Supply chain | Supply Chain Management, Commerce

.24 VHD Commerce errors after setup

(2) Share

Report

Posted on by xorlogic

I downloaded the .24 VHD from LCS and followed the new instructions to set it up.

3542.Screenshot-from-2022_2D00_04_2D00_22-15_2D00_59_2D00_27.png

When I log into the AOS and navigate to Retail and Commerce > Headquarters setup > Commerce scheduler > Channel database I receive an error.

4341.Screenshot-from-2022_2D00_04_2D00_22-16_2D00_01_2D00_04.png

The required data encryption certificate was not found when trying to edit the Database connection profile table and the ConnectionString field. Please add a valid certificate.
 Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionException: Encryption error occured with exception: Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionException: Encryption error occured with exception: Microsoft.Dynamics.AX.Configuration.CertificateHandler.NoCertificateFoundException: No certificate found for id '7366E25DC94FA8A400FA0037FFF3BB300D9482D4'.
 at Microsoft.Dynamics.AX.Configuration.CertificateHandler.CertificateHandlerBase.GetCertificateFromLocalStore(X509FindType findType, String findValue)
 at Microsoft.Dynamics.AX.Configuration.CertificateHandler.CertificateHandlerBase.GetFirstCertificateForId(String id)
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.GetCryptoServiceProviderByThumbprintBuffer(String idList, String thumbprint) ---> Microsoft.Dynamics.AX.Configuration.CertificateHandler.NoCertificateFoundException: No certificate found for id '7366E25DC94FA8A400FA0037FFF3BB300D9482D4'.
 at Microsoft.Dynamics.AX.Configuration.CertificateHandler.CertificateHandlerBase.GetCertificateFromLocalStore(X509FindType findType, String findValue)
 at Microsoft.Dynamics.AX.Configuration.CertificateHandler.CertificateHandlerBase.GetFirstCertificateForId(String id)
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.GetCryptoServiceProviderByThumbprintBuffer(String idList, String thumbprint) --- End of inner exception stack trace ---
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.GetCryptoServiceProviderByThumbprintBuffer(String idList, String thumbprint)
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.DecryptData(Byte[] cipher, Boolean validateSignature, String& purpose, Int32 purposeLength, Int32& dataLength, Int32 encryptAlgorithmType, String& encryptCertThumbprint, String& signingCertThumbprint, EncryptionHeader encryptedHeader, EncryptionConfig decryptionConfig, Boolean useThumbprintFromPayload)
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.DecryptionInternalV2(Byte[] cipher, Boolean validateSignature, String purpose) ---> Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionException: Encryption error occured with exception: Microsoft.Dynamics.AX.Configuration.CertificateHandler.NoCertificateFoundException: No certificate found for id '7366E25DC94FA8A400FA0037FFF3BB300D9482D4'.
 at Microsoft.Dynamics.AX.Configuration.CertificateHandler.CertificateHandlerBase.GetCertificateFromLocalStore(X509FindType findType, String findValue)
 at Microsoft.Dynamics.AX.Configuration.CertificateHandler.CertificateHandlerBase.GetFirstCertificateForId(String id)
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.GetCryptoServiceProviderByThumbprintBuffer(String idList, String thumbprint) ---> Microsoft.Dynamics.AX.Configuration.CertificateHandler.NoCertificateFoundException: No certificate found for id '7366E25DC94FA8A400FA0037FFF3BB300D9482D4'.
 at Microsoft.Dynamics.AX.Configuration.CertificateHandler.CertificateHandlerBase.GetCertificateFromLocalStore(X509FindType findType, String findValue)
 at Microsoft.Dynamics.AX.Configuration.CertificateHandler.CertificateHandlerBase.GetFirstCertificateForId(String id)
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.GetCryptoServiceProviderByThumbprintBuffer(String idList, String thumbprint) --- End of inner exception stack trace ---
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.GetCryptoServiceProviderByThumbprintBuffer(String idList, String thumbprint)
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.DecryptData(Byte[] cipher, Boolean validateSignature, String& purpose, Int32 purposeLength, Int32& dataLength, Int32 encryptAlgorithmType, String& encryptCertThumbprint, String& signingCertThumbprint, EncryptionHeader encryptedHeader, EncryptionConfig decryptionConfig, Boolean useThumbprintFromPayload)
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.DecryptionInternalV2(Byte[] cipher, Boolean validateSignature, String purpose) --- End of inner exception stack trace ---
 at Microsoft.Dynamics.Ax.Xpp.Security.CryptoEncryptionEngine.DecryptionInternalV2(Byte[] cipher, Boolean validateSignature, String purpose)
 at Microsoft.Dynamics.Ax.Xpp.Security.EncryptionEngine.Decrypt(Byte[] cipher, String purpose)
 at Dynamics.AX.Application.Global.`editEncryptedStringField(Common _common, String value, Int32 _fieldId, Boolean _set) in xppSource://Source/ApplicationPlatform\AxClass_Global.xpp:line 10096

The cert thumbprint, 7366E25DC94FA8A400FA0037FFF3BB300D9482D4, is for the DataEncryptionCertificate on the .17 VHD.

Similarly, but less important considering the new CommerceSDK, the default Retail Server's realtime service is throwing an error.

6431.Screenshot-from-2022_2D00_04_2D00_22-16_2D00_07_2D00_09.png

With corresponding event viewer error.

Real-time Service client library call failed. CorrelationId: '{f624a453-1c11-483b-a10e-a6563e0c81a0}'. ApiName: 'IsAlive'. MethodName: 'IsAlive'. Language: ''. Company: ''. ParameterCount: '0'. Ex: 'System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: At least one security token in the message could not be validated.
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Though, presumably, this is related to the first error.

After running Generate Self-Signed Certificates, I ran findstr in C:\AOService for the 7366E25DC94FA8A400FA0037FFF3BB300D9482D4 thumbprint and only the following files were returned.
PackagesLocalDirectory\bin\Microsoft.Dynamics.AX.Deployment.Setup.exe.config
PackagesLocalDirectory\Plugins\AxReportVmRoleStartupTask\ConfigureOneboxReportingCluster.ps1

Changing those files didn't make a difference though, not that I would expect them to.

I have the same question (0)

All responses (13)

Answers (0)

Suggested answer

WillWU 22,361 on at

Like (0)

Report

Hi partner,

Please check if there is any expired certificate in IIS.

And please have a look at the old thread:

community.dynamics.com/.../the-required-data-encryption-certificate-was-not-found-when-trying-to-edit-the-database

community.dynamics.com/.../the-required-data-encryption-certificate-was-not-found-when-trying-to-edit-the-source-data-formats-table-and-the-entitystoreconnectionstring-field

Was this reply helpful? Yes No
xorlogic 2 on at

Like (0)

Report
WillWU

Thanks for your reply!

The links you provided do reference the error I am experiencing, or at least similar, but to the best of my knowledge do not describe any actions that can be performed against the downloadable VHD. But maybe I am missing something.

What additional steps, if any, are missing from the new setup guide? What configuration or setting is still referencing the .17 VHD's DataEncryptionCertificate? If a reference still exists, how can it be changed?

I tried changing the two files I mentioned at the end of my original post and then running a full model build and database sync, but the problem persists.

Please check if there is any expired certificate in IIS.

Again, this is the .24 VHD downloaded from LCS

No changes of any kind have been performed beyond performing setup

The only certs are those generated by the Generate Self-Signed Certificates script

Was this reply helpful? Yes No
Jassu 25 on at

Like (0)

Report

Any luck with the certificate issue.

Was this reply helpful? Yes No
xorlogic 2 on at

Like (0)

Report

Jassu Unfortunately, no. However, with the new'ish Commerce SDK I just ignored, or worked around, the errors and I haven't had any real problems making use of the .24 VHD.

Was this reply helpful? Yes No
Jassu 25 on at

Like (0)

Report

Thanks xorlogic , did you find a work around to run the scheduler jobs. It's not running for me and eventually not able to activate POS

Was this reply helpful? Yes No
xorlogic 2 on at

Like (0)

Report

I just created a new channel database to work around "Default" not working and updated the other parts to reference that new database instead.

Was this reply helpful? Yes No
xorlogic 2 on at

Like (0)

Report

Unfortunately, I hit another roadblock. If only someone who could help was listening to this thread.

I can't set up new hardware profiles (Retail and Commerce > Channel setup > POS setup > POS profiles > Hardware profiles). I can create a new profile, but can't copy to it from an existing profile. I tried manually copying the data from an existing profile to my new profile, but when I attempt to set up the EFT Service tab with a "Payment Connector" I receive an error that is the same, or very similar, to the original post in this thread. Basically it is trying to access the .17 VHD's data encryption certificate which does not exist on the .24 VHD.

Was this reply helpful? Yes No
xorlogic 2 on at

Like (0)

Report
The hardware profile error can be resolved by running the following SQL against the AxDB database. Then create new entries.

DELETE [dbo].[CREDITCARDACCOUNTSETUP] FROM [dbo].[CREDITCARDACCOUNTSETUP];

References: Here -> here. Here

Was this reply helpful? Yes No
MYGz 2,174 on at

Like (0)

Report
xorlogic Did you fix it?

For me the error on the channel database form went away after I ran this script:

"C:\RetailSDK\References\Dynamics.Servicing.RetailDeployment.72\1.0.30.90\ServiceModels\RetailServer\Scripts\RetargetRetailServer.ps1"

But when I ran Retail Real Time Service Health check, its throwing same error.

Error from Event viewer:

The health check test 'RealtimeServiceCheck' failed with the error 'Realtime Service Health Check Failed'. Exception: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: At least one security token in the message could not be validated. --- End of inner exception stack trace ---

Was this reply helpful? Yes No
xorlogic 2 on at

Like (0)

Report

MYGz

No, I never was able to fix the default installed Retail Server. I don't need it though as I am working with the Commerce SDK, so I was able to just turn it off.

Was this reply helpful? Yes No