Itâ€™s almost time for Convergence 2015 and weâ€™re ready with the
most commonly asked question eOne gets at the expo:
DO YOU HAVE ANY PROMOS?
This year, the answer is â€“ yes, of course we do â€“ for dedicated
Here are the promos so you can be ready (and know – they expire 4/30/15!):Â
SmartList Builder Self-Paced TrainingÂ
tweet a picture of our roaming Bob the
You receive "You are not allowed to use Microsoft Dynamics GP. Please sign out and sign in with an authorized account" when accessing Web…
One of the cool things about Microsoft Dynamics GP 2015 is the new Web Client Identity Management feature. Having the ability to access Microsoft Dynamics GP with your Windows Directory or Windows Azure credentials without ever needing a SQL login account is just beautiful.
The Theory – Part 1: GP Utilities
The theory is fairly simple: you have a Microsoft Dynamics GP user account, which in turn is tied to a Windows Active Directory account or Windows Azure Active Directory account. User accounts are stored in the User Master table (dbo.SY01400) in the system database, which has been beefed up with a new column called Active Directory Object GUID (ADObjectGuid) to store the actual GUID of the directory or organizational account mapped to the GP user.
|User Setup window|
However, because Microsoft Dynamics GP continues to be dependent on SQL authentication for all intends and purposes, it continues to need a SQL login to be able to access the Dynamics GP database objects. This is where the new Web Client SQL Login user comes into play.
If you have done a new install of Microsoft Dynamics GP 2015, you would have noticed a new window called Manage Web Client SQL Server Login during the GP Utilities process. This window prompts for SQL credentials that will be used to access the SQL server database objects from Web Client.
|Manage Web Client SQL Server Login window (GP Utilities)|
If you are doing an upgrade, you will need to direct your attention to the drop-down list in theÂ Additional Tasks window to find it — more on this later.
|Additional Tasks window (GP Utilities)|
When you enter the credentials in the Manage Web Client SQL Server Login window, the actual SQL Server security principal is created with the same password encryption at the database level. To understand more about this, read Why does Microsoft Dynamics GP encrypt passwordsÂ by David Musgrave over at Developing for Dynamics GP.
The Theory – Part 2: Web Client
When you are installing the Web Client itself, you are once again prompted to enter the Web Client SQL Server Login credentials. At this stage you MUSTÂ enter the same account information entered when you ran the GP Utilities.
This information is stored in the TenantConfiguration.xml file (in a single-machine instance) under the SessionCentral folder. The same information is used by the Service Based Architecture service (GPService service) to gain access to database resources, hence there’s also a TenantConfiguration.xml file (again, in a single-machine instance) under the GPService folder. These two folders can be located under your Program FilesMicrosoft DynamicsGP Web Components root folder.
Now that your AD or Organizational account is tied to your GP user account, when you launch the web client and your AD credentials are validated against IIS, a security token is created and passed on to Session Central service, which in turn spins up a runtime process passing on your AD account credentials in the GP Login window. The log in process itself will use the Web Client SQL Server login to access the system database and in particular the User Master table to validate the AD account GUID against the one stored in the table. If all matches, you are allowed access and from there on you go about your business.
This brings us to the topic of this post…
As it turns out, during that handshake between Session Central and the Runtime service to pass off the AD credentials, I received the following error:
Further review of the Dynamics application and services log in Event Viewer, shows the following error:
System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
Â Â at System.Security.Cryptography.CapiSymmetricAlgorithm.DepadBlock(Byte block, Int32 offset, Int32 count)
Â Â at System.Security.Cryptography.CapiSymmetricAlgorithm.TransformFinalBlock(Byte inputBuffer, Int32 inputOffset, Int32 inputCount)
Â Â at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
Â Â at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
Â Â at System.IO.Stream.Close()
Â Â at Microsoft.Dynamics.GP.Web.Foundation.AesCryptographer.Decrypt(String value)
Â Â at Microsoft.Dynamics.GP.Web.Services.Session.TenantServiceXmlHandler.ResolveTenantPasswords(Tenant tenant)
Â Â at Microsoft.Dynamics.GP.Web.Services.Session.TenantServiceXmlHandler.GetTenantDetails(String identity, String tenantName)
Â Â at Microsoft.Dynamics.GP.Web.Services.Session.Service.SessionCentralService.CreateSession(String tenantName, UserContext userContext)
Typically, any Crypto exception is directly related to credentials. So I traced back my steps after the upgrade and realized I had created the Web Client SQL server login account manually — after all, I had not seen the option in the GP Utilities drop down to do so. Of course, this would mean that the password was un-encrypted on SQL server and wouldn’t match the password stored in the TenantConfiguration.xml file. In retrospect, had I even used GP Utilities to setup the account and entered a different password from the one I entered during the Web Client install, I would have received the same error.
Knowing that in essence what I had was a password mismatch between the value stored in TenantConfiguration.xml and the password at the SQL Server level, I decided to make things simple and removed the database user (sp_dropuser) corresponding to the security principal and the actual security principal (sp_droplogin) then re-launched GP Utilities and created the account once more, this time making sure the password matched what I had entered when installing the Web Client.
Once I launched the Web Client and entered my Windows credentials information, I was able to experience the beauty of single sign-on all the way to the company database I had selected as my default company.
Also, it is worthwhile to mention that Service Based Architecture was failing validation, but I will address this in my next article.
I want to thank Chris Rudolph with the Microsoft Dynamics GP Software Engineering team for his valuable insight into working through this issue. Chris also helped me with understanding some deep architecture stuff that I will be presenting in a future related article to this one.
Until next post!
Mariano Gomez, MVP
Intelligent Partnerships, LLC
March 12, 2015
Â· Mariano Gomez Â· No Comments
Tags: human-resources, humor, integration, internet, Inventory, manufacturing, Multicurrency, reporting, security Â· Posted in: Blogs I Follow Total Views: 150
TheÂ final countdown to Convergence 2015 in Atlanta is well and truly on. I know this because tonight I start my journey to Atlanta, Georgia, USA.
I am flying to Sydney and then early tomorrow I have a direct flight from Sydney to Atlanta.
I plan to post blogs while at the conference after each day, but experience tells me that I might find that difficult with the very full days.
Anyhow, if you are still looking for reasons to come (other than seeing Mariano and me), check out the video below:
Convergence 2015 (direct link)
Looking forward to see everyone.
This article was originally posted on http://www.winthropdc.com/blog.
See more here:
#CONV15 â€“ Convergence 2015 Atlanta â€“ The Countdown
March 12, 2015
Â· WinthropDC Â· No Comments
Tags: business, convergence 2015, Dexterity, dynamics, georgia, microsoft, social-media, support debugging tool Â· Posted in: Blogs I Follow Total Views: 107
If you have been following my blog, you probably know how excited I am about this feature. Unfortunately, the documentation can be a little hard to find. The important thing to remember is that as this is a part of the web client â€“ that is where you will find the relevant documentation.Â
Paul Haag at InterDyn has just written a great post summarizing the steps he followed.Â Using the Dynamics GP Service Based Architecture (Paul Haag)Â
Additionally as you are stuck(and its okay if you are, this is Version 1 of the SBA) â€“ you might find the following notes and resources helpful.
- There are three logs you can look to for information on requests that fail, the GP Service log, Dexterity Service Log and the Request Log.Â All logs are located in ProgramDataMicrosoft DynamicsGPSvcLogs. The Dexterity Service log will tell you if the request made it to the Dexterity instance and is in the Inst_DefaultInstanceDexterityService directory. All requests tie together with a correlation ID. Read more at Debugging in the Dynamics GP 2015 Service Based Architecture
- You need to place the new Application.PRODUCTNAME.dll in your GP runtime folder.Â After restarting your services, a good way to see if your endpoint is available is by using discovery (url below).Â That will show all the dictionaries that have been DAG’ed and have available service endpoints. https://
Read more at Service Based Architecture and Custom ProceduresÂ (Thanks Rob Bernhardt)
- When creating service procedures in the service based architecture one of the key steps is to define service metadata including setting the Service Enabled switch to TRUE. We also add a Service Procedure Metadata property which contains the relevant information for the GP Service to wire the procedure calls up to their URI endpoints. In addition to this, the procedureâ€™s class definition will now contain a third invoke method which the service uses for parsing the request and building up the response. Read more at – DAG (Dictionary Assembly Generator) â€“ Whatâ€™s New in GP 2015
Workflow Engine in GP 2013 R2 and GP 2015
March 11, 2015
Â· Frank Hamelly MCP-GP MCT MVP Â· No Comments
Tags: accounting, business, facebook, General Ledger, miscellaneous, Smartlist Builder, sql server, upgrade Â· Posted in: Blogs I Follow Total Views: 121
Silverlight "ArgumentException: An item with the same key has already been added" when attempting to print a report
It’s been about 3 months now since working with Microsoft Dynamics GP 2015 in our production environment. To recap, at Intelligent Partnerships we run all our information technology infrastructure on Microsoft Azure. A big reason for this, of course, is the high degree of mobility required by our consulting staff and the ability to access demo environments and be able to enter timesheets and expenses from anywhere in the world they happen to be. In addition, we need to be able to run our business and access our financials and analytics without being constrained to a particular geographical location. As such we rely heavily on Dynamics GP’s Web Client and Business Analyzer to achieve these goals.
One of the issues we started noticing with Web Client recently is, when you attempt to print a report – Standard or Template – but cancel out the printing on the Report Destination window, then attempt to print the report once more, we would receive the following Silverlight error message:
This particular error was received attempting to print a sales order processing quote, but we have been able to reproduce from other windows. While I don’t claim to understand all these exceptions, this particular one seems to refer to an issue caused by a “key” being added twice to the same “Generic.Dictionary” collection. Since the action causing the error seems to be a second attempt at printing a report – the same report it seems – somewhere along the lines it would appear that some value isn’t being cleared out from the collection of reports being printed which would cause a duplicate key. Again, pure speculation.
Nonetheless, in speaking to the Dynamics GP development team, it seems to be this issue has been written up and may be solved in the upcoming hotfix release. This issue can be reproduced in Microsoft Dynamics GP 2015 build 14.00.0619 (January Hotfix).
Until next post!
Mariano Gomez, MVP
Intelligent Partnerships, LLC
March 11, 2015
Â· Mariano Gomez Â· No Comments
Tags: Analytical Accounting, Dexterity, extender, fixed-assets, Inventory, microsoft, microsoft office, Smartlist Builder, sql server, support debugging tool, upgrade Â· Posted in: Blogs I Follow Total Views: 121
David Musgrave has just announced that he has completed the exclusive agreement with Microsoft to obtain the Support Debugging Tool source code.
Heâ€™s now looking at community feedback to fix the horrible name which always took a few tries to explain to people. â€śWhy do I need a debugging tool ?â€ť â€“ most people I recommended the tool to asked me.
Go Vote for a new name that makes sense here – Where is the Support Debugging Tool for Microsoft Dynamics GP 2015?
PS â€“ It was a good thing the tool was named the support debugging tool. With a slightly better name, and consequently even more popularity David would have had much more difficulty getting the source code !
Chance to Fix a Bad Name