Valid range: 1-65535
    -->
    <add key="HelpServerPort" value="49000"/>

    <!--
      Alternative product name for the Microsoft Dynamics NAV client.
      Refer to the license terms before changing the product name.
    -->
    <add key="ProductName" value=""/>

  </appSettings>
</configuration>


Viele Grüße

Du bist ein Genie!! Vielen Dank! :)

Einfach
<add key="ClientServicesCredentialType" value="UserName"/>
in
<add key="ClientServicesCredentialType" value="NavUserPassword"/>
ändern und es klappt. Er hat gar nicht nach dem NAV-User gesucht, daher auch die - korrekte - Fehlermeldung. :)

So da scheinen wir den Bösewicht schon zu haben:

Server: <add key="ClientServicesCredentialType" value="NavUserPassword" />
Client: <add key="ClientServicesCredentialType" value="UserName"/>

die sollten identisch sein.

BG