We have the current situation:
Domain: Domain.intra
Servers: srv1 and srv2
srv1 is SQL 2008R2 + reporting/analysis/reporting services
srv2 is Dynamics 2012 AOS (Latest hotfix)
There is a service account for SQL: domain\sqlsrvc
There is a service account for the AOS: domain\aossrvc
a report in this case is anything generated by the report server (confirmations, packing slips, invoices, whatever).
When trying to run a report, AX throws the error: "Target principal name is incorrect". I found that to solve this error, I have to set an SPN on the AOS service account.
When I set an SPN to the AOS service account by giving the following command, all reports show.
setspn -U -A HOST/srv2.domain.intra domain\aossrvc
HOWEVER!!!: I can then NOT LOG ON WITH ANY DOMAIN ACCOUNT on srv2!!! The error I get is
"The Security database on the server does not have a computer account for this workstation trust relationship."
when logging on (CTRL+ALT+DEL => username/pass ENTER, boom).
When I was already logged on when I add the SPN, I stay logged on. However, I can not restart the AOS, I get a 1069 error, "The service did not start due to a logon failure".
When I then delete the SPN, I can log on again, and I can restart the AOS. Also, all reports show, but only for about 10-15 minutes. After that time, I get the "Target principal name is incorrect" error again. Logging on to the server and restarting the AOS remains possible.
I know I'm close to fixing the problem, but I can't seem to make the last mile. Is there anyone that can push me in the right direction?