web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Season of Giving Solutions is Here!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / BC16 service uses Tena...
Small and medium business | Business Central, N...
Answered

BC16 service uses TenantEncryptionCert for some reason

(0) ShareShare
ReportReport
Posted on by Erol 192

OnPrem BC16 CU5 running in Azure VM.

Service instance using AccessControlService and Azure AD app for authenticating users for some reason uses TenantEncryptionCert "Windows Azure CRP Certificate Generator" certificate, although the correct thumbprint of Customer specific RSA certificate is specified on service.

Resulting in users not being able to log in, because  RSA cert expected (error: Configuration setting 'DnsIdentity' has an invalid value)

When I delete TenantEncryptionCert and restart the BC server instance, then it uses the correct (RSA) certificate.

However, since TenantEncryptionCert gets recreated every time Azure VM starts ... it's not a solution.

Any ideas why it's using wrong certificate?

How to fix current situation?

Marco Mels maybe You have some ideas? 

I have the same question (0)
  • Verified answer
    THE Italian Profile Picture
    THE Italian on at

    This issue has been resolved in this commmunity post

    community.dynamics.com/.../service-tier-might-load-a-different-certificate-since-16-4-and-log-an-error-like-configuration-setting-dnsidentity-has-an-invalid-value

  • THE Italian Profile Picture
    THE Italian on at

    Thanks for this post. Marco and me are now working on reproducing the issue and report to development team this behavior.

    If this will be noted as regression, we will update this thread with more information later on.

    Thank you.

  • Erol Profile Picture
    Erol 192 on at

    Thanks.

    Good to know that it's not customer related issue and probably just a platform bug.

    Hopefully Microsoft replies with information when this shall be fixed.

  • Verified answer
    Stefan T Profile Picture
    Stefan T 50 on at

    powershell script: 

    Get-ChildItem -Path "Cert:\LocalMachine\My" | Where-Object { $_.Subject -match 'Windows Azure CRP Certificate Generator' } | Remove-Item
  • Verified answer
    Stefan T Profile Picture
    Stefan T 50 on at

    Got the same problem - my solution was to run a powershell script on startup and delete that cert.  Not ideal though.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Season of Giving Solutions is Here!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the December Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 1,630

#2
Khushbu Rajvi. Profile Picture

Khushbu Rajvi. 926 Super User 2025 Season 2

#3
Dhiren Nagar Profile Picture

Dhiren Nagar 682

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans