web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / BC16 service uses Tena...
Small and medium business | Business Central, N...
Answered

BC16 service uses TenantEncryptionCert for some reason

(0) ShareShare
ReportReport
Posted on by Erol 192

OnPrem BC16 CU5 running in Azure VM.

Service instance using AccessControlService and Azure AD app for authenticating users for some reason uses TenantEncryptionCert "Windows Azure CRP Certificate Generator" certificate, although the correct thumbprint of Customer specific RSA certificate is specified on service.

Resulting in users not being able to log in, because  RSA cert expected (error: Configuration setting 'DnsIdentity' has an invalid value)

When I delete TenantEncryptionCert and restart the BC server instance, then it uses the correct (RSA) certificate.

However, since TenantEncryptionCert gets recreated every time Azure VM starts ... it's not a solution.

Any ideas why it's using wrong certificate?

How to fix current situation?

Marco Mels maybe You have some ideas? 

I have the same question (0)
  • Verified answer
    Stefan T Profile Picture
    Stefan T 50 on at

    Got the same problem - my solution was to run a powershell script on startup and delete that cert.  Not ideal though.

  • Verified answer
    Stefan T Profile Picture
    Stefan T 50 on at

    powershell script: 

    Get-ChildItem -Path "Cert:\LocalMachine\My" | Where-Object { $_.Subject -match 'Windows Azure CRP Certificate Generator' } | Remove-Item
  • Erol Profile Picture
    Erol 192 on at

    Thanks.

    Good to know that it's not customer related issue and probably just a platform bug.

    Hopefully Microsoft replies with information when this shall be fixed.

  • THE Italian Profile Picture
    THE Italian Microsoft Employee on at

    Thanks for this post. Marco and me are now working on reproducing the issue and report to development team this behavior.

    If this will be noted as regression, we will update this thread with more information later on.

    Thank you.

  • Verified answer
    THE Italian Profile Picture
    THE Italian Microsoft Employee on at

    This issue has been resolved in this commmunity post

    community.dynamics.com/.../service-tier-might-load-a-different-certificate-since-16-4-and-log-an-error-like-configuration-setting-dnsidentity-has-an-invalid-value

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the January Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,091 Super User 2026 Season 1

#2
YUN ZHU Profile Picture

YUN ZHU 1,032 Super User 2026 Season 1

#3
Dhiren Nagar Profile Picture

Dhiren Nagar 946 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans