13 July 2018

D365 | on-premises SSRS error - Keyset does not exist

If the SSRS Server reports the following error in the AX-SSRSReportExtensions\Operational log it is important to check if the certificates used by the SSRS service are accesible from the service account running the SSRS service.
So first of all open the reporting service configuration manager and find out the service name. Than open certificate manager (mmc) an check the personal certificates. there you should see:

  • ReportingService Certificate
  • DataEncryptionCertificate
  • DataSigningCertificate


If they are not there go to Microsoft docs and read the installation instruction for on-prem ;)
If you see these certificates right click each of them and click "All Tasks" --> "Manage Private Keys..." and add the service user with read permissions.



message Unable to find the EDT metadata for field Name on table DirPartyTable.
exceptionMessage Exception occurred on the metadata service on client or server. See exception details below: >Keyset does not exist
exceptionType Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException

stackTrace Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException: Exception occurred on the metadata service on client or server. See exception details below: >Keyset does not exist ---> System.Security.Cryptography.CryptographicException: Keyset does not exist Server stack trace: at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetAsymmetricAlgorithm(String algorithm, Boolean privateKey) at Microsoft.IdentityModel.CryptoUtil.GetSignatureFormatterForSha256(AsymmetricSecurityKey key) at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey) at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature() at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement() at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.WriteAssertion(XmlWriter writer, Saml2Assertion data) at Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token) at System.ServiceModel.Security.SendSecurityHeader.OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion) at System.ServiceModel.Channels.MessageHeader.WriteHeader(XmlDictionaryWriter writer, MessageVersion messageVersion) at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer) at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota) at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset) at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message, Boolean shouldRecycleBuffer) at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Service.IAxMetadataService.GetTableMetadataByName(String[] tableNames) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceClient.<>c__DisplayClass22_0.b__0(IAxMetadataService channel) at Microsoft.Dynamics.AX.Framework.Services.Client.ServiceClientHelper.InvokeChannelOperation[TResult,TChannel](IServiceClient`1 client, Func`2 operationInvoker, Func`2 exceptionWrapper) --- End of inner exception stack trace --- at Microsoft.Dynamics.AX.Framework.Services.Client.ServiceClientHelper.InvokeChannelOperation[TResult,TChannel](IServiceClient`1 client, Func`2 operationInvoker, Func`2 exceptionWrapper) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceClient.GetTableMetadataByName(String[] tableNames) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.<>c__DisplayClass7_0.b__0() at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.GetMetadata[TMetadata](Func`1 metadataServiceInvoker, Func`1 nodeNotFoundErrorMessage) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceProxyFactory.CreateTableMetadataProxy(String tableName) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataCache.<>c.<.cctor>b__71_5(String alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.CustomMetadataAccessor`4.GetItemByAlternateKey(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.CustomMetadataAccessor`4.GetMainKeyFromAlternate(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.<>c__DisplayClass14_0.b__0() at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.CacheBase.CacheRead(ICacheReadArgs cacheReadArgs, Action tryReadAction, Action readThroughAction) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.GetItemInternal(CacheItemReadArgs itemReadArgs) at Microsoft.Dynamics.AX.Framework.Services.Metadata.Caching.TripleKeyedItemCache`4.GetItemByAlternateKey(TAlternateKey alternateKey) at Microsoft.Dynamics.AX.Framework.Services.Client.MetadataCache.GetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.OnGetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetTableMetadata(String tableName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.OnGetTableFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ClientServicesProxy.GetTableFieldMetadata(String tableName, String fieldName) at Microsoft.Dynamics.AX.Framework.Reporting.Shared.ExtendedDataTypeHelper.TryGetExtendedDataTypeMetadata(String customPropertyEDTValue, IErrorLogger errorLogger, String reportName)