Notifications
Announcements
No record found.
I have recently configured a production infrastructure for DynamicsF&O on-premise. All has gone really smoothly and the service fabric is with no node errors. The only issue is when I try to connect LCS for the tenant, it does not work. I will like to be clear on one thing: the required tenant Id; Am I to register an app under azure AD and add the onpremlocalagent certificate and use this tenant id to connect or is this tenant id referring to the tenant id of the azure account. I need it to run .\add-certificatetoprincipal ... tenantid 'TenandId'. Just to summarize again; I have registered an app in azure AD and I can see the a tenant Id and a provision to upload a certificate, is this the right way tenant id? Thank you.
Hello noetico,
It would be more helpful if you share the error gotten while connecting to LCS.
You not need to create/register an app in Azure AD. What you need the tenant ID which you already have since there is an O365 account.
Share the error so you could get help maybe.
Thanks, so I used the correct tenant id, though I suspect a connectivity issue as a secondary issue but here's the error below, I believe it points to the fact that the add-certificatetoprincipal has not worked. What I would like to know is a possible way of doing this; ie adding the cert through azure AD. I will also try what's on this link: docs.microsoft.com/.../troubleshoot-on-prem
ERROR:
Unable to get queue information from LCS
Detail Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Thumbprint of key used by client: 'AA9907930EA8910A5BDC20F5067D85C6C7C6E6BA', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id '00000015-0000-0000-c000-000000000000'. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as 'https://graph.microsoft.com/beta/applications/00000015-0000-0000-c000-000000000000']. Trace ID: dd6953eb-f5ef-4179-b046-1b808bff1b00 Correlation ID: 85a4503a-2a4c-408f-b625-ca667a83753e Timestamp: 2022-09-09 17:53:16Z ---> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: Response status code does not indicate success: 401 (Unauthorized). at Microsoft.Identity.Core.OAuth2.OAuthClient.<GetResponseAsync>d__18`1.MoveNext() --- End of inner exception stack trace --- at Microsoft.Identity.Core.OAuth2.OAuthClient.<GetResponseAsync>d__18`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Core.OAuth2.OAuthClient.<GetResponseAsync>d__17`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendHttpMessageAsync>d__75.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendTokenRequestAsync>d__72.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<CheckAndAcquireTokenUsingBrokerAsync>d__62.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__60.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenForClientCommonAsync>d__37.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__61.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Dynamics.AX.LifecycleManager.Proxy.BaseApplicationOAuthDelegatingHandler.<GetAuthResult>d__3.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Dynamics.AX.LifecycleManager.Proxy.BaseOAuthDelegatingHandler.<GetToken>d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Dynamics.AX.LifecycleManager.Proxy.BaseOAuthDelegatingHandler.<SendAsync>d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Lcs.DeploymentAgent.Proxy.DeploymentAgentClient.<GetConnectorInfo>d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Dynamics.LocalAgent.BridgeService.LcsChannelProvider.<FetchChannelQueue>d__3.MoveNext() ErrorCode: invalid_client StatusCode: 401
ErrorCode 0
MemberName ErrorPrettify
SourceFile D:\a\_work\1\s\Source\LocalAgentEvents\LocalAgentEventSource.cs
SourceLineNumber 79
Hello,
Please confirm that you are using the right thumbprint for the local agent.
Hello Komi, yes I’m using the onpremlocalagent, looking at the error carefully I realized it’s a matter of the certificate not being sent to the principal due to permission issues with the account. I requested to review the MS account provided and I see in azure it’s not a global admin so I’ve asked them to update that and we’ll run the scripts again. Thanks
Hi Noetico,
Yes, the documentation clearly states that you must have the Global Administrator directory role on Azure. In my mind, you have met that requirement before running the script. Will wait for your update.
Did you resolve your problem? i faced the same issue, in our case we already global admin while adding certificate to principal, but when deploying the local agent, the error raise same with you.
Thanks
Best Regards
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
As AI tools become more common, we’re introducing a Responsible AI Use…
We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Martin Dráb 664 Most Valuable Professional
André Arnaud de Cal... 522 Super User 2025 Season 2
Sohaib Cheema 303 User Group Leader
