Tuesday, 10 July 2018

Expired certification issue on development machines

Today, i will be discussing about one of the common issue of expired certification on development machine. You guys must have observed one of the common error while accessing AX through web browser typically using this URL (https://usnconeboxax1aos.cloud.onebox.dynamics.com/).
Error :  'There is a problem with server ' Sorry the server encountered a error. It is either not available or it cannot respond at this time. Please contact your system administrator. 






There might be different reasons for this error for instance: IIS services is not running or AX certification has been expired.
For better verification we will check first event log. It will  give us more details of this error. 
See in below screen shot the event log is giving ExpiredCertificateException.













Further on we can check our certificates by going on this navigation : Search Certificates -> Local Computers ->Personal -> Certificate 
Here you will find 4 expired certificates by checking there dates in expire column. 








Solution :  Replicate the certificates and update all references of expired one with new.
Following are the steps to go through this process.

1. Find certificates by going on following navigation : Search in Windows Start Menu : Certificates -> Local Computers ->Personal -> Certificate. They all will be expired.
  • DeploymentsOnebox.DaxRunnerTokenUserCertificate.pfx
  • DeploymentsOnebox.LcsClientCertificate.pfx
  • DeploymentsOnebox.MRClientCertificate.pfx
  • DeploymentsOnebox.SessionAuthenticationCertificate.pfx
2. Identify thumbprint of each certificate. By double clicking on them. It will open a screen, from there select Details tab. Search thumbprint there and you will get key from there. 
Note : Here I have opened DeploymentsOnebox.SessionAuthenticationCertificate.pfx. I will show the steps for one certificate rest of all certificates can be replicated  by following same steps.
3. Copy the key from there. In my case key is ‎f7 9c 64 b7 cd 90 91 13 28 81 8a 2b 10 df 8b da 27 36 cc 8e.
























4. Clone the certificate by opening the power shell as administrator and execute below mentioned  command. In my case i have used my own key shown in above screen shot where as 999 is duration of months after which certificate will be expired. You may set your own key and duration as per your requirements.

Command : 
Set-Location -Path "cert:\LocalMachine\My"
$OldCert = (Get-ChildItem -Path F79C64B7CD90911328818A2B10DF8BDA2736CC8E)
New-SelfSignedCertificate -CloneCert $OldCert -NotAfter (Get-Date).AddMonths(999)

Execute the command and you will see new certificate will be created. Copy the new key from power shell since you have to replace it on different places with old one in order to update reference.

5. Now update the newly created key in all referred files. For this process we need to update three files located in C:/AOSService/webroot/
  • wif.services.config
  • web.config
  • wif.config






Note : Open all these files in Notepad++ as administrator and replace old key with new one by using find and replace options. In last save the file.

6. Repeat same for all other three certificates.
7. Reboot the machine because it will restart all services. After reboot you will be able to access AX on web browser.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Custom Business events Part 3 - (Activate custom business event) in D365 F&O

 In this blog we will discuss about the steps to activate a custom business in D365 F&O. As we know that business event catalog does not...