Error message when you start Business Portal on a workstation: "Error: Service principal name (SPN) for user 'domain\user' not found in Active Directory"

Symptoms

When you start Business Portal in Microsoft Dynamics GP or in Microsoft Dynamics SL on a workstation, you receive the following error message:

Error: Service principal name (SPN) for user ‘domain\user' not found in Active Directory

Cause

This issue occurs when the following conditions are true:

  • The virtual server is extended in SharePoint Central Administration.

  • Kerberos authentication is selected.

  • The Active Directory directory service is not configured to use Kerberos authentication.

Resolution

To resolve this issue, use NTLM authentication instead of Kerberos authentication.

Note If you must use Kerberos authentication, visit the following Microsoft Web site for more information:

http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx To enable NTLM authentication, follow these steps:

  1. On the server that is running Microsoft Internet Information Services (IIS), click Start, click Run, type cmd, and then click OK.

  2. At the command prompt, type the following command, and then press ENTER:

    cd Drive:\inetpub\adminscriptsNote Replace Drive with the name of the hard disk drive on which Windows Server 2003 is installed.

  3. At the command prompt, type the following command, and then press ENTER:

    cscript adsutil.vbs get w3svc/xx/NTAuthenticationProvidersNote Replace xx with the virtual server ID number. To determine the virtual server ID number, follow these steps:

    1. On the server that is running IIS, click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    2. Expand the computer name, expand Web Sites, right-click the Web site on which you installed Business Portal, and then click Properties.

    3. Click the Web Site tab, and then click Properties next to the Active Log Format box.

    4. Note the path and file name of the .log file. The path and file name are similar to the following:

      W3SVCxx\exyymmdd.logIn this path, xx represents the virtual server ID number.

  4. To enable NTLM authentication on the virtual server, type the following command at the command prompt, and then press ENTER:

    cscript adsutil.vbs set w3svc/xx/NTAuthenticationProviders "NTLM"Note Replace xx with the virtual server ID number that you noted in step 3.

  5. Restart IIS. To do this, follow these steps:

    1. Click Start, click Run, type cmd, and then click OK.

    2. At the command prompt, type iisreset, and then press ENTER.

    3. At the command prompt, type exit, and then press ENTER.

  6. Start Microsoft Internet Explorer on a workstation, and then type the following URL on the Address bar:

    http://xx/sites/businessportalNote Replace xx with the name of the server.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×