Could not register the Service Principal Name (SPN)

Recently I checked my SQL Server Error Logs. Quite some interesting information in my opinion, however I also found this message:

Date  25-7-2017 18:26:41
Log  SQL Server (Archive #3 – 25-7-2017 18:34:00)
Source  Server

The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/SQL01.contoso.lan:NAV ] for the SQL Server service. Windows return code: 0x200b, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.

What’s this message about?
It cleary indicates thats SQL Server couldn’t register SPN’s. I’m running SQL Server under a ‘Virtual’ account so that should be the cause of the ‘error’.

From security perspective it is recommend to run SQL Server under the least privileged account: a virtual of MSA. For more information please go to Microsoft Docs.

In order to use Kerberos authentication with SQL Server there are some conditions to be met:

– The client and server computers should be in the same domain or trusted (2 way)  domains.
– SPN’s must be registered for SQL Server

In theory I can’t connect to my SQL Server using Kerberos authentication so why I’m still able to connect to my SQL Server? What kind of authentication is being used? Even other services from other machines are still able to connect (like Microsoft Dynamics NAV). In order to get an answer you could query SQL Server. With this query you’re able to view what kind of authentication scheme is being used:

select session_id,net_transport,client_net_address,auth_scheme from sys.dm_exec_connections

It turns out that Microsoft Dynamics NAV for example is falling back to Ntlm, intereseting… So let’s fix the SPN, restart SQL Server and look what’s happening? Now Microsoft Dynamics NAV 2017 is also connected to SQL Server but instead of Ntlm it is using Kerberos now.

In order to fix the SPN problem I manually registered the SPN in Active Directory (on the SQL Computeraccount). The errorlog states two SPN’s couldn’t be registered:


For your information: I’m running SQL Server in a named instance called ‘NAV’ using Dynamic Ports. If you’re running SQL Server in the default instance on TCP Port 1433 the SPN’s are a little bit different. Please keep this in mind!

How to setup a Dynamics NAV Cluster

How to setup a Dynamics NAV Cluster

Windows Server 2012 R2 includes a builtin Network Load Balancer feature. The load balancer inspects the destination address of an incoming packet and forward its to a clusternode.



Multihomed Network Routing

Open cmd

Get int index Route print

Route-p add ip mask 255. Metric 1 if 12

Install NLB


Create an NLB Cluster

Add second node

ServerInstance Administration with PowerShell

In Microsoft Dynamics NAV 2017 there a  couple of Cmdlets to administer server instances:


In order to run these Cmdlets we need to start ‘PowerShell ISE’ as an Administrator. Now import the NAV Administration module in order to use the NAV PowerShell Cmdlets.

I will show you how to perform the following tasks:

  • Show current instances
  • Create a new instance
  • Configure your newly created instance
  • Remove your created instance

For these tasks to accomplish you must use the following Cmdlets in your PowerShell ISE like this:

Show all created server instances:


Create a new server instance like this:

New-NAVServerInstance -ServerInstance 'NST2017-Demo' -ManagementServicesPort 7045 -ClientServicesPort 7046 -SOAPServicesPort 7047 -ODataServicesPort 7048

Please note: if you omit a non-mandatory parameter for example ‘SOAPServicesPort’ then SOAP services will be disabled on this Server Instance. The server instance will run under the NETWORK SERVICE account. There are some other parameters to specify more information like:

  • MultiTenant
  • DatabaseServer
  • DatabaseInstance
  • DatabaseName
  • ServiceAccount

There are more parameters but they are used lesser in my opinion. Detailed information about this Cmdlet can be found on MSDN – Developer and IT Pro Help for Microsoft Dynamics NAV.

So one more example. In order to create a server instance that runs under a service account you could use the following Cmdlets:

$ServiceAccountCredential = Get-Credential
New-NAVServerInstance -ServerInstance 'NST2017-Demo' -ManagementServicesPort 7045 -ClientServicesPort 7046 -SOAPServicesPort 7047 -ODataServicesPort 7048 -ServiceAccount User -ServiceAccountCredential $ServiceAccountCredential

This will show the Windows credentials screen where you can enter a username and password. In some cases this is very handy right? In same cases not. So what if you want to hardcode the username and password? This way you don’t have to type in the credentials if you need to create a couple of Server Instances. In order to accomplish we need to create a PSCredential object (New-Object Cmdlet). An example:

$SecurePassword = ConvertTo-SecureString 'YourPassword' -AsPlainText -Force
$ServiceAccountCredential = New-Object System.Management.Automation.PSCredential ("ServiceAccountUsername”, $SecurePassword)
New-NAVServerInstance -ServerInstance 'NST2017-Demo' -ManagementServicesPort 7045 -ClientServicesPort 7046 -SOAPServicesPort 7047 -ODataServicesPort 7048 -ServiceAccount User -ServiceAccountCredential $ServiceAccountCredential

To remove a server instance just type:

$ServerInstance = 'NST2017-Demo'
Remove-NAVServerInstance -ServerInstance $ServerInstance

I like to add the ‘Verbose’ parameter to my Cmdlets. This will output verbose messages and gives more feedback:




Cumulative Update 3 for Microsoft Dynamics NAV 2017 has been released

Microsoft just released Cumulative Update 3. This update includes application and platform hotfixes that have been released for Microsoft Dynamics NAV 2017. This Microsoft Support page shows what has been fixed.

You can download the update from KB 4011763 – Cumulative Update 3 for Microsoft Dynamics NAV 2017 (Build 15140) directly from Microsoft. Now you don’t need an account anymore in order to download the CU. Just select your country in the list for a direct download from the Microsoft Download Center.

Download Microsoft Dynamics NAV 2017

Before you install a cumulative update in a production environment, take the following precautions:

  • First deploy the cumulative update in a non-production environment.
  • Always make a SQL backup in order to have a rollback scenario.

For information about how to install the cumulative update, see How to How to install a Microsoft Dynamics NAV 2017 Cumulative Update

Company Administration in Powershell

In Microsoft Dynamics NAV 2017 there a currently five Cmdlets to administer companies:


In order to run these Cmdlets we need to start ‘PowerShell ISE’ as an Administrator. Now import the NAV Administration module in order to use the NAV PowerShell Cmdlets.

I will show you how to perform the following tasks:

  • Show all companies
  • Copy a company
  • Rename a company
  • Create a new company
  • Delete the new company

For these tasks to accomplish you must use the following Cmdlets:

Import-Module 'C:\Program Files\Microsoft Dynamics NAV\100\Service\NavAdminTool.ps1'
$ServerInstance = 'NST2017RTM' # Modify to the name of your server instance
Get-NAVCompany -ServerInstance $ServerInstance # Show all companies
Copy-NAVCompany -ServerInstance $ServerInstance -SourceCompanyName 'CRONUS Nederland BV' -DestinationCompanyName 'CRONUS International' # Copy an existing company to a new company
Rename-NAVCompany -ServerInstance $ServerInstance -CompanyName 'CRONUS International' -NewCompanyName 'CRONUS Worldwide Enterprises' # Rename the copied company
New-NAVCompany -ServerInstance $ServerInstance -CompanyName 'CRONUS Europe' # Create a new company
Remove-NAVCompany -ServerInstance $ServerInstance -CompanyName 'CRONUS Europe' # Delete a company

If you are operating NAV in a Multi-Tenant setup then you must also specify the Tenant parameter. The ServerInstance parameter is mandatory for all Company Cmdlets.

Of course it’s also possible to accomplish this in the NAV Client:



Are you sure your service is the only one listening to port 13000?

Run netstat -noa | find “13000” before starting your program to identify which process has port 13000 open. The number in the far right-hand column will be the process ID.

Then run tasklist | find “<pid>” where is the ID of the process from the previous command. This will tell you which process has 13000 open.

How to install the NAV Web Client (Web Server Components)

In this article I will explain how to install the Web Server Components for Dynamics NAV 2016.

High-level steps:

1. Install the ‘Web Server Components’ from the Dynamics NAV DVD.
2. Start your internet browser and go to http://localhost:8080.

More detailed steps:
1. Install the ‘Web Server Components’ from the Dynamics NAV DVD.
a. Start Setup.exe from the NAV DVD. Choose Custom and Select the option ‘Web Server Components’:


Click Next and leave all settings unchanged:


Some of the components that now will be installed:

– IIS Web Server
– IIS URL Rewrite Module 2
– Microsoft Dynamics NAV 2016 Web Client
– Language Module for the Microsoft Dynamics NAV 2016 Web Client

2. Start your internet browser and go to http://localhost:8080
a. Start ‘Internet Explorer’ and type in the URL: http://localhost:8080 You will now see the following:


b. You must add the name of your default service tier (NAV Instance) to the URL.

In my case it is ‘NST90Test’ so the URL will be:




If you want to simulate a Tablet Client in your browser go to http://localhost:8080/NST90Test/tablet.aspx
If you want to simulate a Phone Client in your browser go to http://localhost:8080/NST90Test/phone.aspx

The steps in this article only work if you install the Web Server Components on the same machine as your Dynamics NAV Server. The steps are quite easy in my opinion. Want to install the Web Client on another server? Then additional configuration is needed. You can find more info about it on MSDN ‘Walkthrough: Installing the Microsoft Dynamics NAV Web Server Components on Three Computers‘. If you install the NAV App on your tablet or smartphone it will not work because certificates are mandatory and more configuration is required then. Keep checking this site for more information about how to accomplish these things! More info will be added regularly.