-
July 19, 2024
If you follow the onebox VHD setup, you have had to use the self signed certificate for a few years now during setup: https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/dev-tools/vhd-setup
This certificate only lasts one year. Typically, your F&O user interface still functions after one year, however, you might get certificate warnings from your browser. You can bypass these with various methods that seem to change over time. I typically just bypass these warnings. However, SSRS reports will stop working entirely and the only way I’ve found to fix this is to fix the certificates.
You may want to snapshot your environment before starting.
First, run the “Generate self-signed certificates” from the desktop again. You will use the same appId you originally used a year ago. It will ask “Do you have an existing certificate for the provided Application Id”. At the time of this writing, it is ok to tell it N, even if that is not accurate. If you select N, skip to next paragraph. If you want to say Y, you will need a thumbprint. To get your thumbprint, go to iis > AOS service website > bindings > edit – view the cert to get the thumbprint. Disclaimer: I’m not 100% sure which certificate thumbprint it is looking for as it updates a few certificates, each with its own thumbprint, so don’t bother with this route unless selecting “n” stops working in the future. When I got this working with the thumbprint approach, I ran the process multiple times for a few different ones. It was much easier the second time around on a different VM just skipping all of this thumbprint work. If you know more, please let me know.
The “Generate self-signed certificates” runs and it will have lots of errors and looked like it failed. However, only parts of it to need to succeed to solve the certificate issues. You can optionally check the certificate shown in the above screenshot to verify the dates are valid now. These dates are on the general tab of the certificate – it should show today’s date to a year from now. In this screenshot, today is 7/19/24.
After this step, your entire F&O environment won’t start now. You are now is a worse position, you must complete the next steps. If you check event viewer, you will find lots of SQL server login failures.
We now need to correct the SQL server logins.
First, decrypt the web.config file from an elevated cmd prompt:
C:\AOSService\webroot\bin\Microsoft.Dynamics.AX.Framework.ConfigEncryptor.exe -decrypt C:\AOSService\webroot\web.config
Next, find the passwords you want to correct. I only fix axdbadmin because no one cares about MR and DW on onebox. But you can follow similar steps there if you want.
Search web.config for “SqlPwd” and/or “AxAdminSqlPwd”, these should be the same value. Next, go to SSMS and set the axdbadmin to the new password. It should be about 15 characters long, if its 100+ long, the decrypt step failed.
If the login still does not work, check the “Status” tab on your axdbadmin properties. Ensure the account is not locked out, I had this happen once. When unlocking, if you previously changed your machine name, as recommended with the initial VHD install, you will first need to correct your server config:
select @@servername --Old server names select host_name() --new server name exec sp_dropserver 'myoldserver' --old server, copy from above exec sp_addserver 'mynewserver', local --new server, copy from above
Reset IIS and verify your F&O and SSRS now works.
If there are still issues, check event viewer for more info.
Schiermeyer Consulting, Inc 