Nav 2009 RTC 3-tier delegation issue

Setting up a 3-tier RTC development environment. We’re currently on the 2009 classic client and are upgrading to RTC.

I’ve configured the whole setup per the walkthrough but the delegation isn’t working.

Here’s the setup:

RTC - my machine
APP_Server - runs the Nav App server, service is running under the domain account MyDomain\DomainAccount1
DB_Server - running SQL 2008, Service is MSSQLSVC, Database Instance is MSSQLSvc, also running under MyDomain\DomainAccount1

SPN’s registered on the MyDomain\DomainAccount1 user:

MSSQLSvc/DB_Server:1433
MSSQLSvc/DB_Server.ourdomain.org:1433

DynamicsNAV/APP_Server:7046
DynamicsNAV/APP_Server.ourdomain.org:7046

AD Delegation setup for MyDomain\DomainAccount1 user:

Trust this user for delegation to the specified services only

Use Kerberos only selected

Service Type: MSSQLSvc

User Or Computer: DB_Server.ourdomain.org

Port:1433

When I start the RTC, I get the error:

The Login failed when connecting to SQL Server DB_Server\MSSQLSvc

On the DB Server, I see this in the application log:

Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON’. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.70.251.69]

The client listed is the APP_Server.

I downloaded Kerbtray and checked my machine (the RTC machine) and there are tickets from the APP_Server, but the flag for “OK for Delegation” is not checked…??

Where am I going wrong here? I think it might be the SPN for SQL. The Service Type in the AD delegation setup matches the SQL Server Service Name, which also happens to match the instance with the Demo database. Not sure if it’s the wrong type.

Any ideas??

It is likely a SPN issue, but couldn’t tell you exactly what.