Setting Up SSL for Web Services on Dynamics NAV 2009 R2 and Server 2008 R2

Published by Michael Wong on March 31, 2015 - 10:00pm

NOTE: For the purposes of explaining we will be using the port 7047; however, you can use any port configured for your Web Service.

Requirements

·         Existing Microsoft Dynamics NAV Web Services

·         SSL Certificate installed in Personal Certificates

·         Administrative rights to server

Configure Web Service to use SSL

1.     Run notepad As Administrator and open theCustomSettings.config file on the computer where the Microsoft Dynamics NAV Server is installed. The default location is:

“C:\Program Files\Microsoft Dynamics NAV\Service\CustomSettings.config”

2.     Locate the key:

false">

and change the value from false to true

true">

3.     Open the Services Snap In by going to Administrative Tools > Services.

4.     Restart the Microsoft Dynamics NAV Business Web Services service.

Import the SSL Certificate into the local computer store

If you already have the Certificates Snap-In, open the certificates Snap In and skip to step 8.

1.     Go to the Start menu and click Run.

2.     Type mmc and click OK.

3.     On the File menu, click Add/Remove Snap-in.

4.     Locate the Certificates Snap-In and click Add.

5.     Select Computer Account and click Finish.

6.     Select Local Computer and click Finish.

7.     Click OK to close the Add or Remove Snap-ins window.

8.     In the left pane of the console, expand Certificates (Local Computer).

9.     Right Click on Personal and click Import.

10.  When the wizard opens click Next.

11.  Browse to your certificate and click Next.

12.  If the certificate has a password enter it and click Next

13.  Select Place all certificates in the following store and click Next.

14.  Click Finish then OK to confirm that the import was successful.

Obtain the Certificate’s Thumbprint

1.     In the Certificates snap-in, expand the Personal folder and select Certificates.

2.     Locate the certificate you wish to use and double-click it.

3.     In the certificate window, click on Details.

4.     In the Details pane, scroll down to find the Thumbprint field.

5.     Copy the text to a text editor and remove all spaces. Save this for later

Figure 1. Certificate window with Details pane displayed and the Thumbprint field highlighted.
 

Configure the server’s Access Control List and the Web Services Port

1.     Open a command prompt window with elevated (administrative) rights.

2.     If the service is already running and configured, you will need to remove its entries.

3.     Run the following command to show all port mappings for the server:
netsh http show urlacl

4.     The system should return a list of ports and you should see one registered to DynamicsNAV:http://+:7047/DynamicsNAV/

Figure 2. The + after the http signifies localhost

5.     You will need to delete all entries associated with the port for DynamicsNAV. In the example above you see both http://+:7047/ and http://+:7047/DynamicsNAV.

Both will need to be removed.

6.     Remove them by using the following command:

netsh http delete urlacl url={your url here}

Replace the highlighted text with the url from the previous command, e.g., http://+:7047/

7.     You will now need to register the service back with a URL using https.  Run the following command to add the base service:

netsh http add urlacl url=https://+:7047/ sddl=D:(A;;GX;;;NS)(A;;GX;;;BA)

If your port is not 7047, you can adjust the URL to your needs. Make sure that the https is set in the url.

8.     Run the following command to register the DynamicsNAV web service port:

netsh http add urlacl url=https://+:7047/DynamicsNAV/ user={your service username}

Replace the highlighted portion with your service user account e.g. CONTUSO\navservices

Notice that to register the base port, I used “sddl,” and for the Web Service Port, I used “user.” You can use “sddl” for both; however, in order to do so, you will need to get the active directory SID of the user. The format will be as follows:

D:(A;;GX;;;{user SID here})

Configure the port to use the SSL Certificate

1.     Verify that the port you wish to use does not already have an SSL certificate assigned to it by typing the following:

netsh http show sslcert

2.     If you see any entry where the IP:port is bound to the same port as your Web Service, you will want to remove it by typing the following:

netsh http delete sslcert ipport=0.0.0.0:{your port here}

3.     Register your SSL certificate to your Web Service port with the following:

netsh http add sslcert ipport=0.0.0.0:{your port here} certhash={certificate thumbnail here} appid={00000000-0000-6002-0022-0000836BD2D2}

Make sure to change the highlighted areas with your appropriate information. The appID is any valid GUID in your system. The example above is the GUID for the NAV Server.

4.     Restart the Microsoft Dynamics NAV Business Web Services service.

5.     Test the service by going to the following address in your web browser:

https://localhost:7047/DynamicsNAV/WS/Services

Source: http://www.archerpoint.com/blog/Posts/setting-ssl-web-services-nav-2009-r2-and-server-2008-r2?utm_source=linkedin&utm_medium=social&utm_content=Oktopost-linkedin-group&utm_campaign=Oktopost-2015-04+General+Campaign

How to open a restored SQL backup in a different Network (pc)

You may have come across situations where you need to open a MS SQL backup file in a new environment. For example, you may have taken the MS SQL Database Backup from your client location. Now you may need to restore it your local pc and open the database using your NAV 2015 client. These are the steps that you need to follow;

•   Restore the database
•  Open the following table using SQL Server Management Studio and delete all existing data.  (Obviously, the Windows User Account names available in the tables need not be using anymore)

            Access Control

            User
            User Metadata
            User Property

•  Setup the new database by configuring the CustomSettings.xml file and run the RTC Client. In  other  words now you can open the database without any issues. You may now create  whatever the new  accounts using your RTC client.