Skip to main content

Notifications

Announcements

No record found.

Supply chain | Supply Chain Management, Commerce
Suggested answer

Can't activate MPOS Self-service Package built with custom certificate

(0) ShareShare
ReportReport
Posted on by 2

With version 10.0.12 (10.0.507.20001).   I create a custom certificate file followed by instruction in Customization.settings.

<!--
The name of the cert must match the name of the publisher of the package which is the same as the CustomPublisher above.
blogs.msdn.com/.../create-a-windows-store-appx-package-and-sign-it.aspx
msdn.microsoft.com/.../jj835832(v=vs.85).aspx

The sample cert was generated like this:
MakeCert /n "CN=Contoso Ltd." /r /h 0 /eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" /e ""12/31/2037"" /sv appxsignkey.pvk appxsignkey.cer
empty password as just for testing (Optional parameters for password protected cert [/pi "Password" /po "password"])
Pvk2Pfx.exe /pvk appxsignkey.pvk /spc appxsignkey.cer /pfx appxsignkey.pfx /pi ""

To use signing cert from certificate store, add thumbprint of the certificate below to ModernPOSPackageCertificateThumbprint property and
comment out ModernPOSPackageCertificateKeyFile property.
If certificate being used is password protected, then this method must be used.

Use the following command get the Thumpprint of the certificate
powershell Get-ChildItem -Path Cert:\CurrentUser\My

ModernPOSPackageCertificateThumbprint cannot be used in VSTS builds, because the certificate can't be installed on the VSTS hosted machines.
Instead the certificate must be restored to the file system using a secret manager, such as Azure KeyVault, and the argument ModernPOSPackageCertificateKeyFile should specify the path to the certificate.
When consuming the signing certificate via ModernPOSPackageCertificateKeyFile, leave the ModernPOSPackageCertificateThumbprint variable empty.
-->

Then, add its trumbprint into: - 

<ModernPOSPackageCertificateKeyFile Condition="'$(ModernPOSPackageCertificateKeyFile)' == ''"></ModernPOSPackageCertificateKeyFile>
<ModernPOSPackageCertificateThumbprint Condition="'$(ModernPOSPackageCertificateThumbprint)' == ''">0567C6AFA10B7CE67E509D629C4402D188AB034F</ModernPOSPackageCertificateThumbprint>

<SelfServicePackageCertificateKeyFile Condition="'$(SelfServicePackageCertificateKeyFile)' == ''"></SelfServicePackageCertificateKeyFile>
<SelfServicePackageCertificateThumbprint Condition="'$(SelfServicePackageCertificateThumbprint)' == ''">0567C6AFA10B7CE67E509D629C4402D188AB034F</SelfServicePackageCertificateThumbprint>

I import the new cert file to 

  • Local system -> Personal
  • Current user -> Personal

After I built package, the signing cert show in Digital Signatures tab.  

MPOS-Digital-Signatures.JPG

But once I install it and try to activate MPOS, I got errors.   Below logs are respectively from Event Viewer > Application and Services Logs > Microsoft > Dynamics > Commerce-ModernPos > Operation 

  • Ping health check url: https://xxxxx.sandbox.operations.dynamics.com/healthcheck?testname=ping&ResultFormat=json
  • DeviceAuthenticationProvider.acquireToken did not find a device token in the application stroage.
  • The environment configuration was successfully loaded from the server and set on the app. Config: '{"EnvironmentId":"82f8bad9-1052-4944-847c-662eda393799","EnvironmentName":"82f8bad9-1052-4944-847c-662eda393799","TenantId":"xxxxxxx","ClientAppInsightsInstrumentationKey":"2d016f91-bbf2-48c8-8450-f78485f18ac7","HardwareStationAppInsightsInstrumentationKey":"0f787160-4711-4b32-8f97-579538b1189f","WindowsPhonePosAppInsightsInstrumentationKey":"309f41bf-f6b1-4ed8-9dfc-b29883f5d6d4","BaseVersion":"9.22.20226.10","ScaleUnit":{"Id":"scu0ylfnt5a22241310","Name":"southeast-asia-1","Region":"southeast asia"},"AADAuthority":"https://sts.windows.net/"}'.
  • Setting up AAD AccountSettingsPane for the authority 'https://login.windows.net/'. Correlation Id = '4a63b4b0-6bd0-b62f-5f23-ba879b479e03'.
  • AAD token was acquired for the authority 'https://login.windows.net/'. Correlation Id = '4a63b4b0-6bd0-b62f-5f23-ba879b479e03'.
  • Call to the AAD at https://login.windows.net/ failed with error: 3399614473 - AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'd6b5a0bd-bf3f-4a8c-b370-619fb3d0e1cc'.
    Trace ID: f05def0d-4b38-45b7-ac5c-2b077f9a5900
    Correlation ID: 998a3251-6763-48a3-ab1b-5c1dd4a275ab
    Timestamp: 2020-09-18 02:15:05Z. Possible reason: the user cancelled authentication process.
  • Retrieving user authentication token for resource identifier 'https://commerce.dynamics.com' failed with error: Sorry, something went wrong while authenticating you. Try again. If you still can't access the POS, contact your system admin..
  • The device activation operation failed.

Seems like AAD can't accept the EXE with custom cert.   With same Identify Providers in HQ, I can activate CPOS but can't activate MPOS.   

Is there anyone experience this problem?    Please kindly advise the solution.  

  • Suggested answer
    ToddB Profile Picture
    ToddB on at
    RE: Can't activate MPOS Self-service Package built with custom certificate

    Hi AeyPKA,

    It appears you are using a custom MPOS.

    As this is the case, you would want to follow this article: docs.microsoft.com/.../retail-pos-activation-changes

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees!

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December!

Congratulations to our December super stars! 🥳

Get Started Blogging in the Community

Hosted or syndicated blogging is available! ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,602 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,340 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans