none
BizTalk 2013 and Dynamics AX 2012 R2 failed to login RRS feed

  • Question

  • Hi:
    I keep receiving “Failed to logon to Microsoft Dynamics AX” regardless BizTalk Port - Identity Editor > User Principal Name or Service Principal Name user name. I am sure all the user and service IDs have the privileges.
    Appreciate your help and hints.
    Regards, Toraj

    Some details:
    1. Using send port, type WCF-Net Tcp, with correct Endpoint Address and Action.
    Address: net.tcp://servername:8201/DynamicsAx/Services/PurchInvoice810
    Action: http://schemas.microsoft.com/dynamics/2008/01/services/PurchaseInvoiceService/create

    2. Send pipeline is XML Transmit. The DocumentSpecName and EnvelopeDocSpecName are from BizTalk schema properties (double checked and triple checked their accuracy). 
    DocumentSpecName as follows.
    Adec.VendorsEDI.InboundAdecSchema.PurchaseInvoice_PurchaseInvoice810, Adec.VendorsEDI.InboundAdecSchema, Version=1.0.3018.1, Culture=neutral, PublicKeyToken=49874a1c7f51e5dd

    EnvelopeDocSpecName as follows.
    Adec.VendorsEDI.InboundAdecSchema.AIFInvoiceMessage, Adec.VendorsEDI.InboundAdecSchema, Version=1.0.3018.1, Culture=neutral, PublicKeyToken=49874a1c7f51e5dd

    3. Document with enc. Content example as follows.
    <?xml version="1.0" encoding="UTF-8"?>
    <ns0:Envelope xmlns:ns0="http://schemas.microsoft.com/dynamics/2011/01/documents/Message">
    <ns0:Header><ns0:MessageId/>
    <ns0:LogonAsUser/>
    <ns0:PartitionKey/>
    <ns0:Company/>
    <ns0:Action>http://schemas.microsoft.com/dynamics/2008/01/documents/PurchaseInvoice/create</ns0:Action>
    <ns0:ConversationId/><ns0:RequestMessageId/>
    </ns0:Header>
    <ns0:Body>
    <ns0:MessageParts>
    <ns1:PurchaseInvoice xmlns:ns0="http://schemas.microsoft.com/dynamics/2008/01/sharedtypes" xmlns:ns1="http://schemas.microsoft.com/dynamics/2008/01/documents/PurchaseInvoice">
    ....
    </ns0:MessageParts>
    </ns0:Body>
    </ns0:Envelope>

    4. Validated the document content using BizTalk Send Port type “File”.
    5. When BizTalk suspend the job,
    A – It completed mapping orchestration, successfully.
    B – The BizTalk Suspended Query Error Information > Messages > part does NOT show envelop wrapper.

    6. Using BizTalk 2013 and Dynamics AX 2012 R2.

    7. I am using the following white paper as a reference. 
    Microsoft Dynamics AX 2012 Using Microsoft BizTalk Server 2010 to exchange documents with Microsoft Dynamics AX
    Exchanging documents between BizTalk Server and AIF [AX 2012] Pasted from <http://technet.microsoft.com/en-us/library/hh352300.aspx> go to Using Microsoft BizTalk Server 2010 to exchange documents with Microsoft Dynamics AX. 

    Toraj toraj.khavari@a-dec.com

    Wednesday, November 5, 2014 4:07 PM

Answers

  • Hi Toraj,

    By seeing your log files ,I suspect you are dealing with kerberos error and duplicate DNS entries created which was confusing the Kerberos authentication

    I would suggest you to go through below links for the resolution as you may need to flush duplicate DNS entries.

    Cannot generate SSPI context" error message

    The target principal name is incorrect. Cannot generate SSPI context.

    Thanks

    Abhishek


    • Marked as answer by Angie Xu Monday, November 17, 2014 2:29 AM
    Friday, November 7, 2014 5:13 AM
  • Hi:
    The solution is as follows.
    1- Write a short program and consume the AX URL. Copy the identity > userPrincipalName > value in config file to BizTalk, WCF-NetTcp send port > Configure > Edit > userPrincipalName. Exactly the same value.
    2- Construct the Action exactly as spelled out in the WSDL and “How to integrate Dynamics AX 2012 R3 AIF Document Service with BizTalk server” article. 
    3- Do not use Envelop – No need of it.
    4- Send Pipeline can be pass through or XML.
    I am glad this worked. Took a while. However, AX and BizTalk interface is very solid. I am going to write a Wiki Article about this and add it to our library. We will use this a lot.
    Regards, Toraj

    Toraj toraj.khavari@a-dec.com

    • Marked as answer by Toraj Khavari Tuesday, November 25, 2014 10:32 PM
    Tuesday, November 25, 2014 10:31 PM

All replies

  • A bit more information

    Using the NetTcp WCF service is secure by default. I played with the "identity" tag. Not working yet. More details as follows.

    Looking forward to feedbacks, hints, information.

    Regards, toraj

     

    1. Added identity to Header.

    -<ns0:identity>

    <ns0:userPrincipalName>SRVDAXBCProxy</ns0:userPrincipalName> <!- With and without userPrincipalName ->

    <ns0:Dns>GBTVMDEVAXAOS01</ns0:Dns>  <!- Lower or upper D->

    </ns0:identity>

     

    1. Added the dns to header with out the "identity" tag.

    <ns0:Dns>GBTVMDEVAXAOS01</ns0:Dns>  <!- Lower or upper D->

     

     

    1. Added identity to Envelope.

    -<ns0:identity>

    <ns0:userPrincipalName>SRVDAXBCProxy</ns0:userPrincipalName> <!- With and without userPrincipalName ->

    <ns0:Dns>GBTVMDEVAXAOS01</ns0:Dns>  <!- Lower or upper D->

    </ns0:identity>

     

    Error message as follows.

    A message sent to adapter "WCF-NetTcp" on send port "ESPAzoreMFTtoAOSSend" with URI "net.tcp://devServerName:8201/DynamicsAx/Services/PurchInvoice810" is suspended.

     Error details: System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception. ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The target principal name is incorrect

       --- End of inner exception stack trace ---

       at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)

       at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)

       at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)

       at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)

       at System.Net.Security.NegoState.StartReceiveBlob(LazyAsyncResult lazyResult)

       at System.Net.Security.NegoState.CheckCompletionBeforeNextReceive(LazyAsyncResult lazyResult)

       at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)

       at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)

       at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, ChannelBinding binding, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)

       at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)

       at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)

       --- End of inner exception stack trace ---


    Toraj toraj.khavari@a-dec.com

    Thursday, November 6, 2014 12:11 AM
  • HI Toraj,

    Take a look at this article of the analysis of this error message - “Unable to log on to Microsoft Dynamics AX.”

    Hope it helps you.

    Regards,

    Qings

    Friday, November 7, 2014 2:27 AM
  • Hi Toraj,

    By seeing your log files ,I suspect you are dealing with kerberos error and duplicate DNS entries created which was confusing the Kerberos authentication

    I would suggest you to go through below links for the resolution as you may need to flush duplicate DNS entries.

    Cannot generate SSPI context" error message

    The target principal name is incorrect. Cannot generate SSPI context.

    Thanks

    Abhishek


    • Marked as answer by Angie Xu Monday, November 17, 2014 2:29 AM
    Friday, November 7, 2014 5:13 AM
  • Hi:

    I will look  into these and keep you posted.

    Thanks, Toraj


    Toraj toraj.khavari@a-dec.com

    Monday, November 17, 2014 9:34 PM
  • After exploring the SSPI error solutions as you requested, the Let me share with you what I have learned.

    I lowered the security to “none”. BizTalk Send port > Configure > security Tab > Security mode = None

    Changed the Action to following. While following the “http://tech.alirazazaidi.com/how-to-integrate-dynamics-ax-2012-r3-aif-document-service-with-biztalk-server/” article.

    <BtsActionMapping xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

      <Operation Name="OperationSendAXESP" Action="http://schemas.microsoft.com/dynamics/2008/01/services/PurchaseInvoiceService/create" />

    </BtsActionMapping>

    Changed, checked and double checked the AX and BTS env. Now I am getting the following error. Which does not make sense.

    System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:05:00'. --->

    I am concluding that SSPI and timeout errors are erroneous messages. There is root cause,  gets warped into meaningless error messages.

    Appreciate any hints or recommendations.

    Regards, Toraj


    Toraj toraj.khavari@a-dec.com

    Thursday, November 20, 2014 6:39 PM
  • Hi:
    The solution is as follows.
    1- Write a short program and consume the AX URL. Copy the identity > userPrincipalName > value in config file to BizTalk, WCF-NetTcp send port > Configure > Edit > userPrincipalName. Exactly the same value.
    2- Construct the Action exactly as spelled out in the WSDL and “How to integrate Dynamics AX 2012 R3 AIF Document Service with BizTalk server” article. 
    3- Do not use Envelop – No need of it.
    4- Send Pipeline can be pass through or XML.
    I am glad this worked. Took a while. However, AX and BizTalk interface is very solid. I am going to write a Wiki Article about this and add it to our library. We will use this a lot.
    Regards, Toraj

    Toraj toraj.khavari@a-dec.com

    • Marked as answer by Toraj Khavari Tuesday, November 25, 2014 10:32 PM
    Tuesday, November 25, 2014 10:31 PM
  • Thanks for info

    Regards

    Enis,

    Sunday, November 30, 2014 3:12 PM
  • Thanks for info

    Regards

    Enis,

    Sunday, November 30, 2014 3:12 PM