GP Web Client Security Error & Untrusted Certificate

(0) Share

Report

Posted on by Mitch.M

532

When I try to login to the web client that is setup I get an unexpected error. In the Event Viewer I see some errors. The first is:

An unauthorized attempt to call the GetSessionServiceSecurityGroups operation on Session Central was made by somedomain/gpadmin.

Then this:

Session Central Service was not able to successfully communicate with the Session Service at http://someSessionServer:48651/SessionService.  The exception details are: 
System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: The user is not authorized to call this service operation. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.InvalidOperationException: The user is not authorized to call this service operation.
   at Microsoft.Dynamics.GP.Web.Services.Session.Service.SessionCentralService.ValidateCallerIsMemberOf(String principalCollectionKey)
   at Microsoft.Dynamics.GP.Web.Services.Session.Service.SessionCentralService.GetSessionServiceSecurityGroups()
   at SyncInvokeGetSessionServiceSecurityGroups(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)).

Then the two errors are repeated. Next there is an error saying no session hosts can create a new session. Finally the error with the correlation ID pops up.

The somedomain\gpadmin account is a local admin on both the web and session servers. Are there some domain rights this account needs to be able to query the security groups?

I am also getting an untrusted certificate error when I load the site with a wildcard certificate. Here is the computer info from the System settings.

Here are the cert settings:

Don't worry, the domain is the same I'm just hiding it ;) Also, when I'm putting in the URL it is https://gpweb.p.somedomain.org/GP so it's not like that is any different.

Thanks for any help!

*This post is locked for comments

I have the same question (0)

All responses (4)

Answers (0)

Suggested answer

Tom Cruse 1,477 on at

Like (0)

Report

RE: GP Web Client Security Error & Untrusted Certificate

So it seems like you might have two separate issues, one the cert and two a security setting.

1. For the cert, what is the exact error you're receiving? It will usually tell you at the top if you hover over the cert error. We just recently switched to a wildcard cert and had an Address mismatch in cert name and the problem was not entering the hostname on the bindings for the site in IIS.

2. For the security issue, did you create a security group in AD for the GPWeb users and did you add somedomain\gpadmin to this group?

Tom

Was this reply helpful? Yes No
Mitch.M 532 on at

Like (0)

Report

RE: GP Web Client Security Error & Untrusted Certificate

Tom, thanks for the reply.

It is an address mismatch error.

However I still get the same results even when I add the hostname in the bindings for the site:

For the security issue: it's a little strange. I have never seen this before but during the installation when asked for the user group I went to search for the group (GPWeb) and was unable to search for it. I could search for plenty of other groups, but not this one. If I try to type in a group that doesn't exist it told me the group didn't exist. But I was able to put in the somedomain/GPWeb as the user group and it accepted it.

I do not have access to the domain controller however I am told the user/admin groups are created (which makes sense since I could add them during installation) and I am also told our user is a member of both user/admin groups.

Thanks again for any thoughts. I appreciate it.

Was this reply helpful? Yes No
Suggested answer

Tom Cruse 1,477 on at

Like (0)

Report

RE: GP Web Client Security Error & Untrusted Certificate

Gotcha, I see in your hostname you have multiple levels of subdomains, I'm not an expert in Certs but I believe you have to set that in your certificate request. Did you request the cert or did someone else on your team request it. I would check with them on that. That is probably why you're still receiving the address mismatch.

As for the security issue, what screen are you receiving the error on? I've run through many of these exact issues and I believe I can replicate them.

Also is your session central service running on the server hosting the GP Web Client?

Was this reply helpful? Yes No
Mitch.M 532 on at

Like (0)

Report

RE: GP Web Client Security Error & Untrusted Certificate

That makes sense with the cert. Thanks for the heads up on that, I'll have to discuss that with them.

For the security issue: it's happening on the first login screen where you put in the AD username/password.

The Session Central service is on the web server, not the session host.

Was this reply helpful? Yes No