Setting up a 3-tier RTC development environment. We’re currently on the 2009 classic client and are upgrading to RTC.
I’ve configured the whole setup per the walkthrough but the delegation isn’t working.
Here’s the setup:
RTC - my machine
APP_Server - runs the Nav App server, service is running under the domain account MyDomain\DomainAccount1
DB_Server - running SQL 2008, Service is MSSQLSVC, Database Instance is MSSQLSvc, also running under MyDomain\DomainAccount1
SPN’s registered on the MyDomain\DomainAccount1 user:
MSSQLSvc/DB_Server:1433
MSSQLSvc/DB_Server.ourdomain.org:1433
DynamicsNAV/APP_Server:7046
DynamicsNAV/APP_Server.ourdomain.org:7046
AD Delegation setup for MyDomain\DomainAccount1 user:
Trust this user for delegation to the specified services only
Use Kerberos only selected
Service Type: MSSQLSvc
User Or Computer: DB_Server.ourdomain.org
Port:1433
When I start the RTC, I get the error:
The Login failed when connecting to SQL Server DB_Server\MSSQLSvc
On the DB Server, I see this in the application log:
Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON’. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.70.251.69]
The client listed is the APP_Server.
I downloaded Kerbtray and checked my machine (the RTC machine) and there are tickets from the APP_Server, but the flag for “OK for Delegation” is not checked…??
Where am I going wrong here? I think it might be the SPN for SQL. The Service Type in the AD delegation setup matches the SQL Server Service Name, which also happens to match the instance with the Demo database. Not sure if it’s the wrong type.
Any ideas??