Finance | Project Operations, Human Resources, ...

MS Dynamics GP Workflow Approval Issue

(0) Share

Report

Posted on by DawarHassan

Hello Community members,
I followed this link community.dynamics.com/.../web-services-steps-to-change-web-services-address-from-http-to-https-in-microsoft-dynamics-gp of to use https and implement workflow approvals over emails.
I am facing few issues now, i took all the steps you told in this link, used the same ports as you mentioned in the steps.
I can approve/reject on/off the domain on port 48620 and off-domain i can use 48622 for approval/rejection but not 48620, both things are being done using Http not Https.
When i use Https i can't approve/reject on/off domain on neither of the ports 48620,48622.
I used the files you added and did the steps(changes) that were mandatory, had few errors but got rid of them, now approval is being done but off-domain and that too using Http, it is strange.
When i try to use Https on either of ports, it gives me following error, On/Off domain error= "The connection for this site is not secure".

path port on-domain off-domain
HTTP 48620 NO-ERROR NO-ERROR
HTTP 48622 ERROR NO-ERROR
HTTPS 48620 ERROR ERROR
HTTPS 48622 ERROR ERROR

I'm able to browse native endpoints from both http/https and I'm able to get into dynamics security console and web services exception console without any errors, plus policies are visible. I'm using a third party cert and also applied the settings required in the workflow setup window. Please guide

Categories:

Microsoft Dynamics GP

All responses (10)

Answers (0)

Suggested answer

Derek Albaugh on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

There's really no way for us to tell you whether the SSL certificate is good or bad, in doing what it is supposed to do.

All I can say is, the steps in the blog to configure Web Services to HTTPS/SSL work, as we have many customers using it and I, myself, recently updated it to make it easier where the modified config files are present for download, you'd just need to change the HTTP and HTTPS URLs for your environment.

So, I'd recommend double-checking the URL reservation and the certificate binding which is the first couple steps in the blog, to make sure those are correct.

You can double-check the config files as well, though I'm thinking those are correct.

If everything in the blog has been done correctly but the HTTPS endpoint URL only works on the domain, not externally, which is the whole purpose of purchasing an external SSL certificate from, in your case GoDaddy, then yes, you may need to speak to them to make sure the certificate is setup to be publicly resolvable, so that when someone outside your domain enters the https://...........:48622/Dynamics/GPService URL, it renders, otherwise if it doesn't, external users will never be able to approve workflows through the email notifications and Web Services.

Thanks
DawarHassan 25 on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

Dear derek, I purchased SSL cert from godaddy .. so what do you suggest? Buying a new cert and doing ssl binding again?
DawarHassan 25 on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

Dear Joseph, i contacted my IT dept, they told me that both the ports are open to port forwarding.. :( still the issue is there..
Joseph Markovich 3,900 on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

I am sure you checked this, but just asking again to be complete with troubleshooting.

On your firewall/security appliance, are the ports opened and forwarded to the server running web services? Is 48622/48623 open and forwarding to the internal IP of the web services server?

If Windows Firewall is running on web services server, have you opened the same ports (48622 and 48623)?

Joe
Suggested answer

Derek Albaugh on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

I answered this in my previous response.......

If the HTTPS://.......:48622/Dynamics/GPService renders fine on the domain but not outside the domain, and the Security Console still works fine for Web Services, then it wouldn't appear to be an issue with the config files.

This leaves either the URL reservation and Certificate binding of the SSL certificate being used in the configuration of Web Services to HTTPS/SSL, or the certificate itself.

As mentioned, the certificate being used needs to have a publicly resolvable host name, otherwise it won't work externally/outside the domain.

For example, a self-signed certificate will work in the SSL configuration of Web Services, however, it is not publicly resolvable, thus it will not work outside the domain that Web Services is installed onto.

Again, this is discussed further in this blog:

community.dynamics.com/.../dns-overview-for-external-workflow-2-0-email-notification-approval

Thanks
DawarHassan 25 on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

Hey derek, one thing, the ____:48622/.../gpservice shows a error message when try to open outside domain, service page only shows when reaching through domain. Native endpoint url is only reachable on domain! Any clues about this?

Thanks
Suggested answer

Derek Albaugh on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

The https://......:48622/Dynamics/GPService endpoint URL should show the Service page above in the browser, so that looks correct.

If the https URLs for Web Services render fine and the Dynamics Security Console and Exceptions Consoles still work fine, then my thought would be, if these https URLs work on the domain but not off the domain, either there is an issue with the URL reservation or certificate binding.

I'd think that the URLs wouldn't work though, if the reservation and binding wasn't done correct, for the SSL certificate and port number, which then would lead to an issue with the SSL certificate itself, and for that there really isn't any way for us to troubleshoot it.

I believe you mentioned this is an external SSL certificate that you purchased, correct, not a CA or self-signed certificate? The reason I ask is, by default, the CA and self-signed certificate will not work externally, in other words, outside the domain.

This blog goes over some information along the DNS side, for external Workflow 2.0 email notification approval:

community.dynamics.com/.../dns-overview-for-external-workflow-2-0-email-notification-approval

The SSL certificate you are using with Web Services must have a publicly resolvable host name, which is what we enter in the Workflow Setup window, otherwise approving workflows through email links externally will not work.

Thanks
DawarHassan 25 on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

this is what i get when i try to reach ___:48622/.../gpservice.. workflow setup is as per ur instructions.. please guide why this doesn't work outside domain..what can be the possible reasons?
DawarHassan 25 on at

Like (0)

Report

RE: MS Dynamics GP Workflow Approval Issue

When i type ___:48622/.../......

I get redirected and shows no error.

But now, https://___48622 works on domain but doesn't work outside domain.. that's the issue I'm facing and yes, 48622 is placed in workflow approval window and the check is ticked..

Https link is working fine only on domain.. outside domain it gives error..
Suggested answer

Derek Albaugh on at

Like (1)

Report

RE: MS Dynamics GP Workflow Approval Issue

I'm not following when you mention "I can approve/reject on/off the domain on port 48620 and off-domain i can use 48622 for approval/rejection but not 48620"

Once you setup Web Services to use SSL and port 48622, in the Workflow Setup window, you would need to enter the host name for your SSL certificate being used for Web Services, as the server name, replace port 48620 with 48622 and then mark the option to use SSL, all of this under the 'Use Workflow Actions' section of the window, at the bottom half.

After saving changes, the workflow approval emails, for the Approve and Reject links, will begin using a URL of SSLCertificateHostName:48622/.../rest................

This is why I have users verify they can hit the https://.............:48622/Dynamics/GPService endpoint URL after configuring Web Services with SSL, as that is the native endpoint URL that the approval links in the workflow email are going to be using.

The SSL certificate should only be setup with port 48622, if you follow the blog, so using HTTPS and 48620 is not going to work, nor is HTTP and 48622 going to work.

The bigger question is what do you see when using HTTPS 48622, as that should be what we're testing, if you've followed the blog to configure Web Services with SSL and made the changes in the Workflow Setup window to reflect what you're using for the SSL certificate host name, port number and SSL option.

I'm not familiar with a 'connection for this site is not secure' message. I'd verify that you have the option of ‘This server requires a secure connection (SSL)’ marked in the Workflow Setup window for the Workflow Actions (i.e. Web Services), as well as the Firewall or any other applications are not blocking port 48622.

Thanks

MS Dynamics GP Workflow Approval Issue

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Leaderboard

Featured topics

Product updates

MS Dynamics GP Workflow Approval Issue

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Subscribe to

Leaderboard

Featured topics

Product updates