This runable class is really helpful when you copy a DB between environments with different tenants, different ADFS instances or if you messed up the SIDs
using Microsoft.Dynamics.ApplicationPlatform.Environment;
class TWIXUserInfoUpdate
{
public static void main(Args _args)
{
UserInfo updateUserInfo;
NetworkDomain updatedNetworkDomain;
// Get network domain
updatedNetworkDomain = EnvironmentFactory::GetApplicationEnvironment().get_Provisioning().get_AdminIdentityProvider();
ttsbegin;
TWIXUserInfoUpdate::callInsertUpdateRelatedSkipMethods(updateUserInfo);
// Update network alias and network domain for all non admin users
update_recordset updateUserInfo
setting
networkDomain = updatedNetworkDomain,
IdentityProvider = updatedNetworkDomain
where updateUserInfo.id != 'Admin'
&& updateUserInfo.isMicrosoftAccount == 0
&& updateUserInfo.accountType == UserAccountType::ClaimsUser;
// Update SID
while select forupdate updateUserInfo
where updateUserInfo.id != 'Admin'
&& updateUserInfo.networkAlias
&& updateUserInfo.networkDomain == updatedNetworkDomain
&& updateUserInfo.isMicrosoftAccount == 0
&& updateUserInfo.accountType == UserAccountType::ClaimsUser
{
AxaptaUserManager manager = new AxaptaUserManager();
xAxaptaUserDetails userDetails =
manager.getSIDFromName(updateUserInfo.networkAlias, updatedNetworkDomain, updateUserInfo.accountType);
updateUserInfo.sid = userDetails.getUserSid(0);
updateUserInfo.update();
}
ttscommit;
}
public static void callInsertUpdateRelatedSkipMethods(Common _buffer)
{
//BP deviation documented
_buffer.skipAosValidation(true);
_buffer.skipDatabaseLog(true);
_buffer.skipDataMethods(true);
//needed in case of crossCompany
_buffer.skipEvents(true);
}
}
THOMAS WILKE's DYNAMICS AX / D365fO BLOG
TECHNICAL TOPICS: MICROSOFT DYNAMICS AX & DYNAMICS 365 FOR FINANCE AND OPERATIONS - ENTERPRISE EDITION
07 December 2018
30 November 2018
D365 F&O | Sync DB timeout error
When the db sync of a D365 environment fails with a timeout error like the following:
AOS database sync failed. Microsoft.Dynamics.AX.Framework.Database.TableSyncException: Full sync did not complete successfully. Error: One or more errors occurred.
...
SqlException:Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
You should check if the environment has enough ressources. Monitor the availbale CPU, RAM and disk speed. In some cases a simple reboot might help. If you are facind this error in a VM running on your laptop assign more than one core to the VM ;)
AOS database sync failed. Microsoft.Dynamics.AX.Framework.Database.TableSyncException: Full sync did not complete successfully. Error: One or more errors occurred.
...
SqlException:Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
You should check if the environment has enough ressources. Monitor the availbale CPU, RAM and disk speed. In some cases a simple reboot might help. If you are facind this error in a VM running on your laptop assign more than one core to the VM ;)
28 November 2018
D365 F&O | Change DevOps Build Agent
When you are managing more than one Microsoft Dynamics 365 for Finance and Operations environment throught DevOps (alias VSTS) it is a good idea to seperate the build agents into different build agent pools.
Creating a new agentpool in DevOps is quite simple but how do we change the link between the VSTSAgent which is running on the D365 box and the agent pool.
First of all create an AccessToken within DevOps as shown below:
After that connect to the D365 F&O server and navigate to C:\DynamicsSDK. There you will find a file named SetupBuildAgent.ps1. Create a copy of this file and open it in your favorite editor. Here we need to change two parameters:
AgentPoolName = "YourAgentPoolName"
VSOAccessToken = "YourNewlyCreatedToken"
Creating a new agentpool in DevOps is quite simple but how do we change the link between the VSTSAgent which is running on the D365 box and the agent pool.
First of all create an AccessToken within DevOps as shown below:
AgentPoolName = "YourAgentPoolName"
VSOAccessToken = "YourNewlyCreatedToken"
After that we need a PowerShell which is running in admin mode. Execute your SetupBuildAgentXYZ.ps1 file and provide the base URL of the DevOps project collection
Finally you can check the agent pools in DevOps and you'll see that the Agent is now part of the agentPool you defined.
14 November 2018
Technical Reference Reports for Microsoft Dynamics 365 for Finance and Operations
This site provides some good technical informations regarding Microsoft Dynamics 365 for Finance and Operations
22 October 2018
D365 F&O: DB Sync - Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation
After a DB copy I tried to sync the new DB using the cmd:
Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir "K:\AOSService\PackagesLocalDirectory" -metadatadir "K:\AOSService\PackagesLocalDirectory" -sqluser "axdbadmin" -sqlserver "localhost" -sqldatabase "AxDB" -setupmode servicesync -syncmode fullall -isazuresql "false" -logfilename "C:\Temp\dbsync.log"
but this always failed with the following error message:
Microsoft.Dynamics.Ax.Xpp.ErrorException: Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation
Looking at the event log I found the corresponding info:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)
that was confusing. So it was not a wrong entry in the userInfo table. After some checks on the DB I found out that the sysglobalconfiguration was set to azuresql even though I was working with a local sql server
So after changing the configuration the DBSync was working again:
update sysglobalconfiguration
set value = 'SQLSERVER'
where name = 'BACKENDDB'
update sysglobalconfiguration
set value = 0
where name = 'TEMPTABLEINAXDB'
Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir "K:\AOSService\PackagesLocalDirectory" -metadatadir "K:\AOSService\PackagesLocalDirectory" -sqluser "axdbadmin" -sqlserver "localhost" -sqldatabase "AxDB" -setupmode servicesync -syncmode fullall -isazuresql "false" -logfilename "C:\Temp\dbsync.log"
but this always failed with the following error message:
Microsoft.Dynamics.Ax.Xpp.ErrorException: Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation
Looking at the event log I found the corresponding info:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)
that was confusing. So it was not a wrong entry in the userInfo table. After some checks on the DB I found out that the sysglobalconfiguration was set to azuresql even though I was working with a local sql server
So after changing the configuration the DBSync was working again:
update sysglobalconfiguration
set value = 'SQLSERVER'
where name = 'BACKENDDB'
update sysglobalconfiguration
set value = 0
where name = 'TEMPTABLEINAXDB'
01 August 2018
D365 F&O | Oh AOS why have you forbidden me
Just another great post from Tariq Bell: Thank you so much ;)
https://blogs.msdn.microsoft.com/axsa/2018/04/17/oh-aos-why-have-you-forbidden-me/
https://blogs.msdn.microsoft.com/axsa/2018/04/17/oh-aos-why-have-you-forbidden-me/
13 July 2018
D365 | on-premises SSRS error - Keyset does not exist
If the SSRS Server reports the following error in the AX-SSRSReportExtensions\Operational log it is important to check if the certificates used by the SSRS service are accesible from the service account running the SSRS service.
So first of all open the reporting service configuration manager and find out the service name. Than open certificate manager (mmc) an check the personal certificates. there you should see:
So first of all open the reporting service configuration manager and find out the service name. Than open certificate manager (mmc) an check the personal certificates. there you should see:
- ReportingService Certificate
- DataEncryptionCertificate
- DataSigningCertificate
If they are not there go to Microsoft docs and read the installation instruction for on-prem ;)
If you see these certificates right click each of them and click "All Tasks" --> "Manage Private Keys..." and add the service user with read permissions.
| message | Unable to find the EDT metadata for field Name on table DirPartyTable. |
| exceptionMessage | Exception occurred on the metadata service on client or server. See exception details below: >Keyset does not exist |
| exceptionType | Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException |
| stackTrace | Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException:
Exception occurred on the metadata service on client or server. See exception
details below: >Keyset does not exist --->
System.Security.Cryptography.CryptographicException: Keyset does not exist
Server stack trace: at
System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters,
Boolean randomKeyContainer) at
System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType,
CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize,
SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at
System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at
System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize,
CspParameters parameters, Boolean useDefaultKeySize) at
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at
System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetAsymmetricAlgorithm(String
algorithm, Boolean privateKey) at
Microsoft.IdentityModel.CryptoUtil.GetSignatureFormatterForSha256(AsymmetricSecurityKey
key) at
Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey
signingKey) at
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature()
at
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement()
at
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.WriteAssertion(XmlWriter
writer, Saml2Assertion data) at
Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter
writer, SecurityToken token) at
System.ServiceModel.Security.SendSecurityHeader.OnWriteHeaderContents(XmlDictionaryWriter
writer, MessageVersion messageVersion) at
System.ServiceModel.Channels.MessageHeader.WriteHeader(XmlDictionaryWriter
writer, MessageVersion messageVersion) at
System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter
writer) at
System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message,
BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota) at
System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message
message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message
message, Boolean shouldRecycleBuffer) at
System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at
System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message
message, TimeSpan timeout) at
System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan
timeout) at
System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message
message, TimeSpan timeout) at
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message,
TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]: at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg,
IMessage retMsg) at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at
Microsoft.Dynamics.AX.Framework.Services.Metadata.Service.IAxMetadataService.GetTableMetadataByName(String[]
tableNames) at
Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceClient.<>c__DisplayClass22_0. |
Subscribe to:
Posts (Atom)