Service-Tier automation failure

xoxo Member Posts: 34
edited 2012-06-29 in NAV Three Tier
I've built an automation which behaves differently when run on the classic client compared to when run on the service-tier.

This behavior was of course discovered when we moved this automation to run on the service-tier.

The first issue was that the whole RTC client crashed. The event log on the service-tier and google searches revealed that this was caused by some reflection code which does not do proper overload resolution. After changing the automation and recompiling this now appears to work (no more overloads).

The second problem, which we still have, is that the automation (which is a .NET COM-interop assembly) cannot find a certificate in the certificate store. It has no problem finding this certificate when run on the classic client (on the service-tier machine) but it cannot find the same certificate using the same code when run thru the service-tier. The code uses standard .NET crypto API's*. This is quite perplexing to and hard to debug.

Since this automation is a .NET assembly you may want to suggest we just call it as a .NET assembly but this will not do because then we loose the ability to run the code in the classic client where it must be run as a scheduled job as well. Besides this we already tried to do that just as a temporary workaround and found out that this gave another permissions error.

Any pointers as to what could be the issue here? Security priviledges of the service-tier?

](*,)

Thanks in advance.

:)

* System.Security.Cryptography.x509

Comments

  • kinekine Member Posts: 12,562
    Depends on where the certificate is stored. If in computer store or in user store...
    Kamil Sacek
    MVP - Dynamics NAV
    My BLOG
    NAVERTICA a.s.
  • xoxo Member Posts: 34
    Thanks kine. Moving the certificate to a different store location solved that issue. Now the next issue is an error when trying to access the private key (it appears): "Keyset does not exist", an exception originating from System.Security.Cryptography.Pkcs.PkcsUtils.CreateSignerEncodeInfo(CmsSigner signer, Boolean silent). I guess because the service-tier service is running as a user without the necessary permissions. Will check if we can run it as a different user and change the permissions - unless you have a better idea.
  • kinekine Member Posts: 12,562
    Have you tried this? http://msdn.microsoft.com/en-us/library/aa702621.aspx

    There is how to find the key and set permissions...
    Kamil Sacek
    MVP - Dynamics NAV
    My BLOG
    NAVERTICA a.s.
  • xoxo Member Posts: 34
    Hi Kine. Yes, I tried that but it didn't change anything - tried with several SID's. It could be I did something wrong there of course. For the time being I've created a workaround so we don't have to use the service-tier for calling this automation... for now.
Sign In or Register to comment.