Wednesday, July 26, 2017

Microsoft Dynamics 365 for Finance and Operations, Enterprise edition (on-premises) - Installation PART 1

Hi Guys

As you know, Microsoft released D365FO Local Business Data, aka On-Premise release.
Here the link Set up and deploy on-premises environments

I played around and I found the first issues.

During the creation of the group managed service accounts (gMSAs) through the Powershell scripts, "Create gMSAs" section, you can raise the follow error: "Key not found"

In this case you have to create a "KDS root key" using the following commands:

1- Add-KDSRootKey –EffectiveImmediately
2- Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10));


During the ClusterConfig.json file generation, you can raise the following error, “Failed to Download Cluster Configuration Template”, see below error.

In this case you have to download the Service Fabric standalone installation package and copy the "ClusterConfig.X509.MultiMachine.json" file into the LCS InfrastructureScripts folder.
Again run the .\New-SFClusterConfig.ps1 -InputXml .\ConfigTemplate.xml command.

Finally, I test the ClusterConfig file through the command .\TestConfiguration.ps1 -ClusterConfigFilePath .\clusterConfig.json











Next step is Deploy the Cluster!

Till soon!

49 comments:

Unknown said...

Hi Denis,
I'm trying to installa Dun365Fin&Op On Premise.
during the creation gMSAs stage, the genarated powershell script return followig error:

Script
------
New-ADServiceAccount -name svcLocalAgent$ -DnsHostName svcLocalAgent.d365fo.onprem.dyn365dc.local -ServicePrincipalNames http/svcLocalAgent.d365fo.onprem.dyn365dc.local -PrincipalsAllowedToRetrieveManagedPassword orch1$,orch2$,orch3$

Error
-----
...
'PrincipalsAllowedToRetrieveManagedPassword'. Motivo: 'Impossibile trovare un oggetto con identità: 'orch1$' in 'DC=DYN365DC,DC=local'.'.
...

Have you any ideas?
other question is: the ServiceFabric must already be present, before the creation gMSAs stage?


Thanks
Emiliano

Denis Macchinetti said...

Hi Emiliano

Check if the Orchestrator Servers are connected to a Domain Controller 2016 and if exists through the Active Directory Users & Computers, in your case dyn365dc.

Lastly, you have to create the gMSAs accounts before the AppFabric installation.

Unknown said...

Thanks Denis.
I'm trying AllInOneServer Installation...
I did not see then VM list name in Get-NewGMSAInDomainScript.ps1 file.

we change the VM name and now the error is the same of your post "key is not found"

Now we try to apply your suggest.


Thanks
Emiliano

Unknown said...

Thanks for the json download fix. I am now running into another issue. It is saying "ConvertFrom-Json : Invalid JSON primitive: ." I have tried using the stock configuration.xml (along with my edited one) and am getting the same thing. Any thoughts

Unknown said...

I didn't use the right .json template..

Denis Macchinetti said...

Glad to know.

esponja said...

I am stuck here in the installation OnPrem
LCS connector is in "validation in progress"

I have the following error on the Orchestrator 1

• failed to set security settings to { provider=SSL protection=EncryptAndSign store='LocalMachine/My' findValue='FindByThumbprint:dfca768caff267ec185db90d11f1a04cb8eda8ed' remoteCertThumbprints='dfca768caff267ec185db90d11f1a04cb8eda8ed' certChainFlags=40000000 clientRoleEnabled=false claimBasedClientAuthEnabled=false }: 2148074253

• Unable to acquire ssl credentials: 0x8009030d

• failed to send message GetLSNReply to node a139d1fc66eebba48f4f606996b9aadb:131463321771071291 with error FABRIC_E_TIMEOUT

The customer has been responsible for generating the certificate so I don’t know how to check what is wrong.
Any guidance ?

Mohamed Nowsath said...

Hi Denis,

I can able to install Monitoringagent but receiving error while installing LocalAgent.
when i am exploring in Service fabric cluster receving that
"Error event: SourceId='System.FM', Property='State'.
Partition is in quorum loss.
fabric:/LocalAgent/BridgeService 2 2 ed3ec57b-5d5c-42a0-bf70-3537d51eb82b
P/S RD Orch_152 Down 131487523340358114
S/P RD Orch_148 Up 131487523495424570
(Showing 2 out of 2 replicas. Total available replicas: 1.)"

When I was configuring the service fabric cluster with 1No of Orchestra I was able to install the Local agent successfully but receiving error in Service fabric explorer related with bridge Servicing & Other services in Local Agent.

At the end, configuring the Service fabric cluster with 1No or 2\3Nos are end up with Local agent installation error related with Bridge Servicing.

I will be grateful for any help you can provide.

Thanks,
Nowsath

Denis Macchinetti said...

Hi Esponja

Review the "Configure certificates" and "Setup VMs" sections.
Also, review the Client, Server and Tenant service principle certificates filled through the LCS Configure agent Tab.
Run below powershell command in order to check the Certificates installed on the Orchestrator Nodes and compare with LCS.

Denis Macchinetti said...

Hi Nowsath

The AppFabric Cluster must have at least 3 Orch Nodes.
It's a requirement because the Orch is the Primary Type Node.

Lastly, go through the Orchestrator where you raised the installation and check the Logs:
1- Event Viewer\Applications and Services Logs\Microsoft\Dynamics\AX-LocalAgent\Operational

2. ...\AX-SetupInfrastructureEvents\Operational

3- Event Viewer\Applications and Services Logs\Microsoft-Service Fabric\Admin and Operational

K@shif N@zir said...

Hi Denis, is it mandatory to use SQL Server Always-ON availability groups and SSL certificate for SQL or we can use single SQL Server with SSL certificate ?
Also in my case our customer have only one license for AOS, I believe we can use one AOS by updating config.xml file ?

Need your prompt response please as I am starting deployment today. Have you been able to complete the deployment ?

Denis Macchinetti said...

Hi

For a Sandbox env is enough a single SQL Server box.
About the AOS yes. You can start with 1 AOS and updating the Config file as well.

Lastly, yes I finalize the installation few days ago.

Cheers

K@shif N@zir said...

Thanks for your prompt response. Just one more thing, If single SQL Server box is to be used, I believe we can skip SSL certificate portion of SQL. Please correct me if I am wrong.

Have you prepared any Step by Step document for installation. If yes, can you please share ?

Denis Macchinetti said...

Hi

About Certificates and installation guide, follow the Microsoft link https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/deployment/setup-deploy-on-premises-environments?toc=/dynamics365/unified-operations/dev-itpro/toc.json

In the next weeks I will publish new post about the Installation process.

Cheers

K@shif N@zir said...

Hi Denis

I am getting this error while running .\Test-D365FOConfiguration.ps1. Although .\Set-CertificateAcls.ps1 run successfully. Given below is the error

"Unable to find access rules for certificate axdataenciphermentcert for user Domain\AXServiceUser"

Same error is occurring on all machines on different certificates whereever this script is trying to give permission to AXServices and svc-axsf$. Although, If I checked it from mmc console, Read rights are there and I have also give both these user full rights. but issue is same.

Can you please @ your earliest

K@shif N@zir said...

Hi Denis,

Is there any way to check deployment log as my Sandbox deployment is giving message that it is failed. Although LCS agent communication is successful. Also I can see multiple files and folder created in \\Share\agent.

Your prompt response will be much appreciated.

Denis Macchinetti said...

Hi

You tried to check the Event Viewer\Dynamics AX Logs?

K@shif N@zir said...

I can see a long list of folders under Dynamics Logs in Event Viewer of AOS Server but all are without any logs. Is there any other way to troubleshoot ?

K@shif N@zir said...

Getting this error now on Service Fabric Portal:

Replica had multiple failures inAOS_204 API call: IStatelessServiceInstance.Open(); Error = System.ComponentModel.Win32Exception (-2147467259)
The requested operation requires elevation
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at Microsoft.Dynamics.AXService.Database.Synchronizer.SyncDB()
at Microsoft.Dynamics.AXService.Database.Synchronizer.Synchronize()
at Microsoft.Dynamics.AXService.AXService.<>c__DisplayClass9_1.<.ctor>b__0()
at Microsoft.PowerApps.Runtime.Common.LatencyRecorder.RecordLatencyEvent(ILogger logger, String eventName, Action action, IDictionary`2 additionalProperties, IDictionary`2 additionalMetrics)
at Microsoft.Dynamics.AXService.AXService..ctor(StatelessServiceContext context, ILogger logger)
at Microsoft.Dynamics.AXService.Program.<>c.b__0_0(StatelessServiceContext context)

Unknown said...

Getting this error now on LocalAgent (BRidgeService):

Message Unexpected error in orchestrator service
Detail System.Data.Entity.Core.EntityException: The underlying provider failed on Open. ---> System.Data.SqlClient.SqlException: Login failed for user 'MYLOCALDOMAIN\svc-LocalAgent$'

Anonymous said...

Hello, I have error at step 11 where i get the following error:

- in powershell: "Application fabric:/Agent-Monitoring is not OK after 5 minutes..."

- in event viewer: multiple warning showing "Error:FABRIC_E_FILE_NOT_FOUND"

- in Service Fabric Explorer: "Partition is below target replica or instance count...."

Yazeed Al-Faqeeh said...

Hi Denis Macchinetti

can i contact you ?

please contact me using this mail if you ok:

y.alfaqeeh@@itisco.com.sa

BR.

rajeev said...

Hi Denis,

How to get all these certificates :
1)Secure Sockets Layer (SSL) certificates
2)SQL Server SSL Certificate
3)Service Fabric Server certificate
4)Service Fabric Client certificate
5)Encipherment Certificate
6)AOS SSL Certificate
7)Session Authentication Certificate
8)Data Encryption and Data Signing Certificate
9)Financial Reporting Client Certificate
10)Reporting Certificate
11)On-Premise local agent certificate

In test if I need to generate .. do I need to generate all certificate in each VM.

rajeev said...

For Step 3 - Plan user and service accounts

Group Managed Service Accounts(gMSAs)
Domain\svc-FRAS$ (Financial Reporting Application Service Account)
Domain\svc-FRPS$ (Financial Reporting Process Service Account)
Domain\svc-FRCO$ ( Financial Reporting Click Once Designer Service Account)
Domain\svc-AXSF$ (AOS Service Account)
Domain\Svc-LocalAgent$ (Local Deployment Agent Service Account)
Domain Accounts
Domain\AXServiceUser (AOS Service Account)
SQL Accounts
AXDBAdmin (AOS SQL DB Admin user)


Can I create as a administrator or I have to run any script, is $ sign mandatory for creating users.

rajeev said...

Hi Denis,

I have create 11 VM
AOS1 - 192.126.128.103
AOS 2 -192.126.128.104
AOS 3 - 192.126.128.105
Orchestrator1 - 192.126.128.106
Orchestrator2 - 192.126.128.107
Orchestrator 3- 192.126.128.108
Management Reporter 1 - 192.126.128.109
Manageement Reporter 2 - 192.126.128.110
SSSRS 192.126.128.111
2 for SQL server

While Creating host for AOS and Orchestrator type it asks for AOSNodeType IP address and ORchestratorNode Type IP address ? which IP address I should Provide , Please help i have given above vm ip and name.

All these vms are created on virtual host using VM WARE.
Will this Work in D365 on Premise Installation.

Does D365 on premise supports VMWare hosted environments ?

Can I create service Fabric Cluster on this ?

rajeev said...

Step -4 ) When I am creating A record after DNS
Set up an A record for AOS
In the new DNS zone, create one A record that is named ax.d365ffo.onprem.Domain.com for each Service Fabric cluster node of the AOSNodeType type
Don't create A records for the other node types.
1.      Right-click the new zone, and then select New Host.
2.      Enter the name and IP address of the Service Fabric node.
(For example, enter 10.179.108.12  as the IP address.) Then select Add Host.
Which IP address to Enter ? of which Virtual Machine.
What is Service Fabric Cluster node of the AOSNodeType Type ?

rajeev said...

Steps 6- Download script from lcs:

Please provide sample configtemplate.xml so that i can understand

Ensure all edits are made to the ConfigTemplate.xml in this folder.

Configuration Needs to be done.
VM List
Node Type
Database Backup File
Certificate
Security User

Anonymous said...

In your example, ax.d365ffo.onprem.domain.com have 3 entry with same name, it will work as round robins.
ax.d365ffo.onprem.domain.com - 192.126.128.103
ax.d365ffo.onprem.domain.com - 192.126.128.104
ax.d365ffo.onprem.domain.com - 192.126.128.105.
It’s same on orchestrator node,
sf.d365ffo.onprem.domain.com - 192.126.128.106,
sf.d365ffo.onprem.domain.com - 192.126.128.107,
sf.d365ffo.onprem.domain.com - 192.126.128.108.

madin said...

A few hundred quid will buy you a great watch in it's own right without having to resort to buying a fake. replica rolex watches Certain Seiko watches or small brands such as Smiths or Precista from Timefactors have huge following and rightly so. replica watches ukThey have great, durable mechanical movements and will serve for many years.

Anonymous said...

Hi K@shif N@zir,

Please share the solution of error if it was resolved. We are getting below error while deploying the environment.

Replica had multiple failures inAOS_204 API call: IStatelessServiceInstance.Open(); Error = System.ComponentModel.Win32Exception (-2147467259)
The requested operation requires elevation
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at Microsoft.Dynamics.AXService.Database.Synchronizer.SyncDB()
at Microsoft.Dynamics.AXService.Database.Synchronizer.Synchronize()
at Microsoft.Dynamics.AXService.AXService.<>c__DisplayClass9_1.<.ctor>b__0()
at Microsoft.PowerApps.Runtime.Common.LatencyRecorder.RecordLatencyEvent(ILogger logger, String eventName, Action action, IDictionary`2 additionalProperties, IDictionary`2 additionalMetrics)
at Microsoft.Dynamics.AXService.AXService..ctor(StatelessServiceContext context, ILogger logger)
at Microsoft.Dynamics.AXService.Program.<>c.b__0_0(StatelessServiceContext context)

Unknown said...

Hi Denis,

I am getting following error when installing localagent using following command. I put my config.json file path

LocalAgentCLI.exe Install

"LocalAgentCLI.exe Error: 0 : Exception System.InvalidOperationException: Unable to migrate database"

Would you please help me in this ?

Unknown said...

Unknown,

Check if SQL service are enabled.

Denis Macchinetti said...

Hi

About the error "Unable to migrate database", please copy locally the Local Agent folder installation into the ORC Node and issue the command.

Unknown said...

Unknow,

about the error unable to migrate database, you can test your connection to SQL machine. Inside LocalAgent folder run this command below:

$LCSLocalPath = 'put the local agent installation path'
$sqlConnectionString = 'put your Fully qualified name of you sql name'
Set-Location -Path $LCSLocalPath
Write-Host "Test database connection" -ForegroundColor Yellow
.\Migrate.exe OrchestrationService.DataModels.dll /connectionString:"Data Source=$sqlConnectionString;Initial Catalog = OrchestratorData; Integrated Security = True; MultipleActiveResultSets=True" /connectionProviderName:System.Data.SqlClient /startUpDirectory:$LCSLocalPath /force /verbose

After that you can see and analyse possible errors about the connection to sql machine.

Unknown said...

FABRIC_E_FILE_NOT_FOUND on Local agent installation. Anyone?

Unknown said...

About this problem "FABRIC_E_FILE_NOT_FOUND".

I did a investigation and discovery the reason was anti-virus. I removed the anti-virus and the problem is gone.

Omar said...

hi

please can you share the solution K@shif N@zir
or can any one help i am facing same issue:

Unhealthy event: SourceId='System.RA', Property='ReplicaOpenStatus', HealthState='Warning', ConsiderWarningAsError=false.
Replica had multiple failures during open on AOS_145. API call: IStatelessServiceInstance.Open(); Error = System.ComponentModel.Win32Exception (-2147467259)
The requested operation requires elevation
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at Microsoft.Dynamics.AXService.Database.Synchronizer.SyncDB()
at Microsoft.Dynamics.AXService.Database.Synchronizer.Synchronize()
at Microsoft.Dynamics.AXService.AXService.<>c__DisplayClass9_1.<.ctor>b__0()
at Microsoft.PowerApps.Runtime.Common.LatencyRecorder.RecordLatencyEvent(ILogger logger, String eventName, Action action, IDictionary`2 additionalProperties, IDictionary`2 additionalMetrics)
at Microsoft.Dynamics.AXService.AXService..ctor(StatelessServiceContext context, ILogger logger)
at Microsoft.Dynamics.AXService.Program.<>c.
b__0_0(StatelessServiceContext context)
at

Ashish said...

Hi Denis

I am getting this error while running .\Test-D365FOConfiguration.ps1. Although .\Set-CertificateAcls.ps1 run successfully. Given below is the error

"Unable to find access rules for certificate axdataenciphermentcert for user Domain\AXServiceUser"

Same error is occurring on all machines on different certificates whereever this script is trying to give permission to AXServices and svc-axsf$. Although, If I checked it from mmc console, Read rights are there and I have also give both these user full rights. but issue is same.

henry waqar said...

hi

please can you share the solution
or can any one help i am also facing same issue and having 2 AOS

Unhealthy event: SourceId='System.RA', Property='ReplicaOpenStatus', HealthState='Warning', ConsiderWarningAsError=false.
Replica had multiple failures during open on AOS_50. API call: IStatelessServiceInstance.Open(); Error = System.ComponentModel.Win32Exception (-2147467259)
The requested operation requires elevation
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at Microsoft.Dynamics.AXService.Database.Synchronizer.SyncDB()
at Microsoft.Dynamics.AXService.Database.Synchronizer.Synchronize()
at Microsoft.Dynamics.AXService.AXService.<>c__DisplayClass9_1.<.ctor>b__0()
at Microsoft.PowerApps.Runtime.Common.LatencyRecorder.RecordLatencyEvent(ILogger logger, String eventName, Action action, IDictionary`2 additionalProperties, IDictionary`2 additionalMetrics)
at Microsoft.Dynamics.AXService.AXService..ctor(StatelessServiceContext context, ILogger logger)
at Microsoft.Dynamics.AXService.Program.<>c.
b__0_0(StatelessServiceContext context)
at

Denis Macchinetti said...

Hi Henry,

Go through the two links below:

https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/deployment/troubleshoot-on-prem#axsftype

https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/deployment/troubleshoot-on-prem#ax-databasesynchronize-is-not-being-populated-with-events

in order to check where is the Synch issue

henry waqar said...


Here i find out through this path

C:\ProgramData\SF\AOS_11\Fabric\work\Applications\AXSFType_App183\log.
we see both file Code_AXSF_M_0.error and Code_AXSF_M_0.output

Service host process 8220 registered service type AXService
Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir "C:\SF\AOS_50\Fabric\work\Applications\AXSFType_App24\AXSF.Code.1.0.20180406\Packages" -metadatadir "C:\SF\AOS_50\Fabric\work\Applications\AXSFType_App24\AXSF.Code.1.0.20180406\Packages" -sqluser "axdbadmin" -sqlserver "OD365-DB.oc.com" -sqldatabase "AXDB" -setupmode servicesync -syncmode fullall -onprem

Unhandled Exception: System.IO.FileNotFoundException: Could not load file or assembly 'aoskernel.dll' or one of its dependencies. The specified module could not be found.
at Microsoft.Dynamics.AX.Deployment.Setup.Program.Main(String[] args)

henry waqar said...

Issue is related to AOSKernel.Dll
is there any solution

FileNotFoundException: Could not load file or assembly 'aoskernel.dll' or one of its dependencies. The specified module could not be found.

Denis Macchinetti said...

Hi Henry,

and what about against the AOS Event Viewer Applications and Services Logs > Microsoft > Dynamics > AX-DatabaseSynchronize ?

henry waqar said...

just These error

1 Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding

2 Initialize schema failed.
Message Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.


AND the last information event

1 2018-11-24T09:52:21.6783978-08:00 Beginning sync step: InitialSchema.

henry waqar said...

Kernel issue resolved now facing schema initialize failed see below error from the AOS machine

Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir "C:\SF\AOS_50\Fabric\work\Applications\AXSFType_App6\AXSF.Code.1.0.20180406\Packages" -metadatadir "C:\SF\AOS_50\Fabric\work\Applications\AXSFType_App6\AXSF.Code.1.0.20180406\Packages" -sqluser "axdbadmin" -sqlserver "OD365-DB.oc.com" -sqldatabase "AXDB" -setupmode servicesync -syncmode fullall -onprem
11/25/2018 01:51:59: Bindir: C:\SF\AOS_50\Fabric\work\Applications\AXSFType_App6\AXSF.Code.1.0.20180406\Packages
11/25/2018 01:52:43: Initialize schema failed. Microsoft.Dynamics.AX.Framework.Database.TableSyncException: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.Data.SqlClient.SqlException: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception: The wait operation timed out
MetadataDir: C:\SF\AOS_50\Fabric\work\Applications\AXSFType_App6\AXSF.Code.1.0.20180406\Packages

Denis Macchinetti said...

Hi Henry,

please create a thread on the Dynamics 365 for Finance and Operations Forum, https://community.dynamics.com/365/financeandoperations/f/765

The reason about the above error could be many

Again, follow with care the steps mentioned to the link https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/deployment/setup-deploy-on-premises-pu12

You continue have issue with the DB Sync.
Remember to install the SNAC – ODBC driver 17

henry waqar said...

yes i have installed ODBC driver 17 on both AOS and other things i have to check and validate...

Ahmed Nasr said...

Hi Denis

I have an issue while configuring databases , in this script: .\Initialize-Database.ps1 -ConfigurationFilePath .\ConfigTemplate.xml -ComponentName Orchestrator , after running this command in the powershell it doesn't do anything or execute something as if you didn't run it , so i need your help regarding this issue

Junno said...

script: .\Initialize-Database.ps1 -ConfigurationFilePath .\ConfigTemplate.xml -ComponentName Orchestrator , should be run on database server.