SBX - Search With Button

SBX - Forum Post Title

Change default URL on AX7 onebox?

Dynamics 365 for Finance and Operations Forum

zibi99 asked a question on 18 Apr 2016 3:45 PM

Question Status

Suggested Answer

Has anyone been able to successfully change the URL on the AX7 VM from the default:

https://usnconeboxax1aos.cloud.onebox.dynamics.com/

to say, https://localhost or something to that effect? I was trying to change via web.config but getting this error:

"The reply address 'https://localhost/' does not match the reply addresses configured for the application..."

Is this an AAD error?

Reply

Hi zibi,

Why would you want to change it? It is not an AAD error, but a misconfiguration.

Reply
DynAx90 responded on 3 Aug 2017 1:21 AM
My Badges

@zibi99  did you get the soluion?

Reply
Dipak responded on 16 Jan 2018 6:36 PM

Hello All,

I am trying the same, but no luck.

I download offline D365 VM and want to expose it to internet for POC purpose.

It works only with 'd365.cloud.onebox.dynamics.com'

But when i am trying to open with https://localhost/ OR https://<ipaddress>  it wont work and gives me generic below error.

"AADSTS50011: The reply address 'https://172.xx.xx.xx/' does not match the reply addresses configured for the application"

Workarounds:

1.Added below redirect entry in web.config and same has been updated in Azure portal also

<add key="ida.PostLogoutRedirectUri" value="d365.cloud.onebox.dynamics.com" />

2.My domain name is different and even i created host A record (winhypvmtest.domainname.com) for the same.

3. Tried all the binding possibilities. 

4.Even trying to rename entire URL but not succeed yet ?

Kindly help i am getting lost day by day.

Reply
Alan Zhou responded on 16 Jan 2018 7:41 PM
My Badges

if someone can figure it out, would be great help for testing with a local DEV VM!

Reply
Sebastian Mańkowski responded on 16 Jan 2018 9:47 PM
My Badges
Suggested Answer

Hi Allan...

None of the other addresses will work - as IIS setup prevents this. You can change the address... however it requires few steps to achieve it. Have a look at below screen:

As you can see... IIS website uses hostname. So you must use exactly the same url in your browser to be properly redirected to the D365 website. Additionally it uses HTTPS protocol so you must have a valid certificate. That's why you can't use localhost. In order to make it work you need to do the following:

1. Issue the certificate from valid certification authority

2. Trust the certificate and issuer (certmgr.exe)

3. Make some changes in website web.config file (mainly certificate thumbprints for issuer certificate and issued ceritificate - you can easily find places by searching current entries for thumbprint of *.cloud.onebox.dynamics.com certificate)

4. Replace the host name with the name you choose

5. Choose newly issued certificate

It's not easy process... however it's doable :).

Best

Sebastian

Reply
Alan Zhou responded on 16 Jan 2018 10:23 PM
My Badges

That's cool! Sebastian

I will try to generate a new certificate from the IIS, and chnage the thumbprint in website web.config file.  

thank you alot letting me know it's doable!

Reply
Dipak responded on 24 Jan 2018 2:05 AM

Thanks Alan,

After lots of efforts (Importing new certificated/change in thumbprints at web.config, wif.config and wif.service) i am able to rename the default URL to required one and successfully working for me.

Thanks for comments, which gives me a way out.

Regards,

Dipak.

Reply
SheriffDNT responded on 24 Jan 2018 4:31 AM

Hi,

Could you please help me out on the configuration file edting.  I am trying to change the URL.

Thanks

Reply
Dipak responded on 24 Jan 2018 9:25 PM

Hi Sheriff,

Please follow the below steps , hope so it should work for you as well.

Keep eye on application event viewer logs if something went wrong that will help  you to rectify.

  1. Create new Self Sign Certificate (Certificate should contain private key)

(https://www.sslsupportdesk.com/export-ssl-certificate-private-key-pfx-using-mmc-windows/) Store certificate in Computer account.

Give Friendly name of Certificate e.g host.mydomain.com

 

 

 Import through IIS > Server Certificate > and Bind with AOSService  Site.

Map Friendly name of Certificate e.g host.mydomain.com

 

 

Map new Certificate with AOSService.

 

        

 below files needs to be  configured with new thumbprint

C:\AOSService\webroot

*****

Web.config modification

 

IMP : Change new created certificates thumbprint with UPPERCASE.

 

<add key="Infrastructure.CsuClientCertThumbprint" value=" REPLACE WITH EXISTING *CLOUD.ONEBOX.DYNAMICS CERTIFICATE THUMBPRINT TO NEW CERTIFICATE THUMBPRINT” />

 

<add key="Infrastructure.InternalServiceCertificateThumbprints"

REPLACE WITH EXISTING *CLOUD.ONEBOX.DYNAMICS CERTIFICATE THUMBPRINT TO NEW CERTIFICATE THUMBPRINT

 

 

<add key="Infrastructure.TrustedCertificates"

REPLACE WITH EXISTING *CLOUD.ONEBOX.DYNAMICS CERTIFICATE THUMBPRINT TO NEW CERTIFICATE THUMBPRINT

 

 ********

Wif.config Modifications

 

<authority name="CN=*.cloud.onebox.dynamics.com">

            <keys>

              <add thumbprint="CHAGNE THIS TO NEW CERTIFICATE THUMBPRINT" />

            </keys>

            <validIssuers>

              <add name="CN=*.ENTER FRIENDLY NAME OF CERTIFICATE" />

            </validIssuers>

          </authority>

          <authority name="CN=DeploymentsOnebox.DaxRunnerTokenUserCertificate.pfx">

            <keys>

              <add thumbprint="3FF129E9D504812A1FEA0E6AE748F3D78AF2119C" />

            </keys>

            <validIssuers>

              <add name="CN=DeploymentsOnebox.DaxRunnerTokenUserCertificate.pfx" />

            </validIssuers>

          </authority>

 

 *******

Wif.service Modifications

 

<wsFederation passiveRedirectEnabled="true" issuer="login.windows.net/.../wsfed" realm="spn:00000015-0000-0000-c000-000000000000" reply="https://FRIENDLY NAME IN FQDN/" requireHttps="true" />

    <cookieHandler requireSsl="true" domain=" FRIENDLY NAME IN FQDN " path="/" />

    <serviceCertificate>

 

 Restart IIS

cmd> iisreset /stop  

           iisreset /start

Best of Luck.

Thanks.

Dipak.

Reply
SheriffDNT responded on 25 Jan 2018 1:28 AM

Hi,

It didnt work.  It seems mismatch address  in security certificates (it show in the browser, wiht error 500).  I am using godaddy wildcard certicate instead of self-signed certicate.

can you assist me on this.

Reply
Dipak responded on 25 Jan 2018 1:35 AM

pls share application event logs

Reply
SheriffDNT responded on 25 Jan 2018 1:47 AM

The remote certificate CN=*.dnetsoft.com, O=Dynamic Netsoft Technologies Private Limited, L=Chennai, S=Tamil Nadu, C=IN has and invalid name or does not match the host usnconeboxax1aos.cloud.onebox.dynamics.com Machine: D365-TRIALVM

Reply
SheriffDNT responded on 25 Jan 2018 1:50 AM

Can i share the 3 files i did configure.  How can i attach the files to you.

Reply
Dipak responded on 25 Jan 2018 2:03 AM

share at dipak_jagdhane (AT) hotmail (DOT) com

Reply
SheriffDNT responded on 25 Jan 2018 2:14 AM

Received the following exception when contacting the AX Metadata Service possibly due to expired token. Attempted to retry the operation 5 times with no success. Could not establish trust relationship for the SSL/TLS secure channel with authority 'usnconeboxax1aos.cloud.onebox.dynamics.com'.

Machine: D365-TRIALVM

Reply
Sebastian Mańkowski responded on 16 Jan 2018 9:47 PM
My Badges
Suggested Answer

Hi Allan...

None of the other addresses will work - as IIS setup prevents this. You can change the address... however it requires few steps to achieve it. Have a look at below screen:

As you can see... IIS website uses hostname. So you must use exactly the same url in your browser to be properly redirected to the D365 website. Additionally it uses HTTPS protocol so you must have a valid certificate. That's why you can't use localhost. In order to make it work you need to do the following:

1. Issue the certificate from valid certification authority

2. Trust the certificate and issuer (certmgr.exe)

3. Make some changes in website web.config file (mainly certificate thumbprints for issuer certificate and issued ceritificate - you can easily find places by searching current entries for thumbprint of *.cloud.onebox.dynamics.com certificate)

4. Replace the host name with the name you choose

5. Choose newly issued certificate

It's not easy process... however it's doable :).

Best

Sebastian

Reply
Suggested Answer

So you say it works with this url: .

I guess then it works also with my-test2, my-test3 and so on? And you can setup your DNS soo that each of these urls map to different onebox.

Why would you then need to change the url in the onebox (which is what this thread is about)?

To me it looks you already have the solution for connecting your third party app with multiple oneboxes.

Reply

SBX - Two Col Forum

SBX - Migrated JS