Refresh certificates on onebox dev machines
If you follow the onebox VHD setup, you have had to use the self signed certificate for a few years now during setup: https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/dev-tools/vhd-setup
This certificate only lasts one year. Typically, your F&O user interface still functions after one year, however, you might get certificate warnings from your browser. You can bypass these with various methods that seem to change over time. I typically just bypass these warnings. However, SSRS reports will stop working entirely and the only way I've found to fix this is to fix the certificates.
You may want to snapshot your environment before starting.
First, run the "Generate self-signed certificates" from the desktop again. You will use the same appId you originally used a year ago. It will ask "Do you have an existing certificate for the provided Application Id". At the time of this writing, it is ok to tell it N, even if that is not accurate. If you select N, skip to next paragraph. If you want to say Y, you will need a thumbprint. To get your thumbprint, go to iis > AOS service website > bindings > edit - view the cert to get the thumbprint. Disclaimer: I'm not 100% sure which certificate thumbprint it is looking for as it updates a few certificates, each with its own thumbprint, so don't bother with this route unless selecting "n" stops working in the future. When I got this working with the thumbprint approach, I ran the process multiple times for a few different ones. It was much easier the second time around on a different VM just skipping all of this thumbprint work. If you know more, please leave a comment on the article.
The "Generate self-signed certificates" runs and it will have lots of errors and looked like it failed. However, only parts of it to need to succeed to solve the certificate issues. You can optionally check the certificate shown in the above screenshot to verify the dates are valid now. These dates are on the general tab of the certificate - it should show today's date to a year from now. In this screenshot, today is 7/19/24.
After this step, your entire F&O environment won't start now. You are now is a worse position, you must complete the next steps. If you check event viewer, you will find lots of SQL server login failures.
We now need to correct the SQL server logins.
First, decrypt the web.config file from an elevated cmd prompt:
领英推è
C:\AOSService\webroot\bin\Microsoft.Dynamics.AX.Framework.ConfigEncryptor.exe -decrypt C:\AOSService\webroot\web.config
Next, find the passwords you want to correct. I only fix axdbadmin because no one cares about MR and DW on onebox. But you can follow similar steps there if you want.
Search web.config for "SqlPwd" and/or "AxAdminSqlPwd", these should be the same value. Next, go to SSMS and set the axdbadmin to the new password. It should be about 15 characters long, if its 100+ long, the decrypt step failed.
If the login still does not work, check the "Status" tab on your axdbadmin properties. Ensure the account is not locked out, I had this happen once. When unlocking, if you previously changed your machine name, as recommended with the initial VHD install, you will first need to correct your server config:
select @@servername --Old server names
select host_name() --new server name
exec sp_dropserver 'myoldserver' --old server, copy from above
exec sp_addserver 'mynewserver', local --new server, copy from above
Reset IIS and verify your F&O and SSRS now works.
If there are still issues, check event viewer for more info.
Junior Consultant INFRA at YASOOB Consulting Private Limited.
4 个月great document this one i was looking for
D365F&O Developer | Dynamics AX | Axapta | OData | Integration | Warehouse management | SSRS | REST API
8 个月I have used the two different ways to refresh certificate: 1. You need to restore the folder *Drive*\DynamicsTools\CleanVHD from a clean machine (before certificate generation) because some of the original scripts are deleted during the generation process. And already re-call the certificate generation. 2. Copy the certificate with a new expiry date. Copy it to trusted certificate authorities. Update thumbprint from old to new in web.config file. Change the certificate in IIS.
Dynamics AX / Dynamics 365 FO Technical Consultant
8 个月Interesting. Thanks for sharing. Previously I restored the whole WM from the original image, but it is worth trying this one (mine is expired in Nov :) )