web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / ID2002: The AppliesTo ...
Finance | Project Operations, Human Resources, ...
Answered

ID2002: The AppliesTo address of the relying party was not a valid absolute URI

(5) ShareShare
ReportReport
Posted on by DH-25022132-0 36
 
I have an issue with generating SSRS reports on one box development machines.
MS says I need to add a certificate to resolve but I have already done this or I wouldn't be able to add users via entra id without getting auth/thumbprint errors
Does anyone know how to solve this issue and or what else I should be looking for? My cert is valid, I do not see the applies to property in manifest under the App registration
 
Steps taken to resolve:
Categories:
Dynamics 365 Finance
I have the same question (0)
  • Holly Huffman Profile Picture
    Holly Huffman 6,554 Super User 2026 Season 1 on at
    Good morning, afternoon, or evening depending on your location!
    I see you posted this a while ago - hoping you've resolved but incase not here are some thoughts:
     
    The error ID2002 concerning the "AppliesTo address of the relying party not being a valid absolute URI" often arises when the relying party configuration in your application or report environment isn't properly set up to point to an absolute URI. Since you've confirmed that your certificate is valid and properly added, here's how you can investigate and potentially resolve the issue:
     
    Steps to Resolve:
    1. Check the Configuration of the AppliesTo Address:
      • In your development environment, review the relying party settings, especially the AppliesTo property. Ensure that the AppliesTo address is an absolute URI (e.g., https://example.com/your-service), and not a relative or invalid format.
    2. Modify the SecurityTokenService.GetScope() Method:
      • The error message explicitly mentions overriding the SecurityTokenService.GetScope() method and populating Scope.AppliesToAddress with the appropriate absolute URI. If you have access to the application's code, locate this method and ensure it sets a valid absolute URI for the AppliesTo address. Example:
        protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken request)
        {
            Scope scope = new Scope();
            scope.AppliesToAddress = "        https://example.com/your-service"; // Ensure absolute URI
            return scope;
        }
    3. Manifest and App Registration:
      • In your App registration within Azure Entra ID, while the AppliesTo property may not be visible directly, ensure that the Reply URL or Redirect URI for your application is properly configured. It should align with the expected URI format used in the relying party settings.
    4. Check SSL Configuration:
      • Verify that the SSL certificate binding on your development machine is correctly configured and points to the proper domain or service. Any mismatch between the domain and the certificate could trigger similar errors.
    5. Log and Debug:
      • Enable detailed logging in your application or reporting environment. Review the logs for specific information about the AppliesTo address being passed during requests.
    6. SSRS Report Configuration:
      • If the issue persists specifically with SSRS reports, ensure that the report server URL and binding settings are valid and correctly reference absolute URIs.
    Additional Considerations:
    • If you're using custom bindings for the relying party in your application, ensure these settings don't overwrite or misconfigure the AppliesTo address.
    • Verify all dependencies and references in your environment align with the expected configuration.
     
    Hope this helps some!
  • DH-25022132-0 Profile Picture
    DH-25022132-0 36 on at
    that would be the AI response to the question asked and no it did not resolve the issue
    We have had an open ticket with MS for over three months now, they apparently dont know either
  • Jonas "Jones" Melgaard Profile Picture
    Jonas "Jones&q... 5,010 Most Valuable Professional on at
    First time I have seen this specific error, but I have seen plenty of strange certificate issues with old OneBox environments, and it can be a nightmare to fix. And I agree with you, I don't believe it's an Entra-Id issue, it's something between the IIS/AOS and SSRS.
     
    I assume Microsoft asked you to redeploy the machine? If not then it would be my first action; It's rarely worth the effort to try to fix them.
     
    Also, without diving deeper into the first answer to the thread, it could be targeted BC or GP. This is not something that makes sense for F&O.
  • DH-25022132-0 Profile Picture
    DH-25022132-0 36 on at
    Hi Jonas,
     
    Yes, that was the MS suggestion. we have redeployed the machines several times, once with MS support on call
    SSRS works until we add the cert to fix the thumbprint issue. The SSRS problem started after the 10.41 update
     
    when you state "old OneBox environments" are you doing on premise or have you already converted everything to PPAC that's in public preview?
    If there is another direction that I should go that's easier I am all for it at this point.
  • Verified answer
    Jonas "Jones" Melgaard Profile Picture
    Jonas "Jones&q... 5,010 Most Valuable Professional on at
    That is interesting indeed.... 
     
    I meant really old tier-1 development machines (I.e. more than a year), not on-premises. 
     
    We are using Unified Development (PPAC) environments. I'm working at a financial institution that's heavily invested in Power Platform, so from a governance and cost perspective it makes sense for us since we can reuse our governance model.
     
    I'd say it's worth a try to use PPAC development environment. We haven't had any issues so far other than it consumes Dataverse database storage.
    Let me know if it works.
  • Suggested answer
    YashPatel Profile Picture
    YashPatel 13 on at
    hi,
     
    Yes, I encountered the same issue in my development environment. After extensive analysis, I was able to resolve it.
    The issue originates from Microsoft when a new development environment is created. During this process, the web.config file is generated with the environment ID and certification details. The resolution lies in modifying this configuration file.
     
    📂 Path: K:\AosService\WebRoot
     
    🔧 Steps to Resolve:
    Open the web.config file.
    Locate the following line:

    Old : 
        <add key="Aad.Realm" value="00000015-0000-0000-c000-000000000000" />
    New:   
        <add key="Aad.Realm" value="spn:00000015-0000-0000-c000-000000000000" />
     
    Save the file and restart the IIS service.
     
    ✅ In most cases, this change resolves the issue. Be sure to include the spn: prefix in the XML configuration as shown.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the February Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Giorgio Bonacorsi Profile Picture

Giorgio Bonacorsi 659

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 465 Super User 2026 Season 1

#3
Syed Haris Shah Profile Picture

Syed Haris Shah 304 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP
License usage reporting (in-app and PPAC) with Entra dynamic groups

Product updates

Dynamics 365 release plans