Microsoft Dynamics NAV 2013 R2 and VPN

I’m a believer of VPN for remote workers. It’s really useful for workers to be able to remotely connect to Microsoft Dynamics Nav as if working in the office. Although there is the web client, nothing beats the full client for usability.

I’ve used OpenVPN for a few projects in the past. I do like OpenVPN as it’s very powerful and also is extremely secure due the advanced encryption used. The downside is that it needs a separate client installing on the PC and it can be quite fiddly to set up. Most importantly, OpenVPN works an absolute dream with Dynamics NAV.

For a recent project, instead of using OpenVPN, I implemented L2TP/IPSec with fallback to PPTP. Although not as secure as OpenVPN, L2TP/IPSec is still pretty secure and is good for the majority of uses. The only issue I’ve had with this is accessing Nav through the VPN in Windows 8.1.

Nav was throwing the following error:

The Service Principle Name (Delegation) configuration has been set incorrectly.
Server connect URL: "net.tcp://{servername}:7046/DynamicsNAV71/Service".
SPN Identity:"DynamicsNAV/{servername}:7046"
A call to SSPI failed, see inner exception.

Additionally sometimes the following error was being thrown:

The program could not create a connection to the server.
Do you want to try again?

Very useful…!

After a lot of research and trial and error, I was able to identify that this issue is caused by the Username/Password combination used for VPN. Once the VPN connects, the credentials for the VPN was being used for the Kerberos authentication. As the VPN credentials where not those in Active Directory, this was obviously causing the issue.

VPN Microsoft Dynamics NavIn order to fix this issue, luckily a simple change to a file is required. Unfortunately this cannot be amended in the GUI.

To find this file, first browse to the following location:

%appdata%\Microsoft\Network\Connections\Pbk

Right click on the file “rasphone.pbk”, open with Notepad and look for the following line:

UseRasCredentials=1

This will be just below the name of the VPN connection in square brackets. For example if your VPN is called “Test”, your looking for “[Test]”.

This line needs amending to the following:

UseRasCredentials=0

After saving the file and connecting to the VPN again, Microsoft Dynamics Nav was working correctly.

3 thoughts on “Microsoft Dynamics NAV 2013 R2 and VPN

  1. Hello. Tell me please how you linked AD and OpenVPN, for user access to the NAV (finsql).
    Thank you

Leave a Reply