07 December 2018

D365 F&O | UserInfo script to update networkDomain, IdentityProvider and SID for all users after DB copy

This runable class is really helpful when you copy a DB between environments with different tenants, different ADFS instances or if you messed up the SIDs 


using Microsoft.Dynamics.ApplicationPlatform.Environment;

class TWIXUserInfoUpdate
{           
    public static void main(Args _args)
    {     
        UserInfo            updateUserInfo;       
        NetworkDomain       updatedNetworkDomain;

        // Get network domain
        updatedNetworkDomain = EnvironmentFactory::GetApplicationEnvironment().get_Provisioning().get_AdminIdentityProvider();
       
        ttsbegin;
        TWIXUserInfoUpdate::callInsertUpdateRelatedSkipMethods(updateUserInfo);

        // Update network alias and network domain for all non admin users
        update_recordset updateUserInfo
            setting 
                networkDomain = updatedNetworkDomain,
IdentityProvider = updatedNetworkDomain
            where updateUserInfo.id != 'Admin' 
               && updateUserInfo.isMicrosoftAccount == 0
               && updateUserInfo.accountType == UserAccountType::ClaimsUser;
              
// Update SID
        while select forupdate updateUserInfo
            where updateUserInfo.id != 'Admin'
               && updateUserInfo.networkAlias
               && updateUserInfo.networkDomain == updatedNetworkDomain
               && updateUserInfo.isMicrosoftAccount == 0
               && updateUserInfo.accountType == UserAccountType::ClaimsUser
        {            
            AxaptaUserManager manager = new AxaptaUserManager();
            xAxaptaUserDetails userDetails = 
                        manager.getSIDFromName(updateUserInfo.networkAlias, updatedNetworkDomain, updateUserInfo.accountType);
            updateUserInfo.sid = userDetails.getUserSid(0);
            updateUserInfo.update();           
        }
        ttscommit;
       
    }

    public static void callInsertUpdateRelatedSkipMethods(Common _buffer)
    {
        //BP deviation documented
        _buffer.skipAosValidation(true);
        _buffer.skipDatabaseLog(true);
        _buffer.skipDataMethods(true);
        //needed in case of crossCompany
        _buffer.skipEvents(true);
    }
}

30 November 2018

D365 F&O | Sync DB timeout error

When the db sync of a D365 environment fails with a timeout error like the following:

AOS database sync failed. Microsoft.Dynamics.AX.Framework.Database.TableSyncException: Full sync did not complete successfully. Error: One or more errors occurred. 
...
SqlException:Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.

You should check if the environment has enough ressources. Monitor the availbale CPU, RAM and disk speed. In some cases a simple reboot might help. If you are facind this error in a VM running on your laptop assign more than one core to the VM ;)

28 November 2018

D365 F&O | Change DevOps Build Agent

When you are managing more than one Microsoft Dynamics 365 for Finance and Operations environment throught DevOps (alias VSTS) it is a good idea to seperate the build agents into different build agent pools.
Creating a new agentpool in DevOps is quite simple but how do we change the link between the VSTSAgent which is running on the D365 box and the agent pool.

First of all create an AccessToken within DevOps as shown below:

After that connect to the D365 F&O server and navigate to C:\DynamicsSDK. There you will find a file named SetupBuildAgent.ps1. Create a copy of this file and open it in your favorite editor. Here we need to change two parameters:
AgentPoolName = "YourAgentPoolName"
VSOAccessToken = "YourNewlyCreatedToken"


After that we need a PowerShell which is running in admin mode. Execute your SetupBuildAgentXYZ.ps1 file and provide the base URL of the DevOps project collection


Finally you can check the agent pools in DevOps and you'll see that the Agent is now part of the agentPool you defined.

14 November 2018

Technical Reference Reports for Microsoft Dynamics 365 for Finance and Operations


This site provides some good technical informations regarding Microsoft Dynamics 365 for Finance and Operations

22 October 2018

D365 F&O: DB Sync - Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation

After a DB copy I tried to sync the new DB using the cmd:

Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir "K:\AOSService\PackagesLocalDirectory" -metadatadir "K:\AOSService\PackagesLocalDirectory" -sqluser "axdbadmin" -sqlserver "localhost" -sqldatabase "AxDB" -setupmode servicesync -syncmode fullall -isazuresql "false" -logfilename "C:\Temp\dbsync.log"

but this always failed with the following error message:

Microsoft.Dynamics.Ax.Xpp.ErrorException: Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation

Looking at the event log I found the corresponding info:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)

that was confusing. So it was not a wrong entry in the userInfo table. After some checks on the DB I found out that the sysglobalconfiguration was set to azuresql even though I was working with a local sql server
So after changing the configuration the DBSync was working again:

update sysglobalconfiguration
set value = 'SQLSERVER'
where name = 'BACKENDDB'

update sysglobalconfiguration
set value = 0
where name = 'TEMPTABLEINAXDB'

13 July 2018

D365 | on-premises SSRS error - Keyset does not exist

If the SSRS Server reports the following error in the AX-SSRSReportExtensions\Operational log it is important to check if the certificates used by the SSRS service are accesible from the service account running the SSRS service.
So first of all open the reporting service configuration manager and find out the service name. Than open certificate manager (mmc) an check the personal certificates. there you should see:

  • ReportingService Certificate
  • DataEncryptionCertificate
  • DataSigningCertificate


If they are not there go to Microsoft docs and read the installation instruction for on-prem ;)
If you see these certificates right click each of them and click "All Tasks" --> "Manage Private Keys..." and add the service user with read permissions.



message Unable to find the EDT metadata for field Name on table DirPartyTable.
exceptionMessage Exception occurred on the metadata service on client or server. See exception details below: >Keyset does not exist
exceptionType Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException

stackTrace Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException: Exception occurred on the metadata service on client or server. See exception details below: >Keyset does not exist ---> System.Security.Cryptography.CryptographicException: Keyset does not exist Server stack trace: at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetAsymmetricAlgorithm(String algorithm, Boolean privateKey) at Microsoft.IdentityModel.CryptoUtil.GetSignatureFormatterForSha256(AsymmetricSecurityKey key) at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey) at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature() at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement() at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.WriteAssertion(XmlWriter writer, Saml2Assertion data) at Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token) at System.ServiceModel.Security.SendSecurityHeader.OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion) at System.ServiceModel.Channels.MessageHeader.WriteHeader(XmlDictionaryWriter writer, MessageVersion messageVersion) at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer) at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota) at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset) at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message, Boolean shouldRecycleBuffer) at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Service.IAxMetadataService.GetTableMetadataByName(String[] tableNames) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceClient.<>c__DisplayClass22_0.b__0(IAxMetadataService channel) at Microsoft.Dynamics.AX.Framework.Services.Client.ServiceClientHelper.InvokeChannelOperation[TResult,TChannel](IServiceClient`1 client, Func`2 operationInvoker, Func`2 exceptionWrapper) --- End of inner exception stack trace --- at Microsoft.Dynamics.AX.Framework.Services.Client.ServiceClientHelper.InvokeChannelOperation[TResult,TChannel](IServiceClient`1 client, Func`2 operationInvoker, Func`2 exceptionWrapper) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceClient.GetTableMetadataByName(String[] tableNames) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.<>c__DisplayClass7_0.b__0() at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.GetMetadata[TMetadata](Func`1 metadataServiceInvoker, Func`1 nodeNotFoundErrorMessage) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.CreateTableMetadataProxy(String tableName) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataCache.<>c.<.cctor>b__71_5(String alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.CustomMetadataAccessor`4.GetItemByAlternateKey(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.CustomMetadataAccessor`4.GetMainKeyFromAlternate(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.<>c__DisplayClass14_0.b__0() at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.CacheBase.CacheRead(ICacheReadArgs cacheReadArgs, Action tryReadAction, Action readThroughAction) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.GetItemInternal(CacheItemReadArgs itemReadArgs) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.GetItemByAlternateKey(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataCache.GetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.OnGetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.OnGetTableFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetTableFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ExtendedDataTypeHelper.TryGetExtendedDataTypeMetadata(String customPropertyEDTValue, IErrorLogger errorLogger, String reportName)