07 December 2018

D365 F&O | UserInfo script to update networkDomain, IdentityProvider and SID for all users after DB copy

This runable class is really helpful when you copy a DB between environments with different tenants, different ADFS instances or if you messed up the SIDs 


using Microsoft.Dynamics.ApplicationPlatform.Environment;

class TWIXUserInfoUpdate
{           
    public static void main(Args _args)
    {     
        UserInfo            updateUserInfo;       
        NetworkDomain       updatedNetworkDomain;

        // Get network domain
        updatedNetworkDomain = EnvironmentFactory::GetApplicationEnvironment().get_Provisioning().get_AdminIdentityProvider();
       
        ttsbegin;
        TWIXUserInfoUpdate::callInsertUpdateRelatedSkipMethods(updateUserInfo);

        // Update network alias and network domain for all non admin users
        update_recordset updateUserInfo
            setting 
                networkDomain = updatedNetworkDomain,
IdentityProvider = updatedNetworkDomain
            where updateUserInfo.id != 'Admin' 
               && updateUserInfo.accountType == UserAccountType::ClaimsUser;
              
// Update SID
        while select forupdate updateUserInfo
            where updateUserInfo.id != 'Admin'
               && updateUserInfo.networkAlias
               && updateUserInfo.networkDomain == updatedNetworkDomain
               && updateUserInfo.accountType == UserAccountType::ClaimsUser
        {            
            AxaptaUserManager manager = new AxaptaUserManager();
            xAxaptaUserDetails userDetails = 
                        manager.getSIDFromName(updateUserInfo.networkAlias, updatedNetworkDomain, updateUserInfo.accountType);
            updateUserInfo.sid = userDetails.getUserSid(0);
            updateUserInfo.update();           
        }
        ttscommit;
       
    }

    public static void callInsertUpdateRelatedSkipMethods(Common _buffer)
    {
        //BP deviation documented
        _buffer.skipAosValidation(true);
        _buffer.skipDatabaseLog(true);
        _buffer.skipDataMethods(true);
        //needed in case of crossCompany
        _buffer.skipEvents(true);
    }
}

30 November 2018

D365 F&O | Sync DB timeout error

When the db sync of a D365 environment fails with a timeout error like the following:

AOS database sync failed. Microsoft.Dynamics.AX.Framework.Database.TableSyncException: Full sync did not complete successfully. Error: One or more errors occurred. 
...
SqlException:Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.

You should check if the environment has enough ressources. Monitor the availbale CPU, RAM and disk speed. In some cases a simple reboot might help. If you are facind this error in a VM running on your laptop assign more than one core to the VM ;)

28 November 2018

D365 F&O | Change DevOps Build Agent

When you are managing more than one Microsoft Dynamics 365 for Finance and Operations environment throught DevOps (alias VSTS) it is a good idea to seperate the build agents into different build agent pools.
Creating a new agentpool in DevOps is quite simple but how do we change the link between the VSTSAgent which is running on the D365 box and the agent pool.

First of all create an AccessToken within DevOps as shown below:

After that connect to the D365 F&O server and navigate to C:\DynamicsSDK. There you will find a file named SetupBuildAgent.ps1. Create a copy of this file and open it in your favorite editor. Here we need to change two parameters:
AgentPoolName = "YourAgentPoolName"
VSOAccessToken = "YourNewlyCreatedToken"


After that we need a PowerShell which is running in admin mode. Execute your SetupBuildAgentXYZ.ps1 file and provide the base URL of the DevOps project collection


Finally you can check the agent pools in DevOps and you'll see that the Agent is now part of the agentPool you defined.

14 November 2018

Technical Reference Reports for Microsoft Dynamics 365 for Finance and Operations


This site provides some good technical informations regarding Microsoft Dynamics 365 for Finance and Operations

22 October 2018

D365 F&O: DB Sync - Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation

After a DB copy I tried to sync the new DB using the cmd:

Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir "K:\AOSService\PackagesLocalDirectory" -metadatadir "K:\AOSService\PackagesLocalDirectory" -sqluser "axdbadmin" -sqlserver "localhost" -sqldatabase "AxDB" -setupmode servicesync -syncmode fullall -isazuresql "false" -logfilename "C:\Temp\dbsync.log"

but this always failed with the following error message:

Microsoft.Dynamics.Ax.Xpp.ErrorException: Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation

Looking at the event log I found the corresponding info:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)

that was confusing. So it was not a wrong entry in the userInfo table. After some checks on the DB I found out that the sysglobalconfiguration was set to azuresql even though I was working with a local sql server
So after changing the configuration the DBSync was working again:

update sysglobalconfiguration
set value = 'SQLSERVER'
where name = 'BACKENDDB'

update sysglobalconfiguration
set value = 0
where name = 'TEMPTABLEINAXDB'

13 July 2018

D365 | on-premises SSRS error - Keyset does not exist

If the SSRS Server reports the following error in the AX-SSRSReportExtensions\Operational log it is important to check if the certificates used by the SSRS service are accesible from the service account running the SSRS service.
So first of all open the reporting service configuration manager and find out the service name. Than open certificate manager (mmc) an check the personal certificates. there you should see:

  • ReportingService Certificate
  • DataEncryptionCertificate
  • DataSigningCertificate


If they are not there go to Microsoft docs and read the installation instruction for on-prem ;)
If you see these certificates right click each of them and click "All Tasks" --> "Manage Private Keys..." and add the service user with read permissions.



message Unable to find the EDT metadata for field Name on table DirPartyTable.
exceptionMessage Exception occurred on the metadata service on client or server. See exception details below: >Keyset does not exist
exceptionType Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException

stackTrace Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException: Exception occurred on the metadata service on client or server. See exception details below: >Keyset does not exist ---> System.Security.Cryptography.CryptographicException: Keyset does not exist Server stack trace: at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetAsymmetricAlgorithm(String algorithm, Boolean privateKey) at Microsoft.IdentityModel.CryptoUtil.GetSignatureFormatterForSha256(AsymmetricSecurityKey key) at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey) at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature() at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement() at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.WriteAssertion(XmlWriter writer, Saml2Assertion data) at Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token) at System.ServiceModel.Security.SendSecurityHeader.OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion) at System.ServiceModel.Channels.MessageHeader.WriteHeader(XmlDictionaryWriter writer, MessageVersion messageVersion) at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer) at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota) at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset) at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message, Boolean shouldRecycleBuffer) at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Service.IAxMetadataService.GetTableMetadataByName(String[] tableNames) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceClient.<>c__DisplayClass22_0.b__0(IAxMetadataService channel) at Microsoft.Dynamics.AX.Framework.Services.Client.ServiceClientHelper.InvokeChannelOperation[TResult,TChannel](IServiceClient`1 client, Func`2 operationInvoker, Func`2 exceptionWrapper) --- End of inner exception stack trace --- at Microsoft.Dynamics.AX.Framework.Services.Client.ServiceClientHelper.InvokeChannelOperation[TResult,TChannel](IServiceClient`1 client, Func`2 operationInvoker, Func`2 exceptionWrapper) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceClient.GetTableMetadataByName(String[] tableNames) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.<>c__DisplayClass7_0.b__0() at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.GetMetadata[TMetadata](Func`1 metadataServiceInvoker, Func`1 nodeNotFoundErrorMessage) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.CreateTableMetadataProxy(String tableName) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataCache.<>c.<.cctor>b__71_5(String alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.CustomMetadataAccessor`4.GetItemByAlternateKey(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.CustomMetadataAccessor`4.GetMainKeyFromAlternate(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.<>c__DisplayClass14_0.b__0() at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.CacheBase.CacheRead(ICacheReadArgs cacheReadArgs, Action tryReadAction, Action readThroughAction) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.GetItemInternal(CacheItemReadArgs itemReadArgs) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.GetItemByAlternateKey(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataCache.GetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.OnGetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.OnGetTableFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetTableFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ExtendedDataTypeHelper.TryGetExtendedDataTypeMetadata(String customPropertyEDTValue, IErrorLogger errorLogger, String reportName)

23 May 2018

Financial Reportin alias Management Reporter unavailable

If you see the following error in a dev or cloud instance of Dynamics 365 for finance and operations check if the management reporting service is running on the server. You do not have permission to perform this action. 
Work with your administrator to verify your user permissions within Financial Report Designer.


16 May 2018

D365 F&O - Debugging in on-premises environments

If you are facing errors in your Dynamics 365 for finance and operations on-prem environment there is currently no real debugging story available. But there is a new article from Tariq Bell on how to debug using WinDbg:

https://blogs.msdn.microsoft.com/axsa/2018/05/16/debug-a-dynamics-365-for-finance-and-operations-on-premises-instance-without-visual-studio/

At least a starting point and a really nice GUI ;)

09 May 2018

D365 F&O Deployment to on-prem failed during download

If the deployment of Dynamics 365 for finance and operations fails after preparing phase when the asset is downloading you should check the logs. If there is a message like the one below just verify that the orchestrator nodes are online and click retry.

MachineName SRV-XYZ
Message Unable to download asset xyzxyzxyzxyzxyzxyz

Detail at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo) at System.Environment.get_StackTrace() at Microsoft.Dynamics.Operations.Local.LocalAgentEvents.LocalAgentEventHelpers.ErrorPrettify(LocalAgentEventSource source, Exception ex, Int32 errorCode, String format, Object[] values) at OrchestrationService.LcsArtifactsProvider.d__10.MoveNext() at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Runtime.CompilerServices.AsyncMethodBuilderCore.MoveNextRunner.Run() at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(Action action, Boolean allowInlining, Task& currentTask) at System.Threading.Tasks.Task.FinishContinuations() at System.Threading.Tasks.Task`1.TrySetResult(TResult result) ...

27 April 2018

D365 F&O financial reporting deployment error - event logs

AX LocalAgent:

Error 1 

Message
Module financialreporting failed
Detail
System.InvalidOperationException: An error was encountered. Details may be found in the deployment logs at 'C:\ProgramData\Microsoft Dynamics ERP\Management Reporter\Logs' System.AggregateException: One or more errors occurred. ---> System.TimeoutException: Operation timed out. ---> System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80071BFF at System.Fabric.Interop.NativeClient.IFabricApplicationManagementClient10.EndProvisionApplicationType3(IFabricAsyncOperationContext context) at System.Fabric.Interop.Utility.<>c__DisplayClass22_0.b__0(IFabricAsyncOperationContext context) at System.Fabric.Interop.AsyncCallOutAdapter2`1.Finish(IFabricAsyncOperationContext context, Boolean expectedCompletedSynchronously) --- End of inner exception stack trace --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at SetupInfrastructure.ServiceFabricApplicationSetupManager`1.d__24.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at Microsoft.Dynamics.Performance.Deployment.FinancialReportingDeployer.Program.DeployApplication(AXConfigurationSettings settings, String packagePath, ApplicationPrincipalUserSettings principalUserSettings) at Microsoft.Dynamics.Performance.Deployment.FinancialReportingDeployer.Program.Setup(ParameterHandler parameterHandler) at Microsoft.Dynamics.Performance.Deployment.FinancialReportingDeployer.Program.Main(String[] args) ---> (Inner Exception #0) System.TimeoutException: Operation timed out. ---> System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80071BFF at System.Fabric.Interop.NativeClient.IFabricApplicationManagementClient10.EndProvisionApplicationType3(IFabricAsyncOperationContext context) at System.Fabric.Interop.Utility.<>c__DisplayClass22_0.b__0(IFabricAsyncOperationContext context) at System.Fabric.Interop.AsyncCallOutAdapter2`1.Finish(IFabricAsyncOperationContext context, Boolean expectedCompletedSynchronously) --- End of inner exception stack trace --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at SetupInfrastructure.ServiceFabricApplicationSetupManager`1.d__24.MoveNext()<--- args="" assembly="" assemblyfile="" at="" currentfolder="" microsoft.dynamics.performance.deployment.financialreportingdeployer.program.main="" moduleargs="" setupcore.setupmanager.="" setupcore.setupmanager.launchprocessinappdomain="" startupexe="" string="" system.appdomain._nexecuteassembly="" system.appdomain.executeassembly="" tring="" untimeassembly="" workingdir="">c__DisplayClass12_1.b__6()

Error 2

Message
Task OrchestrationService.DeployModulesRunnerTask,OrchestrationService failed for command id 3f3c0269-1c9d-448f-8e89-4e9a019cb8f4
Detail
System.InvalidOperationException: Unable to deploy modules at OrchestrationService.DeployModulesRunnerTask.Run(OrchestratorRunbookResource runbookResource, String commandId, String jobId, String runbookTaskId) at OrchestrationService.OrchestrationJobManager.<>c__DisplayClass14_0.b__4()



26 April 2018

D365 F&O on-premises | deployment failed for application financial reporting alias management reporter

During our installations and code deployments into Dynamics 365 for Finance and Operations on-premises we struggled a lot with one of the last steps of the installation: The financial reporting application. We have seen different issues till now. And there are several things to check when this step fails.

  • Check EventLog of primary orchestrator node for error messages in the local-agent folder.
  • Install ETW-Manisfest on the orchestrator node if not already there to check the MR logs:
    https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/deployment/troubleshoot-on-prem#mr
  • Check the userinfo table of AX DB. There must be a user called FRServiceUser 
  • Check if there are reports still checked out:

    select * from reporting.ControlReport where CheckedOutTo is not null

  •  If yes just update the following tables (on your own risk):
    update Reporting.ControlReport
    set CheckedOutTo = null


    update Reporting.ControlRowMaster
    set CheckedOutTo = null


    update Reporting.ControlColumnMaster
    set CheckedOutTo = null


    update Reporting.ControlTreeMaster
    set CheckedOutTo = null

If all the above is not solving the issue you could also try to replace the financialReporting DB with an empty financialReporting database.

D365 F&O | Workflow editor - Your security settings do not allow this application to be run on your computer

When opening the workflow editor from Dynamics 365 for Finance and Operations you may see an error message saying: "Your security settings do not allow this application to be run on your computer."



This is a security configuration from Windows. Check the registry settings regarding the prompting level for trusted sites and local intranet (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel). They should be enabled. If not just change them.


Than you just need to add the D365 F&O url as a trusted site in internet explorer setting. Try again and it should look like this: