BC on prem V22 upgraded from V20 dreaded An Error Occurred OpenID issue?

EssexRocksEssexRocks Member Posts: 3
I am working on an upgrade from V20 to V22. The V20 uses AAD and works fine. Moving to V22 means that we have to change to OpenID. I worked thru

https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-ad-openid-connect?tabs=singletenant,admintool

this now results in the error "An Error occurred" when login into BC. Event log is not helping much but just in case this is of any use here (partial post due to size) are the 2 errors that are in the event log after attempting a login for a user who is in AAD and was working fine in V20. I noticed that there is a mention of this path and it does not exist as I do not have an S drive. S:\repo\src\Platform\ClientServerShared\Prod.Common\Http\HttpServiceClient.cs:line 96

I also have a warning when starting the service tier

"The service could not add service principal names because the service account could not be found in Active Directory."

This server is not domain joined and is a workgroup so there is no access to active directory unless the error is referring to AAD.

Any help will be much appreciated

Category: Microsoft.Dynamics.Framework.UI.WebBase.ClientExceptionStateProcessingStrategy
EventId: 0
ConnectionId: 0HMR5PIQ62KUN
RequestId: 0HMR5PIQ62KUN:00000004
RequestPath: /BC220/SignIn
ActionId: 46dffd0d-7a6d-4cb3-b539-5c15b375dd23
ActionName: Microsoft.Dynamics.Nav.WebClient.Controllers.AuthenticationController.SignIn (Prod.Client.WebCoreApp)
MemberName: TryToSendToTelemetry
FilePath: s:\repo\src\Platform\Client\Web\Prod.Client.WebBase\Exception\ClientExceptionStateProcessingStrategy.cs
LineNumber: 88

Exception:
System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.Dynamics.Nav.Common.Http.HttpServiceClient.CallService[T](String requestUrl, HttpMethod method, Object content) in s:\repo\src\Platform\ClientServerShared\Prod.Common\Http\HttpServiceClient.cs:line 96
at Microsoft.Dynamics.Nav.Client.ClientConfigurationClient.GetClientConfiguration(String tenantId, String applicationId) in s:\repo\src\Platform\Client\Shared\Prod.Client.ServiceConnection\HttpService\ClientConfigurationClient.cs:line 39
at Microsoft.Dynamics.Nav.Client.Web.ClientServerConfigurationOperation.GetClientConfiguration(RequestContext requestContext) in s:\repo\src\Platform\Client\Web\Prod.Client.WebCommon\Services\Settings\ClientServerConfigurationOperation.cs:line 55
at Microsoft.Dynamics.Nav.Client.Web.WebClientSettingsProvider.RetrieveClientConfiguration() in s:\repo\src\Platform\Client\Web\Prod.Client.WebCommon\Services\Settings\WebClientSettingsProvider.cs:line 103
at Microsoft.Dynamics.Nav.Client.Web.WebClientSettingsProvider.TryGetSettingsValue[T](String settingName, T& value) in s:\repo\src\Platform\Client\Web\Prod.Client.WebCommon\Services\Settings\WebClientSettingsProvider.cs:line 49
at Microsoft.Dynamics.Nav.Client.Web.ClientServerSettingsProvider.get_ACSUri() in s:\repo\src\Platform\Client\Web\Prod.Client.WebCommon\Session\ClientServerSettingsProvider.cs:line 207
at Prod.Client.WebCoreApp.Authentication.AcsAuthenticationProvider.EarlyAuthenticate(HttpContext context, AuthenticationActionResult&

And before this
Error accessing Website BC220
Type: System.Net.Http.HttpRequestException
StatusCode: NotFound
Message: Response status code does not indicate success: 404 (Not Found).
Source: System.Net.Http
HResult: -2146233088
StackTrace:
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.Dynamics.Nav.Common.Http.HttpServiceClient.CallService[T](String requestUrl, HttpMethod method, Object content) in s:\repo\src\Platform\ClientServerShared\Prod.Common\Http\HttpServiceClient.cs:line 96
at Microsoft.Dynamics.Nav.Client.ClientConfigurationClient.GetClientConfiguration(String tenantId, String applicationId) in s:\repo\src\Platform\Client\Shared\Prod.Client.ServiceConnection\HttpService\ClientConfigurationClient.cs:line 39
at Microsoft.Dynamics.Nav.Client.Web.ClientServerConfigurationOperation.GetClientConfiguration(RequestContext requestContext) in s:\repo\src\Platform\Client\Web\Prod.Client.WebCommon\Services\Settings\ClientServerConfigurationOperation.cs:line 55
at Microsoft.Dynamics.Nav.Client.Web.WebClientSettingsProvider.RetrieveClientConfiguration() in s:\repo\src\Platform\Client\Web\Prod.Client.WebCommon\Services\Settings\WebClientSettingsProvider.cs:line 103
at Microsoft.Dynamics.Nav.Client.Web.WebClientSettingsProvider.TryGetSettingsValue[T](String settingName, T& value) in s:\repo\src\Platform\Client\Web\Prod.Client.WebCommon\Services\Settings\WebClientSettingsProvider.cs:line 49
at Microsoft.Dynamics.Nav.Client.Web.ClientServerSettingsProvider.get_ACSUri() in s:\repo\src\Platform\Client\Web\Prod.Client.WebCommon\Session\ClientServerSettingsProvider.cs:line 207
at Prod.Client.WebCoreApp.Authentication.AcsAuthenticationProvider.EarlyAuthenticate(HttpContext context, AuthenticationActionResult& authenticationResult) in s:\repo\src\Platform\Client\Web\Prod.Client.WebCoreApp\session\Authentication\AcsAuthenticationProvider.cs:line 45
at Prod.Client.WebCoreApp.Authentication.TokenAuthenticationPairingProvider.EarlyAuthenticate(HttpContext context, AuthenticationActionResult& authenticationResult) in s:\repo\src\Platform\Client\Web\Prod.Client.WebCoreApp\session\Authentication\TokenAuthenticationPairingProvider.cs:line 51
at Microsoft.Dynamics.Nav.WebClient.Controllers.AuthenticationController.SignIn(String returnUrl) in s:\repo\src\Platform\Client\Web\Prod.Client.WebCoreApp\Controllers\AuthenticationController.cs:line 63
at lambda_method13(Closure , Object , Object[] )
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeNextActionFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)

Comments

  • NavNabNavNab Member Posts: 181
    I'll assume you correctly register an app in Azure Portal > App registrations, and that you use signle tenant.
    Everything you can find in that article is essentially condensed into the PowerShell script provided below. Run it and enjoy :smile:
    $aadTenantId = '' # your azure tenant id
    $applicationId = '' # the client id of the app you register in Azure Portal via App registrations
    $applicationId = '' # your public domain
    $serverInstance = 'BC' # your BC instance name
    
    $clientServicesFederationMetadataLocation = "https://login.microsoftonline.com/$aadTenantId/FederationMetadata/2007-06/FederationMetadata.xml"
    $aadAuthorityUri = "https://login.microsoftonline.com/$aadTenantId"
    
    Set-NAVServerConfiguration -ServerInstance $serverInstance -KeyName 'ValidAudiences' -KeyValue $applicationId
    Set-NAVServerConfiguration -ServerInstance $serverInstance -KeyName 'AppIdUri' -KeyValue $applicationIdUri
    Set-NAVServerConfiguration -ServerInstance $serverInstance -KeyName 'ClientServicesFederationMetadataLocation' -KeyValue $clientServicesFederationMetadataLocation
    
    Restart-NAVServerInstance -ServerInstance $serverInstance
    
    Set-NAVWebServerInstanceConfiguration -WebServerInstance $containerName -KeyName 'AadapplicationId' -KeyValue $applicationId
    Set-NAVWebServerInstanceConfiguration -WebServerInstance $containerName -KeyName 'ClientServicesCredentialType' -KeyValue 'AccessControlService'
    Set-NAVWebServerInstanceConfiguration -WebServerInstance $containerName -KeyName 'AadAuthorityUri' -KeyValue $aadAuthorityUri
    
  • drotunnodrotunno Member Posts: 3
    Same error with on prem installation bc22.2. @EssexRocks have you resolved in some way?
    Thanks
  • jmgmvjmgmv Member Posts: 3
    Same error with on prem installation bc22.2. @drotunno have you resolved in some way?
    Thanks
Sign In or Register to comment.