Apparently you have to turn off the property “Load User Profile” in the IIS application pool manually or you will be given the following error message:

Error accessing Website Microsoft Dynamics NAV 2017 Web Client
Type: Microsoft.Dynamics.Nav.Types.NavSecurityNegotiationException
Message: The Service Principal Name (Delegation) configuration has been set incorrectly. Server connect URL: “net.tcp://localhost:7046/DynamicsNAV365/Service”. SPN Identity: “DynamicsNAV/localhost:7046”
The X.509 certificate CN=XXXX, OU=PositiveSSL, OU=Domain Control Validated is not in the trusted people store. The X.509 certificate CN=XXXX, OU=PositiveSSL, OU=Domain Control Validated chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation because the revocation server was offline.

My colleague discovered this error and it took him a couple of hours until he stumbeled across the solution on the net.

What you need to do is open IIS Manager. Open Advanced settings on Application Pools / Micorsoft Dynamics NAV 2017 Web Client Application Pool. Locate Process Model/Load User Profile and make sure it is set to False (Default is true).

Credits to Carlos Andreu and Gert Lynge who first documented it.