Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2022 Release Wave 1 PlanDynamics 365 release plan for the 2022 release wave 1 describes all new features releasing from April 2022 through September 2022.
2022 release wave 1 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
I am getting 401 Unauthorized error when I login into appsusing both time sheet and approval apps.Please note My adfs and azure is communicating with out any issue.When I use fiddler tool I get message Unauthorized access 401
Without additional details on which step you get this error, I cannot tell you where it goes wrong. I have seen a similar issue where the adfs was not accessible from outside your own network.
Can you provide a fiddler report where I can see on which step it fails?
Hi Andre ,
Below is the captured data from fiddler
I do miss some logging on connecting to Azure and passing the ADFS. Did you configure this on a demo machine or an own domain? Normally you will see at first a connection to Azure, then ADFS, then the servicebus /TimeRest/ URL.
Did you start Fiddler after connection in the app? What app did you use and what does the app shows you when you get this error?
I have attached new file which I have captured using fiddler. I am using Microsoft demo VPC
I am using timesheets apps as well as approval and I get message oops something went wrong .
fiddler it is showing 401 Generic:Authorization failed for specified action:send trackingid
Indeed the ADFS is working correct. It looks like there is a problem with the servicebus connection. Can you verify if the ACS (Access Control Service) on the Azure service bus is really configured correctly?
Please also check the machine where the AX Mobile connector is running. Please look if there are some logs in the Event Viewer which could be related. Check also the event logs on the AOS server.
I am getting new error although thumbprint is from same certificate as token signing is using.
What certificate did you use? A self-signed, purc'hased or the demo certificate from Microsoft?
Please check if you have entered the thumbprint without spaces after each characters. Also make sure you type the thumbprint manually. Sometimes when copy and paste the thumbprint illegal characters may be pasted and not visible.
I have purchased the certificate from authorized CA.I have manually typed the thumbprint without spaces.
Let me know anyother thing I have to check.
Is the certificate a wildcard certificate (valid for a complete domain e.g. *.mydomain.com) or a machine specific certificate (e.g. adfs.mydomain.com)?
Is your problem solved or not? If it is solved please update what caused the error. If not, please answer my questions.
Hi Sandra, I hope you doing good. I am facing the same issue. So is it possible for you to share what did you do to resolve this Send error?
is wildcard not supported? I am trying to wire up the Timesheet app with a scenario just as below diagram notes. Stolen from a brilliant AX guy.
My scenario is not exactly on premise but rather a hosted AX (essentially VM's so similar to on premise) I am getting invalid SWT Token, unauthorized. I followed steps closely however still no luck. I get this error when I try to start the Rapid Start services in the final step.
Fiddler acts like nothing happened and I don't see anything....are there other ports I need to open on my ADFS server (which is on my host and has nothing on it) I have only an AOS server and a ADFS. My Azure ACS Identity and Password were difficult to locate but I think I have the x509 thumbprint and identity correct. Also the following url doesn't resolve from my AX AOS, which seems like it would need to maybe (or maybe just the ADFS)
Any ideas at all are helpful
You are allowed to use the image with some notes I created in the past ;) The base was "borrowed" from Microsoft.
A wildcard certificate is not working. It should be named with the public name of the ADFS server. I do think somehow from the named certificate it used the specific name as a check or uses the name to access the correct ADFS server.
Error 401 is related to be "unauthorized". The root cause can be related to several factors.
Is ADFS configured correctly? Can you access the web-url login form?
Did you use the correct named certificate issued from a public CA? Self-signed certificate is not trusted.
Are there any proxy or firewall settings preventing a correct communication?
I think ADFS is the issue -
ADFS token signing and decryption cert had errors- "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store." I installed the cert on my WCF / AOS but not on the ADFS, I guess I thought it was there already.
I cant access the ADFS URL, that's one with usermixed at the end right? I cant even access it from the ADFS server so maybe firewall / proxy issue (hosted VM). I get 503 service unavailable error.
I will focus on getting the ADFS URL to return properly for now and post outcome.
THANKS SO MUCH FOR YOUR HELP!
The ADFS cert DOES have a wildcard. Could this be the only problem? It must be a actual DNS entry?
I got the fedWS asmx to respond now (myadfs.myhost.com/adfs/fs/federationserverservice.asmx) however the ADFS login url DOES NOT work...(myadfs.myhost.com/adfs/services/trust/13/usernamemixed/), https produces PROXY SERVER ISNT RESPONDING (but I don't use a proxy in IE/LAN settings) and http produces a 503 not authorized error, even from the ADFS server itself. Nothing in the event log and fiddler acts as nothing was sent out. I think ADFS is setup correctly (it was configured by my host) other than the wildcard. Azure seems responsive as well since if I change the password it gives a different error completely . Also, strangely the myadfs.myhost.com/FederationMetadata/2007-06/FederationMetadata.xml DOES return data, but it is strange text not actually xml. Azure doesn't seem to mind when I put this URL in however. it has a key and then text...
requestApplication IdentifierIdentifier for the Relying PartyApplication policiesApplication policies of the certificateAuthority Key IdentifierThe Authority Key Identifier extension of the certificate that signed an issued certificateBasic ConstraintOne of the basic constraints of the certificateEnhanced Key UsageDescribes one of the enhanced key usages of the certificateIssuerThe name of the certificate authority that issued the X.509 certificateIssuerNameThe name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific.ThumbprintThumbprint of the certificateX.509 VersionThe X.509 format version of a certificateInside Corporate NetworkUsed to indicate if a request originated inside corporate serviceAuthentication Methods ReferencesUsed to indicate all authentication methods used to authenticate the userClient Request IDIdentifier for a user sessionAlternate Login IDAlternate login ID of the user
Business Applications communities