Troubleshoot AIF in AX 2012

Hi ,

Troubleshoot AIF in AX 2012

Set up an endpoint to use inbound Web services

You may see the message in the Web server event log: "The requested operation cannot be performed because the required security key doesn’t exist." This occurs if the endpoint user does not have access to Business Connector. When you configure an endpoint for inbound Web services, you must: 1. Set up a Microsoft Dynamics AX user (or user group) as an endpoint user or trusted intermediary for that endpoint. 2. Give the user group access to the Business Connector.

Give the endpoint user access to Business Connector

1. Click Administration > Setup > User groups and select the user group for the endpoint, or the user group that contains the user for the endpoint.

2. Click Permissions.

3. On the Permissions tab, in the table under the Viewing field:

a. Select Business Connector.

b. Select Full control.

c. Click Cascade. Microsoft Dynamics AX

After installing Enterprise Portal, AIF Web services do not work

For the AIF Web services to coexist with Windows SharePoint Services (WSS) and Enterprise Portal on the same computer, the virtual directory that AIF is using for Web services must be excluded from the SharePoint managed path. To exclude the AIF virtual directory from the SharePoint managed path list:

 1. Launch the SharePoint Central Administration page (Start > All Programs > Administrative Tools > SharePoint Central Administration or, from the browser on a remote computer, type the URL for the pages on the administration port. For example: http://servername:port).

2. Click Configure virtual server settings and click the name of the site that you are managing.

3. Under Virtual Server Management, click Define managed paths.

4. Under Add a New Path, enter the AIF virtual directory path, and then select Excluded path, and click OK.

Re-register ASP.NET when setting up inbound Web services

If you cannot see the ASP.NET tab when viewing Properties for the virtual directory in the IIS Services Manager (see topics "Install AIF Web services" and " Troubleshooting AIF Web services installation" in the Microsoft Dynamics AX Installation Guide), or if you see a "Page not found" error after clicking Browse when validating Web services, you must re-register ASP.NET in IIS using the following steps:

 1. Click Start > Run. 2. Type cmd.

3. In the Command Prompt window, type: cd your-system-directory\Microsoft.NET\Framework\v2.0.50727 and press ENTER.

4. Type aspnet_regiis.exe -u and press ENTER.

5. Type aspnet_regiis.exe –i -enable and press ENTER.

6. Type iisreset and press ENTER.

7. Close the Command Prompt window.

8. After uninstalling and reinstalling ASP.NET and resetting IIS, the ASP.NET tab is available, and you can select ASP version 2.0. This allows you to browse the Web services after you enable and generate them on the AIF Services form.

Calling Web services in Active Directory results in an access error

If you are calling Web services and receive an error even though the calling user has access, this may be due to an issue between Windows authentication and Kerberos security in an Active Directory environment.

Symptoms of this problem occur when you call a Web service URL such as http://<URL>/SalesOrderService.asmx?WSDL and you receive an error even though the user calling the Web service has security access to the Web service. If you look in the Event Viewer on the calling machine, you may see a Kerberos error such as:

"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/<Computername>.<DNS-ComputerDomain>. The target name used was HTTP/<computername>. This indicates that the password used to encrypt the Kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm and the client realm. Please contact your system administrator."

This error is caused by an issue with name resolution in the network environment. To call the Web service, you must replace the name of the server where the Web services are hosted with an IP address, for example, http://<IP Address>/SalesOrderService.asmx?WSDL.

Issues when using Message Queuing (MSMQ) to exchange documents

1 If the error message "The transaction context is invalid" appears for an inbound message, verify that the Message Queuing queue that receives the message is located on the same computer as the Application Object Server (AOS) running the AIF batch jobs. For more information on these batch jobs, see Start and stop the asynchronous AIF services.

2 If the error message "The specified format name does not support the requested operation. For example, a direct queue format name cannot be deleted." appears when a message is sent, verify that the queue you are sending to is a public queue and its address (on the Channels form) is given in short name format (computer-name\queue-name).

3 If it seems that outbound messages are sent (that is, they no longer appear in the list on the Overview tab in the Queue manager form, and no entries are created in the Exception Log for an error condition), but the messages are not received by the target queue, ensure that the target queue's access control list (ACL) is set properly by following these steps.

a. On the Security tab of the Properties window for the queue, Allow should be selected for Send Message, Get Permissions, and Get Properties for the Anonymous Logon user.

b. Verify that the target queue's Authenticated property is cleared on the General tab in the Message Queuing folder (click Start > Administrative Tools > Computer Management). Microsoft Dynamics AX

4 For inbound messages, if there is a message in the Exception Log that states "The user is not authorized to perform this action", check the Queue manager form for any inbound messages in an error state by clicking Basic > Periodic > Application Integration Framework > Queue manager. If the Submitting user field on the Details tab is blank, verify that either the inbound queue's Authenticated property is selected or that all incoming messages are signed and authenticated.

Error received processing a message with Web services or the BizTalk adapter

While processing a message using Web services or the BizTalk adapter, you may see the error "The requested operation cannot be performed because the required security key doesn't exist." This error may occur if the user has not been granted execute permissions on the Business Connector security key. For more information about setting permissions, see "Manage security permissions for user groups and domain combinations" in the System and Application Setup Help.

Reference

Reference