SystemService (Dynamics NAV Webservices)

In Microsoft Dynamics NAV the company name is part of the URL when you access published webservices. The ‘SystemService’ webservice allows you to retrieve the names of available companies. Even when you publish no webservices in Microsoft Dynamics NAV 2017 there is still this ‘builtin’ webservice that you can access. So let’s try it out! I took a look at the WSDL (Web Services Description Language). After looking at the WSDL I constructed a SOAP request like this:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sys="urn:microsoft-dynamics-schemas/nav/system/">
 <soapenv:Header/>
 <soapenv:Body>
 <sys:Companies/>
 </soapenv:Body>
</soapenv:Envelope>

I did sent this SOAP request to the NAV Service which is configured to allow SOAP Services. As a response I got a list of all the NAV companies:

<Soap:Envelope xmlns:Soap="http://schemas.xmlsoap.org/soap/envelope/">
 <Soap:Body>
 <Companies_Result xmlns="urn:microsoft-dynamics-schemas/nav/system/">
 <return_value>Company A</return_value>
 <return_value>Company B</return_value>
 <return_value>Company C</return_value>
 </Companies_Result>
 </Soap:Body>
</Soap:Envelope>

You could use these company names in your webservice URL to work with specific company data.

Advertisements

Could not register the Service Principal Name (SPN)

Recently I checked my SQL Server Error Logs. Quite some interesting information in my opinion, however I also found this message:

Date  25-7-2017 18:26:41
Log  SQL Server (Archive #3 – 25-7-2017 18:34:00)
Source  Server

Message
The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/SQL01.contoso.lan:NAV ] for the SQL Server service. Windows return code: 0x200b, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.

What’s this message about?
It cleary indicates thats SQL Server couldn’t register SPN’s. I’m running SQL Server under a ‘Virtual’ account so that should be the cause of the ‘error’.

From security perspective it is recommend to run SQL Server under the least privileged account: a virtual of MSA. For more information please go to Microsoft Docs.

In order to use Kerberos authentication with SQL Server there are some conditions to be met:

– The client and server computers should be in the same domain or trusted (2 way)  domains.
– SPN’s must be registered for SQL Server

In theory I can’t connect to my SQL Server using Kerberos authentication so why I’m still able to connect to my SQL Server? What kind of authentication is being used? Even other services from other machines are still able to connect (like Microsoft Dynamics NAV). In order to get an answer you could query SQL Server. With this query you’re able to view what kind of authentication scheme is being used:

select session_id,net_transport,client_net_address,auth_scheme from sys.dm_exec_connections

It turns out that Microsoft Dynamics NAV for example is falling back to Ntlm, intereseting… So let’s fix the SPN, restart SQL Server and look what’s happening? Now Microsoft Dynamics NAV 2017 is also connected to SQL Server but instead of Ntlm it is using Kerberos now.

In order to fix the SPN problem I manually registered the SPN in Active Directory (on the SQL Computeraccount). The errorlog states two SPN’s couldn’t be registered:

MSSQLSvc/SQL01.contoso.lan:NAV
MSSQLSvc/SQL01.contoso.lan:49753

For your information: I’m running SQL Server in a named instance called ‘NAV’ using Dynamic Ports. If you’re running SQL Server in the default instance on TCP Port 1433 the SPN’s are a little bit different. Please keep this in mind!

How to setup a Dynamics NAV Cluster

How to setup a Dynamics NAV Cluster

Windows Server 2012 R2 includes a builtin Network Load Balancer feature. The load balancer inspects the destination address of an incoming packet and forward its to a clusternode.

Picture:

 

Multihomed Network Routing

Open cmd

Get int index Route print

Route-p add ip mask 255. Metric 1 if 12

Install NLB

NLB
RSAT-NLB

Create an NLB Cluster

Add second node

ServerInstance Administration with PowerShell

In Microsoft Dynamics NAV 2017 there a  couple of Cmdlets to administer server instances:

Get-NAVServerInstance
New-NAVServerInstance
Remove-NAVServerInstance
Set-NAVServerInstance

In order to run these Cmdlets we need to start ‘PowerShell ISE’ as an Administrator. Now import the NAV Administration module in order to use the NAV PowerShell Cmdlets.

I will show you how to perform the following tasks:

  • Show current instances
  • Create a new instance
  • Configure your newly created instance
  • Remove your created instance

For these tasks to accomplish you must use the following Cmdlets in your PowerShell ISE like this:

Show all created server instances:

get-navserverinstance

Create a new server instance like this:

New-NAVServerInstance -ServerInstance 'NST2017-Demo' -ManagementServicesPort 7045 -ClientServicesPort 7046 -SOAPServicesPort 7047 -ODataServicesPort 7048

Please note: if you omit a non-mandatory parameter for example ‘SOAPServicesPort’ then SOAP services will be disabled on this Server Instance. The server instance will run under the NETWORK SERVICE account. There are some other parameters to specify more information like:

  • MultiTenant
  • DatabaseServer
  • DatabaseInstance
  • DatabaseName
  • ServiceAccount

There are more parameters but they are used lesser in my opinion. Detailed information about this Cmdlet can be found on MSDN – Developer and IT Pro Help for Microsoft Dynamics NAV.

So one more example. In order to create a server instance that runs under a service account you could use the following Cmdlets:

$ServiceAccountCredential = Get-Credential
New-NAVServerInstance -ServerInstance 'NST2017-Demo' -ManagementServicesPort 7045 -ClientServicesPort 7046 -SOAPServicesPort 7047 -ODataServicesPort 7048 -ServiceAccount User -ServiceAccountCredential $ServiceAccountCredential

This will show the Windows credentials screen where you can enter a username and password. In some cases this is very handy right? In same cases not. So what if you want to hardcode the username and password? This way you don’t have to type in the credentials if you need to create a couple of Server Instances. In order to accomplish we need to create a PSCredential object (New-Object Cmdlet). An example:

$SecurePassword = ConvertTo-SecureString 'YourPassword' -AsPlainText -Force
$ServiceAccountCredential = New-Object System.Management.Automation.PSCredential ("ServiceAccountUsername”, $SecurePassword)
New-NAVServerInstance -ServerInstance 'NST2017-Demo' -ManagementServicesPort 7045 -ClientServicesPort 7046 -SOAPServicesPort 7047 -ODataServicesPort 7048 -ServiceAccount User -ServiceAccountCredential $ServiceAccountCredential


To remove a server instance just type:

$ServerInstance = 'NST2017-Demo'
Remove-NAVServerInstance -ServerInstance $ServerInstance

I like to add the ‘Verbose’ parameter to my Cmdlets. This will output verbose messages and gives more feedback:

verbose-output-in-nav-cmdlets

 

 

Cumulative Update 3 for Microsoft Dynamics NAV 2017 has been released

Microsoft just released Cumulative Update 3. This update includes application and platform hotfixes that have been released for Microsoft Dynamics NAV 2017. This Microsoft Support page shows what has been fixed.

You can download the update from KB 4011763 – Cumulative Update 3 for Microsoft Dynamics NAV 2017 (Build 15140) directly from Microsoft. Now you don’t need an account anymore in order to download the CU. Just select your country in the list for a direct download from the Microsoft Download Center.

Download Microsoft Dynamics NAV 2017

Before you install a cumulative update in a production environment, take the following precautions:

  • First deploy the cumulative update in a non-production environment.
  • Always make a SQL backup in order to have a rollback scenario.

For information about how to install the cumulative update, see How to How to install a Microsoft Dynamics NAV 2017 Cumulative Update

Company Administration in Powershell

In Microsoft Dynamics NAV 2017 there a currently five Cmdlets to administer companies:

Copy-NAVCompany
Get-NAVCompany
New-NAVCompany
Remove-NAVCompany
Rename-NAVCompany

In order to run these Cmdlets we need to start ‘PowerShell ISE’ as an Administrator. Now import the NAV Administration module in order to use the NAV PowerShell Cmdlets.

I will show you how to perform the following tasks:

  • Show all companies
  • Copy a company
  • Rename a company
  • Create a new company
  • Delete the new company

For these tasks to accomplish you must use the following Cmdlets:

Import-Module 'C:\Program Files\Microsoft Dynamics NAV\100\Service\NavAdminTool.ps1'
$ServerInstance = 'NST2017RTM' # Modify to the name of your server instance
Get-NAVCompany -ServerInstance $ServerInstance # Show all companies
Copy-NAVCompany -ServerInstance $ServerInstance -SourceCompanyName 'CRONUS Nederland BV' -DestinationCompanyName 'CRONUS International' # Copy an existing company to a new company
Rename-NAVCompany -ServerInstance $ServerInstance -CompanyName 'CRONUS International' -NewCompanyName 'CRONUS Worldwide Enterprises' # Rename the copied company
New-NAVCompany -ServerInstance $ServerInstance -CompanyName 'CRONUS Europe' # Create a new company
Remove-NAVCompany -ServerInstance $ServerInstance -CompanyName 'CRONUS Europe' # Delete a company

If you are operating NAV in a Multi-Tenant setup then you must also specify the Tenant parameter. The ServerInstance parameter is mandatory for all Company Cmdlets.

Of course it’s also possible to accomplish this in the NAV Client:

company-administration

 

Are you sure your service is the only one listening to port 13000?

Run netstat -noa | find “13000” before starting your program to identify which process has port 13000 open. The number in the far right-hand column will be the process ID.

Then run tasklist | find “<pid>” where is the ID of the process from the previous command. This will tell you which process has 13000 open.