Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AL Designer 10.0.687650 - Windows Authentication error #7189

Closed
aldovanamersfoort opened this issue Oct 4, 2022 · 18 comments
Closed

AL Designer 10.0.687650 - Windows Authentication error #7189

aldovanamersfoort opened this issue Oct 4, 2022 · 18 comments
Labels
accepted ships-in-future-update The issue is fixed in our 'master' branch and will ship in the next PREVIEW release vscode-integration

Comments

@aldovanamersfoort
Copy link

aldovanamersfoort commented Oct 4, 2022
edited

AL Designer 10.0.687650 is giving a error on download symbols on windows authentication endpoint. Downgrading to v9.5.674382 solves the error. Windows authentication in webclient works as intended so problem must be with ALD release.

Processing of message 'al/downloadSymbols' failed with error: 'The target principal name is incorrect.'
Details:
System.ComponentModel.Win32Exception (0x80090322): The target principal name is incorrect.
at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatusPal& statusCode)
at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at Microsoft.Dynamics.Nav.Deployment.Telemetry.TelemetryHttpClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\Telemetry\TelemetryHttpClientHandler.cs:line 62
at Microsoft.Dynamics.Nav.Deployment.Http.NavHttpClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\Http\NavHttpClientHandler.cs:line 35
at System.Net.Http.HttpClient.g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerInfoApiClient.GetServerInfo() in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerInfoApiClient.cs:line 46
at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerRegistry.QueryMetadata(ConnectionOptions options, IEmitLogger logger) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerRegistry.cs:line 153
at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerRegistry.GetServerInfo(ConnectionOptions options, IEmitLogger logger) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerRegistry.cs:line 79
at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.SendRequest(IHttpClient client, SymbolReferenceSpecification reference) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 135
at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.DownloadPackage(IHttpClient client, SymbolReferenceSpecification specification, String directory, Boolean isSecondLevelDependency) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 172
at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.DownloadPackages(ImmutableArray1 references, String targetDir) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 61 at Microsoft.Dynamics.Nav.Deployment.ReferenceDownloader.NavDevServerPackageDownloader.DownloadPackages(ImmutableArray1 packages, String targetDirectory) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ReferenceDownloader\NavDevServerPackageDownloader.cs:line 32
at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.DownloadSymbolsRequestHandler.DownloadFiles(DownloadSymbolsRequest request, String cacheDirectory, ImmutableArray1 referencesToDownload) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\DownloadSymbolsRequestHandler.cs:line 130 at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.DownloadSymbolsRequestHandler.ProcessRequestAsync(DownloadSymbolsRequest request, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\DownloadSymbolsRequestHandler.cs:line 98 at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.NavServerRequestHandler2.HandleAsync(T request, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\NavServerRequestHandler.cs:line 40
at Microsoft.Dynamics.Nav.EditorServices.Protocol.MessageProtocol.RequestHandlerBase1.HandleAsync(JToken requestContents, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\MessageProtocol\RequestHandlerBase.cs:line 84 at Microsoft.Dynamics.Nav.EditorServices.Protocol.RequestRegistry.Process(Message message) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\Endpoints\RequestRegistry.cs:line 86 ' Details: System.ComponentModel.Win32Exception (0x80090322): The target principal name is incorrect. at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatusPal& statusCode) at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob) at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at Microsoft.Dynamics.Nav.Deployment.Telemetry.TelemetryHttpClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\Telemetry\TelemetryHttpClientHandler.cs:line 62 at Microsoft.Dynamics.Nav.Deployment.Http.NavHttpClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\Http\NavHttpClientHandler.cs:line 35 at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerInfoApiClient.GetServerInfo() in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerInfoApiClient.cs:line 46 at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerRegistry.QueryMetadata(ConnectionOptions options, IEmitLogger logger) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerRegistry.cs:line 153 at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerRegistry.GetServerInfo(ConnectionOptions options, IEmitLogger logger) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerRegistry.cs:line 79 at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.SendRequest(IHttpClient client, SymbolReferenceSpecification reference) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 135 at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.DownloadPackage(IHttpClient client, SymbolReferenceSpecification specification, String directory, Boolean isSecondLevelDependency) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 172 at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.DownloadPackages(ImmutableArray1 references, String targetDir) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 61
at Microsoft.Dynamics.Nav.Deployment.ReferenceDownloader.NavDevServerPackageDownloader.DownloadPackages(ImmutableArray1 packages, String targetDirectory) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ReferenceDownloader\NavDevServerPackageDownloader.cs:line 32 at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.DownloadSymbolsRequestHandler.DownloadFiles(DownloadSymbolsRequest request, String cacheDirectory, ImmutableArray1 referencesToDownload) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\DownloadSymbolsRequestHandler.cs:line 130
at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.DownloadSymbolsRequestHandler.ProcessRequestAsync(DownloadSymbolsRequest request, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\DownloadSymbolsRequestHandler.cs:line 98
at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.NavServerRequestHandler2.HandleAsync(T request, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\NavServerRequestHandler.cs:line 40 at Microsoft.Dynamics.Nav.EditorServices.Protocol.MessageProtocol.RequestHandlerBase1.HandleAsync(JToken requestContents, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\MessageProtocol\RequestHandlerBase.cs:line 84
at Microsoft.Dynamics.Nav.EditorServices.Protocol.RequestRegistry.Process(Message message) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\Endpoints\RequestRegistry.cs:line 86
@aldovanamersfoort aldovanamersfoort mentioned this issue Oct 4, 2022
Closed
@XVII
Copy link

XVII commented Oct 7, 2022

Following. No notes of auth changes in Change Log. SPNs set up and valid, so something's changed!

@ta-mv
Copy link

ta-mv commented Oct 10, 2022

Same here using AL Designer 10.0.687650. Setup/infrastructure hasn't been changed but since last Thursday we receive the same error message The target principal name is incorrect. when using Windows Authentication.

@ta-mv
Copy link

ta-mv commented Oct 10, 2022

It appears there currently are two workarounds.

  1. workaround: Downgrade "AL Language" vsCode Extension to Previous Version
    Originally posted by @chp-Fiftytwo in Download synbols and Publish failing #7187 (comment)

  2. What worked for us (we hadn't tried downgrading yet): Enable "Use NTLM Authentication" in the BC instance.

@XVII
Copy link

XVII commented Oct 11, 2022

Yep, we use downgrade for now as we don't permit NTLM due to security issues.
Hoping to get some traction @JesperSchulz ?

@JesperSchulz
Copy link

Yep, we use downgrade for now as we don't permit NTLM due to security issues. Hoping to get some traction @JesperSchulz ?

Will ask the right team for feedback on this issue.

@XVII
Copy link

XVII commented Nov 22, 2022

@JesperSchulz , @thloke any update here please?

@JesperSchulz
Copy link

It doesn't look like any progress has been made yet. @thloke, any idea when there will be bandwidth to pick this one up.

@thloke
Copy link
Contributor

thloke commented Nov 28, 2022

No, it's still in our queue. I can bump the priority since it's a regression from the previous major release.

@thloke
Copy link
Contributor

thloke commented Nov 29, 2022
edited

To clarify, is this a problem with downloading symbols with just the AL Language extension, or is this to do with https://github.com/martonsagi/al-object-designer?

I'm assuming that this is about our AL Language extension based on the versioning number, but I'd like to double check this.

@chp-Fiftytwo
Copy link

This problem occurs with just the AL Language extension installed. Any other extension does not seem to have any effect positive og negative.

@thloke
Copy link
Contributor

thloke commented Dec 5, 2022

We're looking into this now, but can't reproduce the issue internally. Can someone share the setup that they're using that reproduces the issue? Does this occur when using the docker insiders build? Or an installation from the DVD?

@XVII
Copy link

XVII commented Dec 5, 2022
edited

DVD installation with three-tier kerberos-based setup. Forced Kerberos auth over NTLM. Can discuss with you offline if you'd like to use and review an exact setup.

@thloke
Copy link
Contributor

thloke commented Dec 12, 2022

Sorry for the delay on getting back on this. We're still unable to reproduce this. If someone can do the following, it would be helpful:

  1. Enable verbose logging ("al.editorServicesLogLevel": "verbose" in settings.json).
  2. Repeat the scenario with the auth failure
  3. Get the editorServices.log file from C:\Users\thloke\[username]\extensions\ms-dynamics-smb.al-[version number]\bin\win32
  4. Also get the information from Get-NavServerConfiguration

You can email it to me directly at: thloke@microsoft.com

Also I'd be happy to review exact setups to see what might be different internally.

@bennyvanlyssebettens
Copy link

Just send all info you requested. Process executed against a BC20 CU07. If I do this against the newest BC21.2 docker, I have the same result.

Regards,
Benny

@bennyvanlyssebettens
Copy link

Hi,
Any update? Since this is not affecting only "download symbols" but also "active debugging" (F5) I can't start to roll out BC21 OnPremise, this is becoming a problem for one of my clients. We are converting NAV2018 solutions, now I need to build BC20 hosts in stead of BC21. One of their solutions needs to run under a separate license (Dual Usage Rights), so I can only obtain a BC21 license from the CSP. Do we need to raise this issue thru the support contract to speed up things?

@thloke
Copy link
Contributor

thloke commented Jan 11, 2023

Unfortunately not, all I can say right now is that we're still looking into it. Things have been slow because of the holiday season. One thing that does come to mind though is setting useLegacyRuntime in your settings.json file might be one workaround. That one uses a different auth library.

@bennyvanlyssebettens
Copy link

Hi,
useLegacyRuntime is not working. This is becoming a hugh problem. My customer wants to deploy BC21 onpremise with WindowsAuth & Kerberos. Not able to download symbols & debugging is not acceptable.

@thloke thloke mentioned this issue Feb 21, 2023
Closed
@ap3rus
Copy link

ap3rus commented Apr 26, 2023

Good news, the fix is ready and will be available with the next version of vscode extension.

@JesperSchulz JesperSchulz added the ships-in-future-update The issue is fixed in our 'master' branch and will ship in the next PREVIEW release label Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted ships-in-future-update The issue is fixed in our 'master' branch and will ship in the next PREVIEW release vscode-integration
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@XVII @ap3rus @JesperSchulz @bennyvanlyssebettens @thloke @ta-mv @aldovanamersfoort @chp-Fiftytwo