Forcing Initial Sync in DualWrite

I am currently working on a project where we are implementing DualWrite in existing Dynamics 365 Environments. Since we do not have huge data volumes we decided to use Initial Sync in DualWrite to migrate some data from D365 Finance and Supply Chain over to D365 for Sales.

When we verified the data we noticed and issue with addresses. It turns out that the customers had all addresses set to purpose Business and as it turns out the addresses that are configured in the default mapping for DualWrite are Delivery and Invoice addresses. Once the customer fixed the addresses, I thought: “Lets just resync the Customer V3 entity using Initial Sync!”. Well… turns out is was not that easy.

When the sync har run it synced 3 customers instead of around 1800…

When I looked at the Data Management Project (after ALOT of troubleshooting) which Initial Sync generates I could see that the project was set to “Incremental Push Only”… I wanted it to do a complete sync… why is this happening?? What do I do know? There are 3 different ways that “might” solve this.

  1. Disable and Enable Change Tracking

    Your first option is to turn, change tracking off and then on again. You do this in the Data Management workspace, in Data Entities.
  2. Reset DualWrite in FnO

    In the DualWrite section of the Data Management workspace, click Reset Link. This will let you setup the link again; as well as purging all of the settings, it will also reset historical configuration. Since we already synced most of the data, we did not have to run initial sync for most of the entities… we only re-ran the Customers V3 entity


  3. Deleting the DMF Project

    Every initial sync created a DMF project and when run the Initial sync for the second time, Dataverse tried to be smart and reuse the DMF project which meant. Deleting the project meant that it had to be created again.
    (Thanks Nathan Clouse for this insight)

    Links:
    https://learn.microsoft.com/dynamics365/fin-ops-core/dev-itpro/data-entities/dual-write/dual-write-troubleshooting-initial-sync?WT.mc_id=DX-MVP-5004702#error-customer-map

Whitelisting IPs for FnO Dev Environments

I got a question today from a customer… “Could you show me how to add IPs to the whitelist for our FnO Dev Mashines?”.. Here Goes

  1. Log in to the Azure Portal
  2. Find the Azure VM that you would like to change
  3. Go to Network Settings and locate the rdp-rule


  4. Open the rule and add your IP adress to the “Source IP addresses/CIDR ranges” field. You you have more than one IP, add a comma between the IPs.


  5. Click Save

Protecting your Dev VMs are important for a couple of reasons… The most important being that there are search engines on the internet that indexes RDP endpoints available to the Internet and if your VM is in that database, bad guys will start to try to break into them… and even if they might not succeed (LCS generates fairly good credentials) it will trigger a policy that will make the VM unavailable for logins for a while which, if nothing else, will stop your developers from doing their job.

Handling internal Vendors in DualWrite

At the moment I am involved in a DualWrite implementation between FnO and CE. The goal is eventually to be able to generate Quotes from CE and have them sync to FnO. As you might know there are a lot of entities required to get to the point where we can sync Quotes and one of the is Vendors V2 and another is Released Procucts. In order to sync Release Products we first need to have Vendors.

At this customer they are buying a lot of their products from an internal vendor (aka another Legal Entity of the same FnO instance. When we first synced Vendors, everything worked perfectly, with 100% completion, (as far as we could see) but when we tried to synd Released Products we were missing Vendors

Quite a lot… So digging into this we found that these Vendor were never synced, which we found a bit strange (remember 100 % completion.

Turns out there is a filter in DualWrite that looks like this and apparently internal Vendors are not of the type Organizations… They are LegalEntity

So with some modifications… it looks like this

But there is another thing we need to fix… We need to add the following line in the tranform rule

Once that is done, I force another Initial Sync of Vendors and once that is completed I could successfully sync Products… Yay !!

Unable to import users in Cloud Hosted Environment

At one of my customers I just set up a couple of new Cloud Hosted Environments (version 10.0.37 which turns out to be important) and when I tried to import the users from EntraID/AzureAD I got the following error

Cannot Find Thumbprint by Certificatename

After some troubleshooting och looking through Yammer I saw others that had the same issue. Apparently the issue had started happen after 15:th November (which also turned out to be important).

It turns out that Microsoft had discovered a potential security issue in the template used for creating the Cloud Hosted Environments. There used to be a connection in every Cloud Hosted Environment that allowed it to make lookups toi Azure AD/EntraID to be able to import users. For security reasons, this connection is no longer there by default. You will still be able to manually add users, but if you want to import users you will need to create the connection in the Virtual Machine.

1. Create a new App Registration in EntraID

2. In the Cloud Hosted VM run the following PowerShell Snippet (in an elevated Powershell prompt, aka Run as Administrator) to create a new Certificate.

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "CHECert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -KeySpec Signature -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotBefore (Get-Date -Year 2020 -Month 5 -Day 1) -NotAfter (Get-Date -Year 2033 -Month 12 -Day 31)

3. Start “Manage Computer Certificates” and find your newly created Cert. It should be in Local Computer – Personal – Certificates and it should be called “CHECert”. Export the certificate with default settings (Right-Click – All Tasks – Export) and save it in a folder you remember.

4. Go back to the App Registration you created in Step one, Go to Certificates and Secrets. Under Certificated, click upload certificate and choose you exported certificate

5. You need to add an Redirect URI to the AppRegistration. Go to Authentication, click Add a platform – Web and past the URL for the Cloud Hosted Dynamics environment

6. Add the following permissions to API Permissions and then click Grand admin concent…

7. In the Cloud Hosted VM, go back to “Manage Computer Certificates” and Right-Click (the Certificate) – All Tasks – Manage Private Keys. Give NETWORK SERVICE permissions to use the Certificate

8. In the Cloud Hosted VM, start Notepad as Admin and edit K:\AOS service\Webroot\web.config file. Edit the following keys:

<add key="Aad.Realm" value="spn:[TheAppIDfromStep1]" />
<add key="Infrastructure.S2SCertThumbprint" value="[YTheThumbPrintfromStep2]" />
<add key="GraphApi.GraphAPIServicePrincipalCert" value="[YTheThumbPrintfromStep2]" />

9. In the Cloud Hosted VM, start an elevated Command Prompt and run and iisreset

Validate by trying to import users

Links
Secure one-box development environments

Cannot access form Sales charge codes

I had an issue today at a customer… We were not able to open the Charge code form in one of our environments.

When we tried to open the form we also got a couple more error messages. tThe first saying that we could not read Retail Headquarter Parameters which lead us to try that form and we got an error which looks like: Parameter record does not exist.

Turns out that this was a bug introduced in 10.0.37 and which will be fixed in 10.0.38 related to the feature called Enable proper tax calculation for returns with partial quantity. When this feature is enabled the system is not able to create a line in the parameter table for Retail Headquarters due to a default value is not allowed.

The workaround is to disable the feature temporarily, initiate the creation of Retail parameters in the affected companies and then re-enable the feature.

Good luck

Links
Details for issue 849710 (dynamics.com)

Issues with DBsync step during deploy


Today, when I was deploying customization package to a newly deployed config environment, I had an issue with a step not working correctly. The environment had not yet been used for anything so I hadn´t even copied a database to it. When I deployed the customization package to it I got the following error in the runbook log and the deploy failed:

Table Sync Failed for Table: SQLDICTIONARY. Exception: System.NotSupportedException: TableID not yet generated for table: AmcBankReconciliations

The sync step in the runbook is failing because there is no TableID for the table AmcBankReconciliations. And I thought that was exactly what the sync process was supposed to do (??).

Having no clue about why this happened I first turned to Google (as one does) and when I could not find anything there I asked my awesome colleagues and one of the said:

“I have seen newly deployed environments behaving strangely and my solution usually is to start Visual Studio and perform a DB Sync”

This was a bit strange since it was the Sync Step that failed but I thought I would give it a try. Since this was a config environment that is not going to use Visual Studio, I instead opted for using the amazing [d365fo.tools](GitHub – d365collaborative/d365fo.tools: Tools used for Dynamics 365 Finance and Operations) to do the sync

Invoke-D365DBSync -Verbose

When the sync had finished I tried resuming the deploy and to my surprise it finished perfectly… Nice 🙂

Authentication Method deprecation D365FO WMS

I got an email from a customer the other day explaining the he got an error message from his WMS mobile app saying:

This device uses an authentication method that will soon be discontinued. Your organization should prepare to move to device code flow authentication before then.

Here is a short step by step guide on what needs to be done to switch

  1. In the Azure Portal, find the App registration that you are using for authentication and make sure Enable the following mobile and desktop flows is set to Yes
  1. In Application Registration go to API Permissions and verify these settings:
  1. Still in the Azure Portal, go to Microsoft Entra ID – Enterprise Applications. Find the same Client ID as above and open it. Make sure that the Assignment Required and Visible to users is set as below

  1. Click Users and Groups, add all users (or groups of users) that will have permission to register new new WMS Devices

I noticed you also need to delete the existing connection from the WMS app and create a new one. The simplest way is to create a new connection file and import it or generate a new QR code. Use this file as a template:

{
    "ConnectionList": [
        {
            "ActiveDirectoryClientAppId":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
            "ConnectionName": "Tier2 Warehouse",
            "ActiveDirectoryResource": "https://xxxx.sandbox.operations.dynamics.com/",
            "ActiveDirectoryTenant": "https://login.windows.net/tenantdomain.com",
            "Company": "USMF",
            "IsEditable": false,
            "IsDefaultConnection": true,
            "ConnectionType": "devicecode"
        }
    ]
}

Links:

User-based authentication – Supply Chain Management | Dynamics 365 | Microsoft Learn

QR Generator

I cannot find my Sharepoint Site in Power Automate

Today I helped a customer setting up a Power Automate Flow that needed to freate a folder in a Sharepoint Library.

When I clicked the dropdown in the flow step the Site was not there… WT?

I entered the URL in Flow and it said that it was able to find the site. When I pasted it into the address bar in Edge it worked perfectly… Hmmm…

After a lot of troubleshooting (aka Googling) I found a forum post that explained that apparently even cloud servers does need a bit of a warm-up stretch to get up to speed- 🙂

Note… I do NOT take any kind of credit for this solution… Just saving it for myself

Links
Re: We are unable to find the site address. Please… – Power Platform Community (microsoft.com)

Help!! I closed the Excel Addin

A colleague of mine pinged me today and wondered if there is a way to reopen the Dynamics Excel Addin if you accidentally closed it, other than going back to Dynamics and reopen the file.

Since she was nice enough to ask the question and i did not know the answer I thought I might as well write it down so I do not forget 🙂

1. In Excel, go to the insert tab. Then click My Addins

2. Click on Microsoft Dynamics (if it is not there, click See all… instead and you will find it in the list)

3. The Addin will open up again and reload the condent of the excel file from Dynamics 365 FO

Good Luck