IDX10205: Issuer validation failed for D365 Operations

While setting up a new VM for cutomer project, we came across an issue where we were not able to do the API calls and were receiving following message in the window event logs.

Clicking “Details” will give you something like below (Trimmed details – showing the relative error message)

IDX10205: Issuer validation failed. Issuer: ‘https://sts.windows.net/GUID-AAD#1/’. Did not match: validationParameters.ValidIssuer: ‘null’ or validationParameters.ValidIssuers: ‘https://XXXXXXXXXX.sandbox.ax.dynamics.com, 00000000-0000-0000-c0000-000000000000, microsoft.erp, https://sts.windows.net/GUID-AAD#2

The first thing to notice that GUIDs are different – these ids should be similar when request is being posted with bearer token. This lead us to check the “UserInfo” table in the onebox machine. However, that didn’t help – so we looked further.

Upon further investigation we found out that web.config file in J:\AosService\WebRoot that had the original domain name related to person who deployed the VM for D365 Operations.

The domain name was different than actual tenant, after making the both same we were able to post the requests through Postman and received successful response. 

The lesson learnt was that we should be deploying the VMs from their tenant’s account instead of partner’s account.

Thanks,

D365 -Publishing Entities (BYOD)

Microsoft released the Dynamics 365 on November 01, 2016. With that Microsoft also release the VM for the solution as well – you can download it from https://connect.microsoft.com/site1321/Downloads

(You need to be registered in the feedback program to download)

After setting it all up, I tried to publish the entities to external database. It all looked easy, but while trying to do faced some exceptions as it was not able to find assemblies to actually execute the publish commands.

Below is the first error received, the SMO assembly for SQL Server was not loaded.

Now to resolve this follow below steps:

1. You can find this and other related assemblies in the C:\AOSService\PackagesLocalDirectory\Bin folder for your local VM.
2. After locating the assembly – drag it to c:\windows\assembly folder on your local VM. It will register it in the GAC. Don’t get confused by the assembly version in the properties of it. It will correctly display as 13.100.0.0  in the GAC.
3. Restart the “Microsoft Dynamics 365 for Operations – Data Import/Export Framework Service” from windows services
4. Reset IIS from Command prompt running in Administrator mode
5. Refresh the Dynamics AX, and publish the entities again after selecting

When you will refresh the page – you will see “published” column indicating the successful operation.

The database chosen for this will have the Schema published for the selected entities. Please note the name of the columns will be different than what actually are in the actual AX tables. I am sure you can change them – but that’s for some next article.

Example: SalesTable.SalesId == SalesOrderHeaderEntityStaging.SalesOrderNumber … (In Staging)

Next, you can use “Export” framework to export data to this database. Will find some time soon to go through further details on it. In the mean time please see Microsoft wiki on the topic. It’s a great help.

• https://ax.help.dynamics.com/en/wiki/using-data-entities-and-data-packages/
• https://blogs.msdn.microsoft.com/dynamicsaxbi/2016/07/27/export-dynamics-ax7-entities-to-your-own-azure-sql-database/
• https://ax.help.dynamics.com/en/wiki/using-data-entities-and-data-packages/#export

Until next time … Enjoy!

 

 

 

Dynamics AX – Service EndPoints

The following table lists all the service endpoints that were available in Microsoft Dynamics AX 2012 and the new service endpoints that have been introduced in Dynamics AX.

Service endpoint	AX 2012	Dynamics AX
Document Services (AXDs)	Yes	No – Replaced by data entities
SOAP-based Metadata Service	Yes	No – Replaced by REST metadata
SOAP-based Query Service	Yes	No – Replaced by OData
OData Query Service	Yes	No – Replaced by OData
SOAP-based Custom Service	Yes	Yes
JSON-based Custom Service	No	Yes (New)
OData Service	No	Yes (New)
REST Metadata Service	No	Yes (New)

For full details – please check AX Wiki:

https://ax.help.dynamics.com/en/wiki/dynamics-ax-7-services-technical-concepts-guide/

Dynamics AX (Ax7) Layout

Here is how it looks with RTW (Release to Web) for Dynamics AX

Search

Tiles

The tiles are the main component of the office themed layout where you can put the links to your own workspace and also filter the tiles based on the role assigned to user.

Collapsible Menu

The collapsible menu lists all the Modules, Workspaces and recent browsed pages for quick access. The menu can also be pinned down to make it stick.

The Layout as a Whole

Hope this gives some technical resources more appetite to look at this new amazing Microsoft’s AX release.

Enjoy !!!

 

Dynamics AX 2012 – Reports – “No data available”

Problem:

A working report suddenly stops working for a “User” in production environment with message “No data available”.

Research:

While report worked for every other user and only that particular user seems to had a problem while running the particular report. While he was able to run other reports in that same module fine.

This was a strange enough situation for us, while we checked code, security etc… at first we were not able to find the exact cause of this behavior. But we were sure it has something to do with the security that is finally applied when running the report. So, we created a test user with same roles assigned on lower environment.

During our debugging and profiling the calls to actual database saw a strange behavior.

The query generated from X++ was same for user who was able to run the report and the user who wasn’t able to run the report, but interestingly the SQL Profiler showed EXTRA parameters added to where clause of SQL that was getting executed. The extra condition caused the data to not appear – the condition was always going to result in a FALSE.

The query generated was something like below notice 1=3

SELECT ………. FROM InventTable T1 Inner Join InventDim T3 … WHERE 1=3

This cause the data to not appear for that user, AX kernel seems to validate the permissions and inject the condition to make sure that data doesn’t come from the source – making the sure that data is being security and row level security is applied though this.

Solution:

The solution to the problem was to add all used tables used in the Query for the report in the user’s privileges in AX.

HTH

CREDIT: #awesome #team #visionet #findingsolutions