Hello GP Community,

This article compiles the solutions to common problems relating to Web Client, I have broken down the errors based on type of error.

I have also included:

HTTP Errors

401.1 Access Denied on Web Management Console


401.2: Unauthorized:  Access Denied due to Invalid Credentials

  • when trying to log into Web Management Console
  • Make sure users are added to the Web Client Admin Group in Active Directory

HTTP Error 500.19

  • Double Check that all IIS Pre-Requisites are installed (See Pre-Requisites below)

HTTP Error 503. The service is unavailable.

This indicates an issue with the App Pools, the identity used by the App Pools does not have correct permissions or an issue with the URL Reservation.

Cause 1:             The App Pools for Web Client are not running.

Resolution 1:     Use the following steps to check.

  1. Make sure both the DynGPWebApp and DynGPWebMgmt application pools are started.
  2. Open IIS, then go to the application pools and check to make sure they are started.
    1. If they are not, right-click on the application pool, then click Start.


Cause 2:             The identity used by the application pools does not have sufficient rights.

Resolution 2:     The account that is used for the AppPool in IIS needs to have "Logon as a Batch Job” and “Log on Locally" rights or be a member of the Local Administrators Group.


Cause 3:             Extra URL Reservation added to IIS Server.

Resolution 3:     Use the following steps.

  1. Open CMD as Administrator
  2. Run: netsh http show urlacl
  3. Do you have a reservation for https://+:443/ ?  If so we need to remove this.
  4. Run: netsh http delete urlacl url=https://+:443/
  5. Run: iisreset
  6. Restart application pools
  7. Restart GP Session Central Service and GP Session Service Services
  8. Test again.

End Point not found or There was no endpoint listening

  • Make sure that the GP Session Central Service and the GP Session Service Services are running.
  • If they will not start, the best option is to uninstall/reinstall completely.

Login Errors

Web Client user can login, but errors are showing up in SQL error log

The Runtime Service uses the FQDN if it is a self-signed certificate or one created in CA. If using a third-party certificate, you could potentially have it setup.

The fact that your users can login to Web Client but get prompted for the GP login window means that Identity Management is not setup correctly. The 3 parts of this setup is:

  1. In GP Utilities, you create a proxy login which then gets created in SQL with the DYNGRP role assigned for all system and company databases for GP.
  2. When installing Web Client, this exact proxy login and password needs to be entered in the GP Configuration window, which shows the paths to your GP code directory, Dex.ini and Dynamics.set file.
  3. Lastly, in the User Setup window in GP, the GP logins need to be tied/associated to the Windows account they are logging into Web Client's initial login window as.

If this is all setup correctly, then yes, when the user logs onto Web Client using their Windows account, it should see they are tied to a GP login and log them into the GP application automatically as that user, only seeing a company selection window if they have access to more than one GP company.

I'd verify the above 3 settings again, as most likely they are not correct. I'd also recommend not copying/pasting user ids and passwords as well, as I've seen that not always work.

When attempting to log into Web Client: A problem occurred creating a session. Please try again later or contact your administrator.

  • Make sure Web Client Runtime is installed on the Web Client Server.

 "The username and password supplied are not valid credentials for using Microsoft Dynamics GP. "

  • Make sure the login user has assigned to web client users group.
  • If you have reinstalled/installed multiple times, you will want to follow the steps above for Uninstalling and Reinstalling Web Client.

Logon failure: the user has not been granted the requested logon type at this computer

  • Log on as a batch - service account for web client.
  • Log on as a service - service account for web client.
  • Allow Log on locally - Users need to be able log into the server.  Add the Web Client User Group to this option.

After logging into Web Client, immediately get in Red Bold type: 

An error has occurred processing this request.

If there are no errors in the Event Viewer on the Web Client Server or on the local computer where you are getting the message.

  • This can be caused by unsupported special characters in the Users AD Password.
  • Permission Error - Add Web Client User AD Group to Local Security Policy - Allow Log on Locally
  • Make sure the service account for the Application Pools and for the GP Session Central/Session Services are added to the following Local Security Policies
    • Allow Log on Locally
    • Log on as a Batch
    • Log on as a Service
  • After making these changes
    • Open Command Prompt as Admin and run iisreset.
    • Restart GP Session Central Service
    • Restart GP Session Services Service

You are able to login but are stuck at a GP Splash page, the shows just the Microsoft Dynamics GP logo.

  • Make sure Web Client Runtime is installed on the Web Client Server.
  • Make sure you are using the FQDN that matches the Certificate for the site.

CorrelationID/Event Viewer Errors

A problem occurred creating a session. See the Session Central Service logs for more information.

  • Make sure WebClient Runtime is installed

Session Central Service was not able to successfully communicate with the session service

The user has not been granted the requested logon type at this computer

  • Grant the Web Client User Group to be a local admin on the server
  • Or Open Local Security Policy on the Server, navigate to Allow log on locally, then add the Web Client User Group.

System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

  • Reinstalled Dynamics GP Web Client

The target principal name is incorrect. Cannot generate SSPI context. Unexpected error occurred when logging in

  • Cause: SQL Services were running under domain credentials rather than local service accounts.
  • Resolution:  Switch the SQL Services back to a local service account.  (Network Service Account)

Sever cannot set status after HTTP headers have been sent

  • Make sure you are using the FQDN for the site.
  • Confirm that the SSL Certificate is install in the Trusted Root Certificate store on each workstation connecting to web client.
  • Confirm that you have all pre-requisites installed on the Web Client Server.
  • Confirm that Session Service is running.

A loader exception has occurred.

Loader Errors:

Microsoft.Dynamics.Security.InvalidSecurityContextException: Microsoft.Dynamics.Security.NonExistentSecurityObjectException : The security object does not exist.  Key = 25cc1a21-2cc4-4b13-a1c8-eea186fb688a

  • Uninstall/Reinstall Web Components


Additional Tips

Images are not appearing on homepage.

  • Grant permissions to C:\Program Files\Microsoft Dynamics

If you wanted to mass delete sessions: This post may be of use to you.


Web Client Pre-Requisites

IIS Pre-Requisites

  1. Add Roles and Features
  2. Web Server IIS under Server Roles must include the following selections:
    1. Web Server
      1. Common HTTP Features
        1. Default Document
        2. Directory Browsing
        3. HTTP Errors
        4. Static Content
        5. HTTP Redirection
      2. Health and Diagnostics
        1. HTTP Logging
        2. ODBC Logging
      3. Performance
        1. Static Content Compression
      4. Security
        1. Request Filtering
        2. Windows Authentication
  3. Under Features - Confirm Selections for .NET Framework
    1. .NET Framework 3.5 Features
      1. .NET Framework 3.5 (includes .NET 2.0 and 3.0)
      2. HTTP Activation
    2. .NET Framework 4.6 Features
      1. .NET Framework 4.6
      2. ASP.NET 4.6
      3. WCF Services
        1. HTTP Activation
        2. TCP Port Sharing

Check Certificate Installation (Self Signed Certificate)

  1. Start -> Manage Computer Certificates
  2. Needs to be in Personal -> Certificates
  3. Must have a Friendly name
    1. Friendly name cannot contain spaces or special characters
  4. Confirm the Certificate shows the following if you have a private key for the certificate

Check Certificate Installation (Wild Card Certificate)

  1. Start -> Manage Computer Certificates
  2. Needs to be imported to the following:
    1. Personal -> Certificates
    2. Third-Party Root Certification Authorities -> Certificates
    3. Web Hosting
  3. Must have a Friendly name
    1. Friendly name cannot contain spaces or special characters
  4. Confirm the Certificate shows the following if you have a private key for the certificate

Open IIS

  1. Click on the Server
    1. Open Server Certificates
    2. Confirm your certificate is showing with the friendly name
  2. Click on the Site
    1. Click on Bindings (on far right side of the screen)
    2. Add https and attach your Certificate
      1. Leave the Host name blank.

Active Directory Groups

You will need to have 2 Active Directory Groups setup

  1. A group for Web Client Users
    1. This group will be able to log into Web Client
  2. A group for Web Client Administrators
    1. This group will be able to log into Web Management Console


Install Dynamics GP with Web Client Runtime option

  • Confirm you are able to log into GP

 At this point, you have all necessary Pre-requisites in place and will be able to install Web Client.


How to install Web Client


Recommended Steps for Uninstalling/Reinstalling Web Client.

  1. Uninstall GP Web Components
  2. Delete the GPCONFIGURATION database.
  3. Restart the IIS server
  4. Delete GP Web Components from C:\Program Files\Microsoft Dynamics
  5. Install Web Client
    1. For Session Central and Session Services, do not bind the SSL to those services as it is optional.
  6. Log into Web Client.
  7. Log into WebMangementConsole

Helpful logs when troubleshooting errors logging in or inside web client.

  • Runtime Log
  • Script Log
  • Timing Log
  • SQL Log

To capture these logs open Web Management Console and Web Client.

  1. Log into Web Client with AD User, but do not log into GP with SQL creds yet.
  2. Log into Web Management Console
    1. Under Session Choose the new session
    2. Click on Logging
    3. Choose all 4 options
    4. Click okay
  3. Now back on the Web Client tab, log in with the HR user creds to GP.
  4. Let Web Client run till it errors out or you know it is done processing.
  5. Back to the Web Management Console Tab
    1. Click on the session again
    2. Click on Logging
    3. Uncheck all options
    4. Click okay.

The log files are located at C:\ProgramData\Microsoft Dynamics\GPSessions\Logs.