I’m a believer of VPN for remote workers. It’s really useful for workers to be able to remotely connect to Microsoft Dynamics Nav as if working in the office. Although there is the web client, nothing beats the full client for usability.
I’ve used OpenVPN for a few projects in the past. I do like OpenVPN as it’s very powerful and also is extremely secure due the advanced encryption used. The downside is that it needs a separate client installing on the PC and it can be quite fiddly to set up. Most importantly, OpenVPN works an absolute dream with Dynamics NAV.
For a recent project, instead of using OpenVPN, I implemented L2TP/IPSec with fallback to PPTP. Although not as secure as OpenVPN, L2TP/IPSec is still pretty secure and is good for the majority of uses. The only issue I’ve had with this is accessing Nav through the VPN in Windows 8.1.
Nav was throwing the following error:
The Service Principle Name (Delegation) configuration has been set incorrectly. Server connect URL: "net.tcp://{servername}:7046/DynamicsNAV71/Service". SPN Identity:"DynamicsNAV/{servername}:7046" A call to SSPI failed, see inner exception.
Additionally sometimes the following error was being thrown:
The program could not create a connection to the server. Do you want to try again?
Very useful…!
After a lot of research and trial and error, I was able to identify that this issue is caused by the Username/Password combination used for VPN. Once the VPN connects, the credentials for the VPN was being used for the Kerberos authentication. As the VPN credentials where not those in Active Directory, this was obviously causing the issue.
In order to fix this issue, luckily a simple change to a file is required. Unfortunately this cannot be amended in the GUI.
To find this file, first browse to the following location:
%appdata%\Microsoft\Network\Connections\Pbk
Right click on the file “rasphone.pbk”, open with Notepad and look for the following line:
UseRasCredentials=1
This will be just below the name of the VPN connection in square brackets. For example if your VPN is called “Test”, your looking for “[Test]”.
This line needs amending to the following:
UseRasCredentials=0
After saving the file and connecting to the VPN again, Microsoft Dynamics Nav was working correctly.
Hello. Tell me please how you linked AD and OpenVPN, for user access to the NAV (finsql).
Thank you
Hi,
I’ve never had the need to set up LDAP integration for OpenVPN connections, however the following guide could be useful?
OpenVPN – How To Authenticate Users With Active Directory
Johnathan
Hello, thank you very much. Have a nice day.
Just had the same issue following a Sophos XG FW update, no changes to the clients. Used this fix and it worked. Thank you!!