If you come from the Dynamics NAV community you probably have seen the blog post from one of my favorite bloggers: Port Sharing with NAV2013. This blog describes in detail on how to set up port sharing to several NAV service tiers (NST).
So what is new then? If you run the 1VM/2VM script it will by default install a NST service with a local user account instead of using one of the system accounts. So if you follow Waldo´s instructions on how activate port sharing you will get an error like this:
The service MicrosoftDynamicsNavServer$DynamicsNAV80_Instance1 failed to start. This could be caused by a configuration error. Detailed error information:System.ServiceModel.CommunicationException: The service endpoint failed to listen on the URI ‘net.tcp://SERVERNAME:9001/DynamicsNAV80_Instance1/Service’ because access was denied. Verify that the current user is granted access in the appropriate allowAccounts section of SMSvcHost.exe.config. —> System.ComponentModel.Win32Exception: Access is denied
at System.ServiceModel.Activation.SharedMemory.Read(String name, String& content)
The reason for this is that you are not using a system account
By default, permission to use the port sharing service is granted to system accounts (LocalService, LocalSystem, and NetworkService) as well as members of the Administrators group. Applications that allow a process running as another identity (for example, a user identity) to connect to the port sharing service must explicitly add the appropriate SID to the SMSvcHost.exe.config (these changes are not applied until the SMSvc.exe process is restarted).
Source:Configuring the Net.TCP Port Sharing Service
So why have Microsoft done so that the default installation uses a none system account? Lets look at their instructions.
We recommend that you create a domain user account for running Microsoft Dynamics NAV Server. The Network Service account is considered less secure because it is a shared account that can be used by other unrelated network services. Any users who have rights to this account have rights to all services that are running on this account. If you create a domain user account to run Microsoft Dynamics NAV Server, you can use the same account to run SQL Server, whether or not SQL Server is on the same computer
Source: Provisioning the Microsoft Dynamics NAV Server Account
Ok, now we know that and if we think about creating more services they recommend the following:
If there is more than one Microsoft Dynamics NAV Server instance on the virtual machine, then you should create a separate service account for every instance.
Source: Security and Protection for Microsoft Dynamics NAV on Windows Azure
So how do we fix our problem then? I recommend you follow the steps in these guides and look at Gunnars blog post below.
Waldo has now done a blog post on how to do port sharing with powershell which you can read here.
On top of that Gunnar has done a blog post on how to update SmSvcHost.exe.config with powershell! 🙂
Net.TCP Port Sharing