Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2021 Release Wave 2Discover the latest updates and new features releasing from October 2021 through March 2022.
2021 release wave 2 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
I have been fighting with the installation and configuring of the AX Companion Apps. I have completely removed everything (including ADFS and the Service Bus) and started over. Now, while running Fiddler4 and launching the Expense App on my Win8.1 machine, I am getting the "ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer."
I have found where this can occur if the self-signed token-signing cert that ADFS has created was not added to the Trusted Root Cert Authority. I have added my 3rd Party Issued SSL cert as PRIMARY on my ADFS server for Service Communications, Token-decrypting, and Token-signing (the self-signed is secondary) but I went on and added the self-signed cert to my ADFS server and the AOS server that is running the Mobile Connector. It also mentioned that cutting and pasting the thumbprint in the connector can cause this. I have hand typed this.
I have confirmed that it is attempting to communicate with the Connector -- I can shut the connector off and I get a "Service is Unavailable" on the computer running the Expense app (and Fiddler).
When I change the password of the user trying to log into the app, it tells me that the password is incorrect.
When I put the correct login info into the app, the app attempts to launch then I get the "Oops! looks like something went wrong. An error occurred while retrieving the expense configuration. Please try again" error. This is the point where the Fiddler shows me the ID4175 error. I then have to uninstall the app in order to change the user.
All my servers are running Windows Server 2012.
My ADFS server (internal name -- adfs.domain.local) is exposed to the internet (and I have configured our DNS for the external adfs.domain.com entry to point to the IP on this box) and has the 3rd Party SSL cert as primary for all ADFS certificates (the cert is registered to adfs.domain.com).
My AX 2012 R3 AOS server hosts the mobile app connector as well and is NOT exposed to the internet but is on the same .local domain and network.
Any help would be GREATLY appreciated!!!! Been through this 4 or 5 times from scratch!!
I have encountered this error before when I installed it on a test environment at a customer. I had some sessions with Microsoft and they insists the thumbprint was incorrect or for sure it was related to the certificate.
A wildcard certificate was previously used and seems to be the problem (e.g. *.your-domain.com)
Please check if the 3rd party certificate is a machine specific certificate issued to e.g. adfs.your-domain.com.
FYI: I managed to get the app working with a self-signed certificate by the customer for Win8. The android device was not working with this self-signed certificate. So we moved to the 3rd party machine specific certificate.
Thanks Andre'.. I actually got it working. My MS contact asked me to check the ACS certificate on my ADFS server and see if it was there. I am not exactly sure what fixed it but here is what I did (don't really want to break it to figure out the issue). When I went into the management console / Trust Relationships / Relying Party Trusts then went into the properties for the service bus, clicked on Signature, then imported the cert into the trusted root on the ADFS server and the server running the connector. I then stopped the connector, re-typed the thumbprint for my SSL Token Signing cert into it and restarted. Works great now. Thank you for your response.
Great! Glad you made it ;) Unfortunately the setup is complex and can really cause errors on many steps of the process if something is missing.
The ID4175 and "Ooops something went wrong..." can be related to almost anything.... They are too generic in my opinion.
Can you verify your own answer? Then the thread will be marked as answered and other people will be directed to the verified answer(s) initially.
Actually the reason you faced the error was you copy pasted.. and 2nd time you typed the thumb print. When you were copy pasting it might due to conversion from ASCII / Unicode added special characters.
BTW are you using actual issued license or test?
I just wanted to quickly mention that I was able to confirm Mohammed. I copy and pasted the thumb print and received that error. Once I typed in the thumb print, the error was gone. Thanks!
I can confirm the same as Mohammed and bRradlyJames.
I believe that if you look closely at the thumb print details when viewing the certificate, you'll see that there is a space at the very front.
That could part of the issue or as mentioned that the copy & paste action does something to the characters.
While writing this comment I actually tried to copy & paste the value into Notepad++. I tried with a document with ANSI and one with UTF-8. There is a '?' in the front when pasting into ANSI, while there isn't a visible character while pasting into UTF-8.
The number of characters is of when count what is visible on the screen and looking what Notepad++ reports.
So there is truly something added while copying from the certificate and pasting it in.
I'm able to delete something in the very front of my text in Notepad++, before I delete the very first character. So a solution could be to copy & paste and then delete until you hit the first character in your text. After that you should be able to replace the whitespaces. Now you should be able to copy & paste the value into your configuration.
I'll confirm the last bit later, because I've a new setup at a costumer after Christmas and will force myself to do it.
Business Applications communities