Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

When you start Business Portal in Microsoft Dynamics GP or in Microsoft Dynamics SL on a workstation, you receive the following error message:

Error: Service principal name (SPN) for user ‘domain\user' not found in Active Directory

Cause

This issue occurs when the following conditions are true:

  • The virtual server is extended in SharePoint Central Administration.

  • Kerberos authentication is selected.

  • The Active Directory directory service is not configured to use Kerberos authentication.

Resolution

To resolve this issue, use NTLM authentication instead of Kerberos authentication.

Note If you must use Kerberos authentication, visit the following Microsoft Web site for more information:

http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx To enable NTLM authentication, follow these steps:

  1. On the server that is running Microsoft Internet Information Services (IIS), click Start, click Run, type cmd, and then click OK.

  2. At the command prompt, type the following command, and then press ENTER:

    cd Drive:\inetpub\adminscriptsNote Replace Drive with the name of the hard disk drive on which Windows Server 2003 is installed.

  3. At the command prompt, type the following command, and then press ENTER:

    cscript adsutil.vbs get w3svc/xx/NTAuthenticationProvidersNote Replace xx with the virtual server ID number. To determine the virtual server ID number, follow these steps:

    1. On the server that is running IIS, click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    2. Expand the computer name, expand Web Sites, right-click the Web site on which you installed Business Portal, and then click Properties.

    3. Click the Web Site tab, and then click Properties next to the Active Log Format box.

    4. Note the path and file name of the .log file. The path and file name are similar to the following:

      W3SVCxx\exyymmdd.logIn this path, xx represents the virtual server ID number.

  4. To enable NTLM authentication on the virtual server, type the following command at the command prompt, and then press ENTER:

    cscript adsutil.vbs set w3svc/xx/NTAuthenticationProviders "NTLM"Note Replace xx with the virtual server ID number that you noted in step 3.

  5. Restart IIS. To do this, follow these steps:

    1. Click Start, click Run, type cmd, and then click OK.

    2. At the command prompt, type iisreset, and then press ENTER.

    3. At the command prompt, type exit, and then press ENTER.

  6. Start Microsoft Internet Explorer on a workstation, and then type the following URL on the Address bar:

    http://xx/sites/businessportalNote Replace xx with the name of the server.

Facebook LinkedIn Email

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×