Certificate issues in D365FO Cloud hosted environment

This morning our developers reached out to me telling me that we had certificate issues with two of our environments. The problem with certificates is that they have an expiry date.

Since all Dynamics environments are deployed using LCS and the Cert used is owned by Microsoft we have limited ability to fox the issue on our own. This is why Microsoft built functionality into LCS to help us with this. To fix the issue, just look up the environment in LCS, click Maintain and select Rotate Secrets

The Cert you need to fix is the SSL Certificate

Simply click Rotate SSL Cert and wait for the process to finish. In my experience you will also need to reboot the VM.

Have a nice day 🙂

Changing the certificate used for Channel database sync in AX 2012 Retail

I have been trying the past couple of bays to get retail up and running on the Microsoft Dynamics AX 2012 R3 demo environment. There are some issues in the default environment that needs to be fixed before everything is running flawlessly.

One issue I noticed was that the SSL certificate used between the async client and async server has expired (in 2015 Smile ).

           image

To fix this we first need to request and issue a new certificate. Since the CA in the Demo is a stand-alone CA we cannot use the MMC to request the certificate, so I am using the web interface. Start Internet Explorer and browse to the address https://localhost/certsrv (since the certificate for the site is not issued to localhost there will be an error… ignore this).

           image

Select Request a certificate

           image

Select advanced certificate request

           image

Select create and submit a request to this CA

           image

Click Yes to continue

          image

Fill in the name of the certificate. In our case the adress is retail.contoso.com, the other fields are not mandatory. Select Server Authentication Certificate and check  Mark keys as exportable. Click Submit.

           image

Note the id of the request and start the Certificate Authority mmc Management Console

           image

Find the request above under Pending Request. Right-click and select the task Issue

           image

Go back to https://localhost/certsrv and click View the status of a pending certificate request. Click your request.

           image

Click Yes to continue.

          image

Click the Install this certificate. Unfortunately the certificate will be installed in you personal Certificate Store and you will have to move it before IIS can use it.

          image

Start the management Console and add the Certificates snap-in for Current User and for Local Computer. Go to Current User – Personal – Certificates and find your new certificate

          image

Right click the certificate and select Export

            image

Select Yes, export the private key

           image

Check Export all extended properties and click next

           image

Enter a password and click next

          image

In the console on Local Computer – Personal – Certificates right click and import the Certificate you exported previously

          image     image

In IIS Manager edit Binding for the sites AsyncServerSite and Retail Server Website and change the certificate for HTTPS. Restart the IIS sites.

That is all

/Johan

2W – It management for SMBs

Tack alla för att ni deltog igår på Second Wednesday… Här kommer länkar och presentationer:

WiFi:

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
http://blogs.technet.com/b/networking/archive/2012/05/30/creating-a-secure-802-1x-wireless-infrastructure-using-microsoft-windows.aspx
http://msdn.microsoft.com/en-us/library/cc731853.aspx
http://technet.microsoft.com/en-us/library/cc771455%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/dd282998%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/hh831831.aspx
http://windowshell.wordpress.com/2011/01/04/a-sample-802-1x-configuration-guide/
http://www.esecurityplanet.com/trends/article.php/3853581/Tips-and-Tricks-for-Using-8021X-in-Windows.htm
https://communities.intel.com/servlet/JiveServlet/previewBody/4321-102-1-7037/SImple%20NPS%20Configuration%20as%20Radius%20Part%201.pdf

Deployment:

http://www.deploymentresearch.com/Research/tabid/62/EntryId/193/Beyond-unsupported-Deploying-Windows-10-preview-including-drivers-with-ConfigMgr-2012-R2.aspx
http://www.deploymentresearch.com/Research/tabid/62/EntryId/195/Deploying-Windows-10-build-9860-using-MDT-2013-Lite-Touch.aspx
http://www.deploymentresearch.com/Research/tabid/62/EntryId/197/How-to-create-a-Windows-10-Enterprise-build-9860-ISO.aspx
http://www.deploymentresearch.com/Research/tabid/62/EntryId/192/Beyond-unsupported-Deploying-Windows-Technical-Preview-with-MDT-2013.aspx
http://blog.westmonroepartners.com/make-the-microsoft-deployment-toolkit-mdt-2013-able-to-deploy-windows-10-windows-server-vnext-and-hyper-v-server-vnext-technical-preview/

Samgungs Goggles:

http://www.oculus.com/blog/introducing-the-samsung-gear-vr-innovator-edition/