Use own SQL server with multitenant Instance

[BrightComChristian]

Hi,

I've a container that uses a SQL server instance on another server than the host. This works fine but when I create another container using same SQL but the BC instance is multitenant then I cannot connect webclient. First error was that it could not find server when I used servername in the tenant. When I changed that to IP it gives me Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Do I need to setup gMSA or is there another way? When i create the container I specify the IP as servername using the name of the server did not work.

[freddydk]

How do you create the multitenant container? (script and output please) thanks.

[BrightComChristian]

Hi Freddy!

See below. Using the same script except the database is not multitenant works. Then I can connect without errors.

PS C:\windows\system32> $credential = New-Object System.Management.Automation.PSCredential("admin", (ConvertTo-SecureString "P@ssword!" -AsPlainText -Force)); $ContainerName = "BC14TEST2" $build = "14.8.38658.0-se" $ImageName = "mcr.microsoft.com/businesscentral/onprem:${build}-ltsc2019" $License = "E:\License\5538404.flf" $DatabaseName = 'Application (14-0) QA'

Remove-NavContainer $ContainerName

New-BCContainer -accept_eula -accept_outdated -containername $ContainerName -imagename $ImageName -databaseServer '10.0.0.11' -databaseInstance '' -databaseCredential (Get-Credential) -databaseName $DatabaseName -useTraefik -auth NavUserPassword -Credential $credential -updatehosts -PublicDnsName traefik.brightcom.online -licenseFile $License -useSSL -multitenant Removing BC14TEST2 from host hosts file Removing C:\ProgramData\NavContainerHelper\Extensions\BC14TEST2 cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: NavContainerHelper is version 0.6.5.0 NavContainerHelper is running as administrator Host is Microsoft Windows Server 2019 Datacenter - ltsc2019 Docker Client Version is 19.03.5 Docker Server Version is 19.03.5 Enabling SSL as otherwise all clients will see mixed HTTP / HTTPS request, which will cause problems e.g. on the mobile and modern windows clients Using image mcr.microsoft.com/businesscentral/onprem:14.8.38658.0-se-ltsc2019 PublicDnsName is traefik.brightcom.online Creating Container BC14TEST2 Version: 14.8.38658.0-se Style: onprem Platform: 14.0.38650.0 Generic Tag: 0.0.9.97 Container OS Version: 10.0.17763.914 (ltsc2019) Host OS Version: 10.0.17763.973 (ltsc2019) WARNING: The container operating system matches the host operating system, but the revision is different. If you encounter issues, you might want to specify -isolation hyperv Using locale sv-SE Using process isolation Adding special CheckHealth.ps1 to enable Traefik support Disabling the standard eventlog dump to container log every 2 seconds (use -dumpEventLog to enable) Using license file E:\License\5538404.flf Files in C:\ProgramData\NavContainerHelper\Extensions\BC14TEST2\my:

• AdditionalOutput.ps1
• CheckHealth.ps1
• license.flf
• MainLoop.ps1
• SetupVariables.ps1
• updatehosts.ps1 Creating container BC14TEST2 from image mcr.microsoft.com/businesscentral/onprem:14.8.38658.0-se-ltsc2019 9edfc2701b01fdfa097f692d4b08771360ea42e9439da2c096c4cae41bfc09ad Waiting for container BC14TEST2 to be ready Initializing... Setting host.containerhelper.internal to 172.31.128.1 in container hosts file Starting Container Hostname is traefik PublicDnsName is traefik.brightcom.online Using NavUserPassword Authentication Starting Internet Information Server Import Encryption Key Creating Self Signed Certificate Self Signed Certificate Thumbprint B98FFE0B862393A9E59E389FE54B47DF8CA16273 Modifying Service Tier Config File with Instance Specific Settings Modifying Service Tier Config File with settings from environment variable Setting PublicODataBaseUrl to https://traefik.brightcom.online/BC14TEST2rest/odata Setting PublicSOAPBaseUrl to https://traefik.brightcom.online/BC14TEST2soap/ws Setting PublicWebBaseUrl to https://traefik.brightcom.online/BC14TEST2 Starting Service Tier Registering event sources Creating DotNetCore Web Server Instance Using license file 'c:\run\my\license.flf' Import License Creating http download site Container IP Address: 172.31.131.253 Container Hostname : traefik Container Dns Name : traefik.xxx.online Web Client : https://traefik.xxx.online/BC14TEST2/?tenant=default Dev. Server : https://traefik.xxx.online Dev. ServerInstance : NAV Dev. Server Tenant : default Setting BC14TEST2 to 172.31.131.253 in host hosts file

Files: http://traefik.xxx.online:8080/al-3.0.193882.vsix http://traefik.xxx.online:8080/certificate.cer

WARNING: You are running a container which is 83 days old. Microsoft recommends that you always run the latest version of our containers.

Initialization took 77 seconds Ready for connections! Reading CustomSettings.config from BC14TEST2 Creating Desktop Shortcuts for BC14TEST2 Container BC14TEST2 successfully created Because of Traefik, the following URLs need to be used when accessing the container from outside your Docker host: Web Client: https://traefik.xxx.online/BC14TEST2?tenant=default SOAP WebServices: https://traefik.xxx.online/BC14TEST2soap OData WebServices: https://traefik.xxx.online/BC14TEST2rest Dev Service: https://traefik.xxx.online/BC14TEST2dev File downloads: https://traefik.xxx.online/BC14TEST2dl

PS C:\windows\system32>

[freddydk]

With the latest containerhelper, you should be able to do like this:

$licenseFile = $licenseFileSecret.SecretValueText
$credential = New-Object pscredential 'admin', $passwordSecret.SecretValue
$auth = 'UserPassword'
$defaultTenantHasAllowAppDatabaseWrite = $false

$containerName = "mytest1"
$artifactUrl = Get-BCArtifactUrl -type Onprem -country dk -version 16 -select Latest

$databaseServer = 'host.containerhelper.internal'
$databaseInstance = ""
$databasePrefix = "mytest"
$databaseName = "CRONUS"
$databaseCredential = New-Object pscredential -ArgumentList 'sa', $passwordSecret.SecretValue
$encryptionPassword = $passwordSecret.SecretValueText
$multitenant = $true

Remove-BcDatabase -databaseServer $databaseServer -databaseInstance $databaseInstance -databaseName "$($databasePrefix)%"

Restore-BcDatabaseFromArtifacts `
    -artifactUrl $artifactUrl `
    -databaseServer $databaseServer `
    -databaseInstance $databaseInstance `
    -databasePrefix $databasePrefix `
    -databaseName $databaseName `
    -multitenant:$multitenant | Out-Null

New-BcContainer `
    -containerName "$containerName" `
    -accept_eula `
    -credential $credential `
    -auth $auth `
    -artifactUrl $artifactUrl `
    -imageName "my" `
    -memoryLimit 8g `
    -enableTaskScheduler `
    -multitenant:$multitenant `
    -licenseFile $licenseFile `
    -additionalParameters @("--env encryptionPassword=$encryptionPassword") `
    -databaseServer $databaseServer `
    -databaseInstance $databaseInstance `
    -databasePrefix $databasePrefix `
    -databaseName $databaseName `
    -databaseCredential $databaseCredential

if ($multitenant) {
    New-NavContainerTenant `
        -containerName $containerName `
        -tenantId 'default' `
        -sqlCredential $databaseCredential `
        -sourceDatabase "$($databasePrefix)tenant" `
        -destinationDatabase "$($databasePrefix)default" `
        -allowAppDatabaseWrite:$defaultTenantHasAllowAppDatabaseWrite
}

New-NavContainerNavUser `
    -containerName $containerName `
    -tenant 'default' `
    -Credential $credential `
    -PermissionSetId 'SUPER' `
    -ChangePasswordAtNextLogOn:$false

To create a multitenant DB locally and connect to it.