We use virtual machines to perform development tasks which are provided as images by Microsoft run via Hyper-V on a local server. After the trail period expires the certificates will be expired. Here i have explained how to re activate the certificates
Error details
On your development machine you cannot open the application in the browser anymore and face an error message like
There is a problem with the server Sorry, the server has encountered an error. It is either not available or it can't respond at this time. Please contact your system administrator.
If you check the event log using the Event Viewer you’ll find a warning message pointing to an ExpiredCertificateException there:
Process information:
Process ID: 14516
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
Exception type: ExpiredCertificateException
Exception message: Expired certificate for id 'C0E503DC8987D25B63897A7BE0B3E34BDCC89F41'.
at Microsoft.Dynamics.AX.Configuration.CertificateHandler.LocalStoreCertificateHandler.GetCertificatesForId(String id)
etc.
Solution
Find Certificates
You can see the certificates that are relevant here using Manage computer certificates from Windows Start menu. Navigate to Certificates – Local Computer > Personal > Certificates.
In the column Expiration Date you can easily identify the ones that recently expired, in this case
In the column Expiration Date you can easily identify the ones that recently expired, in this case
- DeploymentsOnebox.DaxRunnerTokenUserCertificate.pfx
- DeploymentsOnebox.LcsClientCertificate.pfx
- DeploymentsOnebox.MRClientCertificate.pfx
- DeploymentsOnebox.SessionAuthenticationCertificate.pfx
Identify Thumbprint of Expired Certificate
Certificates get accessed by their thumbprint which is a 40-digit hexadecimal value. You can see it by double-clicking the certificate in the certificates viewer and open the Details tab.
Copy the thumprint values and make sure all letters are capital and remove all spaces.
Copy the thumprint values and make sure all letters are capital and remove all spaces.
example:43082FE50B4D02562C89EA728B2359C598E84886
You can use any text editor or event VS, my preferred one for such operations is Notepad++. Make sure to run it as Administrator so you can save the files later without any issues. All three files we need are located in
Clone the Certificate
Use PowerShell (and Run as Administrator, of course) to execute the following command (and make sure to replace the thumbprint with the one you just identified):
Set-Location -Path "cert:\LocalMachine\My" $OldCert = (Get-ChildItem -Path 43082FE50B4D02562C89EA728B2363C598E84886) New-SelfSignedCertificate -CloneCert $OldCert -NotAfter (Get-Date).AddMonths(999)
999 is the number of months the certificate will be valid until. Should be fine for quite some time.
The execution of this creates some output – copy and note the thumbprint of the newly created certificate. In the certificate manager you can see the clone (you might have to Refresh after a right click on the folder on the left).
The execution of this creates some output – copy and note the thumbprint of the newly created certificate. In the certificate manager you can see the clone (you might have to Refresh after a right click on the folder on the left).
Update References
The new thumprint values we need to update in web config, wif config and wif services config (take backup the files before modification). The files are available in the below path
C:\AOSService\webroot:
- web.config
- wif.config
- wif.services.config
Find the old thumprint 4(3082FE50B4D02562C89EA728B2359C598E84886) and replace new thumprint value which is generated.
Repeat this for all expired certificates.
Reboot
Restart Batch, Management reporter, DMF, SQL and IIS services.
Restart the server
No comments:
Post a Comment