Problems using Excel Workbook Creator in AX “7”

We have started working with some customers who are looking into implementing The New Dynamics AX (aka AX 7) and one of the very useful features in AX are integration with the Microsoft Office. This has historically been done using an Office Addin which has been installed from the AX Install CD (of deployed by IT). In the new AX version this is done a little differently. You need to install a plugin from the Office Store (which I talk about here).

The other day one of my colleagues came to me and told me that it did work to use the Excel workbook creator… the login failed Sad smile. The login started, the user was redirected to our ADFS site and it was visible for a moment and then it was redirected to a blank place with the address: https://az689774.vo.msecnd.net/dynamicsofficeapp/v1.2.1.0/App/DynamicsApp.html#id_token

SNAGHTMLdc73d34

This is an issue with Office and how Office handles ADFS logins according to this article. According to Microsoft this has been fixed in the 16.0.6868.2060  build of Office 2016. This build is at the moment (2016-05-20) only available for Office Insiders which means that if you are using Office 365 your admin needs to enable you for Current Channel and you need to reinstall Office. 

Links:

https://ax.help.dynamics.com/en/wiki/office-integration-troubleshooting/

ADFS 3.0 with Windows XP (??) Clients

Today I spent the day at a customers looking at a XP computer (I know they are supposed to be extinct) having problems authenticating using ADFS. As we know XP is using IE8 and IE8 in combination with XP does not support Server Name Indication. Turns out SNI is on by default in ADFS 3.0… bummer

Fortunately it is fixable:

Start by getting information about the SST Certificate using:

netsh http show sslcert

The we bind the IP:port combination to the SSL cert using (in an elevated command prompt):

netsh http add sslcert ipport=[ipaddress : port from above] certhash=[Certificate Hash from above] appid=[appid from above] certstorename=MY

These steps needs to be taken on both the ADFS server and the Web Application Proxy

IMPORTANT: This works as long as the Web Application proxy is not doing anything else but working as a “ADFS Proxy”

Link:
http://hindenes.com/trondsworking/2014/03/25/adfs-3-0-windows-xp-fail/