So here is my issue, I have to use integrated security in the connection string for eConnect. Even though when doing so it uses the network login to try and log in to the db. Is there a way to work around this so that I can use the login that the user is using for GP? By saying "I have to use", I mean that eConnect does not let me use a username and password.

No, sorry. eConnect requires SSPI. There is now way to run eConnect trans as a Dynamics user that I know of.

So basically MS makes you go through all the user security in GP and then ignores it when you use eConnect. How does that actually make sense? So for every user that uses my applications I have to have our DBA set their domain account to have access to the db?

Personally, I almost always have the desktop application call a web service so that I don't have to be bothered with DCOM on every desktop. The web service connects as NETWORK SERVICE.

If you want to use the desktop, you can create an Active Directory group and put all Dyn users in that group. Grant the group access to Dynamics.

Thanks Steve. I appreciate the responses. I will look into the web service route as I do not even want to think about having to see about a new group in AD right now.

 Hi Stanley,

You do not need to give AD users access to the GP SQL Server, and it is very simple and easy to use a domain user and SSPI with eConnect with very little configuration.

I would recommend reading the eConnect Install & Admin guide and following the installation and configuration steps carefully--it will walk you through the entire process of configuring DTC and COM+ and should only take a few minutes.

eConnect uses MSDTC for its calls to the server, and you will configure the eConnect COM+ object to operate using a specific identity (a dedicated AD domain user that you create).  The end user's identity is ignored in during the eConnect call, and only the eConnect AD user is used.

 The only minor caveat is that MSDTC will need to be able to have bi-directional communication between the client and the server.  I've only had two clients where that has been an issue, and it was due to basic network configuration issues, so you will probably not have any issues.

In case you do have issues, I have two blog posts about DTC troubleshooting:

http://dynamicsgpland.blogspot.com/2009/04/more-than-i-ever-wanted-to-know-about.html

http://dynamicsgpland.blogspot.com/2009/05/econnect-error-fail-to-invoke-remote.html

 

Let me know if you have any questions.

Steve Endow