web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Supply chain | Supply Chain Management, Commerce / DA1017 - The audience ...
Supply chain | Supply Chain Management, Commerce
Answered

DA1017 - The audience validation failed.

(4) ShareShare
ReportReport
Posted on by PaulNoakes 44
I am configuring Commerce on a standalone 10.0.41 and I can activate the Store Commerce POS, but not the web version.
 
My Identity provider, relying parties and server resources are configured as recommended byRN-24071723-0 answer to this post Solved: DA1017 - The audience validation failed.
 
I can confirm this by looking at the values in the ax.RETAILIDENTITYPROVIDER, ax.RETAILRELYINGPARTY and ax.RETAILSERVERRESOURCE in the RetailChannelDatabase database.
 
I see the following in Event Viewer
 
Provided audience 'api://<My client Id>' found within the token does not match any of the acceptable audiences 'https://commerce.dynamics.com' configured for the the issuer 'https://sts.windows.net/<My tenant Id>/'. This can be configured in the headquarter under Retail Shared Parameters->Identity Providers following by the job 1110 execution. Once the job completes it will take 5 minutes for Retail Server to detect the change.
 
The acceptable audience ttps://commerce.dynamics.com referred to in the error log is coming from the Microsoft.Dynamics.Retail.RetailServer.AspNetCore.dll.config (under C:\Program Files\Microsoft Dynamics 365\10.0\Commerce Scale Unit\Microsoft\RetailServer\bin\) on my VHD.
 
    <add key="AADRetailServicePrincipalName" value="https://commerce.dynamics.com" />
 
I can confirm this by renaming it and seeing the change in the Event Viewer message. 
 
It doesn't seem to be validating it against any of the retail server resources I have configured in Retail Shared Parameters (i.e. those in the RetailChannelDatabase database)
 
I also had to manually add my relyingParty to the config as below to get this far: 
 
    <identityProviders>
      <identityProvider name="Commerce Identity Provider" providerType="OpenIdConnect" issuer="(DefaultCommerceIssuer)">
          <relyingParties>
              <relyingParty clientId="Cloud POS" clientType="Public" userType="Worker" />
              <relyingParty clientId="Modern POS" clientType="Public" userType="Worker" />
          </relyingParties>
      </identityProvider>
        <identityProvider name="Azure AD" providerType="AzureActiveDirectory" issuer="(DefaultAadIssuer)">
            <relyingParties>
                <relyingParty clientId="d5527362-3bc8-4e63-b5b3-606dc14747e9" clientType="Public" userType="Worker" />
                <relyingParty clientId="d6b5a0bd-bf3f-4a8c-b370-619fb3d0e1cc" clientType="Public" userType="Worker" />
                <relyingParty clientId="<My client Id>" clientType="Public" userType="Worker" />
            </relyingParties>
        </identityProvider>
    </identityProviders>
 
Am I supposed to manually update this configuration file, or is the distribution scheduler supposed to do this?
 
I think I have gone wrong somewhere! 
 
Perhaps it just doesn't work as I don't have a licence attached to the tenancy I am using with my VHD.
Categories:
Dynamics 365 Commerce
I have the same question (0)
  • Holly Huffman Profile Picture
    Holly Huffman 6,522 Super User 2025 Season 2 on at
    DA1017 - The audience validation failed.
    Good morning, afternoon, or evening :) depending on your location!
    Hope you are well today.
     
    The error DA1017 - The audience validation failed typically occurs due to mismatched audience values between the token provided by the identity provider and the acceptable audience configured in the system. Here are the key points and steps to address the issue:

    Possible Causes:
    1. Mismatch in Audience Configuration:
      • The audience value in the token (api://<My client Id>) does not match the acceptable audience (https://commerce.dynamics.com) configured in the Microsoft.Dynamics.Retail.RetailServer.AspNetCore.dll.config file.
      • This mismatch prevents the web version of Store Commerce from validating the token.
    2. Retail Shared Parameters Not Syncing:
      • The acceptable audience configured in Retail Shared Parameters under Identity Providers might not be properly synced to the Retail Server.
      • The Job 1110 execution is responsible for syncing these parameters, but it may not have run successfully or fully propagated changes.
    3. Manual Configuration in the Config File:
      • While manually updating the Microsoft.Dynamics.Retail.RetailServer.AspNetCore.dll.config file can resolve the issue temporarily, it is not the recommended approach. The distribution scheduler should ideally handle these updates.
    4. Licensing Issue:
      • If the tenancy associated with your VHD does not have a valid license, certain features (like the web version of Store Commerce) may not function correctly.
     
    Steps to Resolve:
    1. Verify Retail Shared Parameters:
      • In Commerce Headquarters, navigate to Retail Shared Parameters > Identity Providers.
      • Ensure the audience value matches the one expected by the Retail Server (https://commerce.dynamics.com or the correct value for your setup).
      • Run Job 1110 to sync the changes to the Retail Server.
    2. Check Retail Server Configuration:
      • Confirm that the Microsoft.Dynamics.Retail.RetailServer.AspNetCore.dll.config file contains the correct audience value (AADRetailServicePrincipalName).
      • Avoid manual edits unless absolutely necessary, as these changes can be overwritten during updates.
    3. Validate Identity Provider and Relying Party Settings:
      • Ensure the identity provider and relying party configurations in Retail Shared Parameters match the values in the RetailChannelDatabase database.
      • Verify that the client ID (<My client Id>) is correctly registered in Azure AD and matches the relying party configuration.
    4. Test Job Execution:
      • After running Job 1110, wait for at least 5 minutes for the Retail Server to detect the changes.
      • Check the Event Viewer logs to confirm the audience validation error is resolved.
    5. Confirm Licensing:
      • Verify that your tenancy has the required license for Dynamics 365 Commerce. Without a valid license, certain features may not work as expected.
     
    Additional Notes:
    • If the issue persists, consider testing the configuration in a licensed environment to rule out licensing-related limitations.
    • For detailed troubleshooting, refer to Microsoft's documentation on configuring identity providers and resolving audience validation errors.
     
    Hope this helps!
  • PaulNoakes Profile Picture
    PaulNoakes 44 on at
    DA1017 - The audience validation failed.
    @Holly Huffman please could you remove your AI generated response as it doesn't add anything and just wastes precious time.
  • Verified answer
    PaulNoakes Profile Picture
    PaulNoakes 44 on at
    DA1017 - The audience validation failed.
    I gave up - the process works find on v10.0.43, so it must have related to this build.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Supply chain | Supply Chain Management, Commerce

#1
CA Neeraj Kumar Profile Picture

CA Neeraj Kumar 871

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 282 Super User 2025 Season 2

#3
Sagar Suman Profile Picture

Sagar Suman 237 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans